Allow MaD sanitizers for java/log-injection and java/sensitive-log

Author: owen-mc

java/ql/lib/semmle/code/java/security/LogInjection.qll

@@ -36,6 +36,10 @@ private class DefaultLogInjectionSink extends LogInjectionSink {
 private class DefaultLogInjectionSanitizer extends LogInjectionSanitizer instanceof SimpleTypeSanitizer
 { }
 
+private class ExternalLogInjectionSanitizer extends LogInjectionSanitizer {
+  ExternalLogInjectionSanitizer() { barrierNode(this, "log-injection") }
+}
+
 private class LineBreaksLogInjectionSanitizer extends LogInjectionSanitizer {
   LineBreaksLogInjectionSanitizer() {
     logInjectionSanitizer(this.asExpr())

java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll

@@ -120,6 +120,10 @@ private class DefaultSensitiveLoggerBarrier extends SensitiveLoggerBarrier {
   }
 }
 
+private class ExternalSensitiveLoggerBarrier extends SensitiveLoggerBarrier {
+  ExternalSensitiveLoggerBarrier() { barrierNode(this, "log-injection") }
+}
+
 /** A data-flow configuration for identifying potentially-sensitive data flowing to a log output. */
 module SensitiveLoggerConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof SensitiveLoggerSource }