From 008024b3bb44b1e6ab75b66d5fe96a48205edbdc Mon Sep 17 00:00:00 2001 From: Esben Sparre Andreasen Date: Fri, 1 Apr 2022 14:33:30 +0200 Subject: [PATCH] address review comments --- .../EndpointFeatures.qll | 72 +++++++++---------- .../EmptyFeature.expected | 3 - .../generic_feature_testing/EmptyFeature.ql | 1 + .../FeatureValue.expected | 52 +++++++++++--- .../NonTotalFeature.expected | 63 ---------------- .../NonTotalFeature.ql | 8 --- .../test/generic_feature_testing/TestUtil.qll | 12 ++++ .../test/generic_feature_testing/test.js | 4 ++ 8 files changed, 93 insertions(+), 122 deletions(-) delete mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonTotalFeature.expected delete mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonTotalFeature.ql diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll index 55555975c8a..0f6cebf479c 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll +++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll @@ -17,22 +17,7 @@ private string getTokenFeature(DataFlow::Node endpoint, string featureName) { // Performance optimization: Restrict feature extraction to endpoints we've explicitly asked to featurize. endpoint = any(FeaturizationConfig cfg).getAnEndpointToFeaturize() and exists(EndpointFeature f | f.getName() = featureName and result = f.getValue(endpoint)) and - isVettedFeature(featureName) -} - -predicate isVettedFeature(string featureName) { - // allowlist of vetted features that are permitted in production - featureName = - any(EndpointFeature f | - f instanceof EnclosingFunctionName or - f instanceof CalleeName or - f instanceof ReceiverName or - f instanceof ArgumentIndex or - f instanceof CalleeApiName or - f instanceof CalleeAccessPath or - f instanceof CalleeAccessPathWithStructuralInfo or - f instanceof EnclosingFunctionBody - ).getName() + featureName = getASupportedFeatureName() } /** @@ -206,7 +191,20 @@ private module FunctionNames { } /** Get a name of a supported generic token-based feature. */ -string getASupportedFeatureName() { isVettedFeature(result) } +string getASupportedFeatureName() { + // allowlist of vetted features that are permitted in production + result = + any(EndpointFeature f | + f instanceof EnclosingFunctionName or + f instanceof CalleeName or + f instanceof ReceiverName or + f instanceof ArgumentIndex or + f instanceof CalleeApiName or + f instanceof CalleeAccessPath or + f instanceof CalleeAccessPathWithStructuralInfo or + f instanceof EnclosingFunctionBody + ).getName() +} /** * Generic token-based features for ATM. @@ -253,7 +251,7 @@ abstract class EndpointFeature extends TEndpointFeature { */ abstract string getValue(DataFlow::Node endpoint); - string toString() { result = getName() } + string toString() { result = this.getName() } } /** @@ -456,7 +454,7 @@ private module SyntacticUtilities { w.getRhs() = node and result = getSimpleParameterAccessPath(w.getBase()) + "." + getPropertyNameOrUnknown(w) ) - else result = "?" + else result = getUnknownSymbol() } /** @@ -497,10 +495,12 @@ private module SyntacticUtilities { if node instanceof DataFlow::InvokeNode then result = getSimpleAccessPath(node.(DataFlow::InvokeNode).getCalleeNode()) + "()" - else result = "?" + else result = getUnknownSymbol() ) } + string getUnknownSymbol() { result = "?" } + /** * Gets the imported path. * @@ -514,15 +514,17 @@ private module SyntacticUtilities { exists(string p | p = i.getImportedPath().getValue() | if p.matches(".%") then result = "\"p\"" else result = "!" // hide absolute imports from the ML training ) - else result = "?" + else result = getUnknownSymbol() } -} -/** - * Gets the property name of a property reference or `?