C++: Deprecate the experimental version, forward to the new one.

Author: geoffw0

cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll

@@ -4,7 +4,7 @@
 
 import cpp
 import semmle.code.cpp.dataflow.TaintTracking
-import experimental.semmle.code.cpp.security.PrivateData
+import semmle.code.cpp.security.PrivateData
 import semmle.code.cpp.security.FileWrite
 import semmle.code.cpp.security.BufferWrite
 

cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateData.qll

@@ -1,52 +1,5 @@
 /**
- * Provides classes and predicates for identifying private data and functions for security.
- *
- * 'Private' data in general is anything that would compromise user privacy if exposed. This
- * library tries to guess where private data may either be stored in a variable or produced by a
- * function.
- *
- * This library is not concerned with credentials. See `SensitiveActions` for expressions related
- * to credentials.
+ * DEPRECATED: use semmle.code.cpp.security.PrivateData instead.
  */
 
-import cpp
-
-/** A string for `match` that identifies strings that look like they represent private data. */
-private string privateNames() {
-  result =
-    [
-      // Inspired by the list on https://cwe.mitre.org/data/definitions/359.html
-      // Government identifiers, such as Social Security Numbers
-      "%social%security%number%",
-      // Contact information, such as home addresses and telephone numbers
-      "%postcode%", "%zipcode%",
-      // result = "%telephone%" or
-      // Geographic location - where the user is (or was)
-      "%latitude%", "%longitude%",
-      // Financial data - such as credit card numbers, salary, bank accounts, and debts
-      "%creditcard%", "%salary%", "%bankaccount%",
-      // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc.
-      // result = "%email%" or
-      // result = "%mobile%" or
-      "%employer%",
-      // Health - medical conditions, insurance status, prescription records
-      "%medical%"
-    ]
-}
-
-/** An expression that might contain private data. */
-abstract class PrivateDataExpr extends Expr { }
-
-/** A functiond call that might produce private data. */
-class PrivateFunctionCall extends PrivateDataExpr, FunctionCall {
-  PrivateFunctionCall() {
-    exists(string s | this.getTarget().getName().toLowerCase() = s | s.matches(privateNames()))
-  }
-}
-
-/** An access to a variable that might contain private data. */
-class PrivateVariableAccess extends PrivateDataExpr, VariableAccess {
-  PrivateVariableAccess() {
-    exists(string s | this.getTarget().getName().toLowerCase() = s | s.matches(privateNames()))
-  }
-}
+import semmle.code.cpp.security.PrivateData