Make EmailInjection use new API

owen-mc · owen-mc · commit f60ca76eb27c · 2023-08-10T15:49:28.000+01:00
diff --git a/go/ql/src/Security/CWE-640/EmailInjection.ql b/go/ql/src/Security/CWE-640/EmailInjection.ql
@@ -13,9 +13,9 @@
  */
 
 import go
-import DataFlow::PathGraph
 import EmailInjection::EmailInjection
+import Flow::PathGraph
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, Configuration config
-where config.hasFlowPath(source, sink)
+from Flow::PathNode source, Flow::PathNode sink
+where Flow::flowPath(source, sink)
 select sink, source, sink, "Email content may contain $@.", source.getNode(), "untrusted input"
diff --git a/go/ql/src/Security/CWE-640/EmailInjection.qll b/go/ql/src/Security/CWE-640/EmailInjection.qll
@@ -17,13 +17,23 @@ module EmailInjection {
   import EmailInjectionCustomizations::EmailInjection
 
   /**
+   * DEPRECATED: Use `Flow` instead.
+   *
    * A taint-tracking configuration for reasoning about email-injection vulnerabilities.
    */
-  class Configuration extends TaintTracking::Configuration {
+  deprecated class Configuration extends TaintTracking::Configuration {
     Configuration() { this = "Email Injection" }
 
     override predicate isSource(DataFlow::Node source) { source instanceof Source }
 
     override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
   }
+
+  private module Config implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+    predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+  }
+
+  module Flow = TaintTracking::Global<Config>;
 }
