JS: Expose default taint steps/sanitizers

We need access to these in order to port taint-tracking configurations
where only some flow labels should use taint steps. This isn't supported
by the shared data flow library.

Such queries must therefore be converted to plain data-flow
configurations that explicitly add taint steps to the relevant flow
states.

javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll

@@ -18,6 +18,7 @@ private import semmle.javascript.dataflow.internal.FlowSteps as FlowSteps
 private import semmle.javascript.Unit
 private import semmle.javascript.dataflow.InferredTypes
 private import semmle.javascript.internal.CachedStages
+private import semmle.javascript.dataflow.internal.TaintTrackingPrivate as TaintTrackingPrivate
 
 /**
  * Provides classes for modeling taint propagation.
@@ -1035,4 +1036,22 @@ module TaintTracking {
   }
 
   import internal.sharedlib.TaintTracking
+
+  /**
+   * Holds if there is a taint step from `node1` to `node2`.
+   *
+   * This includes steps between synthesized nodes generated by flow summaries.
+   */
+  pragma[inline]
+  predicate defaultTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
+    TaintTrackingPrivate::defaultAdditionalTaintStep(node1, node2)
+  }
+
+  /**
+   * Holds if `node` is seen as a barrier for taint-tracking.
+   */
+  pragma[inline]
+  predicate defaultSanitizer(DataFlow::Node node) {
+    TaintTrackingPrivate::defaultTaintSanitizer(node)
+  }
 }