Refactor GroovyInjectionQuery

Author: egregius313

java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll

@@ -6,10 +6,12 @@ import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.security.GroovyInjection
 
 /**
+ * DEPRECATED: Use `GroovyInjectionFlow` instead.
+ *
  * A taint-tracking configuration for unsafe user input
  * that is used to evaluate a Groovy expression.
  */
-class GroovyInjectionConfig extends TaintTracking::Configuration {
+deprecated class GroovyInjectionConfig extends TaintTracking::Configuration {
   GroovyInjectionConfig() { this = "GroovyInjectionConfig" }
 
   override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
@@ -20,3 +22,23 @@ class GroovyInjectionConfig extends TaintTracking::Configuration {
     any(GroovyInjectionAdditionalTaintStep c).step(fromNode, toNode)
   }
 }
+
+/**
+ * A taint-tracking configuration for unsafe user input
+ * that is used to evaluate a Groovy expression.
+ */
+module GroovyInjectionConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+
+  predicate isSink(DataFlow::Node sink) { sink instanceof GroovyInjectionSink }
+
+  predicate isAdditionalFlowStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
+    any(GroovyInjectionAdditionalTaintStep c).step(fromNode, toNode)
+  }
+}
+
+/**
+ * Detect taint flow of unsafe user input
+ * that is used to evaluate a Groovy expression.
+ */
+module GroovyInjectionFlow = TaintTracking::Make<GroovyInjectionConfig>;

java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql

@@ -13,9 +13,9 @@
 
 import java
 import semmle.code.java.security.GroovyInjectionQuery
-import DataFlow::PathGraph
+import GroovyInjectionFlow::PathGraph
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, GroovyInjectionConfig conf
-where conf.hasFlowPath(source, sink)
+from GroovyInjectionFlow::PathNode source, GroovyInjectionFlow::PathNode sink
+where GroovyInjectionFlow::hasFlowPath(source, sink)
 select sink.getNode(), source, sink, "Groovy script depends on a $@.", source.getNode(),
   "user-provided value"

java/ql/test/query-tests/security/CWE-094/GroovyInjectionTest.ql

@@ -11,7 +11,7 @@ class HasGroovyInjectionTest extends InlineExpectationsTest {
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "hasGroovyInjection" and
-    exists(DataFlow::Node sink, GroovyInjectionConfig conf | conf.hasFlowTo(sink) |
+    exists(DataFlow::Node sink | GroovyInjectionFlow::hasFlowTo(sink) |
       sink.getLocation() = location and
       element = sink.toString() and
       value = ""