JS: Port RequestForgery

javascript/ql/src/Security/CWE-918/RequestForgery.ql

@@ -12,11 +12,11 @@
 
 import javascript
 import semmle.javascript.security.dataflow.RequestForgeryQuery
-import DataFlow::PathGraph
+import RequestForgeryFlow::PathGraph
 
-from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node request
+from RequestForgeryFlow::PathNode source, RequestForgeryFlow::PathNode sink, DataFlow::Node request
 where
-  cfg.hasFlowPath(source, sink) and
+  RequestForgeryFlow::flowPath(source, sink) and
   request = sink.getNode().(Sink).getARequest()
 select request, source, sink, "The $@ of this request depends on a $@.", sink.getNode(),
   sink.getNode().(Sink).getKind(), source, "user-provided value"