Migrate csharp queries to new DF interface

Author: Alvaro Muñoz

csharp/lib/ghsl/HardcodedCredentials.qll

@@ -61,16 +61,16 @@ class CharArrayLiteral extends Source {
 }
 
 // taint from a string literal to the constructor of a SymmetricSecurityKey
-class LiteralToSecurityKeyConfig extends TaintTracking::Configuration {
-  LiteralToSecurityKeyConfig() { this = "LiteralToSecurityKeyConfig" }
+module LiteralToSecurityKeyConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof Source }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
+  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
 }
 
+module LiteralToSecurityKeyFlow = TaintTracking::Global<LiteralToSecurityKeyConfig>;
+
 class SymmetricSecurityKey extends Sink {
   SymmetricSecurityKey() {
     exists(ObjectCreation securityKey |
@@ -241,4 +241,3 @@ class DebugSanitizer extends Sanitizer {
     )
   }
 }
-

csharp/src/security/CWE-760/HardcodedSalt.ql

@@ -12,10 +12,9 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.Moq
-private import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph
-// import semmle.code.csharp.frameworks.system.security.Cryptography
 private import ghsl.Hardcoded
 private import ghsl.Cryptography
+import HardcodedSalt::Flow::PathGraph
 
 module HardcodedSalt {
   abstract class Source extends DataFlow::ExprNode { }
@@ -30,21 +29,19 @@ module HardcodedSalt {
     HashAlgSalts() { exists(Cryptography::HashingAlgorithms hash | this = hash.getSalt()) }
   }
 
-  class HardcodedSaltConfiguration extends TaintTracking::Configuration {
-    HardcodedSaltConfiguration() { this = "HardcodedSalt" }
+  module HardcodedSaltConfiguration implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) { source instanceof HardcodedSalt::Source }
 
-    override predicate isSource(DataFlow::Node source) { source instanceof HardcodedSalt::Source }
-
-    override predicate isSink(DataFlow::Node sink) {
+    predicate isSink(DataFlow::Node sink) {
       sink instanceof HardcodedSalt::Sink and
       not any(ReturnedByMockObject mock).getAMemberInitializationValue() = sink.asExpr() and
       not any(ReturnedByMockObject mock).getAnArgument() = sink.asExpr()
     }
   }
+
+  module Flow = TaintTracking::Global<HardcodedSaltConfiguration>;
 }
 
-from
-  HardcodedSalt::HardcodedSaltConfiguration config, DataFlow::PathNode source,
-  DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+from HardcodedSalt::Flow::PathNode source, HardcodedSalt::Flow::PathNode sink
+where HardcodedSalt::Flow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Use of $@.", source.getNode(), "hardcoded salt"

csharp/src/security/CWE-798/HardcodedCredentialsSymmetricSecurityKey.ql

@@ -13,10 +13,10 @@
  */
 
 import csharp
-private import DataFlow::PathGraph
 private import ghsl.HardcodedCredentials
+import LiteralToSecurityKeyFlow::PathGraph
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, LiteralToSecurityKeyConfig config
-where config.hasFlowPath(source, sink)
+from LiteralToSecurityKeyFlow::PathNode source, LiteralToSecurityKeyFlow::PathNode sink
+where LiteralToSecurityKeyFlow::flowPath(source, sink)
 select source, sink, source, "Hard-coded credential $@ used as SymmetricSecurityKey $@",
   source.getNode().asExpr(), source.getNode().toString(), sink.getNode().asExpr(), "here"