C#: Re-factor UncontrolledFormatString to use the new API.

michaelnebel · michaelnebel · commit f4ee1a511943 · 2023-04-13T15:01:06.000+02:00
diff --git a/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql b/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql
@@ -15,29 +15,29 @@ import csharp
 import semmle.code.csharp.security.dataflow.flowsources.Remote
 import semmle.code.csharp.security.dataflow.flowsources.Local
 import semmle.code.csharp.frameworks.Format
-import DataFlow::PathGraph
+import FormatString::PathGraph
 
-class FormatStringConfiguration extends TaintTracking::Configuration {
-  FormatStringConfiguration() { this = "FormatStringConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) {
+module FormatStringConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
     source instanceof RemoteFlowSource
     or
     source instanceof LocalFlowSource
   }
 
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     sink.asExpr() = any(FormatCall call | call.hasInsertions()).getFormatExpr()
   }
 }
 
+module FormatString = TaintTracking::Global<FormatStringConfig>;
+
 string getSourceType(DataFlow::Node node) {
   result = node.(RemoteFlowSource).getSourceType()
   or
   result = node.(LocalFlowSource).getSourceType()
 }
 
-from FormatStringConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+from FormatString::PathNode source, FormatString::PathNode sink
+where FormatString::flowPath(source, sink)
 select sink.getNode(), source, sink, "This format string depends on $@.", source.getNode(),
   ("this" + getSourceType(source.getNode()))
