C#: Re-factor RequestForgery to use the new API.

Author: michaelnebel

csharp/ql/src/experimental/CWE-918/RequestForgery.ql

@@ -12,9 +12,9 @@
 
 import csharp
 import RequestForgery::RequestForgery
-import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph
+import RequestForgeryFlow::PathGraph
 
-from RequestForgeryConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink
-where c.hasFlowPath(source, sink)
+from RequestForgeryFlow::PathNode source, RequestForgeryFlow::PathNode sink
+where RequestForgeryFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "The URL of this request depends on a $@.", source.getNode(),
   "user-provided value"

csharp/ql/src/experimental/CWE-918/RequestForgery.qll

@@ -24,9 +24,11 @@ module RequestForgery {
   abstract private class Barrier extends DataFlow::Node { }
 
   /**
+   * DEPRECATED: Use `RequestForgeryFlow` instead.
+   *
    * A data flow configuration for detecting server side request forgery vulnerabilities.
    */
-  class RequestForgeryConfiguration extends DataFlow::Configuration {
+  deprecated class RequestForgeryConfiguration extends DataFlow::Configuration {
     RequestForgeryConfiguration() { this = "Server Side Request forgery" }
 
     override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -54,6 +56,40 @@ module RequestForgery {
     override predicate isBarrier(DataFlow::Node node) { node instanceof Barrier }
   }
 
+  /**
+   * A data flow configuration for detecting server side request forgery vulnerabilities.
+   */
+  private module RequestForgeryFlowConfig implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+    predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+    predicate isAdditionalFlowStep(DataFlow::Node prev, DataFlow::Node succ) {
+      interpolatedStringFlowStep(prev, succ)
+      or
+      stringReplaceStep(prev, succ)
+      or
+      uriCreationStep(prev, succ)
+      or
+      formatConvertStep(prev, succ)
+      or
+      toStringStep(prev, succ)
+      or
+      stringConcatStep(prev, succ)
+      or
+      stringFormatStep(prev, succ)
+      or
+      pathCombineStep(prev, succ)
+    }
+
+    predicate isBarrier(DataFlow::Node node) { node instanceof Barrier }
+  }
+
+  /**
+   * A data flow module for detecting server side request forgery vulnerabilities.
+   */
+  module RequestForgeryFlow = DataFlow::Global<RequestForgeryFlowConfig>;
+
   /**
    * A remote data flow source taken as a source
    * for Server Side Request Forgery(SSRF) Vulnerabilities.