C#: Use pyrameterized modules for TaintTracking

To keep the code changes minimal, and to keep the implementation similar
to C++ and Java, the `TaintTracking{Public,Private}` files are now
imported together through `TaintTrackingUtil`. This has the side effect
of exposing `localAdditionalTaintStep`. The corresponding predicate for
Java was already exposed.

config/identical-files.json

@@ -29,6 +29,13 @@
     "cpp/ql/src/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
     "cpp/ql/src/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll"
   ],
+  "Taint tracking C#": [
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll"
+  ],
   "Taint tracking Java": [
     "java/ql/src/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
     "java/ql/src/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll"

csharp/ql/src/semmle/code/csharp/dataflow/TaintTracking.qll

@@ -6,70 +6,5 @@
 import csharp
 
 module TaintTracking {
-  private import semmle.code.csharp.dataflow.DataFlow
-  private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate
-  import semmle.code.csharp.dataflow.internal.TaintTrackingPublic
-
-  /**
-   * A taint tracking configuration.
-   *
-   * A taint tracking configuration is a special dataflow configuration
-   * (`DataFlow::Configuration`) that allows for flow through nodes that do not
-   * necessarily preserve values, but are still relevant from a taint tracking
-   * perspective. (For example, string concatenation, where one of the operands
-   * is tainted.)
-   *
-   * Each use of the taint tracking library must define its own unique extension
-   * of this abstract class. A configuration defines a set of relevant sources
-   * (`isSource`) and sinks (`isSink`), and may additionally treat intermediate
-   * nodes as "sanitizers" (`isSanitizer`) as well as add custom taint flow steps
-   * (`isAdditionalTaintStep()`).
-   */
-  abstract class Configuration extends DataFlow::Configuration {
-    bindingset[this]
-    Configuration() { any() }
-
-    /**
-     * Holds if `source` is a relevant taint source.
-     *
-     * The smaller this predicate is, the faster `hasFlow()` will converge.
-     */
-    // overridden to provide taint-tracking specific qldoc
-    abstract override predicate isSource(DataFlow::Node source);
-
-    /**
-     * Holds if `sink` is a relevant taint sink.
-     *
-     * The smaller this predicate is, the faster `hasFlow()` will converge.
-     */
-    // overridden to provide taint-tracking specific qldoc
-    abstract override predicate isSink(DataFlow::Node sink);
-
-    /** Holds if the intermediate node `node` is a taint sanitizer. */
-    predicate isSanitizer(DataFlow::Node node) { none() }
-
-    final override predicate isBarrier(DataFlow::Node node) { isSanitizer(node) }
-
-    /**
-     * Holds if the additional taint propagation step from `pred` to `succ`
-     * must be taken into account in the analysis.
-     */
-    predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { none() }
-
-    final override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-      isAdditionalTaintStep(pred, succ)
-      or
-      localAdditionalTaintStep(pred, succ)
-      or
-      succ = pred.(DataFlow::NonLocalJumpNode).getAJumpSuccessor(false)
-    }
-
-    /**
-     * Holds if taint may flow from `source` to `sink` for this configuration.
-     */
-    // overridden to provide taint-tracking specific qldoc
-    override predicate hasFlow(DataFlow::Node source, DataFlow::Node sink) {
-      super.hasFlow(source, sink)
-    }
-  }
+  import semmle.code.csharp.dataflow.internal.tainttracking1.TaintTrackingImpl
 }

