JS: Port ZipSlip

javascript/ql/src/Security/CWE-022/ZipSlip.ql

@@ -14,10 +14,10 @@
 
 import javascript
 import semmle.javascript.security.dataflow.ZipSlipQuery
-import DataFlow::PathGraph
+import DataFlow::DeduplicatePathGraph<ZipSlipFlow::PathNode, ZipSlipFlow::PathGraph>
 
-from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
-where cfg.hasFlowPath(source, sink)
+from PathNode source, PathNode sink
+where ZipSlipFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode())
 select source.getNode(), source, sink,
   "Unsanitized archive entry, which may contain '..', is used in a $@.", sink.getNode(),
   "file system operation"