Move RemoteSource and LocalSource to UnsafeDeserialization.qll

Author: edvraa

csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql

@@ -13,16 +13,6 @@
 import csharp
 import semmle.code.csharp.security.dataflow.UnsafeDeserialization::UnsafeDeserialization
 import DataFlow::PathGraph
-import semmle.code.csharp.security.dataflow.flowsources.Remote
-import semmle.code.csharp.security.dataflow.flowsources.Local
-
-class RemoteSource extends Source {
-  RemoteSource() { this instanceof RemoteFlowSource }
-}
-
-class LocalSource extends Source {
-  LocalSource() { this instanceof LocalFlowSource }
-}
 
 from DataFlow::PathNode userInput, DataFlow::PathNode deserializeCallArg
 where

csharp/ql/src/semmle/code/csharp/security/dataflow/UnsafeDeserialization.qll

@@ -8,6 +8,8 @@ import csharp
 module UnsafeDeserialization {
   private import semmle.code.csharp.serialization.Deserializers
   private import semmle.code.csharp.dataflow.TaintTracking2
+  private import semmle.code.csharp.security.dataflow.flowsources.Remote
+  private import semmle.code.csharp.security.dataflow.flowsources.Local
 
   /**
    * A data flow source for unsafe deserialization vulnerabilities.
@@ -43,6 +45,14 @@ module UnsafeDeserialization {
    */
   abstract class Sanitizer extends DataFlow::Node { }
 
+  class RemoteSource extends Source {
+    RemoteSource() { this instanceof RemoteFlowSource }
+  }
+  
+  class LocalSource extends Source {
+    LocalSource() { this instanceof LocalFlowSource }
+  }
+
   /**
    * User input to object method call deserialization flow tracking.
    */