Ignore type incompatible sinks

ql/src/Security/CWE-643/XPathInjection.ql

@@ -13,7 +13,14 @@ import go
 import semmle.go.security.XPathInjection::XPathInjection
 import DataFlow::PathGraph
 
+/** Holds if `node` is either a string or a byte slice */
+predicate isStringOrByte(DataFlow::PathNode node) {
+  exists(Type t | t = node.getNode().getType().getUnderlyingType() |
+    t instanceof StringType or t instanceof ByteSliceType
+  )
+}
+
 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+where config.hasFlowPath(source, sink) and isStringOrByte(sink)
 select sink.getNode(), source, sink, "$@ flows here and is used in an XPath expression.",
   source.getNode(), "A user-provided value"

ql/src/semmle/go/security/XPathInjectionCustomizations.qll

@@ -38,16 +38,4 @@ module XPathInjection {
   class XPathExpressionStringAsSink extends Sink {
     XPathExpressionStringAsSink() { this instanceof XPath::XPathExpressionString::Range }
   }
-
-  //TODO add runes?
-  /**
-   * A call to `filepath.Rel`, considered as a sanitizer for path traversal.
-   */
-  /*class NonStringByteSanitizer extends Sanitizer {
-    NonStringByteSanitizer() {
-      exists(Type t | t = this.getType().getUnderlyingType() |
-        not t instanceof StringType or not t instanceof ByteSliceType
-      )
-    }
-  }*/
 }