Python: Update rest of tests to new dataflow lib

I had missed these originally, since I had just fixed the ones that were
highlighted in the actions logs, thinking they had covered everything :(

Author: RasmusWL

python/ql/src/meta/alerts/RemoteFlowSourcesReach.ql

@@ -16,15 +16,13 @@ private import semmle.python.dataflow.new.RemoteFlowSources
 private import meta.MetaMetrics
 private import semmle.python.dataflow.new.internal.PrintNode
 
-class RemoteFlowSourceReach extends TaintTracking::Configuration {
-  RemoteFlowSourceReach() { this = "RemoteFlowSourceReach" }
-
-  override predicate isSource(DataFlow::Node node) {
+module RemoteFlowSourceReachConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node node) {
     node instanceof RemoteFlowSource and
     not node.getLocation().getFile() instanceof IgnoredFile
   }
 
-  override predicate isSink(DataFlow::Node node) {
+  predicate isSink(DataFlow::Node node) {
     not node.getLocation().getFile() instanceof IgnoredFile
     // We could try to reduce the number of sinks in this configuration, by only
     // allowing something that is on one end of a localFlowStep, readStep or storeStep,
@@ -37,6 +35,8 @@ class RemoteFlowSourceReach extends TaintTracking::Configuration {
   }
 }
 
-from RemoteFlowSourceReach cfg, DataFlow::Node reachable
-where cfg.hasFlow(_, reachable)
+module RemoteFlowSourceReachFlow = TaintTracking::Global<RemoteFlowSourceReachConfig>;
+
+from DataFlow::Node reachable
+where RemoteFlowSourceReachFlow::flow(_, reachable)
 select reachable, prettyNode(reachable)

python/ql/test/experimental/dataflow/TestUtil/DataflowQueryTest.qll

@@ -104,9 +104,9 @@ module FromTaintTrackingStateConfig<DataFlow::StateConfigSig C> {
   import MakeQueryTest<Impl>
 }
 
-signature class LegacyConfiguration extends DataFlow::Configuration;
+deprecated signature class LegacyConfiguration extends DataFlow::Configuration;
 
-module FromLegacyConfiguration<LegacyConfiguration C> {
+deprecated module FromLegacyConfiguration<LegacyConfiguration C> {
   module Impl implements QueryTestSig {
     predicate isSink(DataFlow::Node sink) { any(C c).isSink(sink) or any(C c).isSink(sink, _) }
 

python/ql/test/experimental/dataflow/basic/allFlowsConfig.qll

@@ -4,10 +4,10 @@ import semmle.python.dataflow.new.DataFlow
  * A configuration to find all flows.
  * To be used on tiny programs.
  */
-class AllFlowsConfig extends DataFlow::Configuration {
-  AllFlowsConfig() { this = "AllFlowsConfig" }
+module AllFlowsConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node node) { any() }
 
-  override predicate isSource(DataFlow::Node node) { any() }
-
-  override predicate isSink(DataFlow::Node node) { any() }
+  predicate isSink(DataFlow::Node node) { any() }
 }
+
+module AllFlowsFlow = DataFlow::Global<AllFlowsConfig>;

python/ql/test/experimental/dataflow/basic/global.ql

@@ -3,7 +3,7 @@ import allFlowsConfig
 from DataFlow::Node source, DataFlow::Node sink
 where
   source != sink and
-  exists(AllFlowsConfig cfg | cfg.hasFlow(source, sink)) and
+  AllFlowsFlow::flow(source, sink) and
   exists(source.getLocation().getFile().getRelativePath()) and
   exists(sink.getLocation().getFile().getRelativePath())
 select source, sink

python/ql/test/experimental/dataflow/basic/globalStep.ql

@@ -1,6 +1,6 @@
 import allFlowsConfig
 
-from DataFlow::PathNode fromNode, DataFlow::PathNode toNode
+from AllFlowsFlow::PathNode fromNode, AllFlowsFlow::PathNode toNode
 where
   toNode = fromNode.getASuccessor() and
   exists(fromNode.getNode().getLocation().getFile().getRelativePath()) and

python/ql/test/experimental/dataflow/basic/maximalFlows.ql

@@ -3,7 +3,7 @@ import maximalFlowsConfig
 from DataFlow::Node source, DataFlow::Node sink
 where
   source != sink and
-  exists(MaximalFlowsConfig cfg | cfg.hasFlow(source, sink)) and
+  MaximalFlowsFlow::flow(source, sink) and
   exists(source.getLocation().getFile().getRelativePath()) and
   exists(sink.getLocation().getFile().getRelativePath())
 select source, sink

