Merge pull request #10018 from github/new-atm-features-rebased

New atm features rebased

javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll

@@ -16,220 +16,8 @@ private import FunctionBodyFeatures as FunctionBodyFeatures
 private string getTokenFeature(DataFlow::Node endpoint, string featureName) {
   // Performance optimization: Restrict feature extraction to endpoints we've explicitly asked to featurize.
   endpoint = any(FeaturizationConfig cfg).getAnEndpointToFeaturize() and
-  (
-    // Features for endpoints that are contained within a function.
-    exists(Function function |
-      function = FunctionBodyFeatures::getRepresentativeFunctionForEndpoint(endpoint)
-    |
-      // The name of the function that encloses the endpoint.
-      featureName = "enclosingFunctionName" and result = FunctionNames::getNameToFeaturize(function)
-      or
-      // A feature containing natural language tokens from the function that encloses the endpoint in
-      // the order that they appear in the source code.
-      featureName = "enclosingFunctionBody" and
-      result = FunctionBodyFeatures::getBodyTokensFeature(function)
-    )
-    or
-    result =
-      strictconcat(DataFlow::CallNode call, string component |
-        component = getACallBasedTokenFeatureComponent(endpoint, call, featureName)
-      |
-        component, " "
-      )
-    or
-    // The access path of the function being called, both with and without structural info, if the
-    // function being called originates from an external API. For example, the endpoint here:
-    //
-    // ```js
-    // const mongoose = require('mongoose'),
-    //   User = mongoose.model('User', null);
-    // User.findOne(ENDPOINT);
-    // ```
-    //
-    // would have a callee access path with structural info of
-    // `mongoose member model instanceorreturn member findOne instanceorreturn`, and a callee access
-    // path without structural info of `mongoose model findOne`.
-    //
-    // These features indicate that the callee comes from (reading the access path backwards) an
-    // instance of the `findOne` member of an instance of the `model` member of the `mongoose`
-    // external library.
-    exists(AccessPaths::Boolean includeStructuralInfo |
-      featureName =
-        "calleeAccessPath" +
-          any(string x | if includeStructuralInfo = true then x = "WithStructuralInfo" else x = "") and
-      result =
-        concat(API::Node node, string accessPath |
-          node.getInducingNode().(DataFlow::CallNode).getAnArgument() = endpoint and
-          AccessPaths::accessPaths(node, includeStructuralInfo, accessPath, _)
-        |
-          accessPath, " "
-        )
-    )
-  )
-}
-
-/**
- * Gets a value of the function-call-related token-based feature named `featureName` associated
- * with the function call `call` and the endpoint `endpoint`.
- *
- * This may in general report multiple strings, each containing a space-separated list of tokens.
- *
- * **Technical details:** This predicate can have multiple values per endpoint and feature name. As
- * a result, the results from this predicate must be concatenated together.  However concatenating
- * other features like the function body tokens is expensive, so for performance reasons we separate
- * out this predicate from those other features.
- */
-private string getACallBasedTokenFeatureComponent(
-  DataFlow::Node endpoint, DataFlow::CallNode call, string featureName
-) {
-  // Performance optimization: Restrict feature extraction to endpoints we've explicitly asked to featurize.
-  endpoint = any(FeaturizationConfig cfg).getAnEndpointToFeaturize() and
-  // Features for endpoints that are an argument to a function call.
-  endpoint = call.getAnArgument() and
-  (
-    // The name of the function being called, e.g. in a call `Artist.findOne(...)`, this is `findOne`.
-    featureName = "calleeName" and result = call.getCalleeName()
-    or
-    // The name of the receiver of the call, e.g. in a call `Artist.findOne(...)`, this is `Artist`.
-    featureName = "receiverName" and result = call.getReceiver().asExpr().(VarRef).getName()
-    or
-    // The argument index of the endpoint, e.g. in `f(a, endpoint, b)`, this is 1.
-    featureName = "argumentIndex" and
-    result = any(int argIndex | call.getArgument(argIndex) = endpoint).toString()
-    or
-    // The name of the API that the function being called originates from, if the function being
-    // called originates from an external API. For example, the endpoint here:
-    //
-    // ```js
-    // const mongoose = require('mongoose'),
-    //   User = mongoose.model('User', null);
-    // User.findOne(ENDPOINT);
-    // ```
-    //
-    // would have a callee API name of `mongoose`.
-    featureName = "calleeApiName" and
-    exists(API::Node apiNode |
-      AccessPaths::accessPaths(apiNode, false, _, result) and call = apiNode.getInducingNode()
-    )
-  )
-}
-
-/**
- * This module provides functionality for getting a representation of the access path of nodes
- * within the program.
- *
- * For example, it gives the `User.find` callee here:
- *
- * ```js
- * const mongoose = require('mongoose'),
- * User = mongoose.model('User', null);
- * User.find({ 'isAdmin': true })
- * ```
- * the access path `mongoose member model instanceorreturn member find instanceorreturn`.
- *
- * This access path is based on the simplified access path that the untrusted data flowing to
- * external API query associates to each of its sinks, with modifications to optionally include
- * explicit structural information and to improve how well the path tokenizes.
- */
-private module AccessPaths {
-  bindingset[str]
-  private predicate isNumericString(string str) { exists(str.toInt()) }
-
-  /**
-   * Gets a parameter of `base` with name `name`, or a property named `name` of a destructuring parameter.
-   */
-  private API::Node getNamedParameter(API::Node base, string name) {
-    exists(API::Node param |
-      param = base.getAParameter() and
-      not param = base.getReceiver()
-    |
-      result = param and
-      name = param.asSource().(DataFlow::ParameterNode).getName()
-      or
-      param.asSource().asExpr() instanceof DestructuringPattern and
-      result = param.getMember(name)
-    )
-  }
-
-  /**
-   * A utility class that is equivalent to `boolean` but does not require type joining.
-   */
-  class Boolean extends boolean {
-    Boolean() { this = true or this = false }
-  }
-
-  /** Get the access path for the node. This includes structural information like `member`, `param`, and `functionalarg` if `includeStructuralInfo` is true. */
-  predicate accessPaths(
-    API::Node node, Boolean includeStructuralInfo, string accessPath, string apiName
-  ) {
-    //node = API::moduleImport(result)
-    node = API::moduleImport(apiName) and accessPath = apiName
-    or
-    exists(API::Node previousNode, string previousAccessPath |
-      previousNode.getDepth() < node.getDepth() and
-      accessPaths(previousNode, includeStructuralInfo, previousAccessPath, apiName)
-    |
-      // e.g. `new X`, `X()`
-      node = [previousNode.getInstance(), previousNode.getReturn()] and
-      if includeStructuralInfo = true
-      then accessPath = previousAccessPath + " instanceorreturn"
-      else accessPath = previousAccessPath
-      or
-      // e.g. `x.y`, `x[y]`, `const { y } = x`, where `y` is non-numeric and is known at analysis
-      // time.
-      exists(string member |
-        node = previousNode.getMember(member) and
-        not node = previousNode.getUnknownMember() and
-        not isNumericString(member) and
-        not (member = "default" and previousNode = API::moduleImport(_)) and
-        not member = "then" // use the 'promised' edges for .then callbacks
-      |
-        if includeStructuralInfo = true
-        then accessPath = previousAccessPath + " member " + member
-        else accessPath = previousAccessPath + " " + member
-      )
-      or
-      // e.g. `x.y`, `x[y]`, `const { y } = x`, where `y` is numeric or not known at analysis time.
-      (
-        node = previousNode.getUnknownMember() or
-        node = previousNode.getMember(any(string s | isNumericString(s)))
-      ) and
-      if includeStructuralInfo = true
-      then accessPath = previousAccessPath + " member"
-      else accessPath = previousAccessPath
-      or
-      // e.g. `x.then(y => ...)`
-      node = previousNode.getPromised() and
-      accessPath = previousAccessPath
-      or
-      // e.g. `x.y((a, b) => ...)`
-      // Name callback parameters after their name in the source code.
-      // For example, the `res` parameter in `express.get('/foo', (req, res) => {...})` will be
-      // named `express member get functionalarg param res`.
-      exists(string paramName |
-        node = getNamedParameter(previousNode.getAParameter(), paramName) and
-        (
-          if includeStructuralInfo = true
-          then accessPath = previousAccessPath + " functionalarg param " + paramName
-          else accessPath = previousAccessPath + " " + paramName
-        )
-        or
-        exists(string callbackName, int index |
-          node =
-            getNamedParameter(previousNode
-                  .getASuccessor(API::Label::parameter(index))
-                  .getMember(callbackName), paramName) and
-          index != -1 and // ignore receiver
-          if includeStructuralInfo = true
-          then
-            accessPath =
-              previousAccessPath + " functionalarg " + index + " " + callbackName + " param " +
-                paramName
-          else accessPath = previousAccessPath + " " + index + " " + callbackName + " " + paramName
-        )
-      )
-    )
-  }
+  exists(EndpointFeature f | f.getName() = featureName and result = f.getValue(endpoint)) and
+  featureName = getASupportedFeatureName()
 }
 
 private module FunctionNames {
@@ -284,13 +72,7 @@ private module FunctionNames {
 }
 
 /** Get a name of a supported generic token-based feature. */
-string getASupportedFeatureName() {
-  result =
-    [
-      "enclosingFunctionName", "calleeName", "receiverName", "argumentIndex", "calleeApiName",
-      "calleeAccessPath", "calleeAccessPathWithStructuralInfo", "enclosingFunctionBody"
-    ]
-}
+string getASupportedFeatureName() { result = any(EndpointFeature f).getName() }
 
