Moved configuration from XPath.qll back to XPath Injection query

Author: atorralba

java/ql/src/experimental/Security/CWE/CWE-643/XPathInjection.ql

@@ -15,6 +15,14 @@ import semmle.code.java.dataflow.TaintTracking
 import DataFlow::PathGraph
 import semmle.code.java.security.XPath
 
+class XPathInjectionConfiguration extends TaintTracking::Configuration {
+  XPathInjectionConfiguration() { this = "XPathInjection" }
+
+  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+
+  override predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink }
+}
+
 from DataFlow::PathNode source, DataFlow::PathNode sink, XPathInjectionConfiguration c
 where c.hasFlowPath(source, sink)
 select sink.getNode(), source, sink, "$@ flows to here and is used in an XPath expression.",

java/ql/src/semmle/code/java/security/XPath.qll

@@ -55,11 +55,4 @@ class XPathInjectionSink extends DataFlow::ExprNode {
   XPathInjectionSink() { exists(XPathSink sink | this.getExpr() = sink.getSink()) }
 }
 
-/** A configuration that tracks data from a remote input source to a XPath evaluation sink. */
-class XPathInjectionConfiguration extends TaintTracking::Configuration {
-  XPathInjectionConfiguration() { this = "XPathInjection" }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink }
-}

java/ql/test/experimental/query-tests/security/CWE-643/XPathInjectionTest.ql

@@ -4,16 +4,22 @@ import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.security.XPath
 import TestUtilities.InlineExpectationsTest
 
+class Conf extends TaintTracking::Configuration {
+  Conf() { this = "test:xml:xpathinjection" }
+
+  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+
+  override predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink }
+}
+
 class HasXPathInjectionTest extends InlineExpectationsTest {
   HasXPathInjectionTest() { this = "HasXPathInjectionTest" }
 
   override string getARelevantTag() { result = "hasXPathInjection" }
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "hasXPathInjection" and
-    exists(DataFlow::Node src, DataFlow::Node sink, XPathInjectionConfiguration conf |
-      conf.hasFlow(src, sink)
-    |
+    exists(DataFlow::Node src, DataFlow::Node sink, Conf conf | conf.hasFlow(src, sink) |
       sink.getLocation() = location and
       element = sink.toString() and
       value = ""