Refactor UnsafeAndroidAccess

Author: egregius313

java/ql/lib/semmle/code/java/security/UnsafeAndroidAccessQuery.qll

@@ -7,9 +7,11 @@ import semmle.code.java.security.RequestForgery
 import semmle.code.java.security.UnsafeAndroidAccess
 
 /**
+ * DEPRECATED: Use `FetchUntrustedResourceFlow` instead.
+ *
  * A taint configuration tracking flow from untrusted inputs to a resource fetching call.
  */
-class FetchUntrustedResourceConfiguration extends TaintTracking::Configuration {
+deprecated class FetchUntrustedResourceConfiguration extends TaintTracking::Configuration {
   FetchUntrustedResourceConfiguration() { this = "FetchUntrustedResourceConfiguration" }
 
   override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
@@ -20,3 +22,13 @@ class FetchUntrustedResourceConfiguration extends TaintTracking::Configuration {
     sanitizer instanceof RequestForgerySanitizer
   }
 }
+
+private module FetchUntrustedResourceConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+
+  predicate isSink(DataFlow::Node sink) { sink instanceof UrlResourceSink }
+
+  predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof RequestForgerySanitizer }
+}
+
+module FetchUntrustedResourceFlow = TaintTracking::Make<FetchUntrustedResourceConfig>;

java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql

@@ -14,9 +14,9 @@
 
 import java
 import semmle.code.java.security.UnsafeAndroidAccessQuery
-import DataFlow::PathGraph
+import FetchUntrustedResourceFlow::PathGraph
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, FetchUntrustedResourceConfiguration conf
-where conf.hasFlowPath(source, sink)
+from FetchUntrustedResourceFlow::PathNode source, FetchUntrustedResourceFlow::PathNode sink
+where FetchUntrustedResourceFlow::hasFlowPath(source, sink)
 select sink.getNode(), source, sink, "Unsafe resource fetching in Android WebView due to $@.",
   source.getNode(), sink.getNode().(UrlResourceSink).getSinkType()

java/ql/test/query-tests/security/CWE-749/UnsafeAndroidAccessTest.ql

@@ -9,7 +9,7 @@ class UnsafeAndroidAccessTest extends InlineExpectationsTest {
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "hasUnsafeAndroidAccess" and
-    exists(DataFlow::Node sink, FetchUntrustedResourceConfiguration conf | conf.hasFlowTo(sink) |
+    exists(DataFlow::Node sink | FetchUntrustedResourceFlow::hasFlowTo(sink) |
       sink.getLocation() = location and
       element = sink.toString() and
       value = ""