Java SSRF query: sanitize primitives

Even 'char' isn't a realistic vector for an exploit, unless somebody is copying out a string char by char.

Author: smowton

java/ql/src/Security/CWE/CWE-918/RequestForgery.qll

@@ -199,6 +199,10 @@ private class SpringRestTemplateUrlMethods extends Method {
 /** A sanitizer for request forgery vulnerabilities. */
 abstract class RequestForgerySanitizer extends DataFlow::Node { }
 
+private class PrimitiveSanitizer extends RequestForgerySanitizer {
+  PrimitiveSanitizer() { this.getType() instanceof PrimitiveType }
+}
+
 private class HostnameSanitizingPrefix extends CompileTimeConstantExpr {
   int offset;