 /**
  * Generic token-based features for ATM.
@@ -303,3 +85,591 @@ predicate tokenFeatures(DataFlow::Node endpoint, string featureName, string feat
   endpoint = any(FeaturizationConfig cfg).getAnEndpointToFeaturize() and
   featureValue = getTokenFeature(endpoint, featureName)
 }
+
+/**
+ * See EndpointFeature
+ */
+private newtype TEndpointFeature =
+  TEnclosingFunctionName() or
+  TReceiverName() or
+  TEnclosingFunctionBody() or
+  TFileImports() or
+  TCalleeImports() or
+  TCalleeFlexibleAccessPath() or
+  TInputAccessPathFromCallee() or
+  TInputArgumentIndex() or
+  TContextFunctionInterfaces() or
+  TContextSurroundingFunctionParameters() or
+  TAssignedToPropName() or
+  TStringConcatenatedWith()
+
+/**
+ * An implementation of an endpoint feature: defines feature-name/value tuples for use in ML.
+ */
+abstract class EndpointFeature extends TEndpointFeature {
+  /**
+   * Gets the name of the feature. Used by the ML model.
+   * Names are coupled to models: changing the name of a feature requires retraining the model.
+   */
+  abstract string getName();
+
+  /**
+   * Gets the value of the feature. Used by the ML model.
+   * Models are trained based on feature values, so changing the value of a feature requires retraining the model.
+   */
+  abstract string getValue(DataFlow::Node endpoint);
+
+  string toString() { result = this.getName() }
+}
+
+/**
+ * The feature for the name of the function that encloses the endpoint.
+ */
+class EnclosingFunctionName extends EndpointFeature, TEnclosingFunctionName {
+  override string getName() { result = "enclosingFunctionName" }
+
+  override string getValue(DataFlow::Node endpoint) {
+    result =
+      FunctionNames::getNameToFeaturize(FunctionBodyFeatures::getRepresentativeFunctionForEndpoint(endpoint))
+  }
+}
+
+/**
+ * The feature for the name of the receiver of the call, e.g. in a call `Artist.findOne(...)`, this is `Artist`.
+ */
+class ReceiverName extends EndpointFeature, TReceiverName {
+  override string getName() { result = "receiverName" }
+
+  override string getValue(DataFlow::Node endpoint) {
+    result =
+      strictconcat(DataFlow::CallNode call, string component |
+        endpoint = call.getAnArgument() and
+        component = call.getReceiver().asExpr().(VarRef).getName()
+      |
+        component, " "
+      )
+  }
+}
+
+/**
+ * The feature for the natural language tokens from the function that encloses the endpoint in
+ * the order that they appear in the source code.
+ */
+class EnclosingFunctionBody extends EndpointFeature, TEnclosingFunctionBody {
+  override string getName() { result = "enclosingFunctionBody" }
+
+  override string getValue(DataFlow::Node endpoint) {
+    endpoint = any(FeaturizationConfig cfg).getAnEndpointToFeaturize() and
+    result =
+      FunctionBodyFeatures::getBodyTokensFeature(FunctionBodyFeatures::getRepresentativeFunctionForEndpoint(endpoint))
+  }
+}
+
+/**
+ * The feature for the imports defined in the file containing an endpoint.
+ *
+ * ### Example
+ *
+ * ```javascript
+ * import { findOne } from 'mongoose';
+ * import * as _ from 'lodash';
+ * const pg = require('pg');
+ *
+ * // ...
+ * ```
+ *
+ * In this file, all endpoints will have the value `lodash mongoose pg` for the feature `fileImports`.
+ */
+class FileImports extends EndpointFeature, TFileImports {
+  override string getName() { result = "fileImports" }
+
+  override string getValue(DataFlow::Node endpoint) {
+    result = SyntacticUtilities::getImportPathsForFile(endpoint.getFile())
+  }
+}
+
+/**
+ * The feature for the function parameters of the functions that enclose an endpoint.
+ *
+ * ### Example
+ * ```javascript
+ * function f(a, b) {
+ *   // ...
+ *   const g = (c, d) => x.foo(endpoint);
+ * //                          ^^^^^^^^
+ * }
+ * ```
+ * In the above example, the feature for the marked endpoint has value '(a, b)\n(c, d)'.
+ * The line breaks act as a separator between the parameters of different functions but
+ * will be treated by tokenization as if they were spaces.
+ */
+class ContextSurroundingFunctionParameters extends EndpointFeature,
+  TContextSurroundingFunctionParameters {
+  override string getName() { result = "contextSurroundingFunctionParameters" }
+
+  Function getRelevantFunction(DataFlow::Node endpoint) {
+    result = endpoint.asExpr().getEnclosingFunction*()
+  }
+
+  override string getValue(DataFlow::Node endpoint) {
+    result =
+      concat(string functionParameterLine, Function f |
+        f = this.getRelevantFunction(endpoint) and
+        functionParameterLine = SyntacticUtilities::getFunctionParametersFeatureComponent(f)
+      |
+        functionParameterLine, "\n"
+        order by
+          f.getLocation().getStartLine(), f.getLocation().getStartColumn()
+      )
+  }
+}
+
+/**
+ * The feature that gives the name of any properties an endpoint is assigned to (if any).
+ *
+ * ### Example
+ * ```javascript
+ * const div = document.createElement('div');
+ * div.innerHTML = endpoint; // feature value is 'innerHTML'
+ *
+ * foo({x: endpoint}); // feature value is 'x'
+ * ```
+ */
+class AssignedToPropName extends EndpointFeature, TAssignedToPropName {
+  override string getName() { result = "assignedToPropName" }
+
+  override string getValue(DataFlow::Node endpoint) {
+    exists(DataFlow::PropWrite w | w.getRhs().asExpr().getUnderlyingValue().flow() = endpoint |
+      result = w.getPropertyName()
+    )
+  }
+}
+
+/**
+ * The feature that shows the text an endpoint is being concatenated with.
+ *
+ * ### Example
+ *
+ * ```javascript
+ * const x = 'foo' + endpoint + 'bar'; // feature value is `'foo' -endpoint- 'bar'
+ * ```
+ */
+class StringConcatenatedWith extends EndpointFeature, TStringConcatenatedWith {
+  override string getName() { result = "stringConcatenatedWith" }
+
+  override string getValue(DataFlow::Node endpoint) {
+    exists(StringOps::ConcatenationRoot root |
+      root.getALeaf() = endpoint and
+      result =
+        concat(StringOps::ConcatenationLeaf p |
+            p.getRoot() = root and
+            (
+              p.getStartLine() < endpoint.getStartLine()
+              or
+              p.getStartLine() = endpoint.getStartLine() and
+              p.getStartColumn() < endpoint.getStartColumn()
+            )
+          |
+            SyntacticUtilities::renderStringConcatOperand(p), " + "
+            order by
+              p.getStartLine(), p.getStartColumn()
+          ) + " -endpoint- " +
+          concat(StringOps::ConcatenationLeaf p |
+            p.getRoot() = root and
+            (
+              p.getStartLine() > endpoint.getStartLine()
+              or
+              p.getStartLine() = endpoint.getStartLine() and
+              p.getStartColumn() > endpoint.getStartColumn()
+            )
+          |
+            SyntacticUtilities::renderStringConcatOperand(p), " + "
+            order by
+              p.getStartLine(), p.getStartColumn()
+          )
+    )
+  }
+}
+
+/**
+ * The feature for the imports used in the callee of an invocation.
+ *
+ * ### Example
+ *
+ * ```javascript
+ * import * as _ from 'lodash';
+ *
+ * // ...
+ * _.deepClone(someObject);
+ * //          ^^^^^^^^^^ will have the value `lodash` for the feature `calleeImports`.
+ * ```
+ */
+class CalleeImports extends EndpointFeature, TCalleeImports {
+  override string getName() { result = "calleeImports" }
+
+  override string getValue(DataFlow::Node endpoint) {
+    not result = SyntacticUtilities::getUnknownSymbol() and
+    exists(DataFlow::InvokeNode invk |
+      (
+        invk.getAnArgument() = endpoint or
+        SyntacticUtilities::getANestedInitializerValue(invk.getAnArgument()
+              .asExpr()
+              .getUnderlyingValue()).flow() = endpoint
+      ) and
+      result =
+        concat(string importPath |
+          importPath = SyntacticUtilities::getCalleeImportPath(invk.getCalleeNode())
+        |
+          importPath, " " order by importPath
+        )
+    )
+  }
+}
+
+/**
+ * The feature for the interfaces of all named functions in the same file as the endpoint.
+ *
+ * ### Example
+ * ```javascript
+ * // Will return: "f(a, b, c)\ng(x, y, z)\nh(u, v)" for this file.
+ * function f(a, b, c) { ... }
+ *
+ * function g(x, y, z) {
+ *   function h(u, v) { ... }
+ *   ...
+ * }
+ * ```
+ */
+class ContextFunctionInterfaces extends EndpointFeature, TContextFunctionInterfaces {
+  override string getName() { result = "contextFunctionInterfaces" }
+
+  override string getValue(DataFlow::Node endpoint) {
+    result = SyntacticUtilities::getFunctionInterfacesForFile(endpoint.getFile())
+  }
+}
+
+/**
+ * Syntactic utilities for feature value computation.
+ */
+private module SyntacticUtilities {
+  /**
+   * Renders an operand in a string concatenation by surrounding a constant in quotes, and
+   * by using `getSimpleAccessPath` for everything else.
+   */
+  string renderStringConcatOperand(DataFlow::Node operand) {
+    if exists(unique(string v | operand.mayHaveStringValue(v)))
+    then result = "'" + any(string v | operand.mayHaveStringValue(v)) + "'"
+    else result = getSimpleAccessPath(operand)
+  }
+
+  /** Gets all the imports defined in the file containing the endpoint. */
+  string getImportPathsForFile(File file) {
+    result =
+      concat(string importPath |
+        importPath = SyntacticUtilities::getImportPathForFile(file)
+      |
+        importPath, " " order by importPath
+      )
+  }
+
+  /** Gets an import located in `file`. */
+  string getImportPathForFile(File file) {
+    result = any(Import imp | imp.getFile() = file).getImportedPath().getValue()
+  }
+
+  /**
+   * Gets the feature component for the parameters of a function.
+   *
+   * ```javascript
+   * function f(a, b, c) { // will return "(a, b, c)" for this function
+   *  return a + b + c;
+   * }
+   *
+   * async function g(a) { // will return "(a)" for this function
+   *   return 2*a
+   * };
+   *
+   * const h = (b) => 3*b; // will return "(b)" for this function
+   * ```
+   */
+  string getFunctionParametersFeatureComponent(Function f) {
+    result =
+      "(" +
+        concat(string parameter, int i |
+          parameter = getParameterNameOrUnknown(f.getParameter(i))
+        |
+          parameter, ", " order by i
+        ) + ")"
+  }
+
+  /**
+   * Gets the function interfaces of all named functions in a file, concatenated together.
+   *
+   * ```javascript
+   * // Will return: "f(a, b, c)\ng(x, y, z)\nh(u, v)" for this file.
+   * function f(a, b, c) { ... }
+   *
+   * function g(x, y, z) {
+   *   function h(u, v) { ... }
+   *   ...
+   * }
+   */
+  string getFunctionInterfacesForFile(File file) {
+    result =
+      concat(Function func, string line |
+        func.getFile() = file and
+        line = func.getName() + getFunctionParametersFeatureComponent(func)
+      |
+        line, "\n" order by line
+      )
+  }
+
+  /**
+   * Gets a property initializer value in an object literal or one of its nested object literals.
+   */
+  Expr getANestedInitializerValue(ObjectExpr o) {
+    exists(Expr init | init = o.getAProperty().getInit().getUnderlyingValue() |
+      result = [init, getANestedInitializerValue(init)]
+    )
+  }
+
+  /**
+   * Computes a simple access path for how a callee can refer to a value that appears in an argument to a call.
+   *
+   * Supports:
+   * - direct arguments
+   * - properties of (nested) objects that are arguments
+   *
+   * Unknown cases and property names result in `?`.
+   */
+  string getSimpleParameterAccessPath(DataFlow::Node node) {
+    if exists(DataFlow::CallNode call | node = call.getArgument(_))
+    then exists(DataFlow::CallNode call, int i | node = call.getArgument(i) | result = i + "")
+    else result = getSimplePropertyAccessPath(node)
+  }
+
+  /**
+   * Computes a simple access path for how a user can refer to a value that appears in an (nested) object.
+   *
+   * Supports:
+   * - properties of (nested) objects
+   *
+   * Unknown cases and property names result in `?`.
+   */
+  string getSimplePropertyAccessPath(DataFlow::Node node) {
+    if exists(ObjectExpr o | o.getAProperty().getInit().getUnderlyingValue() = node.asExpr())
+    then
+      exists(DataFlow::PropWrite w |
+        w.getRhs() = node and
+        result = getSimpleParameterAccessPath(w.getBase()) + "." + getPropertyNameOrUnknown(w)
+      )
+    else result = getUnknownSymbol()
+  }
+
+  /**
+   * Gets the imported package path that this node depends on, if any.
+   *
+   * Otherwise, returns '?'.
+   *
+   * XXX Be careful with using this in your features, as it might teach the model
+   * a fixed list of "dangerous" libraries that could lead to bad generalization.
+   */
+  string getCalleeImportPath(DataFlow::Node node) {
+    exists(DataFlow::Node src | src = node.getALocalSource() |
+      if src instanceof DataFlow::ModuleImportNode
+      then result = src.(DataFlow::ModuleImportNode).getPath()
+      else
+        if src instanceof DataFlow::PropRead
+        then result = getCalleeImportPath(src.(DataFlow::PropRead).getBase())
+        else
+          if src instanceof DataFlow::InvokeNode
+          then result = getCalleeImportPath(src.(DataFlow::InvokeNode).getCalleeNode())
+          else
+            if src.asExpr() instanceof AwaitExpr
+            then result = getCalleeImportPath(src.asExpr().(AwaitExpr).getOperand().flow())
+            else result = getUnknownSymbol()
+    )
+  }
+
+  /**
+   * Computes a simple access path for a node.
+   *
+   * Supports:
+   * - variable reads (including `this` and `super`)
+   * - imports
+   * - await
+   * - property reads
+   * - invocations
+   *
+   * Unknown cases and property names results in `?`.
+   *
+   * # Examples
+   *
+   *  - The node `x.foo` will have the simple access path `x.foo`.
+   *  - In the following file, the simple access path will be `import("./foo").bar.baz`:
+   *
+   * ```javascript
+   * import * as lib from "./foo"
+   * console.log(lib.bar.baz());
+   * //          ^^^^^^^^^^^ node
+   */
+  string getSimpleAccessPath(DataFlow::Node node) {
+    exists(Expr e | e = node.asExpr().getUnderlyingValue() |
+      if
+        e instanceof SuperAccess or
+        e instanceof ThisAccess or
+        e instanceof VarAccess or
+        e instanceof Import or
+        e instanceof AwaitExpr or
+        node instanceof DataFlow::PropRead or
+        node instanceof DataFlow::InvokeNode
+      then
+        e instanceof SuperAccess and result = "super"
+        or
+        e instanceof ThisAccess and result = "this"
+        or
+        e instanceof VarAccess and result = e.(VarAccess).getName()
+        or
+        e instanceof Import and result = "import(" + getSimpleImportPath(e) + ")"
+        or
+        e instanceof AwaitExpr and
+        result = "(await " + getSimpleAccessPath(e.(AwaitExpr).getOperand().flow()) + ")"
+        or
+        node instanceof DataFlow::PropRead and
+        result =
+          getSimpleAccessPath(node.(DataFlow::PropRead).getBase()) + "." +
+            getPropertyNameOrUnknown(node)
+        or
+        (node instanceof DataFlow::InvokeNode and not e instanceof Import) and
+        result = getSimpleAccessPath(node.(DataFlow::InvokeNode).getCalleeNode()) + "()"
+      else result = getUnknownSymbol()
+    )
+  }
+
+  string getUnknownSymbol() { result = "?" }
+
+  /**
+   * Gets the imported path.
+   *
+   * XXX To avoid teaching the ML model about npm packages, only relative paths are supported
+   *
+   * Unknown paths result in `?`.
+   */
+  string getSimpleImportPath(Import i) {
+    if exists(i.getImportedPath().getValue())
+    then
+      exists(string p | p = i.getImportedPath().getValue() |
+        // Hide absolute imports from ML training data.
+        // ============================================
+        // There is the hypothesis that exposing absolute imports to the model
+        // might lead to bad generalization. For example, the model might learn
+        // to strongly associate a specific database client with sinks and no
+        // longer be able to flag sinks when data flow is broken.
+        // Placing this logic so deeply within the feature extraction code is
+        // perhaps a bit of a hack and it is a use case to consider when refactoring
+        // endpoint filters/data extraction.
+        if p.matches(".%") then result = "\"p\"" else result = "!"
+      )
+    else result = getUnknownSymbol()
+  }
+
+  /**
+   * Gets the property name of a property reference or `?` if it is unknown.
+   */
+  string getPropertyNameOrUnknown(DataFlow::PropRef ref) {
+    if exists(ref.getPropertyName())
+    then result = ref.getPropertyName()
+    else result = getUnknownSymbol()
+  }
+
+  /**
+   * Gets the parameter name if it exists, or `?` if it is unknown.
+   */
+  string getParameterNameOrUnknown(Parameter p) {
+    if exists(p.getName()) then result = p.getName() else result = getUnknownSymbol()
+  }
+}
+
+/**
+ * The feature for the access path of the callee node of a call that has an argument that "contains" the endpoint.
+ *
+ * "Containment" is syntactic, and currently means that the endpoint is an argument to the call, or that the endpoint is a (nested) property value of an argument.
+ *
+ * Examples:
+ * ```
+ * foo(endpoint); // -> foo
+ * foo.bar(endpoint); // -> foo.bar
+ * foo.bar({ baz: endpoint }); // -> foo.bar
+ * this.foo.bar(endpoint); // -> this.foo.bar
+ * foo[complex()].bar(endpoint); // -> foo.?.bar
+ * ```
+ */
+class CalleeFlexibleAccessPath extends EndpointFeature, TCalleeFlexibleAccessPath {
+  override string getName() { result = "CalleeFlexibleAccessPath" }
+
+  override string getValue(DataFlow::Node endpoint) {
+    exists(DataFlow::InvokeNode invk |
+      result = SyntacticUtilities::getSimpleAccessPath(invk.getCalleeNode()) and
+      // ignore the unknown path
+      not result = SyntacticUtilities::getUnknownSymbol() and
+      (
+        invk.getAnArgument() = endpoint or
+        SyntacticUtilities::getANestedInitializerValue(invk.getAnArgument()
+              .asExpr()
+              .getUnderlyingValue()).flow() = endpoint
+      )
+    )
+  }
+}
+
+/**
+ * The feature for how a callee can refer to a the endpoint that is "contained" in some argument to a call
+ *
+ * "Containment" is syntactic, and currently means that the endpoint is an argument to the call, or that the endpoint is a (nested) property value of an argument.
+ *
+ * Examples:
+ * ```
+ * foo({ bar: endpoint }); // -> bar
+ * foo(x, { bar: { baz: endpoint } }); // -> bar.baz
+ * ```
+ */
+class InputAccessPathFromCallee extends EndpointFeature, TInputAccessPathFromCallee {
+  override string getName() { result = "InputAccessPathFromCallee" }
+
+  override string getValue(DataFlow::Node endpoint) {
+    exists(DataFlow::InvokeNode invk |
+      result = SyntacticUtilities::getSimpleParameterAccessPath(endpoint) and
+      SyntacticUtilities::getANestedInitializerValue(invk.getAnArgument()
+            .asExpr()
+            .getUnderlyingValue()).flow() = endpoint
+    )
+  }
+}
+
+/**
+ * The feature for how the index of an argument that "contains" and endpoint.
+ *
+ * "Containment" is syntactic, and currently means that the endpoint is an argument to the call, or that the endpoint is a (nested) property value of an argument.
+ *
+ * Examples:
+ * ```
+ * foo(endpoint); // -> 0
+ * foo({ bar: endpoint }); // -> 0
+ * foo(x, { bar: { baz: endpoint } }); // -> 1
+ * ```
+ */
+class InputArgumentIndex extends EndpointFeature, TInputArgumentIndex {
+  override string getName() { result = "InputArgumentIndex" }
+
+  override string getValue(DataFlow::Node endpoint) {
+    exists(DataFlow::InvokeNode invk, DataFlow::Node arg, int i | arg = invk.getArgument(i) |
+      result = i + "" and
+      (
+        invk.getArgument(i) = endpoint
+        or
+        SyntacticUtilities::getANestedInitializerValue(arg.asExpr().getUnderlyingValue()).flow() =
+          endpoint
+      )
+    )
+  }
+}

javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointData.expected

@@ -296,179 +296,267 @@ endpoints
 | index.js:84:12:84:18 | foo.bar | Xss | notASinkReason | ClientRequest | string |
 | index.js:84:12:84:18 | foo.bar | Xss | sinkLabel | NotASink | string |
 tokenFeatures
-| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | argumentIndex | 0 |
-| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | calleeAccessPath |  |
-| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | calleeAccessPathWithStructuralInfo |  |
-| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | calleeApiName |  |
-| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | calleeName | log |
+| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | CalleeFlexibleAccessPath | console.log |
+| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | InputAccessPathFromCallee |  |
+| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | InputArgumentIndex | 0 |
+| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | assignedToPropName |  |
+| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | calleeImports |  |
+| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | contextFunctionInterfaces | should_be_ignored() |
+| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | contextSurroundingFunctionParameters | () |
 | applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | enclosingFunctionBody | console log Should be ignored |
 | applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | enclosingFunctionName | should_be_ignored |
+| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | fileImports |  |
 | applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | receiverName | console |
-| index.js:1:25:1:33 | "express" | argumentIndex | 0 |
-| index.js:1:25:1:33 | "express" | calleeAccessPath |  |
-| index.js:1:25:1:33 | "express" | calleeAccessPathWithStructuralInfo |  |
-| index.js:1:25:1:33 | "express" | calleeApiName |  |
-| index.js:1:25:1:33 | "express" | calleeName | require |
+| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | stringConcatenatedWith |  |
+| index.js:1:25:1:33 | "express" | CalleeFlexibleAccessPath | require |
+| index.js:1:25:1:33 | "express" | InputAccessPathFromCallee |  |
+| index.js:1:25:1:33 | "express" | InputArgumentIndex | 0 |
+| index.js:1:25:1:33 | "express" | assignedToPropName |  |
+| index.js:1:25:1:33 | "express" | calleeImports |  |
+| index.js:1:25:1:33 | "express" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:1:25:1:33 | "express" | contextSurroundingFunctionParameters |  |
 | index.js:1:25:1:33 | "express" | enclosingFunctionBody |  |
 | index.js:1:25:1:33 | "express" | enclosingFunctionName |  |
+| index.js:1:25:1:33 | "express" | fileImports | express mongoose |
 | index.js:1:25:1:33 | "express" | receiverName |  |
-| index.js:2:26:2:35 | 'mongoose' | argumentIndex | 0 |
-| index.js:2:26:2:35 | 'mongoose' | calleeAccessPath |  |
-| index.js:2:26:2:35 | 'mongoose' | calleeAccessPathWithStructuralInfo |  |
-| index.js:2:26:2:35 | 'mongoose' | calleeApiName |  |
-| index.js:2:26:2:35 | 'mongoose' | calleeName | require |
+| index.js:1:25:1:33 | "express" | stringConcatenatedWith |  |
+| index.js:2:26:2:35 | 'mongoose' | CalleeFlexibleAccessPath | require |
+| index.js:2:26:2:35 | 'mongoose' | InputAccessPathFromCallee |  |
+| index.js:2:26:2:35 | 'mongoose' | InputArgumentIndex | 0 |
+| index.js:2:26:2:35 | 'mongoose' | assignedToPropName |  |
+| index.js:2:26:2:35 | 'mongoose' | calleeImports |  |
+| index.js:2:26:2:35 | 'mongoose' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:2:26:2:35 | 'mongoose' | contextSurroundingFunctionParameters |  |
 | index.js:2:26:2:35 | 'mongoose' | enclosingFunctionBody |  |
 | index.js:2:26:2:35 | 'mongoose' | enclosingFunctionName |  |
+| index.js:2:26:2:35 | 'mongoose' | fileImports | express mongoose |
 | index.js:2:26:2:35 | 'mongoose' | receiverName |  |
-| index.js:3:29:3:34 | 'User' | argumentIndex | 0 |
-| index.js:3:29:3:34 | 'User' | calleeAccessPath | mongoose model |
-| index.js:3:29:3:34 | 'User' | calleeAccessPathWithStructuralInfo | mongoose member model instanceorreturn |
-| index.js:3:29:3:34 | 'User' | calleeApiName | mongoose |
-| index.js:3:29:3:34 | 'User' | calleeName | model |
+| index.js:2:26:2:35 | 'mongoose' | stringConcatenatedWith |  |
+| index.js:3:29:3:34 | 'User' | CalleeFlexibleAccessPath | mongoose.model |
+| index.js:3:29:3:34 | 'User' | InputAccessPathFromCallee |  |
+| index.js:3:29:3:34 | 'User' | InputArgumentIndex | 0 |
+| index.js:3:29:3:34 | 'User' | assignedToPropName |  |
+| index.js:3:29:3:34 | 'User' | calleeImports | mongoose |
+| index.js:3:29:3:34 | 'User' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:3:29:3:34 | 'User' | contextSurroundingFunctionParameters |  |
 | index.js:3:29:3:34 | 'User' | enclosingFunctionBody |  |
 | index.js:3:29:3:34 | 'User' | enclosingFunctionName |  |
+| index.js:3:29:3:34 | 'User' | fileImports | express mongoose |
 | index.js:3:29:3:34 | 'User' | receiverName | mongoose |
-| index.js:3:37:3:40 | null | argumentIndex | 1 |
-| index.js:3:37:3:40 | null | calleeAccessPath | mongoose model |
-| index.js:3:37:3:40 | null | calleeAccessPathWithStructuralInfo | mongoose member model instanceorreturn |
-| index.js:3:37:3:40 | null | calleeApiName | mongoose |
-| index.js:3:37:3:40 | null | calleeName | model |
+| index.js:3:29:3:34 | 'User' | stringConcatenatedWith |  |
+| index.js:3:37:3:40 | null | CalleeFlexibleAccessPath | mongoose.model |
+| index.js:3:37:3:40 | null | InputAccessPathFromCallee |  |
+| index.js:3:37:3:40 | null | InputArgumentIndex | 1 |
+| index.js:3:37:3:40 | null | assignedToPropName |  |
+| index.js:3:37:3:40 | null | calleeImports | mongoose |
+| index.js:3:37:3:40 | null | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:3:37:3:40 | null | contextSurroundingFunctionParameters |  |
 | index.js:3:37:3:40 | null | enclosingFunctionBody |  |
 | index.js:3:37:3:40 | null | enclosingFunctionName |  |
+| index.js:3:37:3:40 | null | fileImports | express mongoose |
 | index.js:3:37:3:40 | null | receiverName | mongoose |
-| index.js:8:12:8:21 | '/isAdmin' | argumentIndex | 0 |
-| index.js:8:12:8:21 | '/isAdmin' | calleeAccessPath | express post |
-| index.js:8:12:8:21 | '/isAdmin' | calleeAccessPathWithStructuralInfo | express instanceorreturn member post instanceorreturn |
-| index.js:8:12:8:21 | '/isAdmin' | calleeApiName | express |
-| index.js:8:12:8:21 | '/isAdmin' | calleeName | post |
+| index.js:3:37:3:40 | null | stringConcatenatedWith |  |
+| index.js:8:12:8:21 | '/isAdmin' | CalleeFlexibleAccessPath | app.post |
+| index.js:8:12:8:21 | '/isAdmin' | InputAccessPathFromCallee |  |
+| index.js:8:12:8:21 | '/isAdmin' | InputArgumentIndex | 0 |
+| index.js:8:12:8:21 | '/isAdmin' | assignedToPropName |  |
+| index.js:8:12:8:21 | '/isAdmin' | calleeImports | express |
+| index.js:8:12:8:21 | '/isAdmin' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:8:12:8:21 | '/isAdmin' | contextSurroundingFunctionParameters | () |
 | index.js:8:12:8:21 | '/isAdmin' | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin |
 | index.js:8:12:8:21 | '/isAdmin' | enclosingFunctionName | flowFromSourceToSink |
+| index.js:8:12:8:21 | '/isAdmin' | fileImports | express mongoose |
 | index.js:8:12:8:21 | '/isAdmin' | receiverName | app |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | argumentIndex | 1 |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | calleeAccessPath | express post |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | calleeAccessPathWithStructuralInfo | express instanceorreturn member post instanceorreturn |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | calleeApiName | express |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | calleeName | post |
+| index.js:8:12:8:21 | '/isAdmin' | stringConcatenatedWith |  |
+| index.js:8:24:10:3 | (req, r ... });\\n  } | CalleeFlexibleAccessPath | app.post |
+| index.js:8:24:10:3 | (req, r ... });\\n  } | InputAccessPathFromCallee |  |
+| index.js:8:24:10:3 | (req, r ... });\\n  } | InputArgumentIndex | 1 |
+| index.js:8:24:10:3 | (req, r ... });\\n  } | assignedToPropName |  |
+| index.js:8:24:10:3 | (req, r ... });\\n  } | calleeImports | express |
+| index.js:8:24:10:3 | (req, r ... });\\n  } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:8:24:10:3 | (req, r ... });\\n  } | contextSurroundingFunctionParameters | ()\n(req, res) |
 | index.js:8:24:10:3 | (req, r ... });\\n  } | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin |
 | index.js:8:24:10:3 | (req, r ... });\\n  } | enclosingFunctionName | flowFromSourceToSink |
+| index.js:8:24:10:3 | (req, r ... });\\n  } | fileImports | express mongoose |
 | index.js:8:24:10:3 | (req, r ... });\\n  } | receiverName | app |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | argumentIndex | 0 |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeAccessPath | mongoose model find |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeAccessPathWithStructuralInfo | mongoose member model instanceorreturn member find instanceorreturn |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeApiName | mongoose |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeName | find |
+| index.js:8:24:10:3 | (req, r ... });\\n  } | stringConcatenatedWith |  |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | CalleeFlexibleAccessPath | User.find |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | InputAccessPathFromCallee |  |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | InputArgumentIndex | 0 |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | assignedToPropName |  |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeImports | mongoose |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | contextSurroundingFunctionParameters | ()\n(req, res) |
 | index.js:9:15:9:45 | { 'isAd ... Admin } | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin |
 | index.js:9:15:9:45 | { 'isAd ... Admin } | enclosingFunctionName | flowFromSourceToSink |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | fileImports | express mongoose |
 | index.js:9:15:9:45 | { 'isAd ... Admin } | receiverName | User |
-| index.js:9:28:9:43 | req.body.isAdmin | argumentIndex |  |
-| index.js:9:28:9:43 | req.body.isAdmin | calleeAccessPath |  |
-| index.js:9:28:9:43 | req.body.isAdmin | calleeAccessPathWithStructuralInfo |  |
-| index.js:9:28:9:43 | req.body.isAdmin | calleeApiName |  |
-| index.js:9:28:9:43 | req.body.isAdmin | calleeName |  |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | stringConcatenatedWith |  |
+| index.js:9:28:9:43 | req.body.isAdmin | CalleeFlexibleAccessPath | User.find |
+| index.js:9:28:9:43 | req.body.isAdmin | InputAccessPathFromCallee | 0.isAdmin |
+| index.js:9:28:9:43 | req.body.isAdmin | InputArgumentIndex | 0 |
+| index.js:9:28:9:43 | req.body.isAdmin | assignedToPropName | isAdmin |
+| index.js:9:28:9:43 | req.body.isAdmin | calleeImports | mongoose |
+| index.js:9:28:9:43 | req.body.isAdmin | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:9:28:9:43 | req.body.isAdmin | contextSurroundingFunctionParameters | ()\n(req, res) |
 | index.js:9:28:9:43 | req.body.isAdmin | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin |
 | index.js:9:28:9:43 | req.body.isAdmin | enclosingFunctionName | flowFromSourceToSink |
+| index.js:9:28:9:43 | req.body.isAdmin | fileImports | express mongoose |
 | index.js:9:28:9:43 | req.body.isAdmin | receiverName |  |
-| index.js:14:12:14:21 | '/isAdmin' | argumentIndex | 0 |
-| index.js:14:12:14:21 | '/isAdmin' | calleeAccessPath | express post |
-| index.js:14:12:14:21 | '/isAdmin' | calleeAccessPathWithStructuralInfo | express instanceorreturn member post instanceorreturn |
-| index.js:14:12:14:21 | '/isAdmin' | calleeApiName | express |
-| index.js:14:12:14:21 | '/isAdmin' | calleeName | post |
+| index.js:9:28:9:43 | req.body.isAdmin | stringConcatenatedWith |  |
+| index.js:14:12:14:21 | '/isAdmin' | CalleeFlexibleAccessPath | app.post |
+| index.js:14:12:14:21 | '/isAdmin' | InputAccessPathFromCallee |  |
+| index.js:14:12:14:21 | '/isAdmin' | InputArgumentIndex | 0 |
+| index.js:14:12:14:21 | '/isAdmin' | assignedToPropName |  |
+| index.js:14:12:14:21 | '/isAdmin' | calleeImports | express |
+| index.js:14:12:14:21 | '/isAdmin' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:14:12:14:21 | '/isAdmin' | contextSurroundingFunctionParameters | () |
 | index.js:14:12:14:21 | '/isAdmin' | enclosingFunctionBody | app post /isAdmin req res console log req body isAdmin |
 | index.js:14:12:14:21 | '/isAdmin' | enclosingFunctionName | flowFromSourceToNotASink |
+| index.js:14:12:14:21 | '/isAdmin' | fileImports | express mongoose |
 | index.js:14:12:14:21 | '/isAdmin' | receiverName | app |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | argumentIndex | 1 |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | calleeAccessPath | express post |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | calleeAccessPathWithStructuralInfo | express instanceorreturn member post instanceorreturn |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | calleeApiName | express |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | calleeName | post |
+| index.js:14:12:14:21 | '/isAdmin' | stringConcatenatedWith |  |
+| index.js:14:24:16:3 | (req, r ... n);\\n  } | CalleeFlexibleAccessPath | app.post |
+| index.js:14:24:16:3 | (req, r ... n);\\n  } | InputAccessPathFromCallee |  |
+| index.js:14:24:16:3 | (req, r ... n);\\n  } | InputArgumentIndex | 1 |
+| index.js:14:24:16:3 | (req, r ... n);\\n  } | assignedToPropName |  |
+| index.js:14:24:16:3 | (req, r ... n);\\n  } | calleeImports | express |
+| index.js:14:24:16:3 | (req, r ... n);\\n  } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:14:24:16:3 | (req, r ... n);\\n  } | contextSurroundingFunctionParameters | ()\n(req, res) |
 | index.js:14:24:16:3 | (req, r ... n);\\n  } | enclosingFunctionBody | app post /isAdmin req res console log req body isAdmin |
 | index.js:14:24:16:3 | (req, r ... n);\\n  } | enclosingFunctionName | flowFromSourceToNotASink |
