Accept MaD sanitizers for queries with MaD sinks

javascript/ql/lib/semmle/javascript/security/CorsPermissiveConfigurationCustomizations.qll

@@ -82,4 +82,8 @@ module CorsPermissiveConfiguration {
       )
     }
   }
+
+  private class SanitizerFromModel extends Sanitizer {
+    SanitizerFromModel() { ModelOutput::barrierNode(this, "cors-origin") }
+  }
 }

javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll

@@ -270,4 +270,8 @@ module ClientSideUrlRedirect {
   private class SinkFromModel extends Sink {
     SinkFromModel() { ModelOutput::sinkNode(this, "url-redirection") }
   }
+
+  private class SanitizerFromModel extends Sanitizer {
+    SanitizerFromModel() { ModelOutput::barrierNode(this, "url-redirection") }
+  }
 }

javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll

@@ -438,4 +438,8 @@ module CodeInjection {
   private class SinkFromModel extends Sink {
     SinkFromModel() { ModelOutput::sinkNode(this, "code-injection") }
   }
+
+  private class SanitizerFromModel extends Sanitizer {
+    SanitizerFromModel() { ModelOutput::barrierNode(this, "code-injection") }
+  }
 }

javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionCustomizations.qll

@@ -58,4 +58,8 @@ module CommandInjection {
   private class SinkFromModel extends Sink {
     SinkFromModel() { ModelOutput::sinkNode(this, "command-injection") }
   }
+
+  private class SanitizerFromModel extends Sanitizer {
+    SanitizerFromModel() { ModelOutput::barrierNode(this, "command-injection") }
+  }
 }

javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll

@@ -421,4 +421,8 @@ module DomBasedXss {
   private class SinkFromModel extends Sink {
     SinkFromModel() { ModelOutput::sinkNode(this, "html-injection") }
   }
+
+  private class SanitizerFromModel extends Sanitizer {
+    SanitizerFromModel() { ModelOutput::barrierNode(this, "html-injection") }
+  }
 }

javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsCustomizations.qll

@@ -44,4 +44,14 @@ module HardcodedCredentials {
       not (super.getCredentialsKind() = "jwt key" and isTestFile(this.getFile()))
     }
   }
+
+  /**
+   * Note that a sanitizer with kind `credentials-key` will sanitize flow to
+   * all sinks, not just sinks with the same kind.
+   */
+  private class CredentialSanitizerFromModel extends Sanitizer {
+    CredentialSanitizerFromModel() {
+      exists(string kind | ModelOutput::barrierNode(this, "credentials-" + kind))
+    }
+  }
 }

javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll

@@ -88,3 +88,7 @@ class JsonStringifySanitizer extends Sanitizer {
 private class SinkFromModel extends Sink {
   SinkFromModel() { ModelOutput::sinkNode(this, "log-injection") }
 }
+
+private class SanitizerFromModel extends Sanitizer {
+  SanitizerFromModel() { ModelOutput::barrierNode(this, "log-injection") }
+}

javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionCustomizations.qll

@@ -47,4 +47,8 @@ module NosqlInjection {
 
   /** An expression interpreted as a NoSql query, viewed as a sink. */
   class NosqlQuerySink extends Sink instanceof NoSql::Query { }
+
+  private class SanitizerFromModel extends Sanitizer {
+    SanitizerFromModel() { ModelOutput::barrierNode(this, "nosql-injection") }
+  }
 }

javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll

@@ -147,4 +147,8 @@ module ReflectedXss {
   private class SinkFromModel extends Sink {
     SinkFromModel() { ModelOutput::sinkNode(this, "html-injection") }
   }
+
+  private class SanitizerFromModel extends Sanitizer {
+    SanitizerFromModel() { ModelOutput::barrierNode(this, "html-injection") }
+  }
 }

javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryCustomizations.qll

@@ -114,4 +114,8 @@ module RequestForgery {
   class UriEncodingSanitizer extends Sanitizer instanceof Xss::Shared::UriEncodingSanitizer {
     UriEncodingSanitizer() { this.encodesPathSeparators() }
   }
+
+  private class SanitizerFromModel extends Sanitizer {
+    SanitizerFromModel() { ModelOutput::barrierNode(this, "request-forgery") }
+  }
 }

javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectCustomizations.qll

@@ -66,4 +66,8 @@ module ServerSideUrlRedirect {
   private class SinkFromModel extends Sink {
     SinkFromModel() { ModelOutput::sinkNode(this, "url-redirection") }
   }
+
+  private class SanitizerFromModel extends Sanitizer {
+    SanitizerFromModel() { ModelOutput::barrierNode(this, "url-redirection") }
+  }
 }

javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionCustomizations.qll

@@ -74,4 +74,8 @@ module SqlInjection {
       )
     }
   }
+
+  private class SanitizerFromModel extends Sanitizer {
+    SanitizerFromModel() { ModelOutput::barrierNode(this, "sql-injection") }
+  }
 }

javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll

@@ -1124,4 +1124,8 @@ module TaintedPath {
   private class SinkFromModel extends Sink {
     SinkFromModel() { ModelOutput::sinkNode(this, "path-injection") }
   }
+
+  private class SanitizerFromModel extends Sanitizer {
+    SanitizerFromModel() { ModelOutput::barrierNode(this, "path-injection") }
+  }
 }

javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationCustomizations.qll

@@ -69,4 +69,8 @@ module UnsafeDeserialization {
   private class SinkFromModel extends Sink {
     SinkFromModel() { ModelOutput::sinkNode(this, "unsafe-deserialization") }
   }
+
+  private class SanitizerFromModel extends Sanitizer {
+    SanitizerFromModel() { ModelOutput::barrierNode(this, "unsafe-deserialization") }
+  }
 }