There are some existing queries like cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql, as well as some custom queries I have, where the core query is the same regardless of the codebase but the only difference is where the user input comes from. I'd like to customize SecurityOptions to specify where the user input comes from, but it would be nice to reuse the existing queries and not have to modify them. Otherwise I need to copy the query for every codebase that has a different user input source.

I wonder if it would be a good idea to allow users to customize existing queries somehow without modifying them. One example could be in a query suite file, there could be a field where a user could specify a fragment of QL code that included in each query before it's run. This would allow me to define a SecurityOptions class in each project, and just create a single query suite file with all the existing queries from other QL packs, but with my custom SecurityOptions class included in each query.

Thoughts on this, or suggestions for other ways to achieve what I want?