feat(js): Add debugging sources and sinks queries

Author: GeekMasher

javascript/src/debugging/Sinks.ql

@@ -0,0 +1,19 @@
+/**
+ * @name List of all known sinks
+ * @kind problem
+ * @problem.severity warning
+ * @security-severity 1.0
+ * @sub-severity low
+ * @precision high
+ * @id js/debugging/sinks
+ * @tags debugging
+ */
+
+import javascript
+import ghsl
+
+from AllSinks sinks
+// where
+/// Filter by file and line number
+// filterByLocation(sinks, "app.js", _)
+select sinks, "sink[" + sinks.sinkType() + "]"

javascript/src/debugging/Sources.ql

@@ -0,0 +1,18 @@
+/**
+ * @name List of all known sources (remote, local, etc.)
+ * @kind problem
+ * @problem.severity warning
+ * @security-severity 1.0
+ * @sub-severity low
+ * @precision high
+ * @id js/debugging/sources
+ * @tags debugging
+ */
+
+import javascript
+import ghsl
+
+from AllSources sources, string threatModel
+where
+    sources.getThreatModel() = threatModel
+select sources, "source[" + threatModel + "]"

javascript/src/suites/javascript-debugging.qls

@@ -0,0 +1,19 @@
+- description: "GitHub's Community Packs JavaScript/TypeScript Debugging Suite"
+
+- queries: '.'
+  from: githubsecuritylab/codeql-javascript-queries
+
+- include:
+    kind:
+    - problem
+    - path-problem
+    precision:
+    - very-high
+    - high
+    tags contain:
+      - debugging
+
+# Remove local testing folders
+- exclude:
+    query path:
+      - /testing\/.*/