Refactor PartialPathTraversal

java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll

@@ -7,11 +7,13 @@ import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.dataflow.FlowSources
 
 /**
+ * DEPRECATED: Use `PartialPathTraversalFromRemoteFlow` instead.
+ *
  * A taint-tracking configuration for unsafe user input
  * that is used to validate against path traversal, but is insufficient
  * and remains vulnerable to Partial Path Traversal.
  */
-class PartialPathTraversalFromRemoteConfig extends TaintTracking::Configuration {
+deprecated class PartialPathTraversalFromRemoteConfig extends TaintTracking::Configuration {
   PartialPathTraversalFromRemoteConfig() { this = "PartialPathTraversalFromRemoteConfig" }
 
   override predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource }
@@ -20,3 +22,20 @@ class PartialPathTraversalFromRemoteConfig extends TaintTracking::Configuration
     any(PartialPathTraversalMethodAccess ma).getQualifier() = node.asExpr()
   }
 }
+
+/**
+ * A taint-tracking configuration for unsafe user input
+ * that is used to validate against path traversal, but is insufficient
+ * and remains vulnerable to Partial Path Traversal.
+ */
+private module PartialPathTraversalFromRemoteConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource }
+
+  predicate isSink(DataFlow::Node node) {
+    any(PartialPathTraversalMethodAccess ma).getQualifier() = node.asExpr()
+  }
+}
+
+/** Tracks flow of unsafe user input that is used to validate against path traversal, but is insufficient and remains vulnerable to Partial Path Traversal. */
+module PartialPathTraversalFromRemoteFlow =
+  TaintTracking::Global<PartialPathTraversalFromRemoteConfig>;