C#: Re-factor FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation to use the new API.

Author: michaelnebel

csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll

@@ -19,9 +19,11 @@ class TokenValidationParametersPropertySensitiveValidation extends Property {
 }
 
 /**
+ * DEPRECATED: Use `FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation` instead.
+ *
  * A dataflow from a `false` value to a write sensitive property for `TokenValidationParameters`.
  */
-class FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation extends DataFlow::Configuration
+deprecated class FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation extends DataFlow::Configuration
 {
   FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation() {
     this = "FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation"
@@ -37,6 +39,25 @@ class FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation
   }
 }
 
+/**
+ * A dataflow configuration from a `false` value to a write sensitive property for `TokenValidationParameters`.
+ */
+private module FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidationConfig
+  implements DataFlow::ConfigSig
+{
+  predicate isSource(DataFlow::Node source) {
+    source.asExpr().getValue() = "false" and
+    source.asExpr().getType() instanceof BoolType
+  }
+
+  predicate isSink(DataFlow::Node sink) {
+    sink.asExpr() = any(TokenValidationParametersPropertySensitiveValidation p).getAnAssignedValue()
+  }
+}
+
+module FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation =
+  DataFlow::Global<FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidationConfig>;
+
 /**
  * Holds if `assemblyName` is older than version `ver`
  */

csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql

@@ -16,11 +16,10 @@ import JsonWebTokenHandlerLib
 import semmle.code.csharp.commons.QualifiedName
 
 from
-  FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation config,
   DataFlow::Node source, DataFlow::Node sink,
   TokenValidationParametersPropertySensitiveValidation pw, string qualifier, string name
 where
-  config.hasFlow(source, sink) and
+  FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation::flow(source, sink) and
   sink.asExpr() = pw.getAnAssignedValue() and
   pw.hasQualifiedName(qualifier, name)
 select sink, "The security sensitive property $@ is being disabled by the following value: $@.", pw,