python/ql/test/experimental/dataflow/basic/maximalFlowsConfig.qll

@@ -5,20 +5,20 @@ private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPr
  * A configuration to find all "maximal" flows.
  * To be used on small programs.
  */
-class MaximalFlowsConfig extends DataFlow::Configuration {
-  MaximalFlowsConfig() { this = "AllFlowsConfig" }
-
-  override predicate isSource(DataFlow::Node node) {
+module MaximalFlowsConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node node) {
     node instanceof DataFlow::ParameterNode
     or
     node instanceof DataFlow::EssaNode and
     not exists(DataFlow::EssaNode pred | DataFlow::localFlowStep(pred, node))
   }
 
-  override predicate isSink(DataFlow::Node node) {
+  predicate isSink(DataFlow::Node node) {
     node instanceof DataFlowPrivate::ReturnNode
     or
     node instanceof DataFlow::EssaNode and
     not exists(node.(DataFlow::EssaNode).getVar().getASourceUse())
   }
 }
+
+module MaximalFlowsFlow = DataFlow::Global<MaximalFlowsConfig>;

python/ql/test/experimental/dataflow/basic/sinks.ql

@@ -2,6 +2,6 @@ import allFlowsConfig
 
 from DataFlow::Node sink
 where
-  exists(AllFlowsConfig cfg | cfg.isSink(sink)) and
+  AllFlowsConfig::isSink(sink) and
   exists(sink.getLocation().getFile().getRelativePath())
 select sink

python/ql/test/experimental/dataflow/basic/sources.ql

@@ -2,6 +2,6 @@ import allFlowsConfig
 
 from DataFlow::Node source
 where
-  exists(AllFlowsConfig cfg | cfg.isSource(source)) and
+  AllFlowsConfig::isSource(source) and
   exists(source.getLocation().getFile().getRelativePath())
 select source

python/ql/test/experimental/dataflow/coverage/argumentRoutingTest.ql

@@ -10,13 +10,11 @@ module Argument1RoutingTest implements RoutingTestSig {
 
   predicate relevantFlow(DataFlow::Node source, DataFlow::Node sink, Argument arg) {
     (
-      exists(Argument1ExtraRoutingConfig cfg | cfg.hasFlow(source, sink))
+      Argument1ExtraRoutingFlow::flow(source, sink)
       or
-      exists(ArgumentRoutingConfig cfg |
-        cfg.hasFlow(source, sink) and
-        cfg.isArgSource(source, 1) and
-        cfg.isGoodSink(sink, 1)
-      )
+      ArgumentRoutingFlow::flow(source, sink) and
+      ArgumentRoutingConfig::isArgSource(source, 1) and
+      ArgumentRoutingConfig::isGoodSink(sink, 1)
     ) and
     exists(arg)
   }
@@ -26,46 +24,42 @@ class ArgNumber extends int {
   ArgNumber() { this in [1 .. 7] }
 }
 
-class ArgumentRoutingConfig extends DataFlow::Configuration {
-  ArgumentRoutingConfig() { this = "ArgumentRoutingConfig" }
-
-  predicate isArgSource(DataFlow::Node node, ArgNumber argNumber) {
+module ArgumentRoutingConfig implements DataFlow::ConfigSig {
+  additional predicate isArgSource(DataFlow::Node node, ArgNumber argNumber) {
     node.(DataFlow::CfgNode).getNode().(NameNode).getId() = "arg" + argNumber
   }
 
-  override predicate isSource(DataFlow::Node node) { this.isArgSource(node, _) }
+  predicate isSource(DataFlow::Node node) { isArgSource(node, _) }
 
-  predicate isGoodSink(DataFlow::Node node, ArgNumber argNumber) {
+  additional predicate isGoodSink(DataFlow::Node node, ArgNumber argNumber) {
     exists(CallNode call |
       call.getFunction().(NameNode).getId() = "SINK" + argNumber and
       node.(DataFlow::CfgNode).getNode() = call.getAnArg()
     )
   }
 
-  predicate isBadSink(DataFlow::Node node, ArgNumber argNumber) {
+  additional predicate isBadSink(DataFlow::Node node, ArgNumber argNumber) {
     exists(CallNode call |
       call.getFunction().(NameNode).getId() = "SINK" + argNumber + "_F" and
       node.(DataFlow::CfgNode).getNode() = call.getAnArg()
     )
   }
 
