Rewrite ExtractSinkCandidatesWithFlow.ql as a problem query so we can run it with codeql database analyze to output SARIF results.

java/ql/experimental/adaptivethreatmodeling/src/ExtractSinkCandidatesWithFlow.ql

@@ -1,10 +1,19 @@
-/*
+/**
  * Surfaces the endpoints that pass the endpoint filters and have flow from a source for each query config, and are
- * therefore used as candidates for classifiaction with an ML model.
+ * therefore used as candidates for classification with an ML model.
  *
  * Note: This query does not actually classify the endpoints using the model.
  *
- * TODO: Produce CSV/JSON output describing these endpoints (probably just a URL for each endpoint).
+ * TODO: Produce CSV/JSON/SARIF output describing these endpoints (probably just a URL for each endpoint).
+ *
+ * @name SQL database query built from user-controlled sources (experimental)
+ * @description Building a database query from user-controlled sources is vulnerable to insertion of
+ *              malicious code by the user.
+ * @kind problem
+ * @problem.severity error
+ * @security-severity 8.8
+ * @id java/ml-powered/sql-injection
+ * @tags experimental security
  */
 
 private import java
@@ -18,4 +27,4 @@ private import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjecti
 // private import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomAtm
 from DataFlow::PathNode sink
 where exists(AtmConfig::AtmConfig queryConfig | queryConfig.isSinkCandidateWithFlow(sink))
-select sink.getNode().getLocation()
+select sink.getNode(), "SQL injection sink candidate"