Make ReflectedXss use new API

Author: owen-mc

go/ql/lib/semmle/go/security/ReflectedXss.qll

@@ -17,9 +17,11 @@ module ReflectedXss {
   import ReflectedXssCustomizations::ReflectedXss
 
   /**
+   * DEPRECATED: Use `Flow` instead.
+   *
    * A taint-tracking configuration for reasoning about XSS.
    */
-  class Configuration extends TaintTracking::Configuration {
+  deprecated class Configuration extends TaintTracking::Configuration {
     Configuration() { this = "ReflectedXss" }
 
     override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -35,4 +37,14 @@ module ReflectedXss {
       guard instanceof SanitizerGuard
     }
   }
+
+  private module Config implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+    predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+    predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+  }
+
+  module Flow = TaintTracking::Global<Config>;
 }

go/ql/src/Security/CWE-079/ReflectedXss.ql

@@ -13,14 +13,14 @@
  */
 
 import go
-import semmle.go.security.ReflectedXss::ReflectedXss
-import DataFlow::PathGraph
+import semmle.go.security.ReflectedXss
+import ReflectedXss::Flow::PathGraph
 
 from
-  Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string msg, string part,
+  ReflectedXss::Flow::PathNode source, ReflectedXss::Flow::PathNode sink, string msg, string part,
   Locatable partloc
 where
-  cfg.hasFlowPath(source, sink) and
+  ReflectedXss::Flow::flowPath(source, sink) and
   (
     exists(string kind | kind = sink.getNode().(SharedXss::Sink).getSinkKind() |
       kind = "rawtemplate" and