Ruby: configsig rb/url-redirection

ruby/ql/lib/codeql/ruby/security/UrlRedirectQuery.qll

@@ -1,8 +1,9 @@
 /**
  * Provides a taint-tracking configuration for detecting "URL redirection" vulnerabilities.
  *
- * Note, for performance reasons: only import this file if `Configuration` is needed,
- * otherwise `UrlRedirectCustomizations` should be imported instead.
+ * Note, for performance reasons: only import this file if
+ * `UrlRedirectConfig` is needed, otherwise
+ * `UrlRedirectCustomizations` should be imported instead.
  */
 
 private import codeql.ruby.AST
@@ -13,8 +14,9 @@ import UrlRedirectCustomizations::UrlRedirect
 
 /**
  * A taint-tracking configuration for detecting "URL redirection" vulnerabilities.
+ * DEPRECATED: Use `UrlRedirectFlow`
  */
-class Configuration extends TaintTracking::Configuration {
+deprecated class Configuration extends TaintTracking::Configuration {
   Configuration() { this = "UrlRedirect" }
 
   override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -31,3 +33,20 @@ class Configuration extends TaintTracking::Configuration {
     UrlRedirect::isAdditionalTaintStep(node1, node2)
   }
 }
+
+private module UrlRedirectConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+    UrlRedirect::isAdditionalTaintStep(node1, node2)
+  }
+}
+
+/**
+ * Taint-tracking for detecting "URL redirection" vulnerabilities.
+ */
+module UrlRedirectFlow = TaintTracking::Global<UrlRedirectConfig>;