Use non-extending subtypes

Author: owen-mc

go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll

@@ -99,20 +99,20 @@ module OpenUrlRedirect {
    * A call to a function called `isLocalUrl`, `isValidRedirect`, or similar, which is
    * considered a barrier guard for sanitizing untrusted URLs.
    */
-  class RedirectCheckBarrierGuardAsBarrierGuard extends RedirectCheckBarrier, Barrier { }
+  class RedirectCheckBarrierGuardAsBarrierGuard extends Barrier instanceof RedirectCheckBarrier { }
 
   /**
    * A call to a regexp match function, considered as a barrier guard for sanitizing untrusted URLs.
    *
    * This is overapproximate: we do not attempt to reason about the correctness of the regexp.
    */
-  class RegexpCheckAsBarrierGuard extends RegexpCheckBarrier, Barrier { }
+  class RegexpCheckAsBarrierGuard extends Barrier instanceof RegexpCheckBarrier { }
 
   /**
    * A check against a constant value or the `Hostname` function,
    * considered a barrier guard for url flow.
    */
-  class UrlCheckAsBarrierGuard extends UrlCheckBarrier, Barrier { }
+  class UrlCheckAsBarrierGuard extends Barrier instanceof UrlCheckBarrier { }
 }
 
 /** A sink for an open redirect, considered as a sink for safe URL flow. */

go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll

@@ -102,14 +102,15 @@ module RequestForgery {
    * A call to a function called `isLocalUrl`, `isValidRedirect`, or similar, which is
    * considered a barrier guard.
    */
-  class RedirectCheckBarrierGuardAsBarrierGuard extends RedirectCheckBarrier, Sanitizer { }
+  class RedirectCheckBarrierGuardAsBarrierGuard extends Sanitizer instanceof RedirectCheckBarrier {
+  }
 
   /**
    * A call to a regexp match function, considered as a barrier guard for sanitizing untrusted URLs.
    *
    * This is overapproximate: we do not attempt to reason about the correctness of the regexp.
    */
-  class RegexpCheckAsBarrierGuard extends RegexpCheckBarrier, Sanitizer { }
+  class RegexpCheckAsBarrierGuard extends Sanitizer instanceof RegexpCheckBarrier { }
 
   /**
    * An equality check comparing a data-flow node against a constant string, considered as
@@ -118,7 +119,7 @@ module RequestForgery {
    * Additionally, a check comparing `url.Hostname()` against a constant string is also
    * considered a barrier guard for `url`.
    */
-  class UrlCheckAsBarrierGuard extends UrlCheckBarrier, Sanitizer { }
+  class UrlCheckAsBarrierGuard extends Sanitizer instanceof UrlCheckBarrier { }
 
   /**
    * A simple-typed node, considered a sanitizer for request forgery.

go/ql/src/experimental/CWE-287/ImproperLdapAuthCustomizations.qll

@@ -29,7 +29,7 @@ module ImproperLdapAuth {
    *
    * This is overapproximate: we do not attempt to reason about the correctness of the regexp.
    */
-  class RegexpCheckAsBarrierGuard extends RegexpCheckBarrier, LdapSanitizer { }
+  class RegexpCheckAsBarrierGuard extends LdapSanitizer instanceof RegexpCheckBarrier { }
 
   /**
    * An empty string.

go/ql/src/experimental/CWE-918/SSRF.qll

@@ -113,7 +113,7 @@ module ServerSideRequestForgery {
    *
    * This is overapproximate: we do not attempt to reason about the correctness of the regexp.
    */
-  class RegexpCheckAsBarrierGuard extends RegexpCheckBarrier, Sanitizer { }
+  class RegexpCheckAsBarrierGuard extends Sanitizer instanceof RegexpCheckBarrier { }
 
   private predicate equalityAsSanitizerGuard(DataFlow::Node g, Expr e, boolean outcome) {
     exists(DataFlow::Node url, DataFlow::EqualityTestNode eq |
@@ -156,5 +156,5 @@ module ServerSideRequestForgery {
    * The method Var of package validator is a sanitizer guard only if the check
    * of the error binding exists, and the tag to check is one of "alpha", "alphanum", "alphaunicode", "alphanumunicode", "number", "numeric".
    */
-  class ValidatorAsSanitizer extends Sanitizer, ValidatorVarCheckBarrier { }
+  class ValidatorAsSanitizer extends Sanitizer instanceof ValidatorVarCheckBarrier { }
 }