Python: Move experimental CookieInjection to new dataflow API

Author: RasmusWL

python/ql/src/experimental/Security/CWE-614/CookieInjection.ql

@@ -15,13 +15,13 @@ import semmle.python.dataflow.new.DataFlow
 import experimental.semmle.python.Concepts
 import experimental.semmle.python.CookieHeader
 import experimental.semmle.python.security.injection.CookieInjection
-import DataFlow::PathGraph
+import CookieInjectionFlow::PathGraph
 
 from
-  CookieInjectionFlowConfig config, DataFlow::PathNode source, DataFlow::PathNode sink,
+  CookieInjectionFlow::PathNode source, CookieInjectionFlow::PathNode sink,
   string insecure
 where
-  config.hasFlowPath(source, sink) and
+  CookieInjectionFlow::flowPath(source, sink) and
   if exists(sink.getNode().(CookieSink))
   then insecure = ",and its " + sink.getNode().(CookieSink).getFlag() + " flag is not properly set."
   else insecure = "."

python/ql/src/experimental/semmle/python/security/injection/CookieInjection.qll

@@ -29,12 +29,13 @@ class CookieSink extends DataFlow::Node {
 /**
  * A taint-tracking configuration for detecting Cookie injections.
  */
-class CookieInjectionFlowConfig extends TaintTracking::Configuration {
-  CookieInjectionFlowConfig() { this = "CookieInjectionFlowConfig" }
+private module CookieInjectionConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     exists(Cookie c | sink in [c.getNameArg(), c.getValueArg()])
   }
 }
+
+/** Global taint-tracking for detecting "Cookie injections" vulnerabilities. */
+module CookieInjectionFlow = TaintTracking::Global<CookieInjectionConfig>;