JS: Port experimental DecompressionBombs to ConfigSig

Author: asgerf

javascript/ql/src/experimental/Security/CWE-522-DecompressionBombs/DecompressionBombs.ql

@@ -12,24 +12,25 @@
  */
 
 import javascript
-import DataFlow::PathGraph
 import DecompressionBombs
 
-class BombConfiguration extends TaintTracking::Configuration {
-  BombConfiguration() { this = "DecompressionBombs" }
+module DecompressionBombConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+  predicate isSink(DataFlow::Node sink) { sink instanceof DecompressionBomb::Sink }
 
-  override predicate isSink(DataFlow::Node sink) { sink instanceof DecompressionBomb::Sink }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
+  predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
     exists(DecompressionBomb::AdditionalTaintStep addstep |
       addstep.isAdditionalTaintStep(pred, succ)
     )
   }
 }
 
-from BombConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
-where cfg.hasFlowPath(source, sink)
+module DecompressionBombFlow = TaintTracking::Global<DecompressionBombConfig>;
+
+import DecompressionBombFlow::PathGraph
+
+from DecompressionBombFlow::PathNode source, DecompressionBombFlow::PathNode sink
+where DecompressionBombFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "This Decompression depends on a $@.", source.getNode(),
   "potentially untrusted source"

javascript/ql/src/experimental/Security/CWE-522-DecompressionBombs/DecompressionBombs.qll

@@ -1,7 +1,6 @@
 import javascript
 import experimental.semmle.javascript.FormParsers
 import experimental.semmle.javascript.ReadableStream
-import DataFlow::PathGraph
 
 module DecompressionBomb {
   /**