Java: Deprecate the content of ExecTaintedLocalQuery as this is unused.

michaelnebel · michaelnebel · commit 58bbfe694f16 · 2024-05-01T13:07:21.000+02:00
diff --git a/java/ql/lib/semmle/code/java/security/ExecTaintedLocalQuery.qll b/java/ql/lib/semmle/code/java/security/ExecTaintedLocalQuery.qll
@@ -7,7 +7,7 @@ private import semmle.code.java.security.CommandArguments
 private import semmle.code.java.security.Sanitizers
 
 /** A taint-tracking configuration to reason about use of externally controlled strings to make command line commands. */
-module ExecTaintedLocalConfig implements DataFlow::ConfigSig {
+deprecated module ExecTaintedLocalConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput }
 
   predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof ArgumentToExec }
@@ -20,6 +20,8 @@ module ExecTaintedLocalConfig implements DataFlow::ConfigSig {
 }
 
 /**
+ * DEPRCATED: Unused.
+ *
  * Taint-tracking flow for use of externally controlled strings to make command line commands.
  */
-module ExecTaintedLocalFlow = TaintTracking::Global<ExecTaintedLocalConfig>;
+deprecated module ExecTaintedLocalFlow = TaintTracking::Global<ExecTaintedLocalConfig>;
