Convert one zip slip barrier to MaD

Author: owen-mc

go/ql/lib/ext/archive.zip.model.yml

@@ -1,4 +1,9 @@
 extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: barrierModel
+    data:
+      - ["archive/zip", "File", True, "Open", "", "", "ReturnValue[0]", "zipslip", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel

go/ql/lib/semmle/go/security/ZipSlipCustomizations.qll

@@ -4,6 +4,7 @@
  */
 
 import go
+private import semmle.go.dataflow.ExternalFlow
 
 /**
  * Provides extension points for customizing the taint tracking configuration for reasoning about
@@ -53,16 +54,8 @@ module ZipSlip {
     }
   }
 
-  /**
-   * A zipped file, excluded from for zip slip.
-   */
-  class ZipFileOpen extends Sanitizer {
-    ZipFileOpen() {
-      this =
-        any(DataFlow::MethodCallNode mcn |
-          mcn.getTarget().hasQualifiedName("archive/zip", "File", "Open")
-        ).getResult(0)
-    }
+  private class ExternalSanitizer extends Sanitizer {
+    ExternalSanitizer() { barrierNode(this, "zipslip") }
   }
 
   /** A path-traversal sink, considered as a taint sink for zip slip. */