Skip to content

Java: Delete old deprecated code.#21781

Open
aschackmull wants to merge 1 commit intogithub:mainfrom
aschackmull:java/rm-deprecated
Open

Java: Delete old deprecated code.#21781
aschackmull wants to merge 1 commit intogithub:mainfrom
aschackmull:java/rm-deprecated

Conversation

@aschackmull
Copy link
Copy Markdown
Contributor

@aschackmull aschackmull commented May 1, 2026

No description provided.

Copilot AI review requested due to automatic review settings May 1, 2026 13:18
@aschackmull aschackmull requested a review from a team as a code owner May 1, 2026 13:18
@github-actions github-actions Bot added the Java label May 1, 2026
@aschackmull aschackmull added no-change-note-required This PR does not need a change note and removed Java labels May 1, 2026
Copilot AI reviewed May 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Removes long-deprecated Java CodeQL library APIs (including legacy local-source taint configs and various aliases/helpers) to reduce maintenance surface and encourage use of the current, threat-model-driven configurations and newer APIs.

Changes:

  • Delete the deprecated MyBatis mapper XML library module file (its functionality already exists elsewhere in the MyBatis framework library).
  • Remove deprecated “LocalFlow/LocalConfig” taint-tracking modules across multiple security libraries, leaving the modules as deprecated stubs where appropriate.
  • Remove deprecated aliases/wrappers in core Java libraries (dataflow, controlflow/dominance, types/exprs/statements/members, and framework helpers).
Show a summary per file
File Description
java/ql/src/semmle/code/xml/MyBatisMapperXML.qll Deletes deprecated MyBatis mapper XML library module.
java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll Removes deprecated local XXE flow config/flow; leaves deprecated stub module.
java/ql/lib/semmle/code/java/security/XssLocalQuery.qll Removes deprecated local XSS flow config/flow; leaves deprecated stub module.
java/ql/lib/semmle/code/java/security/UrlRedirectLocalQuery.qll Removes deprecated local URL redirect flow config/flow; leaves deprecated stub module.
java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll Removes deprecated local tainted-path flow config/flow.
java/ql/lib/semmle/code/java/security/SqlTaintedLocalQuery.qll Removes deprecated local SQL injection flow config/flow; leaves deprecated stub module.
java/ql/lib/semmle/code/java/security/ResponseSplittingLocalQuery.qll Removes deprecated local response-splitting flow config/flow; leaves deprecated stub module.
java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll Removes deprecated local numeric-cast flow config/flow.
java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexLocalQuery.qll Removes deprecated local improper-array-index flow config/flow; leaves deprecated stub module.
java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionLocalQuery.qll Removes deprecated local improper-array-construction flow config/flow; leaves deprecated stub module.
java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringLocalQuery.qll Removes deprecated local format-string flow config/flow; leaves deprecated stub module.
java/ql/lib/semmle/code/java/security/ExecTaintedLocalQuery.qll Removes deprecated local exec-taint flow config/flow; leaves deprecated stub module.
java/ql/lib/semmle/code/java/security/CommandLineQuery.qll Removes deprecated remote/local exec-flow aliases and local config/flow.
java/ql/lib/semmle/code/java/security/ArithmeticTaintedQuery.qll Removes deprecated remote overflow/underflow aliases.
java/ql/lib/semmle/code/java/security/ArithmeticTaintedLocalQuery.qll Removes deprecated local overflow/underflow configs/flows; leaves deprecated stub module.
java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll Removes deprecated isAndroid() predicate in favor of newer Android framework predicate.
java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll Removes deprecated SpringRequestMappingMethod.getValue() alias.
java/ql/lib/semmle/code/java/frameworks/Jndi.qll Removes deprecated LdapName.clone method wrapper class.
java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll Removes deprecated location helper predicate wrapper.
java/ql/lib/semmle/code/java/dataflow/NullGuards.qll Removes deprecated null-guard wrappers in favor of current APIs.
java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll Removes deprecated exported aliases for internal summary component types.
java/ql/lib/semmle/code/java/dataflow/FlowSources.qll Removes deprecated ThreatModelFlowSource alias.
java/ql/lib/semmle/code/java/controlflow/Dominance.qll Removes deprecated basic-block dominance predicate wrappers in favor of BasicBlock::* APIs.
java/ql/lib/semmle/code/java/Type.qll Removes deprecated nestedName() alias.
java/ql/lib/semmle/code/java/Statement.qll Removes deprecated PatternCase.getPattern() alias.
java/ql/lib/semmle/code/java/Member.qll Removes deprecated Field.getSourceDeclaration() / Field.isSourceDeclaration() always-true helpers.
java/ql/lib/semmle/code/java/Expr.qll Removes deprecated PatternExpr.asBindingPattern() alias.

Copilot's findings

  • Files reviewed: 27/27 changed files
  • Comments generated: 0

@aschackmull aschackmull force-pushed the java/rm-deprecated branch from 9c6609a to 44cc514 Compare May 1, 2026 13:22
@github-actions github-actions Bot added the Java label May 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Java no-change-note-required This PR does not need a change note

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aschackmull