Python: Move experimental CsvInjection to new dataflow API

Author: RasmusWL

python/ql/src/experimental/Security/CWE-1236/CsvInjection.ql

@@ -11,11 +11,11 @@
  */
 
 import python
-import DataFlow::PathGraph
+import CsvInjectionFlow::PathGraph
 import semmle.python.dataflow.new.DataFlow
 import experimental.semmle.python.security.injection.CsvInjection
 
-from CsvInjectionFlowConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+from CsvInjectionFlow::PathNode source, CsvInjectionFlow::PathNode sink
+where CsvInjectionFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Csv injection might include code from $@.", source.getNode(),
   "this user input"

python/ql/src/experimental/semmle/python/security/injection/CsvInjection.qll

@@ -8,14 +8,12 @@ import semmle.python.dataflow.new.RemoteFlowSources
 /**
  * A taint-tracking configuration for tracking untrusted user input used in file read.
  */
-class CsvInjectionFlowConfig extends TaintTracking::Configuration {
-  CsvInjectionFlowConfig() { this = "CsvInjectionFlowConfig" }
+private module CsvInjectionConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+  predicate isSink(DataFlow::Node sink) { sink = any(CsvWriter cw).getAnInput() }
 
-  override predicate isSink(DataFlow::Node sink) { sink = any(CsvWriter cw).getAnInput() }
-
-  override predicate isSanitizer(DataFlow::Node node) {
+  predicate isBarrier(DataFlow::Node node) {
     node = DataFlow::BarrierGuard<startsWithCheck/3>::getABarrierNode() or
     node instanceof StringConstCompareBarrier
   }
@@ -29,3 +27,6 @@ private predicate startsWithCheck(DataFlow::GuardNode g, ControlFlowNode node, b
     branch = true
   )
 }
+
+/** Global taint-tracking for detecting "CSV injection" vulnerabilities. */
+module CsvInjectionFlow = TaintTracking::Global<CsvInjectionConfig>;