-  override predicate isSink(DataFlow::Node node) {
-    this.isGoodSink(node, _) or this.isBadSink(node, _)
-  }
+  predicate isSink(DataFlow::Node node) { isGoodSink(node, _) or isBadSink(node, _) }
 
   /**
    * We want to be able to use `arg` in a sequence of calls such as `func(kw=arg); ... ; func(arg)`.
    * Use-use flow lets the argument to the first call reach the sink inside the second call,
    * making it seem like we handle all cases even if we only handle the last one.
    * We make the test honest by preventing flow into source nodes.
    */
-  override predicate isBarrierIn(DataFlow::Node node) { this.isSource(node) }
+  predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
 }
 
-class Argument1ExtraRoutingConfig extends DataFlow::Configuration {
-  Argument1ExtraRoutingConfig() { this = "Argument1ExtraRoutingConfig" }
+module ArgumentRoutingFlow = DataFlow::Global<ArgumentRoutingConfig>;
 
-  override predicate isSource(DataFlow::Node node) {
+module Argument1ExtraRoutingConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node node) {
     exists(AssignmentDefinition def, DataFlow::CallCfgNode call |
       def.getVariable() = node.(DataFlow::EssaNode).getVar() and
       def.getValue() = call.getNode() and
@@ -74,7 +68,7 @@ class Argument1ExtraRoutingConfig extends DataFlow::Configuration {
     node.(DataFlow::EssaNode).getVar().getName().matches("with\\_%")
   }
 
-  override predicate isSink(DataFlow::Node node) {
+  predicate isSink(DataFlow::Node node) {
     exists(CallNode call |
       call.getFunction().(NameNode).getId() = "SINK1" and
       node.(DataFlow::CfgNode).getNode() = call.getAnArg()
@@ -87,20 +81,20 @@ class Argument1ExtraRoutingConfig extends DataFlow::Configuration {
    * making it seem like we handle all cases even if we only handle the last one.
    * We make the test honest by preventing flow into source nodes.
    */
-  override predicate isBarrierIn(DataFlow::Node node) { this.isSource(node) }
+  predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
 }
 
+module Argument1ExtraRoutingFlow = DataFlow::Global<Argument1ExtraRoutingConfig>;
+
 module RestArgumentRoutingTest implements RoutingTestSig {
   class Argument = ArgNumber;
 
   string flowTag(Argument arg) { result = "arg" + arg }
 
   predicate relevantFlow(DataFlow::Node source, DataFlow::Node sink, Argument arg) {
-    exists(ArgumentRoutingConfig cfg |
-      cfg.hasFlow(source, sink) and
-      cfg.isArgSource(source, arg) and
-      cfg.isGoodSink(sink, arg)
-    ) and
+    ArgumentRoutingFlow::flow(source, sink) and
+    ArgumentRoutingConfig::isArgSource(source, arg) and
+    ArgumentRoutingConfig::isGoodSink(sink, arg) and
     arg > 1
   }
 }
@@ -112,11 +106,9 @@ module BadArgumentRoutingTestSinkF implements RoutingTestSig {
   string flowTag(Argument arg) { result = "bad" + arg }
 
   predicate relevantFlow(DataFlow::Node source, DataFlow::Node sink, Argument arg) {
-    exists(ArgumentRoutingConfig cfg |
-      cfg.hasFlow(source, sink) and
-      cfg.isArgSource(source, arg) and
-      cfg.isBadSink(sink, arg)
-    )
+    ArgumentRoutingFlow::flow(source, sink) and
+    ArgumentRoutingConfig::isArgSource(source, arg) and
+    ArgumentRoutingConfig::isBadSink(sink, arg)
   }
 }
 
@@ -127,14 +119,12 @@ module BadArgumentRoutingTestWrongSink implements RoutingTestSig {
   string flowTag(Argument arg) { result = "bad" + arg }
 
   predicate relevantFlow(DataFlow::Node source, DataFlow::Node sink, Argument arg) {
-    exists(ArgumentRoutingConfig cfg |
-      cfg.hasFlow(source, sink) and
-      cfg.isArgSource(source, any(ArgNumber i | not i = arg)) and
-      (
-        cfg.isGoodSink(sink, arg)
-        or
-        cfg.isBadSink(sink, arg)
-      )
+    ArgumentRoutingFlow::flow(source, sink) and
+    ArgumentRoutingConfig::isArgSource(source, any(ArgNumber i | not i = arg)) and
+    (
+      ArgumentRoutingConfig::isGoodSink(sink, arg)
+      or
+      ArgumentRoutingConfig::isBadSink(sink, arg)
     )
   }
 }