Rename classes for external sanitizers

owen-mc · owen-mc · commit f9289439573b · 2025-12-17T10:47:45.000Z
diff --git a/java/ql/lib/semmle/code/java/security/PathSanitizer.qll b/java/ql/lib/semmle/code/java/security/PathSanitizer.qll
@@ -289,8 +289,8 @@ private Method getSourceMethod(Method m) {
   result = m
 }
 
-private class DefaultPathInjectionSanitizer extends PathInjectionSanitizer {
-  DefaultPathInjectionSanitizer() { barrierNode(this, "path-injection") }
+private class ExternalPathInjectionSanitizer extends PathInjectionSanitizer {
+  ExternalPathInjectionSanitizer() { barrierNode(this, "path-injection") }
 }
 
 /** Holds if `g` is a guard that checks for `..` components. */
diff --git a/java/ql/lib/semmle/code/java/security/RequestForgery.qll b/java/ql/lib/semmle/code/java/security/RequestForgery.qll
@@ -118,8 +118,8 @@ private class ContainsUrlSanitizer extends RequestForgerySanitizer {
   }
 }
 
-private class DefaultRequestForgerySanitizer extends RequestForgerySanitizer {
-  DefaultRequestForgerySanitizer() { barrierNode(this, "request-forgery") }
+private class ExternalRequestForgerySanitizer extends RequestForgerySanitizer {
+  ExternalRequestForgerySanitizer() { barrierNode(this, "request-forgery") }
 }
 
 /**
diff --git a/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll b/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll
@@ -27,8 +27,8 @@ class TrustBoundaryViolationSink extends DataFlow::Node {
  */
 abstract class TrustBoundaryValidationSanitizer extends DataFlow::Node { }
 
-private class DefaultTrustBoundaryValidationSanitizer extends TrustBoundaryValidationSanitizer {
-  DefaultTrustBoundaryValidationSanitizer() { barrierNode(this, "trust-boundary-violation") }
+private class ExternalTrustBoundaryValidationSanitizer extends TrustBoundaryValidationSanitizer {
+  ExternalTrustBoundaryValidationSanitizer() { barrierNode(this, "trust-boundary-violation") }
 }
 
 /**
diff --git a/java/ql/lib/semmle/code/java/security/XSS.qll b/java/ql/lib/semmle/code/java/security/XSS.qll
@@ -54,8 +54,8 @@ private class DefaultXssSink extends XssSink {
   }
 }
 
-private class DefaultXssSanitizer extends XssSanitizer {
-  DefaultXssSanitizer() { barrierNode(this, ["html-injection", "js-injection"]) }
+private class ExternalXssSanitizer extends XssSanitizer {
+  ExternalXssSanitizer() { barrierNode(this, ["html-injection", "js-injection"]) }
 }
 
 /** A sanitizer that considers numeric and boolean typed data safe for writing to output. */
diff --git a/java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll b/java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll
@@ -21,8 +21,8 @@ private class DefaultRegexInjectionSink extends RegexInjectionSink {
   }
 }
 
-private class DefaultRegexInjectionSanitizer extends RegexInjectionSanitizer {
-  DefaultRegexInjectionSanitizer() { barrierNode(this, "regex-use") }
+private class ExternalRegexInjectionSanitizer extends RegexInjectionSanitizer {
+  ExternalRegexInjectionSanitizer() { barrierNode(this, "regex-use") }
 }
 
 /**

Original file line number	Diff line number	Diff line change
`@@ -289,8 +289,8 @@ private Method getSourceMethod(Method m) {`
`289`	`289`	`result = m`
`290`	`290`	`}`
`291`	`291`
`292`		`-private class DefaultPathInjectionSanitizer extends PathInjectionSanitizer {`
`293`		`- DefaultPathInjectionSanitizer() { barrierNode(this, "path-injection") }`
	`292`	`+private class ExternalPathInjectionSanitizer extends PathInjectionSanitizer {`
	`293`	`+ ExternalPathInjectionSanitizer() { barrierNode(this, "path-injection") }`
`294`	`294`	`}`
`295`	`295`
`296`	`296`	/** Holds if `g` is a guard that checks for `..` components. */
Original file line number	Diff line number	Diff line change
`@@ -118,8 +118,8 @@ private class ContainsUrlSanitizer extends RequestForgerySanitizer {`
`118`	`118`	`}`
`119`	`119`	`}`
`120`	`120`
`121`		`-private class DefaultRequestForgerySanitizer extends RequestForgerySanitizer {`
`122`		`- DefaultRequestForgerySanitizer() { barrierNode(this, "request-forgery") }`
	`121`	`+private class ExternalRequestForgerySanitizer extends RequestForgerySanitizer {`
	`122`	`+ ExternalRequestForgerySanitizer() { barrierNode(this, "request-forgery") }`
`123`	`123`	`}`
`124`	`124`
`125`	`125`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -27,8 +27,8 @@ class TrustBoundaryViolationSink extends DataFlow::Node {`
`27`	`27`	`*/`
`28`	`28`	`abstract class TrustBoundaryValidationSanitizer extends DataFlow::Node { }`
`29`	`29`
`30`		`-private class DefaultTrustBoundaryValidationSanitizer extends TrustBoundaryValidationSanitizer {`
`31`		`- DefaultTrustBoundaryValidationSanitizer() { barrierNode(this, "trust-boundary-violation") }`
	`30`	`+private class ExternalTrustBoundaryValidationSanitizer extends TrustBoundaryValidationSanitizer {`
	`31`	`+ ExternalTrustBoundaryValidationSanitizer() { barrierNode(this, "trust-boundary-violation") }`
`32`	`32`	`}`
`33`	`33`
`34`	`34`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -54,8 +54,8 @@ private class DefaultXssSink extends XssSink {`
`54`	`54`	`}`
`55`	`55`	`}`
`56`	`56`
`57`		`-private class DefaultXssSanitizer extends XssSanitizer {`
`58`		`- DefaultXssSanitizer() { barrierNode(this, ["html-injection", "js-injection"]) }`
	`57`	`+private class ExternalXssSanitizer extends XssSanitizer {`
	`58`	`+ ExternalXssSanitizer() { barrierNode(this, ["html-injection", "js-injection"]) }`
`59`	`59`	`}`
`60`	`60`
`61`	`61`	`/** A sanitizer that considers numeric and boolean typed data safe for writing to output. */`
Original file line number	Diff line number	Diff line change
`@@ -21,8 +21,8 @@ private class DefaultRegexInjectionSink extends RegexInjectionSink {`
`21`	`21`	`}`
`22`	`22`	`}`
`23`	`23`
`24`		`-private class DefaultRegexInjectionSanitizer extends RegexInjectionSanitizer {`
`25`		`- DefaultRegexInjectionSanitizer() { barrierNode(this, "regex-use") }`
	`24`	`+private class ExternalRegexInjectionSanitizer extends RegexInjectionSanitizer {`
	`25`	`+ ExternalRegexInjectionSanitizer() { barrierNode(this, "regex-use") }`
`26`	`26`	`}`
`27`	`27`
`28`	`28`	`/**`