` if it is unknown. - */ -string getPropertyNameOrUnknown(DataFlow::PropRef ref) { - if exists(ref.getPropertyName()) then result = ref.getPropertyName() else result = "?" + /** + * Gets the property name of a property reference or `?` if it is unknown. + */ + string getPropertyNameOrUnknown(DataFlow::PropRef ref) { + if exists(ref.getPropertyName()) + then result = ref.getPropertyName() + else result = getUnknownSymbol() + } } /** @@ -537,11 +539,9 @@ class Callee_AccessPath extends EndpointFeature, TCallee_AccessPath { override string getValue(DataFlow::Node endpoint) { exists(DataFlow::InvokeNode invk | - exists(string path | - path = SyntacticUtilities::getSimpleAccessPath(invk.getCalleeNode()) and - // collapse the unknown path to the empty string, as is convention for old features - if path = "?" then result = "" else result = path - ) and + result = SyntacticUtilities::getSimpleAccessPath(invk.getCalleeNode()) and + // ignore the unknown path + not result = SyntacticUtilities::getUnknownSymbol() and ( invk.getAnArgument() = endpoint or SyntacticUtilities::getANestedInitializerValue(invk.getAnArgument() @@ -586,7 +586,7 @@ class Input_ArgumentIndexAndAccessPathFromCallee extends EndpointFeature, class Input_AccessPathFromCallee extends EndpointFeature, TInput_AccessPathFromCallee { override string getName() { result = "Input_AccessPathFromCallee" } - private string getValueMaybe(DataFlow::Node endpoint) { + override string getValue(DataFlow::Node endpoint) { exists(DataFlow::InvokeNode invk | result = SyntacticUtilities::getSimpleParameterAccessPath(endpoint) and SyntacticUtilities::getANestedInitializerValue(invk.getAnArgument() @@ -594,12 +594,6 @@ class Input_AccessPathFromCallee extends EndpointFeature, TInput_AccessPathFromC .getUnderlyingValue()).flow() = endpoint ) } - - override string getValue(DataFlow::Node endpoint) { - if exists(this.getValueMaybe(endpoint)) - then result = this.getValueMaybe(endpoint) - else result = "" - } } /** diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/EmptyFeature.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/EmptyFeature.expected index 4540013743d..e69de29bb2d 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/EmptyFeature.expected +++ b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/EmptyFeature.expected @@ -1,3 +0,0 @@ -| calleeApiName | -| enclosingFunctionBody | -| enclosingFunctionName | diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/EmptyFeature.ql b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/EmptyFeature.ql index e155bef2801..e7ced9ea596 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/EmptyFeature.ql +++ b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/EmptyFeature.ql @@ -1,5 +1,6 @@ import javascript import experimental.adaptivethreatmodeling.EndpointFeatures +import experimental.adaptivethreatmodeling.FeaturizationConfig import TestUtil // every feature must produce a value for at least one endpoint, otherwise the feature is completely broken, or a relevant test example is missing diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/FeatureValue.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/FeatureValue.expected index 236e946a329..dfef635cabd 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/FeatureValue.expected +++ b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/FeatureValue.expected @@ -1,5 +1,4 @@ | test.html:2:61:2:68 | endpoint | Callee_AccessPath | $event.target.files.item | -| test.html:2:61:2:68 | endpoint | Input_AccessPathFromCallee | | | test.html:2:61:2:68 | endpoint | Input_ArgumentIndex | 0 | | test.html:2:61:2:68 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | | test.html:2:61:2:68 | endpoint | argumentIndex | 0 | @@ -7,33 +6,39 @@ | test.html:2:61:2:68 | endpoint | calleeAccessPathWithStructuralInfo | | | test.html:2:61:2:68 | endpoint | calleeName | item | | test.js:2:7:2:14 | endpoint | Callee_AccessPath | f | -| test.js:2:7:2:14 | endpoint | Input_AccessPathFromCallee | | | test.js:2:7:2:14 | endpoint | Input_ArgumentIndex | 0 | | test.js:2:7:2:14 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | | test.js:2:7:2:14 | endpoint | argumentIndex | 0 | | test.js:2:7:2:14 | endpoint | calleeAccessPath | | | test.js:2:7:2:14 | endpoint | calleeAccessPathWithStructuralInfo | | | test.js:2:7:2:14 | endpoint | calleeName | f | +| test.js:2:7:2:14 | endpoint | enclosingFunctionBody | f endpoint f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint | +| test.js:2:7:2:14 | endpoint | enclosingFunctionName | | | test.js:3:11:3:18 | endpoint | Callee_AccessPath | f | | test.js:3:11:3:18 | endpoint | Input_AccessPathFromCallee | 0.p | | test.js:3:11:3:18 | endpoint | Input_ArgumentIndex | 0 | | test.js:3:11:3:18 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0.p | | test.js:3:11:3:18 | endpoint | calleeAccessPath | | | test.js:3:11:3:18 | endpoint | calleeAccessPathWithStructuralInfo | | +| test.js:3:11:3:18 | endpoint | enclosingFunctionBody | f endpoint f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint | +| test.js:3:11:3:18 | endpoint | enclosingFunctionName | | | test.js:4:15:4:22 | endpoint | Callee_AccessPath | f | | test.js:4:15:4:22 | endpoint | Input_AccessPathFromCallee | 0.p.q | | test.js:4:15:4:22 | endpoint | Input_ArgumentIndex | 0 | | test.js:4:15:4:22 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0.p.q | | test.js:4:15:4:22 | endpoint | calleeAccessPath | | | test.js:4:15:4:22 | endpoint | calleeAccessPathWithStructuralInfo | | +| test.js:4:15:4:22 | endpoint | enclosingFunctionBody | f endpoint f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint | +| test.js:4:15:4:22 | endpoint | enclosingFunctionName | | | test.js:5:9:5:16 | endpoint | Callee_AccessPath | o.m | -| test.js:5:9:5:16 | endpoint | Input_AccessPathFromCallee | | | test.js:5:9:5:16 | endpoint | Input_ArgumentIndex | 0 | | test.js:5:9:5:16 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | | test.js:5:9:5:16 | endpoint | argumentIndex | 0 | | test.js:5:9:5:16 | endpoint | calleeAccessPath | | | test.js:5:9:5:16 | endpoint | calleeAccessPathWithStructuralInfo | | | test.js:5:9:5:16 | endpoint | calleeName | m | +| test.js:5:9:5:16 | endpoint | enclosingFunctionBody | f endpoint f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint | +| test.js:5:9:5:16 | endpoint | enclosingFunctionName | | | test.js:5:9:5:16 | endpoint | receiverName | o | | test.js:6:13:6:20 | endpoint | Callee_AccessPath | o.m | | test.js:6:13:6:20 | endpoint | Input_AccessPathFromCallee | 0.p | @@ -41,53 +46,82 @@ | test.js:6:13:6:20 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0.p | | test.js:6:13:6:20 | endpoint | calleeAccessPath | | | test.js:6:13:6:20 | endpoint | calleeAccessPathWithStructuralInfo | | +| test.js:6:13:6:20 | endpoint | enclosingFunctionBody | f endpoint f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint | +| test.js:6:13:6:20 | endpoint | enclosingFunctionName | | | test.js:7:17:7:24 | endpoint | Callee_AccessPath | o.m | | test.js:7:17:7:24 | endpoint | Input_AccessPathFromCallee | 0.p.q | | test.js:7:17:7:24 | endpoint | Input_ArgumentIndex | 0 | | test.js:7:17:7:24 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0.p.q | | test.js:7:17:7:24 | endpoint | calleeAccessPath | | | test.js:7:17:7:24 | endpoint | calleeAccessPathWithStructuralInfo | | +| test.js:7:17:7:24 | endpoint | enclosingFunctionBody | f endpoint