Make TaintedPath use new API

owen-mc · owen-mc · commit 7db1daba6e0b · 2023-08-10T15:49:19.000+01:00
diff --git a/go/ql/lib/semmle/go/security/TaintedPath.qll b/go/ql/lib/semmle/go/security/TaintedPath.qll
@@ -12,9 +12,11 @@ module TaintedPath {
   import TaintedPathCustomizations::TaintedPath
 
   /**
+   * DEPRECATED: Use `Flow` instead.
+   *
    * A taint-tracking configuration for reasoning about path-traversal vulnerabilities.
    */
-  class Configuration extends TaintTracking::Configuration {
+  deprecated class Configuration extends TaintTracking::Configuration {
     Configuration() { this = "TaintedPath" }
 
     override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -26,4 +28,14 @@ module TaintedPath {
       node instanceof Sanitizer
     }
   }
+
+  private module Config implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+    predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+    predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+  }
+
+  module Flow = TaintTracking::Global<Config>;
 }
diff --git a/go/ql/src/Security/CWE-022/TaintedPath.ql b/go/ql/src/Security/CWE-022/TaintedPath.ql
@@ -16,10 +16,10 @@
  */
 
 import go
-import semmle.go.security.TaintedPath::TaintedPath
-import DataFlow::PathGraph
+import semmle.go.security.TaintedPath
+import TaintedPath::Flow::PathGraph
 
-from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
-where cfg.hasFlowPath(source, sink)
+from TaintedPath::Flow::PathNode source, TaintedPath::Flow::PathNode sink
+where TaintedPath::Flow::flowPath(source, sink)
 select sink.getNode(), source, sink, "This path depends on a $@.", source.getNode(),
   "user-provided value"
