Python: Move experimental HeaderInjection to new dataflow API

python/ql/src/experimental/Security/CWE-113/HeaderInjection.ql

@@ -14,9 +14,9 @@
 // determine precision above
 import python
 import experimental.semmle.python.security.injection.HTTPHeaders
-import DataFlow::PathGraph
+import HeaderInjectionFlow::PathGraph
 
-from HeaderInjectionFlowConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+from HeaderInjectionFlow::PathNode source, HeaderInjectionFlow::PathNode sink
+where HeaderInjectionFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "This HTTP header is constructed from a $@.", source.getNode(),
   "user-provided value"

python/ql/src/experimental/semmle/python/security/injection/HTTPHeaders.qll

@@ -7,14 +7,15 @@ import semmle.python.dataflow.new.RemoteFlowSources
 /**
  * A taint-tracking configuration for detecting HTTP Header injections.
  */
-class HeaderInjectionFlowConfig extends TaintTracking::Configuration {
-  HeaderInjectionFlowConfig() { this = "HeaderInjectionFlowConfig" }
+private module HeaderInjectionConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     exists(HeaderDeclaration headerDeclaration |
       sink in [headerDeclaration.getNameArg(), headerDeclaration.getValueArg()]
     )
   }
 }
+
+/** Global taint-tracking for detecting "HTTP Header injection" vulnerabilities. */
+module HeaderInjectionFlow = TaintTracking::Global<HeaderInjectionConfig>;