+| index.js:14:24:16:3 | (req, r ... n);\\n  } | fileImports | express mongoose |
 | index.js:14:24:16:3 | (req, r ... n);\\n  } | receiverName | app |
-| index.js:15:17:15:32 | req.body.isAdmin | argumentIndex | 0 |
-| index.js:15:17:15:32 | req.body.isAdmin | calleeAccessPath |  |
-| index.js:15:17:15:32 | req.body.isAdmin | calleeAccessPathWithStructuralInfo |  |
-| index.js:15:17:15:32 | req.body.isAdmin | calleeApiName |  |
-| index.js:15:17:15:32 | req.body.isAdmin | calleeName | log |
+| index.js:14:24:16:3 | (req, r ... n);\\n  } | stringConcatenatedWith |  |
+| index.js:15:17:15:32 | req.body.isAdmin | CalleeFlexibleAccessPath | console.log |
+| index.js:15:17:15:32 | req.body.isAdmin | InputAccessPathFromCallee |  |
+| index.js:15:17:15:32 | req.body.isAdmin | InputArgumentIndex | 0 |
+| index.js:15:17:15:32 | req.body.isAdmin | assignedToPropName |  |
+| index.js:15:17:15:32 | req.body.isAdmin | calleeImports |  |
+| index.js:15:17:15:32 | req.body.isAdmin | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:15:17:15:32 | req.body.isAdmin | contextSurroundingFunctionParameters | ()\n(req, res) |
 | index.js:15:17:15:32 | req.body.isAdmin | enclosingFunctionBody | app post /isAdmin req res console log req body isAdmin |
 | index.js:15:17:15:32 | req.body.isAdmin | enclosingFunctionName | flowFromSourceToNotASink |
+| index.js:15:17:15:32 | req.body.isAdmin | fileImports | express mongoose |
 | index.js:15:17:15:32 | req.body.isAdmin | receiverName | console |
-| index.js:20:13:20:31 | { 'isAdmin': true } | argumentIndex | 0 |
-| index.js:20:13:20:31 | { 'isAdmin': true } | calleeAccessPath | mongoose model find |
-| index.js:20:13:20:31 | { 'isAdmin': true } | calleeAccessPathWithStructuralInfo | mongoose member model instanceorreturn member find instanceorreturn |
-| index.js:20:13:20:31 | { 'isAdmin': true } | calleeApiName | mongoose |
-| index.js:20:13:20:31 | { 'isAdmin': true } | calleeName | find |
+| index.js:15:17:15:32 | req.body.isAdmin | stringConcatenatedWith |  |
+| index.js:20:13:20:31 | { 'isAdmin': true } | CalleeFlexibleAccessPath | User.find |
+| index.js:20:13:20:31 | { 'isAdmin': true } | InputAccessPathFromCallee |  |
+| index.js:20:13:20:31 | { 'isAdmin': true } | InputArgumentIndex | 0 |
+| index.js:20:13:20:31 | { 'isAdmin': true } | assignedToPropName |  |
+| index.js:20:13:20:31 | { 'isAdmin': true } | calleeImports | mongoose |
+| index.js:20:13:20:31 | { 'isAdmin': true } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:20:13:20:31 | { 'isAdmin': true } | contextSurroundingFunctionParameters | () |
 | index.js:20:13:20:31 | { 'isAdmin': true } | enclosingFunctionBody | User find isAdmin true |
 | index.js:20:13:20:31 | { 'isAdmin': true } | enclosingFunctionName | notFlowFromSource |
+| index.js:20:13:20:31 | { 'isAdmin': true } | fileImports | express mongoose |
 | index.js:20:13:20:31 | { 'isAdmin': true } | receiverName | User |
-| index.js:20:26:20:29 | true | argumentIndex |  |
-| index.js:20:26:20:29 | true | calleeAccessPath |  |
-| index.js:20:26:20:29 | true | calleeAccessPathWithStructuralInfo |  |
-| index.js:20:26:20:29 | true | calleeApiName |  |
-| index.js:20:26:20:29 | true | calleeName |  |
+| index.js:20:13:20:31 | { 'isAdmin': true } | stringConcatenatedWith |  |
+| index.js:20:26:20:29 | true | CalleeFlexibleAccessPath | User.find |
+| index.js:20:26:20:29 | true | InputAccessPathFromCallee | 0.isAdmin |
+| index.js:20:26:20:29 | true | InputArgumentIndex | 0 |
+| index.js:20:26:20:29 | true | assignedToPropName | isAdmin |
+| index.js:20:26:20:29 | true | calleeImports | mongoose |
+| index.js:20:26:20:29 | true | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:20:26:20:29 | true | contextSurroundingFunctionParameters | () |
 | index.js:20:26:20:29 | true | enclosingFunctionBody | User find isAdmin true |
 | index.js:20:26:20:29 | true | enclosingFunctionName | notFlowFromSource |
+| index.js:20:26:20:29 | true | fileImports | express mongoose |
 | index.js:20:26:20:29 | true | receiverName |  |
-| index.js:24:13:24:22 | "constant" | argumentIndex | 0 |
-| index.js:24:13:24:22 | "constant" | calleeAccessPath | mongoose model find |
-| index.js:24:13:24:22 | "constant" | calleeAccessPathWithStructuralInfo | mongoose member model instanceorreturn member find instanceorreturn |
-| index.js:24:13:24:22 | "constant" | calleeApiName | mongoose |
-| index.js:24:13:24:22 | "constant" | calleeName | find |
+| index.js:20:26:20:29 | true | stringConcatenatedWith |  |
+| index.js:24:13:24:22 | "constant" | CalleeFlexibleAccessPath | User.find |
+| index.js:24:13:24:22 | "constant" | InputAccessPathFromCallee |  |
+| index.js:24:13:24:22 | "constant" | InputArgumentIndex | 0 |
+| index.js:24:13:24:22 | "constant" | assignedToPropName |  |
+| index.js:24:13:24:22 | "constant" | calleeImports | mongoose |
+| index.js:24:13:24:22 | "constant" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:24:13:24:22 | "constant" | contextSurroundingFunctionParameters | () |
 | index.js:24:13:24:22 | "constant" | enclosingFunctionBody | User find constant |
 | index.js:24:13:24:22 | "constant" | enclosingFunctionName | constantExpression |
+| index.js:24:13:24:22 | "constant" | fileImports | express mongoose |
 | index.js:24:13:24:22 | "constant" | receiverName | User |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | argumentIndex | 0 |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | calleeAccessPath | mongoose model find |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | calleeAccessPathWithStructuralInfo | mongoose member model instanceorreturn member find instanceorreturn |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | calleeApiName | mongoose |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | calleeName | find |
+| index.js:24:13:24:22 | "constant" | stringConcatenatedWith |  |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | CalleeFlexibleAccessPath | User.find |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | InputAccessPathFromCallee |  |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | InputArgumentIndex | 0 |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | assignedToPropName |  |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | calleeImports | mongoose |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | contextSurroundingFunctionParameters | () |
 | index.js:28:13:28:28 | UNDEFINED_GLOBAL | enclosingFunctionBody | User find UNDEFINED_GLOBAL |
 | index.js:28:13:28:28 | UNDEFINED_GLOBAL | enclosingFunctionName | notConstantExpression |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | fileImports | express mongoose |
 | index.js:28:13:28:28 | UNDEFINED_GLOBAL | receiverName | User |
-| index.js:32:15:32:24 | "someData" | argumentIndex | 0 |
-| index.js:32:15:32:24 | "someData" | calleeAccessPath |  |
-| index.js:32:15:32:24 | "someData" | calleeAccessPathWithStructuralInfo |  |
-| index.js:32:15:32:24 | "someData" | calleeApiName |  |
-| index.js:32:15:32:24 | "someData" | calleeName | log |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | stringConcatenatedWith |  |
+| index.js:32:15:32:24 | "someData" | CalleeFlexibleAccessPath | console.log |
+| index.js:32:15:32:24 | "someData" | InputAccessPathFromCallee |  |
+| index.js:32:15:32:24 | "someData" | InputArgumentIndex | 0 |
+| index.js:32:15:32:24 | "someData" | assignedToPropName |  |
+| index.js:32:15:32:24 | "someData" | calleeImports |  |
+| index.js:32:15:32:24 | "someData" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:32:15:32:24 | "someData" | contextSurroundingFunctionParameters | () |
 | index.js:32:15:32:24 | "someData" | enclosingFunctionBody | console log someData |
 | index.js:32:15:32:24 | "someData" | enclosingFunctionName | notASink |
+| index.js:32:15:32:24 | "someData" | fileImports | express mongoose |
 | index.js:32:15:32:24 | "someData" | receiverName | console |
-| index.js:36:20:36:22 | "a" | argumentIndex | 0 |
-| index.js:36:20:36:22 | "a" | calleeAccessPath |  |
-| index.js:36:20:36:22 | "a" | calleeAccessPathWithStructuralInfo |  |
-| index.js:36:20:36:22 | "a" | calleeApiName |  |
-| index.js:36:20:36:22 | "a" | calleeName | startsWith |
+| index.js:32:15:32:24 | "someData" | stringConcatenatedWith |  |
+| index.js:36:20:36:22 | "a" | CalleeFlexibleAccessPath | ?.startsWith |
+| index.js:36:20:36:22 | "a" | InputAccessPathFromCallee |  |
+| index.js:36:20:36:22 | "a" | InputArgumentIndex | 0 |
+| index.js:36:20:36:22 | "a" | assignedToPropName |  |
+| index.js:36:20:36:22 | "a" | calleeImports |  |
+| index.js:36:20:36:22 | "a" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:36:20:36:22 | "a" | contextSurroundingFunctionParameters | () |
 | index.js:36:20:36:22 | "a" | enclosingFunctionBody | abc startsWith a |
 | index.js:36:20:36:22 | "a" | enclosingFunctionName | notASinkMultipleReasons |
+| index.js:36:20:36:22 | "a" | fileImports | express mongoose |
 | index.js:36:20:36:22 | "a" | receiverName |  |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | argumentIndex | 0 |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | calleeAccessPath | mongoose model find |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | calleeAccessPathWithStructuralInfo | mongoose member model instanceorreturn member find instanceorreturn |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | calleeApiName | mongoose |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | calleeName | find |
+| index.js:36:20:36:22 | "a" | stringConcatenatedWith |  |
+| index.js:41:13:68:61 | "a" + " ... " + "a" | CalleeFlexibleAccessPath | User.find |
+| index.js:41:13:68:61 | "a" + " ... " + "a" | InputAccessPathFromCallee |  |
+| index.js:41:13:68:61 | "a" + " ... " + "a" | InputArgumentIndex | 0 |
+| index.js:41:13:68:61 | "a" + " ... " + "a" | assignedToPropName |  |
+| index.js:41:13:68:61 | "a" + " ... " + "a" | calleeImports | mongoose |
+| index.js:41:13:68:61 | "a" + " ... " + "a" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:41:13:68:61 | "a" + " ... " + "a" | contextSurroundingFunctionParameters | () |
 | index.js:41:13:68:61 | "a" + " ... " + "a" | enclosingFunctionBody |  |
 | index.js:41:13:68:61 | "a" + " ... " + "a" | enclosingFunctionName | veryLongFunctionBody |
+| index.js:41:13:68:61 | "a" + " ... " + "a" | fileImports | express mongoose |
 | index.js:41:13:68:61 | "a" + " ... " + "a" | receiverName | User |
-| index.js:78:30:78:39 | "someData" | argumentIndex | 0 |
-| index.js:78:30:78:39 | "someData" | calleeAccessPath |  |
-| index.js:78:30:78:39 | "someData" | calleeAccessPathWithStructuralInfo |  |
-| index.js:78:30:78:39 | "someData" | calleeApiName |  |
-| index.js:78:30:78:39 | "someData" | calleeName | log |
+| index.js:41:13:68:61 | "a" + " ... " + "a" | stringConcatenatedWith |  |
+| index.js:78:30:78:39 | "someData" | CalleeFlexibleAccessPath | console.log |
+| index.js:78:30:78:39 | "someData" | InputAccessPathFromCallee |  |
+| index.js:78:30:78:39 | "someData" | InputArgumentIndex | 0 |
+| index.js:78:30:78:39 | "someData" | assignedToPropName |  |
+| index.js:78:30:78:39 | "someData" | calleeImports |  |
+| index.js:78:30:78:39 | "someData" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:78:30:78:39 | "someData" | contextSurroundingFunctionParameters | () |
 | index.js:78:30:78:39 | "someData" | enclosingFunctionBody | console log someData |
 | index.js:78:30:78:39 | "someData" | enclosingFunctionName | identity#functionalargument |
+| index.js:78:30:78:39 | "someData" | fileImports | express mongoose |
 | index.js:78:30:78:39 | "someData" | receiverName | console |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | argumentIndex | 0 |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeAccessPath |  |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeAccessPathWithStructuralInfo |  |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeApiName |  |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeName | ajax |
+| index.js:78:30:78:39 | "someData" | stringConcatenatedWith |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | CalleeFlexibleAccessPath | $.ajax |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | InputAccessPathFromCallee |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | InputArgumentIndex | 0 |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | assignedToPropName |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeImports |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | contextSurroundingFunctionParameters | (foo) |
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | enclosingFunctionBody | foo $ ajax url foo bar |
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | enclosingFunctionName | effectiveSinkAndNotASink |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | fileImports | express mongoose |
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | receiverName | $ |
-| index.js:84:12:84:18 | foo.bar | argumentIndex |  |
-| index.js:84:12:84:18 | foo.bar | calleeAccessPath |  |
-| index.js:84:12:84:18 | foo.bar | calleeAccessPathWithStructuralInfo |  |
-| index.js:84:12:84:18 | foo.bar | calleeApiName |  |
-| index.js:84:12:84:18 | foo.bar | calleeName |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | stringConcatenatedWith |  |
+| index.js:84:12:84:18 | foo.bar | CalleeFlexibleAccessPath | $.ajax |
+| index.js:84:12:84:18 | foo.bar | InputAccessPathFromCallee | 0.url |
+| index.js:84:12:84:18 | foo.bar | InputArgumentIndex | 0 |
+| index.js:84:12:84:18 | foo.bar | assignedToPropName | url |
+| index.js:84:12:84:18 | foo.bar | calleeImports |  |
+| index.js:84:12:84:18 | foo.bar | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:84:12:84:18 | foo.bar | contextSurroundingFunctionParameters | (foo) |
 | index.js:84:12:84:18 | foo.bar | enclosingFunctionBody | foo $ ajax url foo bar |
 | index.js:84:12:84:18 | foo.bar | enclosingFunctionName | effectiveSinkAndNotASink |
+| index.js:84:12:84:18 | foo.bar | fileImports | express mongoose |
 | index.js:84:12:84:18 | foo.bar | receiverName |  |
+| index.js:84:12:84:18 | foo.bar | stringConcatenatedWith |  |

javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.expected

@@ -276,171 +276,255 @@ endpoints
 | index.js:84:12:84:18 | foo.bar | Xss | notASinkReason | ClientRequest | string |
 | index.js:84:12:84:18 | foo.bar | Xss | sinkLabel | NotASink | string |
 tokenFeatures
-| index.js:1:25:1:33 | "express" | argumentIndex | 0 |
-| index.js:1:25:1:33 | "express" | calleeAccessPath |  |
-| index.js:1:25:1:33 | "express" | calleeAccessPathWithStructuralInfo |  |
-| index.js:1:25:1:33 | "express" | calleeApiName |  |
-| index.js:1:25:1:33 | "express" | calleeName | require |
+| index.js:1:25:1:33 | "express" | CalleeFlexibleAccessPath | require |
+| index.js:1:25:1:33 | "express" | InputAccessPathFromCallee |  |
+| index.js:1:25:1:33 | "express" | InputArgumentIndex | 0 |
+| index.js:1:25:1:33 | "express" | assignedToPropName |  |
+| index.js:1:25:1:33 | "express" | calleeImports |  |
+| index.js:1:25:1:33 | "express" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:1:25:1:33 | "express" | contextSurroundingFunctionParameters |  |
 | index.js:1:25:1:33 | "express" | enclosingFunctionBody |  |
 | index.js:1:25:1:33 | "express" | enclosingFunctionName |  |
+| index.js:1:25:1:33 | "express" | fileImports | express mongoose |
 | index.js:1:25:1:33 | "express" | receiverName |  |
-| index.js:2:26:2:35 | 'mongoose' | argumentIndex | 0 |
-| index.js:2:26:2:35 | 'mongoose' | calleeAccessPath |  |
-| index.js:2:26:2:35 | 'mongoose' | calleeAccessPathWithStructuralInfo |  |
-| index.js:2:26:2:35 | 'mongoose' | calleeApiName |  |
-| index.js:2:26:2:35 | 'mongoose' | calleeName | require |
+| index.js:1:25:1:33 | "express" | stringConcatenatedWith |  |
+| index.js:2:26:2:35 | 'mongoose' | CalleeFlexibleAccessPath | require |
+| index.js:2:26:2:35 | 'mongoose' | InputAccessPathFromCallee |  |
+| index.js:2:26:2:35 | 'mongoose' | InputArgumentIndex | 0 |
+| index.js:2:26:2:35 | 'mongoose' | assignedToPropName |  |
+| index.js:2:26:2:35 | 'mongoose' | calleeImports |  |
+| index.js:2:26:2:35 | 'mongoose' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:2:26:2:35 | 'mongoose' | contextSurroundingFunctionParameters |  |
 | index.js:2:26:2:35 | 'mongoose' | enclosingFunctionBody |  |
 | index.js:2:26:2:35 | 'mongoose' | enclosingFunctionName |  |
+| index.js:2:26:2:35 | 'mongoose' | fileImports | express mongoose |
 | index.js:2:26:2:35 | 'mongoose' | receiverName |  |
-| index.js:3:29:3:34 | 'User' | argumentIndex | 0 |
-| index.js:3:29:3:34 | 'User' | calleeAccessPath | mongoose model |
-| index.js:3:29:3:34 | 'User' | calleeAccessPathWithStructuralInfo | mongoose member model instanceorreturn |
-| index.js:3:29:3:34 | 'User' | calleeApiName | mongoose |
-| index.js:3:29:3:34 | 'User' | calleeName | model |
+| index.js:2:26:2:35 | 'mongoose' | stringConcatenatedWith |  |
+| index.js:3:29:3:34 | 'User' | CalleeFlexibleAccessPath | mongoose.model |
+| index.js:3:29:3:34 | 'User' | InputAccessPathFromCallee |  |
+| index.js:3:29:3:34 | 'User' | InputArgumentIndex | 0 |
+| index.js:3:29:3:34 | 'User' | assignedToPropName |  |
+| index.js:3:29:3:34 | 'User' | calleeImports | mongoose |
+| index.js:3:29:3:34 | 'User' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:3:29:3:34 | 'User' | contextSurroundingFunctionParameters |  |
 | index.js:3:29:3:34 | 'User' | enclosingFunctionBody |  |
 | index.js:3:29:3:34 | 'User' | enclosingFunctionName |  |
+| index.js:3:29:3:34 | 'User' | fileImports | express mongoose |
 | index.js:3:29:3:34 | 'User' | receiverName | mongoose |
-| index.js:3:37:3:40 | null | argumentIndex | 1 |
-| index.js:3:37:3:40 | null | calleeAccessPath | mongoose model |
-| index.js:3:37:3:40 | null | calleeAccessPathWithStructuralInfo | mongoose member model instanceorreturn |
-| index.js:3:37:3:40 | null | calleeApiName | mongoose |
-| index.js:3:37:3:40 | null | calleeName | model |
+| index.js:3:29:3:34 | 'User' | stringConcatenatedWith |  |
+| index.js:3:37:3:40 | null | CalleeFlexibleAccessPath | mongoose.model |
+| index.js:3:37:3:40 | null | InputAccessPathFromCallee |  |
+| index.js:3:37:3:40 | null | InputArgumentIndex | 1 |
+| index.js:3:37:3:40 | null | assignedToPropName |  |
+| index.js:3:37:3:40 | null | calleeImports | mongoose |
+| index.js:3:37:3:40 | null | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:3:37:3:40 | null | contextSurroundingFunctionParameters |  |
 | index.js:3:37:3:40 | null | enclosingFunctionBody |  |
 | index.js:3:37:3:40 | null | enclosingFunctionName |  |
+| index.js:3:37:3:40 | null | fileImports | express mongoose |
 | index.js:3:37:3:40 | null | receiverName | mongoose |
-| index.js:8:12:8:21 | '/isAdmin' | argumentIndex | 0 |
-| index.js:8:12:8:21 | '/isAdmin' | calleeAccessPath | express post |
-| index.js:8:12:8:21 | '/isAdmin' | calleeAccessPathWithStructuralInfo | express instanceorreturn member post instanceorreturn |
-| index.js:8:12:8:21 | '/isAdmin' | calleeApiName | express |
-| index.js:8:12:8:21 | '/isAdmin' | calleeName | post |
+| index.js:3:37:3:40 | null | stringConcatenatedWith |  |
+| index.js:8:12:8:21 | '/isAdmin' | CalleeFlexibleAccessPath | app.post |
+| index.js:8:12:8:21 | '/isAdmin' | InputAccessPathFromCallee |  |
+| index.js:8:12:8:21 | '/isAdmin' | InputArgumentIndex | 0 |
+| index.js:8:12:8:21 | '/isAdmin' | assignedToPropName |  |
+| index.js:8:12:8:21 | '/isAdmin' | calleeImports | express |
+| index.js:8:12:8:21 | '/isAdmin' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:8:12:8:21 | '/isAdmin' | contextSurroundingFunctionParameters | () |
 | index.js:8:12:8:21 | '/isAdmin' | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin |
 | index.js:8:12:8:21 | '/isAdmin' | enclosingFunctionName | flowFromSourceToSink |
+| index.js:8:12:8:21 | '/isAdmin' | fileImports | express mongoose |
 | index.js:8:12:8:21 | '/isAdmin' | receiverName | app |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | argumentIndex | 1 |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | calleeAccessPath | express post |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | calleeAccessPathWithStructuralInfo | express instanceorreturn member post instanceorreturn |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | calleeApiName | express |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | calleeName | post |
+| index.js:8:12:8:21 | '/isAdmin' | stringConcatenatedWith |  |
+| index.js:8:24:10:3 | (req, r ... });\\n  } | CalleeFlexibleAccessPath | app.post |
+| index.js:8:24:10:3 | (req, r ... });\\n  } | InputAccessPathFromCallee |  |
+| index.js:8:24:10:3 | (req, r ... });\\n  } | InputArgumentIndex | 1 |
+| index.js:8:24:10:3 | (req, r ... });\\n  } | assignedToPropName |  |
+| index.js:8:24:10:3 | (req, r ... });\\n  } | calleeImports | express |
+| index.js:8:24:10:3 | (req, r ... });\\n  } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:8:24:10:3 | (req, r ... });\\n  } | contextSurroundingFunctionParameters | ()\n(req, res) |
 | index.js:8:24:10:3 | (req, r ... });\\n  } | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin |
 | index.js:8:24:10:3 | (req, r ... });\\n  } | enclosingFunctionName | flowFromSourceToSink |
+| index.js:8:24:10:3 | (req, r ... });\\n  } | fileImports | express mongoose |
 | index.js:8:24:10:3 | (req, r ... });\\n  } | receiverName | app |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | argumentIndex | 0 |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeAccessPath | mongoose model find |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeAccessPathWithStructuralInfo | mongoose member model instanceorreturn member find instanceorreturn |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeApiName | mongoose |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeName | find |
+| index.js:8:24:10:3 | (req, r ... });\\n  } | stringConcatenatedWith |  |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | CalleeFlexibleAccessPath | User.find |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | InputAccessPathFromCallee |  |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | InputArgumentIndex | 0 |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | assignedToPropName |  |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeImports | mongoose |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | contextSurroundingFunctionParameters | ()\n(req, res) |
 | index.js:9:15:9:45 | { 'isAd ... Admin } | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin |
 | index.js:9:15:9:45 | { 'isAd ... Admin } | enclosingFunctionName | flowFromSourceToSink |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | fileImports | express mongoose |
 | index.js:9:15:9:45 | { 'isAd ... Admin } | receiverName | User |
-| index.js:9:28:9:43 | req.body.isAdmin | argumentIndex |  |
-| index.js:9:28:9:43 | req.body.isAdmin | calleeAccessPath |  |
-| index.js:9:28:9:43 | req.body.isAdmin | calleeAccessPathWithStructuralInfo |  |
-| index.js:9:28:9:43 | req.body.isAdmin | calleeApiName |  |
-| index.js:9:28:9:43 | req.body.isAdmin | calleeName |  |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | stringConcatenatedWith |  |
+| index.js:9:28:9:43 | req.body.isAdmin | CalleeFlexibleAccessPath | User.find |
+| index.js:9:28:9:43 | req.body.isAdmin | InputAccessPathFromCallee | 0.isAdmin |
+| index.js:9:28:9:43 | req.body.isAdmin | InputArgumentIndex | 0 |
+| index.js:9:28:9:43 | req.body.isAdmin | assignedToPropName | isAdmin |
+| index.js:9:28:9:43 | req.body.isAdmin | calleeImports | mongoose |
+| index.js:9:28:9:43 | req.body.isAdmin | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:9:28:9:43 | req.body.isAdmin | contextSurroundingFunctionParameters | ()\n(req, res) |
 | index.js:9:28:9:43 | req.body.isAdmin | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin |
 | index.js:9:28:9:43 | req.body.isAdmin | enclosingFunctionName | flowFromSourceToSink |
+| index.js:9:28:9:43 | req.body.isAdmin | fileImports | express mongoose |
 | index.js:9:28:9:43 | req.body.isAdmin | receiverName |  |
-| index.js:14:12:14:21 | '/isAdmin' | argumentIndex | 0 |
-| index.js:14:12:14:21 | '/isAdmin' | calleeAccessPath | express post |
-| index.js:14:12:14:21 | '/isAdmin' | calleeAccessPathWithStructuralInfo | express instanceorreturn member post instanceorreturn |
-| index.js:14:12:14:21 | '/isAdmin' | calleeApiName | express |
-| index.js:14:12:14:21 | '/isAdmin' | calleeName | post |
+| index.js:9:28:9:43 | req.body.isAdmin | stringConcatenatedWith |  |
+| index.js:14:12:14:21 | '/isAdmin' | CalleeFlexibleAccessPath | app.post |
+| index.js:14:12:14:21 | '/isAdmin' | InputAccessPathFromCallee |  |
+| index.js:14:12:14:21 | '/isAdmin' | InputArgumentIndex | 0 |
+| index.js:14:12:14:21 | '/isAdmin' | assignedToPropName |  |
+| index.js:14:12:14:21 | '/isAdmin' | calleeImports | express |
+| index.js:14:12:14:21 | '/isAdmin' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:14:12:14:21 | '/isAdmin' | contextSurroundingFunctionParameters | () |
 | index.js:14:12:14:21 | '/isAdmin' | enclosingFunctionBody | app post /isAdmin req res console log req body isAdmin |
 | index.js:14:12:14:21 | '/isAdmin' | enclosingFunctionName | flowFromSourceToNotASink |
+| index.js:14:12:14:21 | '/isAdmin' | fileImports | express mongoose |
 | index.js:14:12:14:21 | '/isAdmin' | receiverName | app |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | argumentIndex | 1 |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | calleeAccessPath | express post |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | calleeAccessPathWithStructuralInfo | express instanceorreturn member post instanceorreturn |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | calleeApiName | express |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | calleeName | post |
+| index.js:14:12:14:21 | '/isAdmin' | stringConcatenatedWith |  |
+| index.js:14:24:16:3 | (req, r ... n);\\n  } | CalleeFlexibleAccessPath | app.post |
+| index.js:14:24:16:3 | (req, r ... n);\\n  } | InputAccessPathFromCallee |  |
+| index.js:14:24:16:3 | (req, r ... n);\\n  } | InputArgumentIndex | 1 |
+| index.js:14:24:16:3 | (req, r ... n);\\n  } | assignedToPropName |  |
+| index.js:14:24:16:3 | (req, r ... n);\\n  } | calleeImports | express |
+| index.js:14:24:16:3 | (req, r ... n);\\n  } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:14:24:16:3 | (req, r ... n);\\n  } | contextSurroundingFunctionParameters | ()\n(req, res) |
 | index.js:14:24:16:3 | (req, r ... n);\\n  } | enclosingFunctionBody | app post /isAdmin req res console log req body isAdmin |
 | index.js:14:24:16:3 | (req, r ... n);\\n  } | enclosingFunctionName | flowFromSourceToNotASink |
+| index.js:14:24:16:3 | (req, r ... n);\\n  } | fileImports | express mongoose |
 | index.js:14:24:16:3 | (req, r ... n);\\n  } | receiverName | app |
-| index.js:15:17:15:32 | req.body.isAdmin | argumentIndex | 0 |
-| index.js:15:17:15:32 | req.body.isAdmin | calleeAccessPath |  |
-| index.js:15:17:15:32 | req.body.isAdmin | calleeAccessPathWithStructuralInfo |  |
-| index.js:15:17:15:32 | req.body.isAdmin | calleeApiName |  |
-| index.js:15:17:15:32 | req.body.isAdmin | calleeName | log |
+| index.js:14:24:16:3 | (req, r ... n);\\n  } | stringConcatenatedWith |  |
+| index.js:15:17:15:32 | req.body.isAdmin | CalleeFlexibleAccessPath | console.log |
+| index.js:15:17:15:32 | req.body.isAdmin | InputAccessPathFromCallee |  |
