Abstract Xss sanitizer

Turn the Xss sanitizer into an abstract class to support customizations
and provide a default implementation.

java/ql/src/Security/CWE/CWE-079/XSS.ql

@@ -22,9 +22,7 @@ class XSSConfig extends TaintTracking::Configuration {
 
   override predicate isSink(DataFlow::Node sink) { sink instanceof XssSink }
 
-  override predicate isSanitizer(DataFlow::Node node) {
+  override predicate isSanitizer(DataFlow::Node node) { node instanceof XssSanitizer }
-    node.getType() instanceof NumericType or node.getType() instanceof BooleanType
-  }
 }
 
 from DataFlow::PathNode source, DataFlow::PathNode sink, XSSConfig conf

java/ql/src/semmle/code/java/security/XSS.qll

@@ -12,6 +12,8 @@ import semmle.code.java.dataflow.TaintTracking2
 
 abstract class XssSink extends DataFlow::Node { }
 
+abstract class XssSanitizer extends DataFlow::Node { }
+
 private class DefaultXssSink extends XssSink {
   DefaultXssSink() {
     exists(HttpServletResponseSendErrorMethod m, MethodAccess ma |
@@ -80,6 +82,12 @@ private class DefaultXssSink extends XssSink {
   }
 }
 
+private class DefaultXSSSanitizer extends XssSanitizer {
+  DefaultXSSSanitizer() {
+    this.getType() instanceof NumericType or this.getType() instanceof BooleanType
+  }
+}
+
 private class ServletWriterSourceToWritingMethodFlowConfig extends TaintTracking2::Configuration {
   ServletWriterSourceToWritingMethodFlowConfig() {
     this = "XSS::ServletWriterSourceToWritingMethodFlowConfig"