C++: Update PrivateCleartextWrite with DataFlow::ConfigSig

cpp/ql/lib/change-notes/2023-03-08-deprecated-dataflow-configurations.md

@@ -0,0 +1,4 @@
+---
+category: deprecated
+---
+* The `WriteConfig` taint tracking configuration has been deprecated. Please use `WriteFlow`.

cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll

@@ -36,7 +36,7 @@ module PrivateCleartextWrite {
     }
   }
 
-  class WriteConfig extends TaintTracking::Configuration {
+  deprecated class WriteConfig extends TaintTracking::Configuration {
     WriteConfig() { this = "Write configuration" }
 
     override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -46,6 +46,16 @@ module PrivateCleartextWrite {
     override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
   }
 
+  private module WriteConfig implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+    predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+    predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+  }
+
+  module WriteFlow = TaintTracking::Make<WriteConfig>;
+
   class PrivateDataSource extends Source {
     PrivateDataSource() { this.getExpr() instanceof PrivateDataExpr }
   }

cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql

@@ -13,10 +13,10 @@
 import cpp
 import experimental.semmle.code.cpp.security.PrivateCleartextWrite
 import experimental.semmle.code.cpp.security.PrivateCleartextWrite::PrivateCleartextWrite
-import DataFlow::PathGraph
+import WriteFlow::PathGraph
 
-from WriteConfig b, DataFlow::PathNode source, DataFlow::PathNode sink
-where b.hasFlowPath(source, sink)
+from WriteFlow::PathNode source, WriteFlow::PathNode sink
+where WriteFlow::hasFlowPath(source, sink)
 select sink.getNode(), source, sink,
   "This write into the external location '" + sink.getNode() +
     "' may contain unencrypted data from $@.", source, "this source of private data."