Move source and sink into importable library

java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql

@@ -11,7 +11,8 @@
  */
 
 import java
-import ServletResponseSplitting
+import semmle.code.java.dataflow.FlowSources
+import semmle.code.java.security.ResponseSplitting
 import DataFlow::PathGraph
 
 class ResponseSplittingConfig extends TaintTracking::Configuration {

java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql

@@ -12,7 +12,7 @@
 
 import java
 import semmle.code.java.dataflow.FlowSources
-import ServletResponseSplitting
+import semmle.code.java.security.ResponseSplitting
 import DataFlow::PathGraph
 
 class ResponseSplittingLocalConfig extends TaintTracking::Configuration {

java/ql/src/Security/CWE/CWE-113/ServletResponseSplitting.qll

@@ -1,39 +0,0 @@
-import java
-import semmle.code.java.frameworks.Servlets
-import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.security.ResponseSplitting
-
-/**
- * Header-splitting sinks. Expressions that end up in an HTTP header.
- */
-class ServletHeaderSplittingSink extends HeaderSplittingSink {
-  ServletHeaderSplittingSink() {
-    exists(ResponseAddCookieMethod m, MethodAccess ma |
-      ma.getMethod() = m and
-      this.asExpr() = ma.getArgument(0)
-    )
-    or
-    exists(ResponseAddHeaderMethod m, MethodAccess ma |
-      ma.getMethod() = m and
-      this.asExpr() = ma.getAnArgument()
-    )
-    or
-    exists(ResponseSetHeaderMethod m, MethodAccess ma |
-      ma.getMethod() = m and
-      this.asExpr() = ma.getAnArgument()
-    )
-    or
-    exists(JaxRsResponseBuilder builder, Method m |
-      m = builder.getAMethod() and m.getName() = "header"
-    |
-      this.asExpr() = m.getAReference().getArgument(1)
-    )
-  }
-}
-
-class ServletSafeHeaderSplittingSource extends SafeHeaderSplittingSource {
-  ServletSafeHeaderSplittingSource() {
-    this.asExpr().(MethodAccess).getMethod() instanceof HttpServletRequestGetHeaderMethod or
-    this.asExpr().(MethodAccess).getMethod() instanceof CookieGetNameMethod
-  }
-}