move MultipartAndFormRemoteSource to DecompressionBombs.qll

Author: am0o0

go/ql/src/experimental/frameworks/DecompressionBombs.qll

@@ -4,10 +4,26 @@
 
 import go
 
+class MimeMultipartFileHeader extends UntrustedFlowSource::Range {
+  MimeMultipartFileHeader() {
+    exists(DataFlow::FieldReadNode frn | this = frn |
+      frn.getField().hasQualifiedName("mime/multipart", "FileHeader", ["Filename", "Header"])
+    )
+    or
+    exists(DataFlow::Method m |
+      m.hasQualifiedName("mime/multipart", "FileHeader", "Open") and
+      this = m.getACall().getResult(0)
+    )
+    or
+    exists(DataFlow::FieldReadNode frn |
+      frn.getField().hasQualifiedName("mime/multipart", "Form", "Value")
+    )
+  }
+}
+
 /** Provides a taint tracking configuration for reasoning about decompression bomb vulnerabilities. */
 module DecompressionBomb {
   import DecompressionBombsCustomizations
-  import MultipartAndFormRemoteSource
 
   module Config implements DataFlow::StateConfigSig {
     class FlowState = DecompressionBombs::FlowState;