csharp/ql/src/semmle/code/csharp/dataflow/TaintTracking2.qll

@@ -6,70 +6,5 @@
 import csharp
 
 module TaintTracking2 {
-  private import semmle.code.csharp.dataflow.DataFlow2
-  private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate
-  import semmle.code.csharp.dataflow.internal.TaintTrackingPublic
-
-  /**
-   * A taint tracking configuration.
-   *
-   * A taint tracking configuration is a special dataflow configuration
-   * (`DataFlow::Configuration`) that allows for flow through nodes that do not
-   * necessarily preserve values, but are still relevant from a taint tracking
-   * perspective. (For example, string concatenation, where one of the operands
-   * is tainted.)
-   *
-   * Each use of the taint tracking library must define its own unique extension
-   * of this abstract class. A configuration defines a set of relevant sources
-   * (`isSource`) and sinks (`isSink`), and may additionally treat intermediate
-   * nodes as "sanitizers" (`isSanitizer`) as well as add custom taint flow steps
-   * (`isAdditionalTaintStep()`).
-   */
-  abstract class Configuration extends DataFlow2::Configuration {
-    bindingset[this]
-    Configuration() { any() }
-
-    /**
-     * Holds if `source` is a relevant taint source.
-     *
-     * The smaller this predicate is, the faster `hasFlow()` will converge.
-     */
-    // overridden to provide taint-tracking specific qldoc
-    abstract override predicate isSource(DataFlow::Node source);
-
-    /**
-     * Holds if `sink` is a relevant taint sink.
-     *
-     * The smaller this predicate is, the faster `hasFlow()` will converge.
-     */
-    // overridden to provide taint-tracking specific qldoc
-    abstract override predicate isSink(DataFlow::Node sink);
-
-    /** Holds if the intermediate node `node` is a taint sanitizer. */
-    predicate isSanitizer(DataFlow::Node node) { none() }
-
-    final override predicate isBarrier(DataFlow::Node node) { isSanitizer(node) }
-
-    /**
-     * Holds if the additional taint propagation step from `pred` to `succ`
-     * must be taken into account in the analysis.
-     */
-    predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { none() }
-
-    final override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-      isAdditionalTaintStep(pred, succ)
-      or
-      localAdditionalTaintStep(pred, succ)
-      or
-      succ = pred.(DataFlow::NonLocalJumpNode).getAJumpSuccessor(false)
-    }
-
-    /**
-     * Holds if taint may flow from `source` to `sink` for this configuration.
-     */
-    // overridden to provide taint-tracking specific qldoc
-    override predicate hasFlow(DataFlow::Node source, DataFlow::Node sink) {
-      super.hasFlow(source, sink)
-    }
-  }
+  import semmle.code.csharp.dataflow.internal.tainttracking2.TaintTrackingImpl
 }

csharp/ql/src/semmle/code/csharp/dataflow/TaintTracking3.qll

@@ -6,70 +6,5 @@
 import csharp
 
 module TaintTracking3 {
-  private import semmle.code.csharp.dataflow.DataFlow3
-  private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate
-  import semmle.code.csharp.dataflow.internal.TaintTrackingPublic
-
-  /**
-   * A taint tracking configuration.
-   *
-   * A taint tracking configuration is a special dataflow configuration
-   * (`DataFlow::Configuration`) that allows for flow through nodes that do not
-   * necessarily preserve values, but are still relevant from a taint tracking
-   * perspective. (For example, string concatenation, where one of the operands
-   * is tainted.)
-   *
-   * Each use of the taint tracking library must define its own unique extension
-   * of this abstract class. A configuration defines a set of relevant sources
-   * (`isSource`) and sinks (`isSink`), and may additionally treat intermediate
-   * nodes as "sanitizers" (`isSanitizer`) as well as add custom taint flow steps
-   * (`isAdditionalTaintStep()`).
-   */
-  abstract class Configuration extends DataFlow3::Configuration {
-    bindingset[this]
-    Configuration() { any() }
-
-    /**
-     * Holds if `source` is a relevant taint source.
-     *
-     * The smaller this predicate is, the faster `hasFlow()` will converge.
-     */
-    // overridden to provide taint-tracking specific qldoc
-    abstract override predicate isSource(DataFlow::Node source);
-
-    /**
-     * Holds if `sink` is a relevant taint sink.
-     *
-     * The smaller this predicate is, the faster `hasFlow()` will converge.
-     */
-    // overridden to provide taint-tracking specific qldoc
-    abstract override predicate isSink(DataFlow::Node sink);
-
-    /** Holds if the intermediate node `node` is a taint sanitizer. */
-    predicate isSanitizer(DataFlow::Node node) { none() }
-
-    final override predicate isBarrier(DataFlow::Node node) { isSanitizer(node) }
-
-    /**
-     * Holds if the additional taint propagation step from `pred` to `succ`
-     * must be taken into account in the analysis.
-     */
-    predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { none() }
-
-    final override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-      isAdditionalTaintStep(pred, succ)
-      or
-      localAdditionalTaintStep(pred, succ)
-      or
-      succ = pred.(DataFlow::NonLocalJumpNode).getAJumpSuccessor(false)
-    }
-
-    /**
-     * Holds if taint may flow from `source` to `sink` for this configuration.
-     */
-    // overridden to provide taint-tracking specific qldoc
-    override predicate hasFlow(DataFlow::Node source, DataFlow::Node sink) {
-      super.hasFlow(source, sink)
-    }
-  }
+  import semmle.code.csharp.dataflow.internal.tainttracking3.TaintTrackingImpl
 }

