Port over UI5FormulaInjection

Author: jeongsoolee09

javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5FormulaInjectionQuery.qll

@@ -8,13 +8,13 @@ import advanced_security.javascript.frameworks.ui5.dataflow.DataFlow
 private class StoragePutCall extends CallNode {
   StoragePutCall() {
     /* 1. This is a call to `sap.ui.util.Storage.put` */
-    // 1-1. Required from `sap/ui/util/Storage`
+    /* 1-1. Required from `sap/ui/util/Storage` */
     exists(RequiredObject storageClass |
       this.getReceiver().getALocalSource() = storageClass.asSourceNode() and
       this.getCalleeName() = "put"
     )
     or
-    // 1-2. Direct call to `sap.ui.util.Storage.put`
+    /* 1-2. Direct call to `sap.ui.util.Storage.put` */
     this =
       globalVarRef("sap")
           .getAPropertyRead("ui")
@@ -109,12 +109,10 @@ private class FileSaveCall extends CallNode {
   }
 }
 
-class UI5FormulaInjectionConfiguration extends TaintTracking::Configuration {
-  UI5FormulaInjectionConfiguration() { this = "UI5 Formula Injection" }
+module UI5FormulaInjection implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource }
 
-  override predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node node) {
+  predicate isSink(DataFlow::Node node) {
     exists(StoragePutCall storagePutCall | node = storagePutCall.getArgument(1))
     or
     exists(FileSaveCall fileSaveCall |

javascript/frameworks/ui5/src/UI5FormulaInjection/UI5FormulaInjection.ql

@@ -13,14 +13,21 @@
 
 import javascript
 import advanced_security.javascript.frameworks.ui5.dataflow.DataFlow
-import advanced_security.javascript.frameworks.ui5.dataflow.DataFlow::UI5PathGraph
 import advanced_security.javascript.frameworks.ui5.UI5FormulaInjectionQuery
 
+module UI5FormulaInjectionFlow = TaintTracking::Global<UI5FormulaInjection>;
+
+module UI5FormulaInjectionUI5PathGraph =
+  UI5PathGraph<UI5FormulaInjectionFlow::PathNode, UI5FormulaInjectionFlow::PathGraph>;
+
+import UI5FormulaInjectionUI5PathGraph
+
 from
-  UI5FormulaInjectionConfiguration config, UI5PathNode source, UI5PathNode sink,
-  UI5PathNode primarySource
+  UI5FormulaInjectionUI5PathGraph::UI5PathNode source,
+  UI5FormulaInjectionUI5PathGraph::UI5PathNode sink,
+  UI5FormulaInjectionUI5PathGraph::UI5PathNode primarySource
 where
-  config.hasFlowPath(source.getPathNode(), sink.getPathNode()) and
+  UI5FormulaInjectionFlow::flowPath(source.getPathNode(), sink.getPathNode()) and
   primarySource = source.getAPrimarySource()
 select sink, primarySource, sink, "The content of a saved file depends on a $@.", primarySource,
   "user-provided value"