Move isFlowLikelyInBaseQuery to the ATMConfig and delete AdaptiveThreatModeling.qll

java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll

@@ -8,7 +8,6 @@ private import java as java
 private import semmle.code.java.dataflow.TaintTracking
 import EndpointTypes
 import EndpointCharacteristics as EndpointCharacteristics
-import AdaptiveThreatModeling::ATM::ResultsInfo as AtmResultsInfo
 
 /**
  * EXPERIMENTAL. This API may change in the future.
@@ -127,6 +126,11 @@ abstract class AtmConfig extends TaintTracking::Configuration {
    */
   abstract EndpointType getASinkEndpointType();
 
+  pragma[inline]
+  predicate isFlowLikelyInBaseQuery(DataFlow::Node source, DataFlow::Node sink) {
+    this.isKnownSource(source) and this.isKnownSink(sink)
+  }
+
   /**
    * Holds if if `sink` is an effective sink with flow from `source` which gets used as a sink candidate for scoring
    * with the ML model.
@@ -137,7 +141,7 @@ abstract class AtmConfig extends TaintTracking::Configuration {
       // requires an endpoint to be either a known sink or an effective sink. Known sinks are later filtered out by
       // `isFlowLikelyInBaseQuery`, leaving only effective sinks.
       this.hasFlowPath(source, sink) and
-      not AtmResultsInfo::isFlowLikelyInBaseQuery(source.getNode(), sink.getNode()) and
+      not this.isFlowLikelyInBaseQuery(source.getNode(), sink.getNode()) and
       isEffectiveSink(sink.getNode())
     )
   }

java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/AdaptiveThreatModeling.qll

@@ -1,36 +0,0 @@
-/**
- * For internal use only.
- *
- * Provides information about the results of boosted queries for use in adaptive threat modeling (ATM).
- */
-
-private import java as java
-private import semmle.code.java.dataflow.TaintTracking
-import ATMConfig
-
-module ATM {
-  /** Get the ATM configuration. */
-  AtmConfig getCfg() { any() }
-
-  /**
-   * EXPERIMENTAL. This API may change in the future.
-   *
-   * This module contains informational predicates about the results returned by adaptive threat
-   * modeling (ATM).
-   */
-  module ResultsInfo {
-    /**
-     * EXPERIMENTAL. This API may change in the future.
-     *
-     * Indicates whether the flow from source to sink is likely to be reported by the base security
-     * query.
-     *
-     * Currently this is a heuristic: it ignores potential differences in the definitions of
-     * additional flow steps.
-     */
-    pragma[inline]
-    predicate isFlowLikelyInBaseQuery(DataFlow::Node source, DataFlow::Node sink) {
-      getCfg().isKnownSource(source) and getCfg().isKnownSink(sink)
-    }
-  }
-}

java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/RequestForgeryATM.qll

@@ -8,7 +8,7 @@
  * accidentally.
  */
 
-import AdaptiveThreatModeling
+import ATMConfig
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.security.RequestForgery
 

java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/SqlInjectionATM.qll

@@ -6,7 +6,7 @@
  * Largely copied from semmle.code.java.security.SqlInjectionQuery.
  */
 
-import AdaptiveThreatModeling
+import ATMConfig
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.security.QueryInjection
 

java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/TaintedPathATM.qll

@@ -8,7 +8,7 @@
 
 import java
 import semmle.code.java.security.PathSanitizer
-import AdaptiveThreatModeling
+import ATMConfig
 import semmle.code.java.dataflow.FlowSources
 
 class TaintedPathAtmConfig extends AtmConfig {