JS: Deprecate AdditionalSanitizerGuardNode

asgerf · asgerf · commit 988fa9c0ef2e · 2024-12-03T14:30:06.000+01:00
We're deprecating the class through an alias, but it is still the base class for a non-deprecated class, for backwards compatibility. For this reason we're also deprecating all of its member predicates so we can remove those in the future.
diff --git a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll
@@ -204,44 +204,41 @@ module TaintTracking {
    * It exposes the member predicates of `AdditionalSanitizerGuardNode` for backwards compatibility.
    */
   abstract private class LegacyAdditionalBarrierGuard extends AdditionalBarrierGuard,
-    AdditionalSanitizerGuardNode
+    AdditionalSanitizerGuardNodeDeprecated
   {
-    override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) }
+    deprecated override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) }
 
     deprecated override predicate appliesTo(Configuration cfg) { any() }
   }
 
   /**
-   * A `SanitizerGuardNode` that controls which taint tracking
-   * configurations it is used in.
-   *
-   * Note: For performance reasons, all subclasses of this class should be part
-   * of the standard library. Override `Configuration::isSanitizerGuard`
-   * for analysis-specific taint sanitizer guards.
+   * DEPRECATED. This class was part of the old data flow library which is now deprecated.
+   * Use `TaintTracking::AdditionalBarrierGuard` instead.
    */
+  deprecated class AdditionalSanitizerGuardNode = AdditionalSanitizerGuardNodeDeprecated;
+
   cached
-  abstract class AdditionalSanitizerGuardNode extends DataFlow::Node {
-    // TODO: deprecate this class; currently requires too much refactoring
+  abstract private class AdditionalSanitizerGuardNodeDeprecated extends DataFlow::Node {
     // For backwards compatibility, this contains a copy of the SanitizerGuard interface,
     // but is does not inherit from it as that would cause re-evaluation of cached barriers.
     /**
      * Holds if this node blocks expression `e`, provided it evaluates to `outcome`.
      */
     cached
-    predicate blocks(boolean outcome, Expr e) { none() }
+    deprecated predicate blocks(boolean outcome, Expr e) { none() }
 
     /**
      * Holds if this node sanitizes expression `e`, provided it evaluates
      * to `outcome`.
      */
     cached
-    abstract predicate sanitizes(boolean outcome, Expr e);
+    abstract deprecated predicate sanitizes(boolean outcome, Expr e);
 
     /**
      * Holds if this node blocks expression `e` from flow of type `label`, provided it evaluates to `outcome`.
      */
     cached
-    predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) {
+    deprecated predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) {
       this.sanitizes(outcome, e) and label.isTaint()
       or
       this.sanitizes(outcome, e, label)
@@ -252,7 +249,7 @@ module TaintTracking {
      * to `outcome`.
      */
     cached
-    predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { none() }
+    deprecated predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { none() }
 
     /**
      * Holds if this guard applies to the flow in `cfg`.