csharp/ql/src/semmle/code/csharp/dataflow/TaintTracking4.qll

@@ -6,70 +6,5 @@
 import csharp
 
 module TaintTracking4 {
-  private import semmle.code.csharp.dataflow.DataFlow4
-  private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate
-  import semmle.code.csharp.dataflow.internal.TaintTrackingPublic
-
-  /**
-   * A taint tracking configuration.
-   *
-   * A taint tracking configuration is a special dataflow configuration
-   * (`DataFlow::Configuration`) that allows for flow through nodes that do not
-   * necessarily preserve values, but are still relevant from a taint tracking
-   * perspective. (For example, string concatenation, where one of the operands
-   * is tainted.)
-   *
-   * Each use of the taint tracking library must define its own unique extension
-   * of this abstract class. A configuration defines a set of relevant sources
-   * (`isSource`) and sinks (`isSink`), and may additionally treat intermediate
-   * nodes as "sanitizers" (`isSanitizer`) as well as add custom taint flow steps
-   * (`isAdditionalTaintStep()`).
-   */
-  abstract class Configuration extends DataFlow4::Configuration {
-    bindingset[this]
-    Configuration() { any() }
-
-    /**
-     * Holds if `source` is a relevant taint source.
-     *
-     * The smaller this predicate is, the faster `hasFlow()` will converge.
-     */
-    // overridden to provide taint-tracking specific qldoc
-    abstract override predicate isSource(DataFlow::Node source);
-
-    /**
-     * Holds if `sink` is a relevant taint sink.
-     *
-     * The smaller this predicate is, the faster `hasFlow()` will converge.
-     */
-    // overridden to provide taint-tracking specific qldoc
-    abstract override predicate isSink(DataFlow::Node sink);
-
-    /** Holds if the intermediate node `node` is a taint sanitizer. */
-    predicate isSanitizer(DataFlow::Node node) { none() }
-
-    final override predicate isBarrier(DataFlow::Node node) { isSanitizer(node) }
-
-    /**
-     * Holds if the additional taint propagation step from `pred` to `succ`
-     * must be taken into account in the analysis.
-     */
-    predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { none() }
-
-    final override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-      isAdditionalTaintStep(pred, succ)
-      or
-      localAdditionalTaintStep(pred, succ)
-      or
-      succ = pred.(DataFlow::NonLocalJumpNode).getAJumpSuccessor(false)
-    }
-
-    /**
-     * Holds if taint may flow from `source` to `sink` for this configuration.
-     */
-    // overridden to provide taint-tracking specific qldoc
-    override predicate hasFlow(DataFlow::Node source, DataFlow::Node sink) {
-      super.hasFlow(source, sink)
-    }
-  }
+  import semmle.code.csharp.dataflow.internal.tainttracking4.TaintTrackingImpl
 }

