Make NumericOrBooleanSanitizer easier to access and rename it

owen-mc · owen-mc · commit 0c9cd09140a9 · 2025-10-09T12:17:17.000+01:00
diff --git a/go/ql/lib/semmle/go/security/Sanitizers.qll b/go/ql/lib/semmle/go/security/Sanitizers.qll
@@ -0,0 +1,16 @@
+/**
+ * Classes to represent sanitizers commonly used in dataflow and taint tracking
+ * configurations.
+ */
+
+import go
+
+/**
+ * A node whose type is a simple type unlikely to carry taint, such as a
+ * numeric or boolean type.
+ */
+class SimpleTypeSanitizer extends DataFlow::Node {
+  SimpleTypeSanitizer() {
+    this.getType() instanceof NumericType or this.getType() instanceof BoolType
+  }
+}
diff --git a/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll
@@ -4,6 +4,7 @@
  */
 
 import go
+private import semmle.go.security.Sanitizers
 
 /**
  * Provides extension points for customizing the taint tracking configuration for reasoning about
@@ -39,12 +40,11 @@ module SqlInjection {
   /** A NoSql query, considered as a taint sink for SQL injection. */
   class NoSqlQueryAsSink extends Sink instanceof NoSql::Query { }
 
+  /** DEPRECATED: Use `SimpleTypeSanitizer` from semmle.go.security.Sanitizers instead. */
+  deprecated class NumericOrBooleanSanitizer = SimpleTypeSanitizer;
+
   /**
    * A numeric- or boolean-typed node, considered a sanitizer for sql injection.
    */
-  class NumericOrBooleanSanitizer extends Sanitizer {
-    NumericOrBooleanSanitizer() {
-      this.getType() instanceof NumericType or this.getType() instanceof BoolType
-    }
-  }
+  private class DefaultSanitizer extends Sanitizer instanceof SimpleTypeSanitizer { }
 }
