move the sanitizer-guard to the Query.qll file

Author: erik-krogh

javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll

@@ -27,22 +27,6 @@ module ResourceExhaustion {
    */
   abstract class Sanitizer extends DataFlow::Node { }
 
-  /**
-   * A sanitizer that blocks taint flow if the size of a number is limited.
-   */
-  class UpperBoundsCheckSanitizerGuard extends TaintTracking::SanitizerGuardNode,
-    DataFlow::ValueNode {
-    override RelationalComparison astNode;
-
-    override predicate sanitizes(boolean outcome, Expr e) {
-      true = outcome and
-      e = astNode.getLesserOperand()
-      or
-      false = outcome and
-      e = astNode.getGreaterOperand()
-    }
-  }
-
   /** A source of remote user input, considered as a data flow source for resource exhaustion vulnerabilities. */
   class RemoteFlowSourceAsSource extends Source {
     RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }

javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll

@@ -48,3 +48,18 @@ predicate isNumericFlowStep(DataFlow::Node src, DataFlow::Node dst) {
     c = DataFlow::globalVarRef(["Number", "parseInt", "parseFloat"]).getACall()
   )
 }
+
+/**
+ * A sanitizer that blocks taint flow if the size of a number is limited.
+ */
+class UpperBoundsCheckSanitizerGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode {
+  override RelationalComparison astNode;
+
+  override predicate sanitizes(boolean outcome, Expr e) {
+    true = outcome and
+    e = astNode.getLesserOperand()
+    or
+    false = outcome and
+    e = astNode.getGreaterOperand()
+  }
+}