Change the prompt to use sink names defined in EndpointType

2026-05-21 14:47:10 +02:00 · 2022-12-06 14:35:16 -08:00
parent 9a8b0d7fb2
commit 2a324f5c5d
1 changed files with 1 additions and 1 deletions
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ModelPrompt.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ModelPrompt.qll
@@ -14,7 +14,7 @@ module ModelPrompt {
   */
  private string getTrainingSetPrompt() {
    result =
-      "# Examples of security vulnerability sinks and non-sinks\n|Dataflow node|Neighborhood|Classification|\n|---|---|---|\n|`WPUrls.ajaxurl`|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`|non-sink|\n|`[ handlebars ]`|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`|path injection sink|\n|`url`|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`|non-sink|\n|`_.bind(connection.createGame, this, socket)`|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`|non-sink|\n|`sql`|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`|sql injection sink|\n|` <style type= text/css  id= shapely-style-  + sufix +    /> `|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`|xss sink|\n|`content`|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`|non-sink|\n|`imageURL`|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`|xss sink|\n|`{ roomId }`|`    }    const game = await Game.findOne({ roomId });    if (!game) {`|nosql injection sink|\n|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`|sql injection sink|\n|`listenToServer`|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`|non-sink|\n|`negativeYearString`|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`|non-sink|\n|`__dirname`|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`|path injection sink|\n|`certificateId`|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`|nosql injection sink|\n|`{encoding:  utf8 }`|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`|non-sink|\n|`depth`|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`|non-sink|\n"
+      "# Examples of security vulnerability sinks and non-sinks\n|Dataflow node|Neighborhood|Classification|\n|---|---|---|\n|`WPUrls.ajaxurl`|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`|non-sink|\n|`[ handlebars ]`|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`|TaintedPathSink|\n|`url`|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`|non-sink|\n|`_.bind(connection.createGame, this, socket)`|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`|non-sink|\n|`sql`|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`|SqlInjectionSink|\n|` <style type= text/css  id= shapely-style-  + sufix +    /> `|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`|XssSink|\n|`content`|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`|non-sink|\n|`imageURL`|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`|XssSink|\n|`{ roomId }`|`    }    const game = await Game.findOne({ roomId });    if (!game) {`|NosqlInjectionSink|\n|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`|SqlInjectionSink|\n|`listenToServer`|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`|non-sink|\n|`negativeYearString`|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`|non-sink|\n|`__dirname`|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`|TaintedPathSink|\n|`certificateId`|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`|NosqlInjectionSink|\n|`{encoding:  utf8 }`|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`|non-sink|\n|`depth`|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`|non-sink|\n"
  }

  /**