Make EqualityTestGuard a default taint sanitizer guard

It will apply to all configurations, not just those involving Xss.

ql/src/semmle/go/dataflow/internal/TaintTrackingUtil.qll

@@ -200,3 +200,26 @@ abstract class DefaultTaintSanitizerGuard extends DataFlow::BarrierGuard { }
 predicate isDefaultTaintSanitizerGuard(DataFlow::BarrierGuard guard) {
   guard instanceof DefaultTaintSanitizerGuard
 }
+
+/**
+ * An equality test acting as a sanitizer guard for `nonConstNode` by
+ * restricting it to a known value.
+ *
+ * Note that comparisons to `nil` are excluded. This is needed for performance
+ * reasons.
+ */
+class EqualityTestGuard extends DefaultTaintSanitizerGuard, DataFlow::EqualityTestNode {
+  DataFlow::Node nonConstNode;
+
+  EqualityTestGuard() {
+    this.getAnOperand().isConst() and
+    nonConstNode = this.getAnOperand() and
+    not nonConstNode.isConst() and
+    not this.getAnOperand() = Builtin::nil().getARead()
+  }
+
+  override predicate checks(Expr e, boolean outcome) {
+    e = nonConstNode.asExpr() and
+    outcome = this.getPolarity()
+  }
+}

ql/src/semmle/go/security/Xss.qll

@@ -103,15 +103,4 @@ module SharedXss {
       )
     }
   }
-
-  /**
-   * A check against a constant value, considered a barrier for XSS.
-   */
-  class EqualityTestGuard extends SanitizerGuard, DataFlow::EqualityTestNode {
-    override predicate checks(Expr e, boolean outcome) {
-      this.getAnOperand().isConst() and
-      e = this.getAnOperand().asExpr() and
-      outcome = this.getPolarity()
-    }
-  }
 }