ATM: update query sink mapping

2026-05-21 14:47:10 +02:00 · 2022-11-10 16:51:40 +01:00
parent ef49cc1c30
commit 42818e94c4
1 changed files with 3 additions and 0 deletions
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql
@@ -8,6 +8,7 @@ import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
 import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAtm
 import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
 import experimental.adaptivethreatmodeling.XssATM as XssAtm
+import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomAtm
 import experimental.adaptivethreatmodeling.AdaptiveThreatModeling

 from string queryName, AtmConfig c, EndpointType e
@@ -23,6 +24,8 @@ where
    c instanceof TaintedPathAtm::Configuration
    or
    queryName = "Xss" and c instanceof XssAtm::Configuration
+    or
+    queryName = "XssThroughDOM" and c instanceof XssThroughDomAtm::Configuration
  ) and
  e = c.getASinkEndpointType()
 select queryName, e.getEncoding() as label