Convert BrowserInjectionFieldQuery.ql to use the new dataflow API

Jami Cogswell · Jami Cogswell · commit f5b53dcd55cd · 2025-04-28T21:08:25.000-04:00
diff --git a/javascript/src/audit/browserAPI/BrowserInjectionFieldQuery.ql b/javascript/src/audit/browserAPI/BrowserInjectionFieldQuery.ql
@@ -11,37 +11,36 @@
 
 
  import javascript
- import DataFlow::PathGraph
+ import ConfigFlow::PathGraph
  import DataFlow
  import browserextension.BrowserInjectionFieldCustomizations::BrowserInjection
  private import semmle.javascript.security.dataflow.XssThroughDomCustomizations::XssThroughDom as XssThroughDom
- 
+
  //private import semmle.javascript.security.dataflow.DomBasedXssCustomizations
  //private import semmle.javascript.security.dataflow.XssThroughDomCustomizations::XssThroughDom as XssThroughDom
- 
+
  //private import semmle.javascript.security.dataflow.CodeInjectionCustomizations
- 
-   class Configuration extends TaintTracking::Configuration {
-     Configuration() { this = "BrowserInjection" }
-   
-     override predicate isSource(DataFlow::Node source) { 
+
+   module Config implements DataFlow::ConfigSig {
+
+    predicate isSource(DataFlow::Node source) {
        source instanceof Source
      }
-   
-     override predicate isSink(DataFlow::Node sink) { 
+
+    predicate isSink(DataFlow::Node sink) {
        sink instanceof Sink
      }
-                                                                        
-     override predicate isAdditionalLoadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) {
-       (pred = succ) and 
+
+    additional predicate isAdditionalLoadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) {
+       (pred = succ) and
        ((pred instanceof Update and prop = ["url", "openerTabId"])
        or
        (pred instanceof DownloadsDangerous and prop = ["body", "conflictAction","filename", "url", "method"])
        or
        (pred instanceof Delete and prop = ["startTime", "endTime", "url"])
        //or
        //(pred instanceof SetContentSettings and succ instanceof SetContentSettings and prop = any(string s))
-       //or 
+       //or
        //(pred instanceof GetContentSettings and succ instanceof GetContentSettings and prop = any(string s))
         //(pred instanceof StorageSet and succ instanceof StorageSet and prop = any(string s))
        //or
@@ -58,11 +57,11 @@
        (pred = succ and pred instanceof CreateWindows and prop = ["url"]))
      }
    }
-   
- 
-   from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
-   where cfg.hasFlowPath(source, sink)
+
+   module ConfigFlow = TaintTracking::Global<Config>;
+
+
+   from ConfigFlow::PathNode source, ConfigFlow::PathNode sink
+   where ConfigFlow::flowPath(source, sink)
    select sink.getNode(), source, sink, sink.getNode() + " depends on a $@.",
      source.getNode(), "user-provided value"
- 
- 
