Python: Re-introduce old dataflow configs .qll files

and move all the old deprecated aliases to that file. We now have a
situation where all queries should work as they did before, and we just
have these new Query.qll files that contain the implementation.

(deprecation comes later)

Author: RasmusWL

python/ql/lib/semmle/python/security/dataflow/CleartextLogging.qll

@@ -0,0 +1,22 @@
+/**
+ * Provides a taint-tracking configuration for "Clear-text logging of sensitive information".
+ *
+ * Note, for performance reasons: only import this file if
+ * `CleartextLogging::Configuration` is needed, otherwise
+ * `CleartextLoggingCustomizations` should be imported instead.
+ */
+
+private import python
+private import semmle.python.dataflow.new.DataFlow
+private import semmle.python.dataflow.new.TaintTracking
+private import semmle.python.Concepts
+private import semmle.python.dataflow.new.RemoteFlowSources
+private import semmle.python.dataflow.new.BarrierGuards
+private import semmle.python.dataflow.new.SensitiveDataSources
+
+/**
+ * Provides a taint-tracking configuration for detecting "Clear-text logging of sensitive information".
+ */
+module CleartextLogging {
+  import CleartextLoggingQuery // ignore-query-import
+}

python/ql/lib/semmle/python/security/dataflow/CleartextStorage.qll

@@ -0,0 +1,22 @@
+/**
+ * Provides a taint-tracking configuration for "Clear-text storage of sensitive information".
+ *
+ * Note, for performance reasons: only import this file if
+ * `CleartextStorage::Configuration` is needed, otherwise
+ * `CleartextStorageCustomizations` should be imported instead.
+ */
+
+private import python
+private import semmle.python.dataflow.new.DataFlow
+private import semmle.python.dataflow.new.TaintTracking
+private import semmle.python.Concepts
+private import semmle.python.dataflow.new.RemoteFlowSources
+private import semmle.python.dataflow.new.BarrierGuards
+private import semmle.python.dataflow.new.SensitiveDataSources
+
+/**
+ * Provides a taint-tracking configuration for detecting "Clear-text storage of sensitive information".
+ */
+module CleartextStorage {
+  import CleartextStorageQuery // ignore-query-import
+}

python/ql/lib/semmle/python/security/dataflow/CodeInjection.qll

@@ -0,0 +1,25 @@
+/**
+ * Provides a taint-tracking configuration for detecting "code injection" vulnerabilities.
+ *
+ * Note, for performance reasons: only import this file if
+ * `CodeInjection::Configuration` is needed, otherwise
+ * `CodeInjectionCustomizations` should be imported instead.
+ */
+
+private import python
+import semmle.python.dataflow.new.DataFlow
+import semmle.python.dataflow.new.TaintTracking
+
+/**
+ * Provides a taint-tracking configuration for detecting "code injection" vulnerabilities.
+ */
+module CodeInjection {
+  import CodeInjectionQuery // ignore-query-import
+}
+
+/**
+ * DEPRECATED: Don't extend this class for customization, since this will lead to bad
+ * performance, instead use the new `CodeInjectionCustomizations.qll` file, and extend
+ * its' classes.
+ */
+deprecated class CodeInjectionConfiguration = CodeInjection::Configuration;

python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll

@@ -28,10 +28,3 @@ import semmle.python.dataflow.new.TaintTracking
       guard instanceof SanitizerGuard
     }
   }
-
-/**
- * DEPRECATED: Don't extend this class for customization, since this will lead to bad
- * performance, instead use the new `CodeInjectionCustomizations.qll` file, and extend
- * its' classes.
- */
-deprecated class CodeInjectionConfiguration = CodeInjection::Configuration;

