add utility predicate to get client-side remote-flow-sources that contain a URL query/fragment

Author: erik-krogh

javascript/ql/lib/semmle/javascript/security/TaintedUrlSuffix.qll

@@ -26,6 +26,17 @@ module TaintedUrlSuffix {
    */
   FlowLabel label() { result instanceof TaintedUrlSuffixLabel }
 
+  /**
+   * Gets a remote flow source that is a tainted URL query or fragment part.
+   */
+  ClientSideRemoteFlowSource source() {
+    result.getKind().isFragment()
+    or
+    result.getKind().isQuery()
+    or
+    result.getKind().isUrl()
+  }
+
   /** Holds for `pred -> succ` is a step of form `x -> x.p` */
   private predicate isSafeLocationProp(DataFlow::PropRead read) {
     // Ignore properties that refer to the scheme, domain, port, auth, or path.