Allow non-query-specific MaD sanitizers

owen-mc · owen-mc · commit 352c07a11776 · 2025-12-16T17:38:32.000Z
diff --git a/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll
@@ -47,6 +47,10 @@ module CommandInjection {
     override predicate doubleDashIsSanitizing() { exec.doubleDashIsSanitizing() }
   }
 
+  private class ExternalSanitizer extends Sanitizer {
+    ExternalSanitizer() { barrierNode(this, "command-injection") }
+  }
+
   /**
    * A call to a regexp match function, considered as a barrier guard for command injection.
    */
diff --git a/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll b/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll
@@ -57,6 +57,10 @@ module TaintedPath {
     PathAsSink() { this = any(FileSystemAccess fsa).getAPathArgument() }
   }
 
+  private class ExternalSanitizer extends Sanitizer {
+    ExternalSanitizer() { barrierNode(this, "path-injection") }
+  }
+
   /**
    * A numeric- or boolean-typed node, considered a sanitizer for path traversal.
    */
diff --git a/go/ql/lib/semmle/go/security/Xss.qll b/go/ql/lib/semmle/go/security/Xss.qll
@@ -88,6 +88,10 @@ module SharedXss {
     body.getAContentType().regexpMatch("(?i).*html.*")
   }
 
+  private class ExternalSanitizer extends Sanitizer {
+    ExternalSanitizer() { barrierNode(this, ["html-injection", "js-injection"]) }
+  }
+
   /**
    * A JSON marshaler, acting to sanitize a possible XSS vulnerability because the
    * marshaled value is very unlikely to be returned as an HTML content-type.
