Move SensitiveLoggerConfig source to extensible format

Author: Salah Baddou

java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll

@@ -7,6 +7,9 @@ import semmle.code.java.security.SensitiveActions
 import semmle.code.java.frameworks.android.Compose
 private import semmle.code.java.security.Sanitizers
 
+/** A data flow source node for sensitive logging sources. */
+abstract class SensitiveLoggerSource extends DataFlow::Node { }
+
 /** A variable that may hold sensitive information, judging by its name. */
 class VariableWithSensitiveName extends Variable {
   VariableWithSensitiveName() {
@@ -26,6 +29,12 @@ class CredentialExpr extends VarAccess {
   }
 }
 
+class CredentialExprSource extends SensitiveLoggerSource {
+  CredentialExprSource(){
+    this.asExpr() instanceof CredentialExpr
+  }
+}
+
 /** An instantiation of a (reflexive, transitive) subtype of `java.lang.reflect.Type`. */
 private class TypeType extends RefType {
   pragma[nomagic]
@@ -42,7 +51,7 @@ private class TypeType extends RefType {
 deprecated class SensitiveLoggerConfiguration extends TaintTracking::Configuration {
   SensitiveLoggerConfiguration() { this = "SensitiveLoggerConfiguration" }
 
-  override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CredentialExpr }
+  override predicate isSource(DataFlow::Node source) { source instanceof SensitiveLoggerSource }
 
   override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "log-injection") }
 
@@ -59,7 +68,7 @@ deprecated class SensitiveLoggerConfiguration extends TaintTracking::Configurati
 
 /** A data-flow configuration for identifying potentially-sensitive data flowing to a log output. */
 module SensitiveLoggerConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CredentialExpr }
+  predicate isSource(DataFlow::Node source) { sourc instanceof SensitiveLoggerSource }
 
   predicate isSink(DataFlow::Node sink) { sinkNode(sink, "log-injection") }