From 3e4abb0a1d85a530f532e8a7c930ccabb6150f03 Mon Sep 17 00:00:00 2001
From: Esben Sparre Andreasen <esbena@github.com>
Date: Wed, 16 Mar 2022 08:03:05 +0100
Subject: [PATCH] exclude intermediary data flow nodes from sinks

---
 .../adaptivethreatmodeling/StandardEndpointFilters.qll      | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/StandardEndpointFilters.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/StandardEndpointFilters.qll
index 38d339a8527..6fe866b2651 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/StandardEndpointFilters.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/StandardEndpointFilters.qll
@@ -11,8 +11,14 @@ private import semmle.javascript.filters.ClassifyFiles as ClassifyFiles
 private import semmle.javascript.heuristics.SyntacticHeuristics
 private import CoreKnowledge as CoreKnowledge
 
+predicate isIntermediaryDataflowNode(DataFlow::Node n) {
+  n instanceof DataFlow::ExceptionalInvocationReturnNode
+}
+
 /** Provides a set of reasons why a given data flow node should be excluded as a sink candidate. */
 string getAReasonSinkExcluded(DataFlow::Node n) {
+  isIntermediaryDataflowNode(n) and result = "intermediary dataflow node"
+  or
   isArgumentToModeledFunction(n) and result = "argument to modeled function"
   or
   isArgumentToSinklessLibrary(n) and result = "argument to sinkless library"