feat: add debugging sources and sinks queries for Java

Author: GeekMasher

java/src/debugging/Sinks.ql

@@ -0,0 +1,16 @@
+/**
+ * @name List of all known sinks
+ * @kind problem
+ * @problem.severity warning
+ * @security-severity 1.0
+ * @sub-severity low
+ * @precision low
+ * @id java/debugging/sinks
+ * @tags debugging
+ */
+
+import java
+import ghsl
+
+from AllSinks sinks
+select sinks, "sink[" + sinks.sinkType() + "]"

java/src/debugging/Sources.ql

@@ -0,0 +1,19 @@
+/**
+ * @name List of all known sources (remote, local, etc.)
+ * @kind problem
+ * @problem.severity warning
+ * @security-severity 1.0
+ * @sub-severity low
+ * @precision low
+ * @id java/debugging/sources
+ * @tags debugging
+ */
+
+import java
+import ghsl
+
+from AllSources sources, string threatModel
+where threatModel = sources.getThreatModel()
+// Local sources
+// sources.getThreatModel() = "local"
+select sources, "source[" + threatModel + "]"

java/src/suites/java-debugging.qls

@@ -0,0 +1,13 @@
+- description: "GitHub's Community Packs Java/Kotlin Extended Suite"
+
+- queries: '.'
+  from: githubsecuritylab/codeql-java-queries
+
+- include:
+    tags contain:
+      - debugging
+
+# Remove local testing folders
+- exclude:
+    query path:
+      - /testing\/.*/