ATM: update query sink mapping

2026-05-28 01:51:23 +02:00 · 2022-11-10 16:51:40 +01:00
parent 01163bc618
commit 38430c57a2
1 changed files with 3 additions and 0 deletions
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql
@@ -8,6 +8,7 @@ import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
 import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAtm
 import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
 import experimental.adaptivethreatmodeling.XssATM as XssAtm
+import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomAtm
 import experimental.adaptivethreatmodeling.AdaptiveThreatModeling

 from string queryName, AtmConfig c, EndpointType e
@@ -23,6 +24,8 @@ where
    c instanceof TaintedPathAtm::TaintedPathAtmConfig
    or
    queryName = "Xss" and c instanceof XssAtm::DomBasedXssAtmConfig
+    or
+    queryName = "XssThroughDOM" and c instanceof XssThroughDomAtm::XssThroughDomAtmConfig
  ) and
  e = c.getASinkEndpointType()
 select queryName, e.getEncoding() as label