Make WeakCryptoAlgorithm use new API

owen-mc · owen-mc · commit 71735c86c212 · 2023-08-10T15:49:25.000+01:00
diff --git a/go/ql/src/experimental/CWE-327/WeakCryptoAlgorithm.ql b/go/ql/src/experimental/CWE-327/WeakCryptoAlgorithm.ql
@@ -11,10 +11,10 @@
  */
 
 import go
-import WeakCryptoAlgorithmCustomizations::WeakCryptoAlgorithm
-import DataFlow::PathGraph
+import WeakCryptoAlgorithmCustomizations
+import WeakCryptoAlgorithm::Flow::PathGraph
 
-from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
-where cfg.hasFlowPath(source, sink)
+from WeakCryptoAlgorithm::Flow::PathNode source, WeakCryptoAlgorithm::Flow::PathNode sink
+where WeakCryptoAlgorithm::Flow::flowPath(source, sink)
 select sink.getNode(), source, sink, "$@ is used in a weak cryptographic algorithm.",
   source.getNode(), "Sensitive data"
diff --git a/go/ql/src/experimental/CWE-327/WeakCryptoAlgorithmCustomizations.qll b/go/ql/src/experimental/CWE-327/WeakCryptoAlgorithmCustomizations.qll
@@ -49,9 +49,11 @@ module WeakCryptoAlgorithm {
   }
 
   /**
+   * DEPRECATED: Use `Flow` instead.
+   *
    * A configuration depicting taint flow from sensitive information to weak cryptographic algorithms.
    */
-  class Configuration extends TaintTracking::Configuration {
+  deprecated class Configuration extends TaintTracking::Configuration {
     Configuration() { this = "WeakCryptoAlgorithm" }
 
     override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -63,4 +65,14 @@ module WeakCryptoAlgorithm {
       node instanceof Sanitizer
     }
   }
+
+  private module Config implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+    predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+    predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+  }
+
+  module Flow = TaintTracking::Global<Config>;
 }
