Upgrade CommandInjection query to use the latest DF interface

Author: Alvaro Muñoz

go/src/security/CWE-078/CommandInjection.ql

@@ -13,14 +13,13 @@
 
 import go
 import semmle.go.security.CommandInjection
-import DataFlow::PathGraph
-import semmle.go.security.FlowSources
+import semmle.go.security.CommandInjectionCustomizations::CommandInjection
 
 //Override CommandInjection::Configuration to use the in-use sources
-class InUseCommandInjectionConfiguration extends CommandInjection::Configuration {
-  override predicate isSource(DataFlow::Node node) {
+class InUseAsSource extends Source instanceof UntrustedFlowSource {
+  InUseAsSource() {
     exists(UntrustedFlowSource source, Function function, DataFlow::CallNode callNode |
-      source.asExpr() = node.asExpr() and
+      source.asExpr() = this.asExpr() and
       source.(DataFlow::ExprNode).asExpr().getEnclosingFunction() = function.getFuncDecl() and
       (
         // function is called directly
@@ -33,9 +32,16 @@ class InUseCommandInjectionConfiguration extends CommandInjection::Configuration
   }
 }
 
-from
-  InUseCommandInjectionConfiguration cfg, CommandInjection::DoubleDashSanitizingConfiguration cfg2,
-  DataFlow::PathNode source, DataFlow::PathNode sink
-where (cfg.hasFlowPath(source, sink) or cfg2.hasFlowPath(source, sink))
+module Flow =
+  DataFlow::MergePathGraph<CommandInjection::Flow::PathNode,
+    CommandInjection::DoubleDashSanitizingFlow::PathNode, CommandInjection::Flow::PathGraph,
+    CommandInjection::DoubleDashSanitizingFlow::PathGraph>;
+
+import Flow::PathGraph
+
+from Flow::PathNode source, Flow::PathNode sink
+where
+  CommandInjection::Flow::flowPath(source.asPathNode1(), sink.asPathNode1()) or
+  CommandInjection::DoubleDashSanitizingFlow::flowPath(source.asPathNode2(), sink.asPathNode2())
 select sink.getNode(), source, sink, "This command depends on a $@.", source.getNode(),
   "user-provided value"