Support com/google/common/escape/Escaper as sanitizer

[h3xstream]

Description

com/google/common/escape/Escaper.escape() is often used to encode URL parameter.

While the interface is generic and could be implemented by any type of escaping, it is highly likely to be for URL. https://guava.dev/releases/19.0/api/docs/com/google/common/net/UrlEscapers.html

Code

Test case provided by @ RichardBradley

Bad :

import javax.ws.rs.core.Response;
import org.apache.http.client.methods.HttpGet;

public Response get(String x, String y) throws IOException {

    String url = String.format("%s/%s",
            x,
            y);

    HttpGet request = new HttpGet(url); // HERE

    ...
}

Good:

import javax.ws.rs.core.Response;
import org.apache.http.client.methods.HttpGet;
import static com.google.common.net.UrlEscapers.urlPathSegmentEscaper;

public Response get(String x, String y) throws IOException {

    String url = String.format("%s/%s",
            urlPathSegmentEscaper().escape(x),
            urlPathSegmentEscaper().escape(y));

    HttpGet request = new HttpGet(url);

    ...
}

[h3xstream]

Open to close #346

[h3xstream]

For somebody to do this "quick" win:
Here is an example of configuration for URLEncoder.

find-sec-bugs/plugin/src/main/resources/safe-encoders/other.txt

Lines 1 to 4 in a1a27ac

	java/net/URLEncoder.encode(Ljava/lang/String;)Ljava/lang/String;:0|+URL_ENCODED,+XSS_SAFE
	java/net/URLEncoder.encode(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;:1|+URL_ENCODED,+XSS_SAFE
	java/net/URLDecoder.decode(Ljava/lang/String;)Ljava/lang/String;:0|-URL_ENCODED,-XSS_SAFE
	java/net/URLDecoder.decode(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;:1|-URL_ENCODED,-XSS_SAFE

[thiyagu-7]

I would like to take this for this hacktoberfest

[h3xstream]

@thiyagu-7 Perfect! I have assigned you to this issue.