Refactor Security.CWE.CWE-090.LdapInjectionLib

java/ql/src/Security/CWE/CWE-090/LdapInjection.ql

@@ -14,9 +14,9 @@
 import java
 import semmle.code.java.dataflow.FlowSources
 import LdapInjectionLib
-import DataFlow::PathGraph
+import LdapInjectionFlow::PathGraph
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, LdapInjectionFlowConfig conf
-where conf.hasFlowPath(source, sink)
+from LdapInjectionFlow::PathNode source, LdapInjectionFlow::PathNode sink
+where LdapInjectionFlow::hasFlowPath(source, sink)
 select sink.getNode(), source, sink, "This LDAP query depends on a $@.", source.getNode(),
   "user-provided value"

java/ql/src/Security/CWE/CWE-090/LdapInjectionLib.qll

@@ -1,21 +1,20 @@
 import java
 import semmle.code.java.dataflow.FlowSources
-import DataFlow
 import semmle.code.java.security.LdapInjection
 
 /**
  * A taint-tracking configuration for unvalidated user input that is used to construct LDAP queries.
  */
-class LdapInjectionFlowConfig extends TaintTracking::Configuration {
-  LdapInjectionFlowConfig() { this = "LdapInjectionFlowConfig" }
+private module LdapInjectionFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+  predicate isSink(DataFlow::Node sink) { sink instanceof LdapInjectionSink }
 
-  override predicate isSink(DataFlow::Node sink) { sink instanceof LdapInjectionSink }
+  predicate isBarrier(DataFlow::Node node) { node instanceof LdapInjectionSanitizer }
 
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof LdapInjectionSanitizer }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
+  predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
     any(LdapInjectionAdditionalTaintStep a).step(pred, succ)
   }
 }
+
+module LdapInjectionFlow = TaintTracking::Make<LdapInjectionFlowConfig>;