+| index.js:15:17:15:32 | req.body.isAdmin | InputArgumentIndex | 0 |
+| index.js:15:17:15:32 | req.body.isAdmin | assignedToPropName |  |
+| index.js:15:17:15:32 | req.body.isAdmin | calleeImports |  |
+| index.js:15:17:15:32 | req.body.isAdmin | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:15:17:15:32 | req.body.isAdmin | contextSurroundingFunctionParameters | ()\n(req, res) |
 | index.js:15:17:15:32 | req.body.isAdmin | enclosingFunctionBody | app post /isAdmin req res console log req body isAdmin |
 | index.js:15:17:15:32 | req.body.isAdmin | enclosingFunctionName | flowFromSourceToNotASink |
+| index.js:15:17:15:32 | req.body.isAdmin | fileImports | express mongoose |
 | index.js:15:17:15:32 | req.body.isAdmin | receiverName | console |
-| index.js:20:13:20:31 | { 'isAdmin': true } | argumentIndex | 0 |
-| index.js:20:13:20:31 | { 'isAdmin': true } | calleeAccessPath | mongoose model find |
-| index.js:20:13:20:31 | { 'isAdmin': true } | calleeAccessPathWithStructuralInfo | mongoose member model instanceorreturn member find instanceorreturn |
-| index.js:20:13:20:31 | { 'isAdmin': true } | calleeApiName | mongoose |
-| index.js:20:13:20:31 | { 'isAdmin': true } | calleeName | find |
+| index.js:15:17:15:32 | req.body.isAdmin | stringConcatenatedWith |  |
+| index.js:20:13:20:31 | { 'isAdmin': true } | CalleeFlexibleAccessPath | User.find |
+| index.js:20:13:20:31 | { 'isAdmin': true } | InputAccessPathFromCallee |  |
+| index.js:20:13:20:31 | { 'isAdmin': true } | InputArgumentIndex | 0 |
+| index.js:20:13:20:31 | { 'isAdmin': true } | assignedToPropName |  |
+| index.js:20:13:20:31 | { 'isAdmin': true } | calleeImports | mongoose |
+| index.js:20:13:20:31 | { 'isAdmin': true } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:20:13:20:31 | { 'isAdmin': true } | contextSurroundingFunctionParameters | () |
 | index.js:20:13:20:31 | { 'isAdmin': true } | enclosingFunctionBody | User find isAdmin true |
 | index.js:20:13:20:31 | { 'isAdmin': true } | enclosingFunctionName | notFlowFromSource |
+| index.js:20:13:20:31 | { 'isAdmin': true } | fileImports | express mongoose |
 | index.js:20:13:20:31 | { 'isAdmin': true } | receiverName | User |
-| index.js:20:26:20:29 | true | argumentIndex |  |
-| index.js:20:26:20:29 | true | calleeAccessPath |  |
-| index.js:20:26:20:29 | true | calleeAccessPathWithStructuralInfo |  |
-| index.js:20:26:20:29 | true | calleeApiName |  |
-| index.js:20:26:20:29 | true | calleeName |  |
+| index.js:20:13:20:31 | { 'isAdmin': true } | stringConcatenatedWith |  |
+| index.js:20:26:20:29 | true | CalleeFlexibleAccessPath | User.find |
+| index.js:20:26:20:29 | true | InputAccessPathFromCallee | 0.isAdmin |
+| index.js:20:26:20:29 | true | InputArgumentIndex | 0 |
+| index.js:20:26:20:29 | true | assignedToPropName | isAdmin |
+| index.js:20:26:20:29 | true | calleeImports | mongoose |
+| index.js:20:26:20:29 | true | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:20:26:20:29 | true | contextSurroundingFunctionParameters | () |
 | index.js:20:26:20:29 | true | enclosingFunctionBody | User find isAdmin true |
 | index.js:20:26:20:29 | true | enclosingFunctionName | notFlowFromSource |
+| index.js:20:26:20:29 | true | fileImports | express mongoose |
 | index.js:20:26:20:29 | true | receiverName |  |
-| index.js:24:13:24:22 | "constant" | argumentIndex | 0 |
-| index.js:24:13:24:22 | "constant" | calleeAccessPath | mongoose model find |
-| index.js:24:13:24:22 | "constant" | calleeAccessPathWithStructuralInfo | mongoose member model instanceorreturn member find instanceorreturn |
-| index.js:24:13:24:22 | "constant" | calleeApiName | mongoose |
-| index.js:24:13:24:22 | "constant" | calleeName | find |
+| index.js:20:26:20:29 | true | stringConcatenatedWith |  |
+| index.js:24:13:24:22 | "constant" | CalleeFlexibleAccessPath | User.find |
+| index.js:24:13:24:22 | "constant" | InputAccessPathFromCallee |  |
+| index.js:24:13:24:22 | "constant" | InputArgumentIndex | 0 |
+| index.js:24:13:24:22 | "constant" | assignedToPropName |  |
+| index.js:24:13:24:22 | "constant" | calleeImports | mongoose |
+| index.js:24:13:24:22 | "constant" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:24:13:24:22 | "constant" | contextSurroundingFunctionParameters | () |
 | index.js:24:13:24:22 | "constant" | enclosingFunctionBody | User find constant |
 | index.js:24:13:24:22 | "constant" | enclosingFunctionName | constantExpression |
+| index.js:24:13:24:22 | "constant" | fileImports | express mongoose |
 | index.js:24:13:24:22 | "constant" | receiverName | User |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | argumentIndex | 0 |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | calleeAccessPath | mongoose model find |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | calleeAccessPathWithStructuralInfo | mongoose member model instanceorreturn member find instanceorreturn |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | calleeApiName | mongoose |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | calleeName | find |
+| index.js:24:13:24:22 | "constant" | stringConcatenatedWith |  |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | CalleeFlexibleAccessPath | User.find |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | InputAccessPathFromCallee |  |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | InputArgumentIndex | 0 |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | assignedToPropName |  |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | calleeImports | mongoose |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | contextSurroundingFunctionParameters | () |
 | index.js:28:13:28:28 | UNDEFINED_GLOBAL | enclosingFunctionBody | User find UNDEFINED_GLOBAL |
 | index.js:28:13:28:28 | UNDEFINED_GLOBAL | enclosingFunctionName | notConstantExpression |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | fileImports | express mongoose |
 | index.js:28:13:28:28 | UNDEFINED_GLOBAL | receiverName | User |
-| index.js:32:15:32:24 | "someData" | argumentIndex | 0 |
-| index.js:32:15:32:24 | "someData" | calleeAccessPath |  |
-| index.js:32:15:32:24 | "someData" | calleeAccessPathWithStructuralInfo |  |
-| index.js:32:15:32:24 | "someData" | calleeApiName |  |
-| index.js:32:15:32:24 | "someData" | calleeName | log |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | stringConcatenatedWith |  |
+| index.js:32:15:32:24 | "someData" | CalleeFlexibleAccessPath | console.log |
+| index.js:32:15:32:24 | "someData" | InputAccessPathFromCallee |  |
+| index.js:32:15:32:24 | "someData" | InputArgumentIndex | 0 |
+| index.js:32:15:32:24 | "someData" | assignedToPropName |  |
+| index.js:32:15:32:24 | "someData" | calleeImports |  |
+| index.js:32:15:32:24 | "someData" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:32:15:32:24 | "someData" | contextSurroundingFunctionParameters | () |
 | index.js:32:15:32:24 | "someData" | enclosingFunctionBody | console log someData |
 | index.js:32:15:32:24 | "someData" | enclosingFunctionName | notASink |
+| index.js:32:15:32:24 | "someData" | fileImports | express mongoose |
 | index.js:32:15:32:24 | "someData" | receiverName | console |
-| index.js:36:20:36:22 | "a" | argumentIndex | 0 |
-| index.js:36:20:36:22 | "a" | calleeAccessPath |  |
-| index.js:36:20:36:22 | "a" | calleeAccessPathWithStructuralInfo |  |
-| index.js:36:20:36:22 | "a" | calleeApiName |  |
-| index.js:36:20:36:22 | "a" | calleeName | startsWith |
+| index.js:32:15:32:24 | "someData" | stringConcatenatedWith |  |
+| index.js:36:20:36:22 | "a" | CalleeFlexibleAccessPath | ?.startsWith |
+| index.js:36:20:36:22 | "a" | InputAccessPathFromCallee |  |
+| index.js:36:20:36:22 | "a" | InputArgumentIndex | 0 |
+| index.js:36:20:36:22 | "a" | assignedToPropName |  |
+| index.js:36:20:36:22 | "a" | calleeImports |  |
+| index.js:36:20:36:22 | "a" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:36:20:36:22 | "a" | contextSurroundingFunctionParameters | () |
 | index.js:36:20:36:22 | "a" | enclosingFunctionBody | abc startsWith a |
 | index.js:36:20:36:22 | "a" | enclosingFunctionName | notASinkMultipleReasons |
+| index.js:36:20:36:22 | "a" | fileImports | express mongoose |
 | index.js:36:20:36:22 | "a" | receiverName |  |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | argumentIndex | 0 |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | calleeAccessPath | mongoose model find |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | calleeAccessPathWithStructuralInfo | mongoose member model instanceorreturn member find instanceorreturn |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | calleeApiName | mongoose |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | calleeName | find |
+| index.js:36:20:36:22 | "a" | stringConcatenatedWith |  |
+| index.js:41:13:68:61 | "a" + " ... " + "a" | CalleeFlexibleAccessPath | User.find |
+| index.js:41:13:68:61 | "a" + " ... " + "a" | InputAccessPathFromCallee |  |
+| index.js:41:13:68:61 | "a" + " ... " + "a" | InputArgumentIndex | 0 |
+| index.js:41:13:68:61 | "a" + " ... " + "a" | assignedToPropName |  |
+| index.js:41:13:68:61 | "a" + " ... " + "a" | calleeImports | mongoose |
+| index.js:41:13:68:61 | "a" + " ... " + "a" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:41:13:68:61 | "a" + " ... " + "a" | contextSurroundingFunctionParameters | () |
 | index.js:41:13:68:61 | "a" + " ... " + "a" | enclosingFunctionBody |  |
 | index.js:41:13:68:61 | "a" + " ... " + "a" | enclosingFunctionName | veryLongFunctionBody |
+| index.js:41:13:68:61 | "a" + " ... " + "a" | fileImports | express mongoose |
 | index.js:41:13:68:61 | "a" + " ... " + "a" | receiverName | User |
-| index.js:78:30:78:39 | "someData" | argumentIndex | 0 |
-| index.js:78:30:78:39 | "someData" | calleeAccessPath |  |
-| index.js:78:30:78:39 | "someData" | calleeAccessPathWithStructuralInfo |  |
-| index.js:78:30:78:39 | "someData" | calleeApiName |  |
-| index.js:78:30:78:39 | "someData" | calleeName | log |
+| index.js:41:13:68:61 | "a" + " ... " + "a" | stringConcatenatedWith |  |
+| index.js:78:30:78:39 | "someData" | CalleeFlexibleAccessPath | console.log |
+| index.js:78:30:78:39 | "someData" | InputAccessPathFromCallee |  |
+| index.js:78:30:78:39 | "someData" | InputArgumentIndex | 0 |
+| index.js:78:30:78:39 | "someData" | assignedToPropName |  |
+| index.js:78:30:78:39 | "someData" | calleeImports |  |
+| index.js:78:30:78:39 | "someData" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:78:30:78:39 | "someData" | contextSurroundingFunctionParameters | () |
 | index.js:78:30:78:39 | "someData" | enclosingFunctionBody | console log someData |
 | index.js:78:30:78:39 | "someData" | enclosingFunctionName | identity#functionalargument |
+| index.js:78:30:78:39 | "someData" | fileImports | express mongoose |
 | index.js:78:30:78:39 | "someData" | receiverName | console |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | argumentIndex | 0 |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeAccessPath |  |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeAccessPathWithStructuralInfo |  |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeApiName |  |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeName | ajax |
+| index.js:78:30:78:39 | "someData" | stringConcatenatedWith |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | CalleeFlexibleAccessPath | $.ajax |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | InputAccessPathFromCallee |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | InputArgumentIndex | 0 |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | assignedToPropName |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeImports |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | contextSurroundingFunctionParameters | (foo) |
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | enclosingFunctionBody | foo $ ajax url foo bar |
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | enclosingFunctionName | effectiveSinkAndNotASink |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | fileImports | express mongoose |
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | receiverName | $ |
-| index.js:84:12:84:18 | foo.bar | argumentIndex |  |
-| index.js:84:12:84:18 | foo.bar | calleeAccessPath |  |
-| index.js:84:12:84:18 | foo.bar | calleeAccessPathWithStructuralInfo |  |
-| index.js:84:12:84:18 | foo.bar | calleeApiName |  |
-| index.js:84:12:84:18 | foo.bar | calleeName |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | stringConcatenatedWith |  |
+| index.js:84:12:84:18 | foo.bar | CalleeFlexibleAccessPath | $.ajax |
+| index.js:84:12:84:18 | foo.bar | InputAccessPathFromCallee | 0.url |
+| index.js:84:12:84:18 | foo.bar | InputArgumentIndex | 0 |
+| index.js:84:12:84:18 | foo.bar | assignedToPropName | url |
+| index.js:84:12:84:18 | foo.bar | calleeImports |  |
+| index.js:84:12:84:18 | foo.bar | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:84:12:84:18 | foo.bar | contextSurroundingFunctionParameters | (foo) |
 | index.js:84:12:84:18 | foo.bar | enclosingFunctionBody | foo $ ajax url foo bar |
 | index.js:84:12:84:18 | foo.bar | enclosingFunctionName | effectiveSinkAndNotASink |
+| index.js:84:12:84:18 | foo.bar | fileImports | express mongoose |
 | index.js:84:12:84:18 | foo.bar | receiverName |  |
+| index.js:84:12:84:18 | foo.bar | stringConcatenatedWith |  |

javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataTraining.expected

@@ -76,51 +76,75 @@ endpoints
 | index.js:84:12:84:18 | foo.bar | Xss | notASinkReason | ClientRequest | string |
 | index.js:84:12:84:18 | foo.bar | Xss | sinkLabel | NotASink | string |
 tokenFeatures
-| index.js:9:15:9:45 | { 'isAd ... Admin } | argumentIndex | 0 |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeAccessPath | mongoose model find |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeAccessPathWithStructuralInfo | mongoose member model instanceorreturn member find instanceorreturn |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeApiName | mongoose |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeName | find |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | CalleeFlexibleAccessPath | User.find |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | InputAccessPathFromCallee |  |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | InputArgumentIndex | 0 |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | assignedToPropName |  |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeImports | mongoose |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | contextSurroundingFunctionParameters | ()\n(req, res) |
 | index.js:9:15:9:45 | { 'isAd ... Admin } | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin |
 | index.js:9:15:9:45 | { 'isAd ... Admin } | enclosingFunctionName | flowFromSourceToSink |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | fileImports | express mongoose |
 | index.js:9:15:9:45 | { 'isAd ... Admin } | receiverName | User |
-| index.js:15:17:15:32 | req.body.isAdmin | argumentIndex | 0 |
-| index.js:15:17:15:32 | req.body.isAdmin | calleeAccessPath |  |
-| index.js:15:17:15:32 | req.body.isAdmin | calleeAccessPathWithStructuralInfo |  |
-| index.js:15:17:15:32 | req.body.isAdmin | calleeApiName |  |
-| index.js:15:17:15:32 | req.body.isAdmin | calleeName | log |
+| index.js:9:15:9:45 | { 'isAd ... Admin } | stringConcatenatedWith |  |
+| index.js:15:17:15:32 | req.body.isAdmin | CalleeFlexibleAccessPath | console.log |
+| index.js:15:17:15:32 | req.body.isAdmin | InputAccessPathFromCallee |  |
+| index.js:15:17:15:32 | req.body.isAdmin | InputArgumentIndex | 0 |
+| index.js:15:17:15:32 | req.body.isAdmin | assignedToPropName |  |
+| index.js:15:17:15:32 | req.body.isAdmin | calleeImports |  |
+| index.js:15:17:15:32 | req.body.isAdmin | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:15:17:15:32 | req.body.isAdmin | contextSurroundingFunctionParameters | ()\n(req, res) |
 | index.js:15:17:15:32 | req.body.isAdmin | enclosingFunctionBody | app post /isAdmin req res console log req body isAdmin |
 | index.js:15:17:15:32 | req.body.isAdmin | enclosingFunctionName | flowFromSourceToNotASink |
+| index.js:15:17:15:32 | req.body.isAdmin | fileImports | express mongoose |
 | index.js:15:17:15:32 | req.body.isAdmin | receiverName | console |
-| index.js:20:13:20:31 | { 'isAdmin': true } | argumentIndex | 0 |
-| index.js:20:13:20:31 | { 'isAdmin': true } | calleeAccessPath | mongoose model find |
-| index.js:20:13:20:31 | { 'isAdmin': true } | calleeAccessPathWithStructuralInfo | mongoose member model instanceorreturn member find instanceorreturn |
-| index.js:20:13:20:31 | { 'isAdmin': true } | calleeApiName | mongoose |
-| index.js:20:13:20:31 | { 'isAdmin': true } | calleeName | find |
+| index.js:15:17:15:32 | req.body.isAdmin | stringConcatenatedWith |  |
+| index.js:20:13:20:31 | { 'isAdmin': true } | CalleeFlexibleAccessPath | User.find |
+| index.js:20:13:20:31 | { 'isAdmin': true } | InputAccessPathFromCallee |  |
+| index.js:20:13:20:31 | { 'isAdmin': true } | InputArgumentIndex | 0 |
+| index.js:20:13:20:31 | { 'isAdmin': true } | assignedToPropName |  |
+| index.js:20:13:20:31 | { 'isAdmin': true } | calleeImports | mongoose |
+| index.js:20:13:20:31 | { 'isAdmin': true } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:20:13:20:31 | { 'isAdmin': true } | contextSurroundingFunctionParameters | () |
 | index.js:20:13:20:31 | { 'isAdmin': true } | enclosingFunctionBody | User find isAdmin true |
 | index.js:20:13:20:31 | { 'isAdmin': true } | enclosingFunctionName | notFlowFromSource |
+| index.js:20:13:20:31 | { 'isAdmin': true } | fileImports | express mongoose |
 | index.js:20:13:20:31 | { 'isAdmin': true } | receiverName | User |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | argumentIndex | 0 |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | calleeAccessPath | mongoose model find |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | calleeAccessPathWithStructuralInfo | mongoose member model instanceorreturn member find instanceorreturn |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | calleeApiName | mongoose |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | calleeName | find |
+| index.js:20:13:20:31 | { 'isAdmin': true } | stringConcatenatedWith |  |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | CalleeFlexibleAccessPath | User.find |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | InputAccessPathFromCallee |  |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | InputArgumentIndex | 0 |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | assignedToPropName |  |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | calleeImports | mongoose |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | contextSurroundingFunctionParameters | () |
 | index.js:28:13:28:28 | UNDEFINED_GLOBAL | enclosingFunctionBody | User find UNDEFINED_GLOBAL |
 | index.js:28:13:28:28 | UNDEFINED_GLOBAL | enclosingFunctionName | notConstantExpression |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | fileImports | express mongoose |
 | index.js:28:13:28:28 | UNDEFINED_GLOBAL | receiverName | User |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | argumentIndex | 0 |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeAccessPath |  |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeAccessPathWithStructuralInfo |  |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeApiName |  |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeName | ajax |
+| index.js:28:13:28:28 | UNDEFINED_GLOBAL | stringConcatenatedWith |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | CalleeFlexibleAccessPath | $.ajax |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | InputAccessPathFromCallee |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | InputArgumentIndex | 0 |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | assignedToPropName |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeImports |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | contextSurroundingFunctionParameters | (foo) |
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | enclosingFunctionBody | foo $ ajax url foo bar |
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | enclosingFunctionName | effectiveSinkAndNotASink |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | fileImports | express mongoose |
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | receiverName | $ |
-| index.js:84:12:84:18 | foo.bar | argumentIndex |  |
-| index.js:84:12:84:18 | foo.bar | calleeAccessPath |  |
-| index.js:84:12:84:18 | foo.bar | calleeAccessPathWithStructuralInfo |  |
-| index.js:84:12:84:18 | foo.bar | calleeApiName |  |
-| index.js:84:12:84:18 | foo.bar | calleeName |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | stringConcatenatedWith |  |
+| index.js:84:12:84:18 | foo.bar | CalleeFlexibleAccessPath | $.ajax |
+| index.js:84:12:84:18 | foo.bar | InputAccessPathFromCallee | 0.url |
+| index.js:84:12:84:18 | foo.bar | InputArgumentIndex | 0 |
+| index.js:84:12:84:18 | foo.bar | assignedToPropName | url |
+| index.js:84:12:84:18 | foo.bar | calleeImports |  |
+| index.js:84:12:84:18 | foo.bar | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
+| index.js:84:12:84:18 | foo.bar | contextSurroundingFunctionParameters | (foo) |
 | index.js:84:12:84:18 | foo.bar | enclosingFunctionBody | foo $ ajax url foo bar |
 | index.js:84:12:84:18 | foo.bar | enclosingFunctionName | effectiveSinkAndNotASink |
+| index.js:84:12:84:18 | foo.bar | fileImports | express mongoose |
 | index.js:84:12:84:18 | foo.bar | receiverName |  |
+| index.js:84:12:84:18 | foo.bar | stringConcatenatedWith |  |

javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/EmptyFeature.ql

@@ -0,0 +1,9 @@
+import javascript
+import experimental.adaptivethreatmodeling.EndpointFeatures
+import experimental.adaptivethreatmodeling.FeaturizationConfig
+import TestUtil
+
+// every feature must produce a value for at least one endpoint, otherwise the feature is completely broken, or a relevant test example is missing
+from EndpointFeature feature
+where forall(Endpoint endpoint | not exists(feature.getValue(endpoint)))
+select feature.getName()

javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/FeatureValue.expected

@@ -0,0 +1,141 @@
+| test.html:2:61:2:68 | endpoint | CalleeFlexibleAccessPath | $event.target.files.item |
+| test.html:2:61:2:68 | endpoint | InputArgumentIndex | 0 |
+| test.html:2:61:2:68 | endpoint | contextFunctionInterfaces |  |
+| test.html:2:61:2:68 | endpoint | contextSurroundingFunctionParameters |  |
+| test.html:2:61:2:68 | endpoint | fileImports |  |
+| test.js:6:7:6:14 | endpoint | CalleeFlexibleAccessPath | f |
+| test.js:6:7:6:14 | endpoint | InputArgumentIndex | 0 |
+| test.js:6:7:6:14 | endpoint | calleeImports | ? lib3 |
+| test.js:6:7:6:14 | endpoint | contextFunctionInterfaces | f(?)\nfoo()\ng()\nm() |
+| test.js:6:7:6:14 | endpoint | contextSurroundingFunctionParameters | () |
+| test.js:6:7:6:14 | endpoint | enclosingFunctionBody | f endpoint 12 f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint f f o m endpoint |
+| test.js:6:7:6:14 | endpoint | enclosingFunctionName |  |
+| test.js:6:7:6:14 | endpoint | fileImports | foo lib1 lib2 lib3 |
+| test.js:7:11:7:18 | endpoint | CalleeFlexibleAccessPath | f |
+| test.js:7:11:7:18 | endpoint | InputAccessPathFromCallee | 0.p |
+| test.js:7:11:7:18 | endpoint | InputArgumentIndex | 0 |
+| test.js:7:11:7:18 | endpoint | assignedToPropName | p |
+| test.js:7:11:7:18 | endpoint | calleeImports | ? lib3 |
+| test.js:7:11:7:18 | endpoint | contextFunctionInterfaces | f(?)\nfoo()\ng()\nm() |
+| test.js:7:11:7:18 | endpoint | contextSurroundingFunctionParameters | () |
+| test.js:7:11:7:18 | endpoint | enclosingFunctionBody | f endpoint 12 f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint f f o m endpoint |
+| test.js:7:11:7:18 | endpoint | enclosingFunctionName |  |
+| test.js:7:11:7:18 | endpoint | fileImports | foo lib1 lib2 lib3 |
+| test.js:8:15:8:22 | endpoint | CalleeFlexibleAccessPath | f |
+| test.js:8:15:8:22 | endpoint | InputAccessPathFromCallee | 0.p.q |
+| test.js:8:15:8:22 | endpoint | InputArgumentIndex | 0 |
+| test.js:8:15:8:22 | endpoint | assignedToPropName | q |
+| test.js:8:15:8:22 | endpoint | calleeImports | ? lib3 |
+| test.js:8:15:8:22 | endpoint | contextFunctionInterfaces | f(?)\nfoo()\ng()\nm() |
+| test.js:8:15:8:22 | endpoint | contextSurroundingFunctionParameters | () |
+| test.js:8:15:8:22 | endpoint | enclosingFunctionBody | f endpoint 12 f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint f f o m endpoint |
+| test.js:8:15:8:22 | endpoint | enclosingFunctionName |  |
+| test.js:8:15:8:22 | endpoint | fileImports | foo lib1 lib2 lib3 |
+| test.js:9:9:9:16 | endpoint | CalleeFlexibleAccessPath | o.m |
+| test.js:9:9:9:16 | endpoint | InputArgumentIndex | 0 |
+| test.js:9:9:9:16 | endpoint | calleeImports | ? lib2 |
+| test.js:9:9:9:16 | endpoint | contextFunctionInterfaces | f(?)\nfoo()\ng()\nm() |
+| test.js:9:9:9:16 | endpoint | contextSurroundingFunctionParameters | () |
+| test.js:9:9:9:16 | endpoint | enclosingFunctionBody | f endpoint 12 f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint f f o m endpoint |
+| test.js:9:9:9:16 | endpoint | enclosingFunctionName |  |
+| test.js:9:9:9:16 | endpoint | fileImports | foo lib1 lib2 lib3 |
+| test.js:9:9:9:16 | endpoint | receiverName | o |
+| test.js:10:13:10:20 | endpoint | CalleeFlexibleAccessPath | o.m |
+| test.js:10:13:10:20 | endpoint | InputAccessPathFromCallee | 0.p |
+| test.js:10:13:10:20 | endpoint | InputArgumentIndex | 0 |
+| test.js:10:13:10:20 | endpoint | assignedToPropName | p |
+| test.js:10:13:10:20 | endpoint | calleeImports | ? lib2 |
+| test.js:10:13:10:20 | endpoint | contextFunctionInterfaces | f(?)\nfoo()\ng()\nm() |
+| test.js:10:13:10:20 | endpoint | contextSurroundingFunctionParameters | () |
+| test.js:10:13:10:20 | endpoint | enclosingFunctionBody | f endpoint 12 f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint f f o m endpoint |
+| test.js:10:13:10:20 | endpoint | enclosingFunctionName |  |
+| test.js:10:13:10:20 | endpoint | fileImports | foo lib1 lib2 lib3 |
+| test.js:11:17:11:24 | endpoint | CalleeFlexibleAccessPath | o.m |
+| test.js:11:17:11:24 | endpoint | InputAccessPathFromCallee | 0.p.q |
+| test.js:11:17:11:24 | endpoint | InputArgumentIndex | 0 |
+| test.js:11:17:11:24 | endpoint | assignedToPropName | q |
+| test.js:11:17:11:24 | endpoint | calleeImports | ? lib2 |
+| test.js:11:17:11:24 | endpoint | contextFunctionInterfaces | f(?)\nfoo()\ng()\nm() |
+| test.js:11:17:11:24 | endpoint | contextSurroundingFunctionParameters | () |
+| test.js:11:17:11:24 | endpoint | enclosingFunctionBody | f endpoint 12 f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint f f o m endpoint |
+| test.js:11:17:11:24 | endpoint | enclosingFunctionName |  |
+| test.js:11:17:11:24 | endpoint | fileImports | foo lib1 lib2 lib3 |
+| test.js:12:11:12:18 | endpoint | CalleeFlexibleAccessPath | F |
+| test.js:12:11:12:18 | endpoint | InputArgumentIndex | 0 |
+| test.js:12:11:12:18 | endpoint | calleeImports | lib1 |
+| test.js:12:11:12:18 | endpoint | contextFunctionInterfaces | f(?)\nfoo()\ng()\nm() |
+| test.js:12:11:12:18 | endpoint | contextSurroundingFunctionParameters | () |
+| test.js:12:11:12:18 | endpoint | enclosingFunctionBody | f endpoint 12 f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint f f o m endpoint |
+| test.js:12:11:12:18 | endpoint | enclosingFunctionName |  |
+| test.js:12:11:12:18 | endpoint | fileImports | foo lib1 lib2 lib3 |
+| test.js:13:17:13:24 | endpoint | CalleeFlexibleAccessPath | o.m().m().m |
+| test.js:13:17:13:24 | endpoint | InputArgumentIndex | 0 |
+| test.js:13:17:13:24 | endpoint | calleeImports | ? lib2 |
+| test.js:13:17:13:24 | endpoint | contextFunctionInterfaces | f(?)\nfoo()\ng()\nm() |
+| test.js:13:17:13:24 | endpoint | contextSurroundingFunctionParameters | () |
+| test.js:13:17:13:24 | endpoint | enclosingFunctionBody | f endpoint 12 f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint f f o m endpoint |
+| test.js:13:17:13:24 | endpoint | enclosingFunctionName |  |
+| test.js:13:17:13:24 | endpoint | fileImports | foo lib1 lib2 lib3 |
+| test.js:14:9:14:16 | endpoint | CalleeFlexibleAccessPath | f() |
+| test.js:14:9:14:16 | endpoint | InputArgumentIndex | 0 |
+| test.js:14:9:14:16 | endpoint | calleeImports | ? lib3 |
+| test.js:14:9:14:16 | endpoint | contextFunctionInterfaces | f(?)\nfoo()\ng()\nm() |
+| test.js:14:9:14:16 | endpoint | contextSurroundingFunctionParameters | () |
+| test.js:14:9:14:16 | endpoint | enclosingFunctionBody | f endpoint 12 f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint f f o m endpoint |
+| test.js:14:9:14:16 | endpoint | enclosingFunctionName |  |
+| test.js:14:9:14:16 | endpoint | fileImports | foo lib1 lib2 lib3 |
+| test.js:15:12:15:19 | endpoint | CalleeFlexibleAccessPath | o.?.m |
+| test.js:15:12:15:19 | endpoint | InputArgumentIndex | 0 |
+| test.js:15:12:15:19 | endpoint | calleeImports | ? lib2 |
+| test.js:15:12:15:19 | endpoint | contextFunctionInterfaces | f(?)\nfoo()\ng()\nm() |
+| test.js:15:12:15:19 | endpoint | contextSurroundingFunctionParameters | () |
+| test.js:15:12:15:19 | endpoint | enclosingFunctionBody | f endpoint 12 f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint f f o m endpoint |
+| test.js:15:12:15:19 | endpoint | enclosingFunctionName |  |
+| test.js:15:12:15:19 | endpoint | fileImports | foo lib1 lib2 lib3 |
+| test.js:16:16:16:23 | endpoint | CalleeFlexibleAccessPath | o.m.?.p.m |
+| test.js:16:16:16:23 | endpoint | InputArgumentIndex | 0 |
+| test.js:16:16:16:23 | endpoint | calleeImports | ? lib2 |
+| test.js:16:16:16:23 | endpoint | contextFunctionInterfaces | f(?)\nfoo()\ng()\nm() |
+| test.js:16:16:16:23 | endpoint | contextSurroundingFunctionParameters | () |
+| test.js:16:16:16:23 | endpoint | enclosingFunctionBody | f endpoint 12 f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint f f o m endpoint |
+| test.js:16:16:16:23 | endpoint | enclosingFunctionName |  |
+| test.js:16:16:16:23 | endpoint | fileImports | foo lib1 lib2 lib3 |
+| test.js:17:15:17:22 | endpoint | CalleeFlexibleAccessPath | (await p) |
+| test.js:17:15:17:22 | endpoint | InputArgumentIndex | 0 |
+| test.js:17:15:17:22 | endpoint | calleeImports | lib1 |
+| test.js:17:15:17:22 | endpoint | contextFunctionInterfaces | f(?)\nfoo()\ng()\nm() |
+| test.js:17:15:17:22 | endpoint | contextSurroundingFunctionParameters | () |
+| test.js:17:15:17:22 | endpoint | enclosingFunctionBody | f endpoint 12 f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint f f o m endpoint |
+| test.js:17:15:17:22 | endpoint | enclosingFunctionName |  |
+| test.js:17:15:17:22 | endpoint | fileImports | foo lib1 lib2 lib3 |
+| test.js:18:27:18:34 | endpoint | CalleeFlexibleAccessPath | import(!).bar.baz |
+| test.js:18:27:18:34 | endpoint | InputArgumentIndex | 0 |
+| test.js:18:27:18:34 | endpoint | calleeImports | foo |
+| test.js:18:27:18:34 | endpoint | contextFunctionInterfaces | f(?)\nfoo()\ng()\nm() |
+| test.js:18:27:18:34 | endpoint | contextSurroundingFunctionParameters | () |
+| test.js:18:27:18:34 | endpoint | enclosingFunctionBody | f endpoint 12 f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint f f o m endpoint |
+| test.js:18:27:18:34 | endpoint | enclosingFunctionName |  |
+| test.js:18:27:18:34 | endpoint | fileImports | foo lib1 lib2 lib3 |
+| test.js:20:13:20:20 | endpoint | CalleeFlexibleAccessPath | bar |
+| test.js:20:13:20:20 | endpoint | InputArgumentIndex | 0 |
+| test.js:20:13:20:20 | endpoint | calleeImports | lib1 |
+| test.js:20:13:20:20 | endpoint | contextFunctionInterfaces | f(?)\nfoo()\ng()\nm() |
+| test.js:20:13:20:20 | endpoint | contextSurroundingFunctionParameters | () |
+| test.js:20:13:20:20 | endpoint | enclosingFunctionBody | f endpoint 12 f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint f f o m endpoint |
+| test.js:20:13:20:20 | endpoint | enclosingFunctionName |  |
+| test.js:20:13:20:20 | endpoint | fileImports | foo lib1 lib2 lib3 |
+| test.js:22:21:22:28 | endpoint | InputArgumentIndex | 0 |
+| test.js:22:21:22:28 | endpoint | calleeImports | ? lib2 lib3 |
+| test.js:22:21:22:28 | endpoint | contextFunctionInterfaces | f(?)\nfoo()\ng()\nm() |
+| test.js:22:21:22:28 | endpoint | contextSurroundingFunctionParameters | () |
+| test.js:22:21:22:28 | endpoint | enclosingFunctionBody | f endpoint 12 f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint f f o m endpoint |
+| test.js:22:21:22:28 | endpoint | enclosingFunctionName |  |
+| test.js:22:21:22:28 | endpoint | fileImports | foo lib1 lib2 lib3 |
+| test.js:33:50:33:57 | endpoint | contextFunctionInterfaces | f(?)\nfoo()\ng()\nm() |
+| test.js:33:50:33:57 | endpoint | contextSurroundingFunctionParameters |  |
+| test.js:33:50:33:57 | endpoint | fileImports | foo lib1 lib2 lib3 |
+| test.js:33:50:33:57 | endpoint | stringConcatenatedWith | f() + '<a target="_blank" href="' -endpoint- '"></a>' |
+| test.js:35:18:35:25 | endpoint | contextFunctionInterfaces | f(?)\nfoo()\ng()\nm() |
+| test.js:35:18:35:25 | endpoint | contextSurroundingFunctionParameters |  |
+| test.js:35:18:35:25 | endpoint | fileImports | foo lib1 lib2 lib3 |
+| test.js:35:18:35:25 | endpoint | stringConcatenatedWith | 'foo' -endpoint- 'bar' |

javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/FeatureValue.ql

@@ -0,0 +1,7 @@
+import javascript
+import experimental.adaptivethreatmodeling.EndpointFeatures
+import TestUtil
+
+// detailed output for the nearby tests
+from Endpoint endpoint, EndpointFeature feature
+select endpoint, feature.getName(), feature.getValue(endpoint)

javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonFeaturizedEndpoint.ql

@@ -0,0 +1,8 @@
+import javascript
+import experimental.adaptivethreatmodeling.EndpointFeatures
+import TestUtil
+
+// every endpoint should have at least one feature value, otherwise the test source is likely malformed
+from Endpoint endpoint
+where not exists(EndpointFeature f | exists(f.getValue(endpoint)))
+select endpoint

javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonFunctionalFeature.ql

@@ -0,0 +1,8 @@
+import javascript
+import experimental.adaptivethreatmodeling.EndpointFeatures
+import TestUtil
+
+// every feature must produce a single value for each endpoint that it computes a value for, per the contract of the `scoreEndpoints` HOP
+from Endpoint endpoint, EndpointFeature feature, int arity
+where arity = count(feature.getValue(endpoint)) and arity > 1
+select endpoint, feature.getName(), arity

javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/TestUtil.qll

@@ -0,0 +1,6 @@
+import javascript
+import extraction.NoFeaturizationRestrictionsConfig
+
+class Endpoint extends DataFlow::Node {
+  Endpoint() { this.asExpr().(VarAccess).getName() = "endpoint" }
+}

javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/test.html

@@ -0,0 +1,3 @@
+<div class="form-group">
+    <input (change)="restoreBackup($event.target.files.item(endpoint))" />
+</div>

javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/test.js

@@ -0,0 +1,35 @@
+import { bar, F, p } from 'lib1';
+import * as o from 'lib2';
+const f = require('lib3');
+
+(async function () {
+    f(endpoint, 12);
+    f({p: endpoint});
+    f({p: {q: endpoint}});
+    o.m(endpoint);
+    o.m({p: endpoint});
+    o.m({p: {q: endpoint}});
+    new F(endpoint);
+    o.m().m().m(endpoint);
+    f()(endpoint);
+    o[x].m(endpoint);
+    o.m[x].p.m(endpoint);
+    (await p)(endpoint);
+    import("foo").bar.baz(endpoint);
+    function foo() {
+        bar(endpoint);
+    }
+    (f() ? f : o.m)(endpoint);
+});
+
+function f({ endpoint }) {}
+
+const g = async () => undefined;
+
+const o = { m: () => undefined }
+
+const url = f();
+
+const x = f() + "<a target=\"_blank\" href=\"" + endpoint + "\"></a>";
+
+const y = "foo"+ endpoint + "bar";