Refactor Security.CWE.CWE-643.XPathInjection

Author: egregius313

java/ql/src/Security/CWE/CWE-643/XPathInjection.ql

@@ -15,17 +15,18 @@ import java
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.security.XPath
-import DataFlow::PathGraph
 
-class XPathInjectionConfiguration extends TaintTracking::Configuration {
-  XPathInjectionConfiguration() { this = "XPathInjection" }
+private module XPathInjectionConfiguration implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink }
+  predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink }
 }
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, XPathInjectionConfiguration c
-where c.hasFlowPath(source, sink)
+module XPathInjectionFlow = TaintTracking::Make<XPathInjectionConfiguration>;
+
+import XPathInjectionFlow::PathGraph
+
+from XPathInjectionFlow::PathNode source, XPathInjectionFlow::PathNode sink
+where XPathInjectionFlow::hasFlowPath(source, sink)
 select sink.getNode(), source, sink, "XPath expression depends on a $@.", source.getNode(),
   "user-provided value"