hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-03 04:40:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Don't use sink-specific endpoint filters

Browse Source
This commit is contained in:
tiferet
2022-12-13 12:09:32 -08:00
parent 8e500ec0f3
commit 2f256e272d
1 changed files with 5 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll
View File

@@ -105,13 +105,11 @@ abstract class AtmConfig extends JS::TaintTracking::Configuration {
// implies they're not sinks, rather than using only medium-confidence characteristics, by deleting the following
// line.
confidence < filter.highConfidence() and
(
// Exclude endpoints that have a characteristic that implies they're not sinks for _any_ sink type.
filter.hasImplications(any(NegativeType negative), true, confidence)
or
// Exclude endpoints that have a characteristic that implies they're not sinks for _this particular_ sink type.
filter.hasImplications(this.getASinkEndpointType(), false, confidence)
) and
// Exclude endpoints that have a characteristic that implies they're not sinks for _any_ sink type.
filter.hasImplications(any(NegativeType negative), true, confidence) and
// or
// // Exclude endpoints that have a characteristic that implies they're not sinks for _this particular_ sink type.
// filter.hasImplications(this.getASinkEndpointType(), false, confidence)
result = filter
)
}