Remove duplication of UnsafeFieldReadSanitizer

Author: owen-mc

go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll

@@ -121,21 +121,6 @@ module OpenUrlRedirect {
 /** A sink for an open redirect, considered as a sink for safe URL flow. */
 private class SafeUrlSink extends SafeUrlFlow::Sink instanceof OpenUrlRedirect::Sink { }
 
-/**
- * A read of a field considered unsafe to redirect to, considered as a sanitizer for a safe
- * URL.
- */
-private class UnsafeFieldReadSanitizer extends SafeUrlFlow::SanitizerEdge {
-  UnsafeFieldReadSanitizer() {
-    exists(DataFlow::FieldReadNode frn, string name |
-      name = ["User", "RawQuery", "Fragment"] and
-      frn.getField().hasQualifiedName("net/url", "URL")
-    |
-      this = frn.getBase()
-    )
-  }
-}
-
 /**
  * Reinstate the usual field propagation rules for fields, which the OpenURLRedirect
  * query usually excludes, for fields of `Params` other than `Params.Fixed`.

go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll

@@ -118,18 +118,3 @@ module RequestForgery {
 
 /** A sink for request forgery, considered as a sink for safe URL flow. */
 private class SafeUrlSink extends SafeUrlFlow::Sink instanceof RequestForgery::Sink { }
-
-/**
- * A read of a field considered unsafe for request forgery, considered as a sanitizer for a safe
- * URL.
- */
-private class UnsafeFieldReadSanitizer extends SafeUrlFlow::SanitizerEdge {
-  UnsafeFieldReadSanitizer() {
-    exists(DataFlow::FieldReadNode frn, string name |
-      (name = "RawQuery" or name = "Fragment" or name = "User") and
-      frn.getField().hasQualifiedName("net/url", "URL")
-    |
-      this = frn.getBase()
-    )
-  }
-}

go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll

@@ -40,4 +40,19 @@ module SafeUrlFlow {
   private class StringSlicingEdge extends SanitizerEdge {
     StringSlicingEdge() { this = any(DataFlow::SliceNode sn) }
   }
+
+  /**
+   * A read of a field considered unsafe to redirect to, considered as a sanitizer for a safe
+   * URL.
+   */
+  private class UnsafeFieldReadSanitizer extends SanitizerEdge {
+    UnsafeFieldReadSanitizer() {
+      exists(DataFlow::FieldReadNode frn, string name |
+        name = ["Fragment", "RawQuery", "User"] and
+        frn.getField().hasQualifiedName("net/url", "URL")
+      |
+        this = frn.getBase()
+      )
+    }
+  }
 }