C#: Re-factor ExposureInTransmittedData to use the new API.

michaelnebel · michaelnebel · commit bb75ed03da35 · 2023-04-13T15:05:25.000+02:00
diff --git a/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql b/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql
@@ -15,12 +15,10 @@ import semmle.code.csharp.security.SensitiveActions
 import semmle.code.csharp.security.dataflow.flowsinks.Remote
 import semmle.code.csharp.frameworks.system.data.Common
 import semmle.code.csharp.frameworks.System
-import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph
+import ExposureInTransmittedData::PathGraph
 
-class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "Exposure through transmitted data" }
-
-  override predicate isSource(DataFlow::Node source) {
+module ExposureInTransmittedDataConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
     // `source` may contain a password
     source.asExpr() instanceof PasswordExpr
     or
@@ -42,10 +40,12 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
     )
   }
 
-  override predicate isSink(DataFlow::Node sink) { sink instanceof RemoteFlowSink }
+  predicate isSink(DataFlow::Node sink) { sink instanceof RemoteFlowSink }
 }
 
-from TaintTrackingConfiguration configuration, DataFlow::PathNode source, DataFlow::PathNode sink
-where configuration.hasFlowPath(source, sink)
+module ExposureInTransmittedData = TaintTracking::Global<ExposureInTransmittedDataConfig>;
+
+from ExposureInTransmittedData::PathNode source, ExposureInTransmittedData::PathNode sink
+where ExposureInTransmittedData::flowPath(source, sink)
 select sink.getNode(), source, sink, "This data transmitted to the user depends on $@.",
   source.getNode(), "sensitive information"
