Extract Ldap injection sanitizers to importable lib

This includes a new abstract class that represents all the Ldap injection
santizers and can be used to add additional santizers through
extension.

Author: rvermeulen

java/ql/src/Security/CWE/CWE-090/LdapInjectionLib.qll

@@ -13,9 +13,7 @@ class LdapInjectionFlowConfig extends TaintTracking::Configuration {
 
   override predicate isSink(DataFlow::Node sink) { sink instanceof LdapInjectionSink }
 
-  override predicate isSanitizer(DataFlow::Node node) {
-    node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType
-  }
+  override predicate isSanitizer(DataFlow::Node node) { node instanceof LdapInjectionSanitizer }
 
   override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
     ldapNameStep(node1, node2) or

java/ql/src/semmle/code/java/security/LdapInjection.qll

@@ -10,6 +10,9 @@ import semmle.code.java.frameworks.ApacheLdap
 /** A data flow sink for unvalidated user input that is used to construct LDAP queries. */
 abstract class LdapInjectionSink extends DataFlow::Node { }
 
+/** A class that identifies sanitizers that prevent LDAP injection attacks. */
+abstract class LdapInjectionSanitizer extends DataFlow::Node { }
+
 private predicate jndiLdapInjectionSinkMethod(Method m, int index) {
   m.getDeclaringType().getAnAncestor() instanceof TypeDirContext and
   m.hasName("search") and
@@ -105,3 +108,13 @@ private class ApacheLdapInjectionSink extends LdapInjectionSink {
     )
   }
 }
+
+/** A sanitizer that clears the taint on primitive types. */
+private class PrimitiveTypeLdapSanitizer extends LdapInjectionSanitizer {
+  PrimitiveTypeLdapSanitizer() { this.getType() instanceof PrimitiveType }
+}
+
+/** A sanitizer that clears the taint on boxed primitive types. */
+private class BoxedTypeLdapSanitizer extends LdapInjectionSanitizer {
+  BoxedTypeLdapSanitizer() { this.getType() instanceof BoxedType }
+}