csharp/ql/src/semmle/code/csharp/dataflow/TaintTracking5.qll

@@ -6,70 +6,5 @@
 import csharp
 
 module TaintTracking5 {
-  private import semmle.code.csharp.dataflow.DataFlow5
-  private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate
-  import semmle.code.csharp.dataflow.internal.TaintTrackingPublic
-
-  /**
-   * A taint tracking configuration.
-   *
-   * A taint tracking configuration is a special dataflow configuration
-   * (`DataFlow::Configuration`) that allows for flow through nodes that do not
-   * necessarily preserve values, but are still relevant from a taint tracking
-   * perspective. (For example, string concatenation, where one of the operands
-   * is tainted.)
-   *
-   * Each use of the taint tracking library must define its own unique extension
-   * of this abstract class. A configuration defines a set of relevant sources
-   * (`isSource`) and sinks (`isSink`), and may additionally treat intermediate
-   * nodes as "sanitizers" (`isSanitizer`) as well as add custom taint flow steps
-   * (`isAdditionalTaintStep()`).
-   */
-  abstract class Configuration extends DataFlow5::Configuration {
-    bindingset[this]
-    Configuration() { any() }
-
-    /**
-     * Holds if `source` is a relevant taint source.
-     *
-     * The smaller this predicate is, the faster `hasFlow()` will converge.
-     */
-    // overridden to provide taint-tracking specific qldoc
-    abstract override predicate isSource(DataFlow::Node source);
-
-    /**
-     * Holds if `sink` is a relevant taint sink.
-     *
-     * The smaller this predicate is, the faster `hasFlow()` will converge.
-     */
-    // overridden to provide taint-tracking specific qldoc
-    abstract override predicate isSink(DataFlow::Node sink);
-
-    /** Holds if the intermediate node `node` is a taint sanitizer. */
-    predicate isSanitizer(DataFlow::Node node) { none() }
-
-    final override predicate isBarrier(DataFlow::Node node) { isSanitizer(node) }
-
-    /**
-     * Holds if the additional taint propagation step from `pred` to `succ`
-     * must be taken into account in the analysis.
-     */
-    predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { none() }
-
-    final override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-      isAdditionalTaintStep(pred, succ)
-      or
-      localAdditionalTaintStep(pred, succ)
-      or
-      succ = pred.(DataFlow::NonLocalJumpNode).getAJumpSuccessor(false)
-    }
-
-    /**
-     * Holds if taint may flow from `source` to `sink` for this configuration.
-     */
-    // overridden to provide taint-tracking specific qldoc
-    override predicate hasFlow(DataFlow::Node source, DataFlow::Node sink) {
-      super.hasFlow(source, sink)
-    }
-  }
+  import semmle.code.csharp.dataflow.internal.tainttracking5.TaintTrackingImpl
 }

csharp/ql/src/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll

@@ -1,4 +1,4 @@
-import csharp
+private import csharp
 private import TaintTrackingPublic
 private import semmle.code.csharp.dataflow.internal.DataFlowImplCommon
 private import semmle.code.csharp.dataflow.internal.DataFlowPrivate

csharp/ql/src/semmle/code/csharp/dataflow/internal/TaintTrackingPublic.qll

@@ -1,4 +1,4 @@
-import csharp
+private import csharp
 private import TaintTrackingPrivate
 
 /**

csharp/ql/src/semmle/code/csharp/dataflow/internal/TaintTrackingUtil.qll

@@ -0,0 +1,2 @@
+import TaintTrackingPrivate
+import TaintTrackingPublic

csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll

@@ -0,0 +1,65 @@
+import TaintTrackingParameter::Public
+private import TaintTrackingParameter::Private
+
+/**
+ * A taint tracking configuration.
+ *
+ * A taint tracking configuration is a special dataflow configuration
+ * (`DataFlow::Configuration`) that allows for flow through nodes that do not
+ * necessarily preserve values, but are still relevant from a taint tracking
+ * perspective. (For example, string concatenation, where one of the operands
+ * is tainted.)
+ *
+ * Each use of the taint tracking library must define its own unique extension
+ * of this abstract class. A configuration defines a set of relevant sources
+ * (`isSource`) and sinks (`isSink`), and may additionally treat intermediate
+ * nodes as "sanitizers" (`isSanitizer`) as well as add custom taint flow steps
+ * (`isAdditionalTaintStep()`).
+ */
+abstract class Configuration extends DataFlow::Configuration {
+  bindingset[this]
+  Configuration() { any() }
+
+  /**
+   * Holds if `source` is a relevant taint source.
+   *
+   * The smaller this predicate is, the faster `hasFlow()` will converge.
+   */
+  // overridden to provide taint-tracking specific qldoc
+  abstract override predicate isSource(DataFlow::Node source);
+
+  /**
+   * Holds if `sink` is a relevant taint sink.
+   *
+   * The smaller this predicate is, the faster `hasFlow()` will converge.
+   */
+  // overridden to provide taint-tracking specific qldoc
+  abstract override predicate isSink(DataFlow::Node sink);
+
+  /** Holds if the intermediate node `node` is a taint sanitizer. */
+  predicate isSanitizer(DataFlow::Node node) { none() }
+
+  final override predicate isBarrier(DataFlow::Node node) { isSanitizer(node) }
+
+  /**
+   * Holds if the additional taint propagation step from `pred` to `succ`
+   * must be taken into account in the analysis.
+   */
+  predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { none() }
+
+  final override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
+    isAdditionalTaintStep(pred, succ)
+    or
+    localAdditionalTaintStep(pred, succ)
+    or
+    succ = pred.(DataFlow::NonLocalJumpNode).getAJumpSuccessor(false)
+  }
+
+  /**
+   * Holds if taint may flow from `source` to `sink` for this configuration.
+   */
+  // overridden to provide taint-tracking specific qldoc
+  override predicate hasFlow(DataFlow::Node source, DataFlow::Node sink) {
+    super.hasFlow(source, sink)
+  }
+}

csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingParameter.qll

@@ -0,0 +1,5 @@
+import semmle.code.csharp.dataflow.internal.TaintTrackingUtil as Public
+
+module Private {
+  import semmle.code.csharp.dataflow.DataFlow::DataFlow as DataFlow
+}

csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll

@@ -0,0 +1,65 @@
+import TaintTrackingParameter::Public
+private import TaintTrackingParameter::Private
+
+/**
+ * A taint tracking configuration.
+ *
+ * A taint tracking configuration is a special dataflow configuration
+ * (`DataFlow::Configuration`) that allows for flow through nodes that do not
+ * necessarily preserve values, but are still relevant from a taint tracking
+ * perspective. (For example, string concatenation, where one of the operands
+ * is tainted.)
+ *
+ * Each use of the taint tracking library must define its own unique extension
+ * of this abstract class. A configuration defines a set of relevant sources
+ * (`isSource`) and sinks (`isSink`), and may additionally treat intermediate
+ * nodes as "sanitizers" (`isSanitizer`) as well as add custom taint flow steps
+ * (`isAdditionalTaintStep()`).
+ */
+abstract class Configuration extends DataFlow::Configuration {
+  bindingset[this]
+  Configuration() { any() }
+
+  /**
+   * Holds if `source` is a relevant taint source.
+   *
+   * The smaller this predicate is, the faster `hasFlow()` will converge.
+   */
+  // overridden to provide taint-tracking specific qldoc
+  abstract override predicate isSource(DataFlow::Node source);
+
+  /**
+   * Holds if `sink` is a relevant taint sink.
+   *
+   * The smaller this predicate is, the faster `hasFlow()` will converge.
+   */
+  // overridden to provide taint-tracking specific qldoc
+  abstract override predicate isSink(DataFlow::Node sink);
+
+  /** Holds if the intermediate node `node` is a taint sanitizer. */
+  predicate isSanitizer(DataFlow::Node node) { none() }
+
+  final override predicate isBarrier(DataFlow::Node node) { isSanitizer(node) }
+
+  /**
+   * Holds if the additional taint propagation step from `pred` to `succ`
+   * must be taken into account in the analysis.
+   */
+  predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { none() }
+
+  final override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
+    isAdditionalTaintStep(pred, succ)
+    or
+    localAdditionalTaintStep(pred, succ)
+    or
+    succ = pred.(DataFlow::NonLocalJumpNode).getAJumpSuccessor(false)
+  }
+
+  /**
+   * Holds if taint may flow from `source` to `sink` for this configuration.
+   */
+  // overridden to provide taint-tracking specific qldoc
+  override predicate hasFlow(DataFlow::Node source, DataFlow::Node sink) {
+    super.hasFlow(source, sink)
+  }
+}

csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingParameter.qll

@@ -0,0 +1,5 @@
+import semmle.code.csharp.dataflow.internal.TaintTrackingUtil as Public
+
+module Private {
+  import semmle.code.csharp.dataflow.DataFlow2::DataFlow2 as DataFlow
+}

csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll

@@ -0,0 +1,65 @@
+import TaintTrackingParameter::Public
+private import TaintTrackingParameter::Private
+
+/**
+ * A taint tracking configuration.
+ *
+ * A taint tracking configuration is a special dataflow configuration
+ * (`DataFlow::Configuration`) that allows for flow through nodes that do not
+ * necessarily preserve values, but are still relevant from a taint tracking
+ * perspective. (For example, string concatenation, where one of the operands
+ * is tainted.)
+ *
+ * Each use of the taint tracking library must define its own unique extension
+ * of this abstract class. A configuration defines a set of relevant sources
+ * (`isSource`) and sinks (`isSink`), and may additionally treat intermediate
+ * nodes as "sanitizers" (`isSanitizer`) as well as add custom taint flow steps
+ * (`isAdditionalTaintStep()`).
+ */
+abstract class Configuration extends DataFlow::Configuration {
+  bindingset[this]
+  Configuration() { any() }
+
+  /**
+   * Holds if `source` is a relevant taint source.
+   *
+   * The smaller this predicate is, the faster `hasFlow()` will converge.
+   */
+  // overridden to provide taint-tracking specific qldoc
+  abstract override predicate isSource(DataFlow::Node source);
+
+  /**
+   * Holds if `sink` is a relevant taint sink.
+   *
+   * The smaller this predicate is, the faster `hasFlow()` will converge.
+   */
+  // overridden to provide taint-tracking specific qldoc
+  abstract override predicate isSink(DataFlow::Node sink);
+
+  /** Holds if the intermediate node `node` is a taint sanitizer. */
+  predicate isSanitizer(DataFlow::Node node) { none() }
+
+  final override predicate isBarrier(DataFlow::Node node) { isSanitizer(node) }
+
+  /**
+   * Holds if the additional taint propagation step from `pred` to `succ`
+   * must be taken into account in the analysis.
+   */
+  predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { none() }
+
+  final override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
+    isAdditionalTaintStep(pred, succ)
+    or
+    localAdditionalTaintStep(pred, succ)
+    or
+    succ = pred.(DataFlow::NonLocalJumpNode).getAJumpSuccessor(false)
+  }
+
+  /**
+   * Holds if taint may flow from `source` to `sink` for this configuration.
+   */
+  // overridden to provide taint-tracking specific qldoc
+  override predicate hasFlow(DataFlow::Node source, DataFlow::Node sink) {
+    super.hasFlow(source, sink)
+  }
+}

csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingParameter.qll

@@ -0,0 +1,5 @@
+import semmle.code.csharp.dataflow.internal.TaintTrackingUtil as Public
+
+module Private {
+  import semmle.code.csharp.dataflow.DataFlow3::DataFlow3 as DataFlow
+}

csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll

@@ -0,0 +1,65 @@
+import TaintTrackingParameter::Public
+private import TaintTrackingParameter::Private
+
+/**
+ * A taint tracking configuration.
+ *
+ * A taint tracking configuration is a special dataflow configuration
+ * (`DataFlow::Configuration`) that allows for flow through nodes that do not
+ * necessarily preserve values, but are still relevant from a taint tracking
+ * perspective. (For example, string concatenation, where one of the operands
+ * is tainted.)
+ *
+ * Each use of the taint tracking library must define its own unique extension
+ * of this abstract class. A configuration defines a set of relevant sources
+ * (`isSource`) and sinks (`isSink`), and may additionally treat intermediate
+ * nodes as "sanitizers" (`isSanitizer`) as well as add custom taint flow steps
+ * (`isAdditionalTaintStep()`).
+ */
+abstract class Configuration extends DataFlow::Configuration {
+  bindingset[this]
+  Configuration() { any() }
+
+  /**
+   * Holds if `source` is a relevant taint source.
+   *
+   * The smaller this predicate is, the faster `hasFlow()` will converge.
+   */
+  // overridden to provide taint-tracking specific qldoc
+  abstract override predicate isSource(DataFlow::Node source);
+
+  /**
+   * Holds if `sink` is a relevant taint sink.
+   *
+   * The smaller this predicate is, the faster `hasFlow()` will converge.
+   */
+  // overridden to provide taint-tracking specific qldoc
+  abstract override predicate isSink(DataFlow::Node sink);
+
+  /** Holds if the intermediate node `node` is a taint sanitizer. */
+  predicate isSanitizer(DataFlow::Node node) { none() }
+
+  final override predicate isBarrier(DataFlow::Node node) { isSanitizer(node) }
+
+  /**
+   * Holds if the additional taint propagation step from `pred` to `succ`
+   * must be taken into account in the analysis.
+   */
+  predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { none() }
+
+  final override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
+    isAdditionalTaintStep(pred, succ)
+    or
+    localAdditionalTaintStep(pred, succ)
+    or
+    succ = pred.(DataFlow::NonLocalJumpNode).getAJumpSuccessor(false)
+  }
+
+  /**
+   * Holds if taint may flow from `source` to `sink` for this configuration.
+   */
+  // overridden to provide taint-tracking specific qldoc
+  override predicate hasFlow(DataFlow::Node source, DataFlow::Node sink) {
+    super.hasFlow(source, sink)
+  }
+}

csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingParameter.qll

@@ -0,0 +1,5 @@
+import semmle.code.csharp.dataflow.internal.TaintTrackingUtil as Public
+
+module Private {
+  import semmle.code.csharp.dataflow.DataFlow4::DataFlow4 as DataFlow
+}

csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll

@@ -0,0 +1,65 @@
+import TaintTrackingParameter::Public
+private import TaintTrackingParameter::Private
+
+/**
+ * A taint tracking configuration.
+ *
+ * A taint tracking configuration is a special dataflow configuration
+ * (`DataFlow::Configuration`) that allows for flow through nodes that do not
+ * necessarily preserve values, but are still relevant from a taint tracking
+ * perspective. (For example, string concatenation, where one of the operands
+ * is tainted.)
+ *
+ * Each use of the taint tracking library must define its own unique extension
+ * of this abstract class. A configuration defines a set of relevant sources
+ * (`isSource`) and sinks (`isSink`), and may additionally treat intermediate
+ * nodes as "sanitizers" (`isSanitizer`) as well as add custom taint flow steps
+ * (`isAdditionalTaintStep()`).
+ */
+abstract class Configuration extends DataFlow::Configuration {
+  bindingset[this]
+  Configuration() { any() }
+
+  /**
+   * Holds if `source` is a relevant taint source.
+   *
+   * The smaller this predicate is, the faster `hasFlow()` will converge.
+   */
+  // overridden to provide taint-tracking specific qldoc
+  abstract override predicate isSource(DataFlow::Node source);
+
+  /**
+   * Holds if `sink` is a relevant taint sink.
+   *
+   * The smaller this predicate is, the faster `hasFlow()` will converge.
+   */
+  // overridden to provide taint-tracking specific qldoc
+  abstract override predicate isSink(DataFlow::Node sink);
+
+  /** Holds if the intermediate node `node` is a taint sanitizer. */
+  predicate isSanitizer(DataFlow::Node node) { none() }
+
+  final override predicate isBarrier(DataFlow::Node node) { isSanitizer(node) }
+
+  /**
+   * Holds if the additional taint propagation step from `pred` to `succ`
+   * must be taken into account in the analysis.
+   */
+  predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { none() }
+
+  final override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
+    isAdditionalTaintStep(pred, succ)
+    or
+    localAdditionalTaintStep(pred, succ)
+    or
+    succ = pred.(DataFlow::NonLocalJumpNode).getAJumpSuccessor(false)
+  }
+
+  /**
+   * Holds if taint may flow from `source` to `sink` for this configuration.
+   */
+  // overridden to provide taint-tracking specific qldoc
+  override predicate hasFlow(DataFlow::Node source, DataFlow::Node sink) {
+    super.hasFlow(source, sink)
+  }
+}

csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingParameter.qll

@@ -0,0 +1,5 @@
+import semmle.code.csharp.dataflow.internal.TaintTrackingUtil as Public
+
+module Private {
+  import semmle.code.csharp.dataflow.DataFlow5::DataFlow5 as DataFlow
+}

csharp/ql/test/library-tests/cil/dataflow/TaintTracking.ql

@@ -1,6 +1,13 @@
 import csharp
 import semmle.code.csharp.dataflow.TaintTracking
 
+// Test that all the copies of the taint tracking library can be imported
+// simultaneously without errors.
+import semmle.code.csharp.dataflow.TaintTracking2
+import semmle.code.csharp.dataflow.TaintTracking3
+import semmle.code.csharp.dataflow.TaintTracking4
+import semmle.code.csharp.dataflow.TaintTracking5
+
 class FlowConfig extends TaintTracking::Configuration {
   FlowConfig() { this = "FlowConfig" }