f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint | +| test.js:7:17:7:24 | endpoint | enclosingFunctionName | | | test.js:8:11:8:18 | endpoint | Callee_AccessPath | F | -| test.js:8:11:8:18 | endpoint | Input_AccessPathFromCallee | | | test.js:8:11:8:18 | endpoint | Input_ArgumentIndex | 0 | | test.js:8:11:8:18 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | ? | | test.js:8:11:8:18 | endpoint | calleeAccessPath | | | test.js:8:11:8:18 | endpoint | calleeAccessPathWithStructuralInfo | | +| test.js:8:11:8:18 | endpoint | enclosingFunctionBody | f endpoint f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint | +| test.js:8:11:8:18 | endpoint | enclosingFunctionName | | | test.js:9:17:9:24 | endpoint | Callee_AccessPath | o.m().m().m | -| test.js:9:17:9:24 | endpoint | Input_AccessPathFromCallee | | | test.js:9:17:9:24 | endpoint | Input_ArgumentIndex | 0 | | test.js:9:17:9:24 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | | test.js:9:17:9:24 | endpoint | argumentIndex | 0 | | test.js:9:17:9:24 | endpoint | calleeAccessPath | | | test.js:9:17:9:24 | endpoint | calleeAccessPathWithStructuralInfo | | | test.js:9:17:9:24 | endpoint | calleeName | m | +| test.js:9:17:9:24 | endpoint | enclosingFunctionBody | f endpoint f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint | +| test.js:9:17:9:24 | endpoint | enclosingFunctionName | | | test.js:10:9:10:16 | endpoint | Callee_AccessPath | f() | -| test.js:10:9:10:16 | endpoint | Input_AccessPathFromCallee | | | test.js:10:9:10:16 | endpoint | Input_ArgumentIndex | 0 | | test.js:10:9:10:16 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | | test.js:10:9:10:16 | endpoint | argumentIndex | 0 | | test.js:10:9:10:16 | endpoint | calleeAccessPath | | | test.js:10:9:10:16 | endpoint | calleeAccessPathWithStructuralInfo | | +| test.js:10:9:10:16 | endpoint | enclosingFunctionBody | f endpoint f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint | +| test.js:10:9:10:16 | endpoint | enclosingFunctionName | | | test.js:11:12:11:19 | endpoint | Callee_AccessPath | o.?.m | -| test.js:11:12:11:19 | endpoint | Input_AccessPathFromCallee | | | test.js:11:12:11:19 | endpoint | Input_ArgumentIndex | 0 | | test.js:11:12:11:19 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | | test.js:11:12:11:19 | endpoint | argumentIndex | 0 | | test.js:11:12:11:19 | endpoint | calleeAccessPath | | | test.js:11:12:11:19 | endpoint | calleeAccessPathWithStructuralInfo | | | test.js:11:12:11:19 | endpoint | calleeName | m | +| test.js:11:12:11:19 | endpoint | enclosingFunctionBody | f endpoint f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint | +| test.js:11:12:11:19 | endpoint | enclosingFunctionName | | | test.js:12:16:12:23 | endpoint | Callee_AccessPath | o.m.?.p.m | -| test.js:12:16:12:23 | endpoint | Input_AccessPathFromCallee | | | test.js:12:16:12:23 | endpoint | Input_ArgumentIndex | 0 | | test.js:12:16:12:23 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | | test.js:12:16:12:23 | endpoint | argumentIndex | 0 | | test.js:12:16:12:23 | endpoint | calleeAccessPath | | | test.js:12:16:12:23 | endpoint | calleeAccessPathWithStructuralInfo | | | test.js:12:16:12:23 | endpoint | calleeName | m | +| test.js:12:16:12:23 | endpoint | enclosingFunctionBody | f endpoint f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint | +| test.js:12:16:12:23 | endpoint | enclosingFunctionName | | | test.js:13:15:13:22 | endpoint | Callee_AccessPath | (await p) | -| test.js:13:15:13:22 | endpoint | Input_AccessPathFromCallee | | | test.js:13:15:13:22 | endpoint | Input_ArgumentIndex | 0 | | test.js:13:15:13:22 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | | test.js:13:15:13:22 | endpoint | argumentIndex | 0 | | test.js:13:15:13:22 | endpoint | calleeAccessPath | | | test.js:13:15:13:22 | endpoint | calleeAccessPathWithStructuralInfo | | +| test.js:13:15:13:22 | endpoint | enclosingFunctionBody | f endpoint f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint | +| test.js:13:15:13:22 | endpoint | enclosingFunctionName | | +| test.js:14:27:14:34 | endpoint | Callee_AccessPath | import(!).bar.baz | +| test.js:14:27:14:34 | endpoint | Input_ArgumentIndex | 0 | +| test.js:14:27:14:34 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | +| test.js:14:27:14:34 | endpoint | argumentIndex | 0 | +| test.js:14:27:14:34 | endpoint | calleeAccessPath | foo bar baz | +| test.js:14:27:14:34 | endpoint | calleeAccessPathWithStructuralInfo | foo member bar member baz instanceorreturn | +| test.js:14:27:14:34 | endpoint | calleeApiName | foo | +| test.js:14:27:14:34 | endpoint | calleeName | baz | +| test.js:14:27:14:34 | endpoint | enclosingFunctionBody | f endpoint f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint | +| test.js:14:27:14:34 | endpoint | enclosingFunctionName | | +| test.js:16:13:16:20 | endpoint | Callee_AccessPath | bar | +| test.js:16:13:16:20 | endpoint | Input_ArgumentIndex | 0 | +| test.js:16:13:16:20 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | +| test.js:16:13:16:20 | endpoint | argumentIndex | 0 | +| test.js:16:13:16:20 | endpoint | calleeAccessPath | | +| test.js:16:13:16:20 | endpoint | calleeAccessPathWithStructuralInfo | | +| test.js:16:13:16:20 | endpoint | calleeName | bar | +| test.js:16:13:16:20 | endpoint | enclosingFunctionBody | f endpoint f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint | +| test.js:16:13:16:20 | endpoint | enclosingFunctionName | | diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonTotalFeature.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonTotalFeature.expected deleted file mode 100644 index 4a2787fca30..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonTotalFeature.expected +++ /dev/null @@ -1,63 +0,0 @@ -| test.html:2:61:2:68 | endpoint | calleeApiName | -| test.html:2:61:2:68 | endpoint | enclosingFunctionBody | -| test.html:2:61:2:68 | endpoint | enclosingFunctionName | -| test.html:2:61:2:68 | endpoint | receiverName | -| test.js:2:7:2:14 | endpoint | calleeApiName | -| test.js:2:7:2:14 | endpoint | enclosingFunctionBody | -| test.js:2:7:2:14 | endpoint | enclosingFunctionName | -| test.js:2:7:2:14 | endpoint | receiverName | -| test.js:3:11:3:18 | endpoint | argumentIndex | -| test.js:3:11:3:18 | endpoint | calleeApiName | -| test.js:3:11:3:18 | endpoint | calleeName | -| test.js:3:11:3:18 | endpoint | enclosingFunctionBody | -| test.js:3:11:3:18 | endpoint | enclosingFunctionName | -| test.js:3:11:3:18 | endpoint | receiverName | -| test.js:4:15:4:22 | endpoint | argumentIndex | -| test.js:4:15:4:22 | endpoint | calleeApiName | -| test.js:4:15:4:22 | endpoint | calleeName | -| test.js:4:15:4:22 | endpoint | enclosingFunctionBody | -| test.js:4:15:4:22 | endpoint | enclosingFunctionName | -| test.js:4:15:4:22 | endpoint | receiverName | -| test.js:5:9:5:16 | endpoint | calleeApiName | -| test.js:5:9:5:16 | endpoint | enclosingFunctionBody | -| test.js:5:9:5:16 | endpoint | enclosingFunctionName | -| test.js:6:13:6:20 | endpoint | argumentIndex | -| test.js:6:13:6:20 | endpoint | calleeApiName | -| test.js:6:13:6:20 | endpoint | calleeName | -| test.js:6:13:6:20 | endpoint | enclosingFunctionBody | -| test.js:6:13:6:20 | endpoint | enclosingFunctionName | -| test.js:6:13:6:20 | endpoint | receiverName | -| test.js:7:17:7:24 | endpoint | argumentIndex | -| test.js:7:17:7:24 | endpoint | calleeApiName | -| test.js:7:17:7:24 | endpoint | calleeName | -| test.js:7:17:7:24 | endpoint | enclosingFunctionBody | -| test.js:7:17:7:24 | endpoint | enclosingFunctionName | -| test.js:7:17:7:24 | endpoint | receiverName | -| test.js:8:11:8:18 | endpoint | argumentIndex | -| test.js:8:11:8:18 | endpoint | calleeApiName | -| test.js:8:11:8:18 | endpoint | calleeName | -| test.js:8:11:8:18 | endpoint | enclosingFunctionBody | -| test.js:8:11:8:18 | endpoint | enclosingFunctionName | -| test.js:8:11:8:18 | endpoint | receiverName | -| test.js:9:17:9:24 | endpoint | calleeApiName | -| test.js:9:17:9:24 | endpoint | enclosingFunctionBody | -| test.js:9:17:9:24 | endpoint | enclosingFunctionName | -| test.js:9:17:9:24 | endpoint | receiverName | -| test.js:10:9:10:16 | endpoint | calleeApiName | -| test.js:10:9:10:16 | endpoint | calleeName | -| test.js:10:9:10:16 | endpoint | enclosingFunctionBody | -| test.js:10:9:10:16 | endpoint | enclosingFunctionName | -| test.js:10:9:10:16 | endpoint | receiverName | -| test.js:11:12:11:19 | endpoint | calleeApiName | -| test.js:11:12:11:19 | endpoint | enclosingFunctionBody | -| test.js:11:12:11:19 | endpoint | enclosingFunctionName | -| test.js:11:12:11:19 | endpoint | receiverName | -| test.js:12:16:12:23 | endpoint | calleeApiName | -| test.js:12:16:12:23 | endpoint | enclosingFunctionBody | -| test.js:12:16:12:23 | endpoint | enclosingFunctionName | -| test.js:12:16:12:23 | endpoint | receiverName | -| test.js:13:15:13:22 | endpoint | calleeApiName | -| test.js:13:15:13:22 | endpoint | calleeName | -| test.js:13:15:13:22 | endpoint | enclosingFunctionBody | -| test.js:13:15:13:22 | endpoint | enclosingFunctionName | -| test.js:13:15:13:22 | endpoint | receiverName | diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonTotalFeature.ql b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonTotalFeature.ql deleted file mode 100644 index bb435c84c88..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonTotalFeature.ql +++ /dev/null @@ -1,8 +0,0 @@ -import javascript -import experimental.adaptivethreatmodeling.EndpointFeatures -import TestUtil - -// every feature should produce a value for all endpoints -from EndpointFeature feature, Endpoint endpoint -where not exists(feature.getValue(endpoint)) -select endpoint, feature.getName() diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/TestUtil.qll b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/TestUtil.qll index 30349bc8c63..46c5877390b 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/TestUtil.qll +++ b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/TestUtil.qll @@ -1,4 +1,16 @@ import javascript +import experimental.adaptivethreatmodeling.FeaturizationConfig + +/** + * A featurization config that featurizes all endpoints. + * + * Ideally this should not be in here, but it is needed for EnclosingFunctionName and EnclosingFunctionBody due to performance considerations :(. + */ +class NoRestrictionsFeaturizationConfig extends FeaturizationConfig { + NoRestrictionsFeaturizationConfig() { this = "NoRestrictionsFeaturization" } + + override DataFlow::Node getAnEndpointToFeaturize() { any() } +} class Endpoint extends DataFlow::Node { Endpoint() { this.asExpr().(VarAccess).getName() = "endpoint" } diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/test.js b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/test.js index 0724d1ea833..f7769703672 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/test.js +++ b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/test.js @@ -11,4 +11,8 @@ o[x].m(endpoint); o.m[x].p.m(endpoint); (await p)(endpoint); + import("foo").bar.baz(endpoint); + function foo() { + bar(endpoint); + } }); \ No newline at end of file