python/ql/lib/semmle/python/security/dataflow/CommandInjection.qll

@@ -0,0 +1,25 @@
+/**
+ * Provides a taint-tracking configuration for detecting "command injection" vulnerabilities.
+ *
+ * Note, for performance reasons: only import this file if
+ * `CommandInjection::Configuration` is needed, otherwise
+ * `CommandInjectionCustomizations` should be imported instead.
+ */
+
+private import python
+import semmle.python.dataflow.new.DataFlow
+import semmle.python.dataflow.new.TaintTracking
+
+/**
+ * Provides a taint-tracking configuration for detecting "command injection" vulnerabilities.
+ */
+module CommandInjection {
+  import CommandInjectionQuery // ignore-query-import
+}
+
+/**
+ * DEPRECATED: Don't extend this class for customization, since this will lead to bad
+ * performance, instead use the new `CommandInjectionCustomizations.qll` file, and extend
+ * its' classes.
+ */
+deprecated class CommandInjectionConfiguration = CommandInjection::Configuration;

python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll

@@ -28,10 +28,3 @@ import semmle.python.dataflow.new.TaintTracking
       guard instanceof SanitizerGuard
     }
   }
-
-/**
- * DEPRECATED: Don't extend this class for customization, since this will lead to bad
- * performance, instead use the new `CommandInjectionCustomizations.qll` file, and extend
- * its' classes.
- */
-deprecated class CommandInjectionConfiguration = CommandInjection::Configuration;

python/ql/lib/semmle/python/security/dataflow/LdapInjection.qll

@@ -0,0 +1,24 @@
+/**
+ * Provides taint-tracking configurations for detecting LDAP injection vulnerabilities
+ *
+ * Note, for performance reasons: only import this file if
+ * `LdapInjection::Configuration` is needed, otherwise
+ * `LdapInjectionCustomizations` should be imported instead.
+ */
+
+import python
+import semmle.python.Concepts
+import semmle.python.dataflow.new.DataFlow
+import semmle.python.dataflow.new.TaintTracking
+import semmle.python.dataflow.new.RemoteFlowSources
+
+/**
+ * Provides aint-tracking configurations for detecting LDAP injection vulnerabilities.class
+ *
+ * Two configurations are provided. One is for detecting LDAP injection
+ * via the distinguished name (DN). The other is for detecting LDAP injection
+ * via the filter. These require different escapings.
+ */
+module LdapInjection {
+  import LdapInjectionQuery // ignore-query-import
+}

python/ql/lib/semmle/python/security/dataflow/LogInjection.qll

@@ -0,0 +1,18 @@
+/**
+ * Provides a taint-tracking configuration for tracking untrusted user input used in log entries.
+ *
+ * Note, for performance reasons: only import this file if
+ * `LogInjection::Configuration` is needed, otherwise
+ * `LogInjectionCustomizations` should be imported instead.
+ */
+
+import python
+import semmle.python.dataflow.new.DataFlow
+import semmle.python.dataflow.new.TaintTracking
+
+/**
+ * Provides a taint-tracking configuration for tracking untrusted user input used in log entries.
+ */
+module LogInjection {
+  import LogInjectionQuery // ignore-query-import
+}

