Make HardcodedKeys use new API

Author: owen-mc

go/ql/src/experimental/CWE-321/HardcodedKeys.ql

@@ -11,9 +11,9 @@
 
 import go
 import HardcodedKeysLib
-import DataFlow::PathGraph
+import HardcodedKeys::Flow::PathGraph
 
-from HardcodedKeys::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
-where cfg.hasFlowPath(source, sink)
+from HardcodedKeys::Flow::PathNode source, HardcodedKeys::Flow::PathNode sink
+where HardcodedKeys::Flow::flowPath(source, sink)
 select sink.getNode(), source, sink, "$@ is used to sign a JWT token.", source.getNode(),
   "Hardcoded String"

go/ql/src/experimental/CWE-321/HardcodedKeysLib.qll

@@ -6,7 +6,6 @@
 
 import go
 import StringOps
-import DataFlow::PathGraph
 
 /**
  * Provides default sources, sinks and sanitizers for reasoning about
@@ -363,9 +362,11 @@ module HardcodedKeys {
   }
 
   /**
+   * DEPRECATED: Use `Flow` instead.
+   *
    * A configuration depicting taint flow for studying JWT token signing vulnerabilities.
    */
-  class Configuration extends TaintTracking::Configuration {
+  deprecated class Configuration extends TaintTracking::Configuration {
     Configuration() { this = "Hard-coded JWT Signing Key" }
 
     override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -374,4 +375,14 @@ module HardcodedKeys {
 
     override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof Sanitizer }
   }
+
+  private module Config implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+    predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+    predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+  }
+
+  module Flow = TaintTracking::Global<Config>;
 }