JS: Port TemplateObjectInjection

javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll

@@ -14,7 +14,46 @@ private import semmle.javascript.security.TaintedObject
 /**
  * A taint tracking configuration for reasoning about template object injection vulnerabilities.
  */
-class TemplateObjInjectionConfig extends TaintTracking::Configuration {
+module TemplateObjectInjectionConfig implements DataFlow::StateConfigSig {
+  class FlowState = DataFlow::FlowLabel;
+
+  predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) {
+    source.(Source).getAFlowLabel() = label
+  }
+
+  predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) {
+    sink instanceof Sink and label = TaintedObject::label()
+  }
+
+  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) {
+    TaintTracking::defaultSanitizer(node) and
+    label.isTaint()
+    or
+    node = TaintedObject::SanitizerGuard::getABarrierNode(label)
+  }
+
+  predicate isAdditionalFlowStep(
+    DataFlow::Node src, DataFlow::FlowLabel inlbl, DataFlow::Node trg, DataFlow::FlowLabel outlbl
+  ) {
+    TaintedObject::step(src, trg, inlbl, outlbl)
+    or
+    inlbl.isTaint() and
+    TaintTracking::defaultTaintStep(src, trg) and
+    inlbl = outlbl
+  }
+}
+
+/**
+ * Taint tracking for reasoning about template object injection vulnerabilities.
+ */
+module TemplateObjectInjectionFlow = DataFlow::GlobalWithState<TemplateObjectInjectionConfig>;
+
+/**
+ * DEPRECATED. Use the `TemplateObjectInjectionFlow` module instead.
+ */
+deprecated class TemplateObjInjectionConfig extends TaintTracking::Configuration {
   TemplateObjInjectionConfig() { this = "TemplateObjInjectionConfig" }
 
   override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) {