python/ql/lib/semmle/python/security/dataflow/PathInjection.qll

@@ -0,0 +1,140 @@
+/**
+ * Provides taint-tracking configurations for detecting "path injection" vulnerabilities.
+ *
+ * Note, for performance reasons: only import this file if
+ * `PathInjection::Configuration` is needed, otherwise
+ * `PathInjectionCustomizations` should be imported instead.
+ */
+
+private import python
+private import semmle.python.Concepts
+import semmle.python.dataflow.new.DataFlow
+import semmle.python.dataflow.new.TaintTracking
+
+/**
+ * Provides a taint-tracking configuration for detecting "path injection" vulnerabilities.
+ */
+module PathInjection {
+  import PathInjectionQuery // ignore-query-import
+}
+
+
+// ---------------------------------------------------------------------------
+// Old, deprecated code
+// ---------------------------------------------------------------------------
+private import semmle.python.dataflow.new.DataFlow2
+private import semmle.python.dataflow.new.TaintTracking2
+private import ChainedConfigs12
+import PathInjectionCustomizations::PathInjection
+
+// ---------------------------------------------------------------------------
+// Case 1. The path is never normalized.
+// ---------------------------------------------------------------------------
+/**
+ * DEPRECATED: Use `PathInjection::Configuration` instead
+ *
+ * Configuration to find paths from sources to sinks that contain no normalization.
+ */
+deprecated class PathNotNormalizedConfiguration extends TaintTracking::Configuration {
+  PathNotNormalizedConfiguration() { this = "PathNotNormalizedConfiguration" }
+
+  override predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+  override predicate isSanitizer(DataFlow::Node node) {
+    node instanceof Sanitizer
+    or
+    node instanceof Path::PathNormalization
+  }
+
+  override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
+    guard instanceof SanitizerGuard
+  }
+}
+
+/**
+ * DEPRECATED: Use `PathInjection::Configuration` instead
+ *
+ * Holds if there is a path injection from source to sink, where the (python) path is
+ * not normalized.
+ */
+deprecated predicate pathNotNormalized(CustomPathNode source, CustomPathNode sink) {
+  any(PathNotNormalizedConfiguration config).hasFlowPath(source.asNode1(), sink.asNode1())
+}
+
+// ---------------------------------------------------------------------------
+// Case 2. The path is normalized at least once, but never checked afterwards.
+// ---------------------------------------------------------------------------
+/**
+ * DEPRECATED: Use `PathInjection::Configuration` instead
+ *
+ * Configuration to find paths from sources to normalizations that contain no prior normalizations.
+ */
+deprecated class FirstNormalizationConfiguration extends TaintTracking::Configuration {
+  FirstNormalizationConfiguration() { this = "FirstNormalizationConfiguration" }
+
+  override predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+  override predicate isSink(DataFlow::Node sink) { sink instanceof Path::PathNormalization }
+
+  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
+
+  override predicate isSanitizerOut(DataFlow::Node node) { node instanceof Path::PathNormalization }
+
+  override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
+    guard instanceof SanitizerGuard
+  }
+}
+
+/**
+ * DEPRECATED: Use `PathInjection::Configuration` instead
+ *
+ * Configuration to find paths from normalizations to sinks that do not go through a check.
+ */
+deprecated class NormalizedPathNotCheckedConfiguration extends TaintTracking2::Configuration {
+  NormalizedPathNotCheckedConfiguration() { this = "NormalizedPathNotCheckedConfiguration" }
+
+  override predicate isSource(DataFlow::Node source) { source instanceof Path::PathNormalization }
+
+  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
+
+  override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
+    guard instanceof Path::SafeAccessCheck
+    or
+    guard instanceof SanitizerGuard
+  }
+}
+
+/**
+ * DEPRECATED: Use `PathInjection::Configuration` instead
+ *
+ * Holds if there is a path injection from source to sink, where the (python) path is
+ * normalized at least once, but never checked afterwards.
+ */
+deprecated predicate pathNotCheckedAfterNormalization(CustomPathNode source, CustomPathNode sink) {
+  exists(
+    FirstNormalizationConfiguration config, DataFlow::PathNode mid1, DataFlow2::PathNode mid2,
+    NormalizedPathNotCheckedConfiguration config2
+  |
+    config.hasFlowPath(source.asNode1(), mid1) and
+    config2.hasFlowPath(mid2, sink.asNode2()) and
+    mid1.getNode().asCfgNode() = mid2.getNode().asCfgNode()
+  )
+}
+
+// ---------------------------------------------------------------------------
+// Query: Either case 1 or case 2.
+// ---------------------------------------------------------------------------
+/**
+ * DEPRECATED: Use `PathInjection::Configuration` instead
+ *
+ * Holds if there is a path injection from source to sink
+ */
+deprecated predicate pathInjection(CustomPathNode source, CustomPathNode sink) {
+  pathNotNormalized(source, sink)
+  or
+  pathNotCheckedAfterNormalization(source, sink)
+}