Python: Move experimental PossibleTimingAttackAgainstHash to new dataflow API

Author: RasmusWL

python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql

@@ -17,21 +17,22 @@ import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import experimental.semmle.python.security.TimingAttack
-import DataFlow::PathGraph
 
 /**
  * A configuration that tracks data flow from cryptographic operations
  * to equality test
  */
-class PossibleTimingAttackAgainstHash extends TaintTracking::Configuration {
-  PossibleTimingAttackAgainstHash() { this = "PossibleTimingAttackAgainstHash" }
+private module PossibleTimingAttackAgainstHash implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof ProduceCryptoCall }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof ProduceCryptoCall }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof NonConstantTimeComparisonSink }
+  predicate isSink(DataFlow::Node sink) { sink instanceof NonConstantTimeComparisonSink }
 }
 
-from PossibleTimingAttackAgainstHash config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+module PossibleTimingAttackAgainstHashFlow = TaintTracking::Global<PossibleTimingAttackAgainstHash>;
+
+import PossibleTimingAttackAgainstHashFlow::PathGraph
+
+from PossibleTimingAttackAgainstHashFlow::PathNode source, PossibleTimingAttackAgainstHashFlow::PathNode sink
+where PossibleTimingAttackAgainstHashFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Possible Timing attack against $@ validation.",
   source.getNode().(ProduceCryptoCall).getResultType(), "message"