Refactor FilePathInjection

java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql

@@ -13,12 +13,13 @@
  */
 
 import java
+import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.dataflow.ExternalFlow
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.security.PathCreation
 import JFinalController
 import semmle.code.java.security.PathSanitizer
-import DataFlow::PathGraph
+import InjectFilePathFlow::PathGraph
 
 private class ActivateModels extends ActiveExperimentalModels {
   ActivateModels() { this = "file-path-injection" }
@@ -47,24 +48,24 @@ class NormalizedPathNode extends DataFlow::Node {
   }
 }
 
-class InjectFilePathConfig extends TaintTracking::Configuration {
-  InjectFilePathConfig() { this = "InjectFilePathConfig" }
+module InjectFilePathConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     sink.asExpr() = any(PathCreation p).getAnInput() and
     not sink instanceof NormalizedPathNode
   }
 
-  override predicate isSanitizer(DataFlow::Node node) {
+  predicate isBarrier(DataFlow::Node node) {
     exists(Type t | t = node.getType() | t instanceof BoxedType or t instanceof PrimitiveType)
     or
     node instanceof PathInjectionSanitizer
   }
 }
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, InjectFilePathConfig conf
-where conf.hasFlowPath(source, sink)
+module InjectFilePathFlow = TaintTracking::Global<InjectFilePathConfig>;
+
+from InjectFilePathFlow::PathNode source, InjectFilePathFlow::PathNode sink
+where InjectFilePathFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "External control of file name or path due to $@.",
   source.getNode(), "user-provided value"