Delete some commented out code that was copied directly from JS

2026-05-24 16:17:07 +02:00 · 2023-02-27 10:20:31 -08:00
parent 2e4cc7efd0
commit 43db83a28f
1 changed files with 0 additions and 198 deletions
--- a/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll
+++ b/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll
@@ -174,118 +174,6 @@ abstract class EndpointCharacteristic extends string {
  final float mediumConfidence() { result = 0.6 }
 }

-// /*
-//  * Helper predicates.
-//  */
-// /**
-//  * Holds if the node `n` is a known sink for the external API security query.
-//  *
-//  * This corresponds to known sinks from security queries whose sources include remote flow and
-//  * DOM-based sources.
-//  */
-// private predicate isKnownExternalApiQuerySink(DataFlow::Node n) {
-//   n instanceof Xxe::Sink or
-//   n instanceof TaintedPath::Sink or
-//   n instanceof XpathInjection::Sink or
-//   n instanceof Xss::Sink or
-//   n instanceof ClientSideUrlRedirect::Sink or
-//   n instanceof CodeInjection::Sink or
-//   n instanceof RequestForgery::Sink or
-//   n instanceof CorsMisconfigurationForCredentials::Sink or
-//   n instanceof CommandInjection::Sink or
-//   n instanceof PrototypePollution::Sink or
-//   n instanceof UnvalidatedDynamicMethodCall::Sink or
-//   n instanceof TaintedFormatString::Sink or
-//   n instanceof NosqlInjection::Sink or
-//   n instanceof PostMessageStar::Sink or
-//   n instanceof RegExpInjection::Sink or
-//   n instanceof SqlInjection::Sink or
-//   n instanceof XmlBomb::Sink or
-//   n instanceof ZipSlip::Sink or
-//   n instanceof UnsafeDeserialization::Sink or
-//   n instanceof ServerSideUrlRedirect::Sink or
-//   n instanceof CleartextStorage::Sink or
-//   n instanceof HttpToFileAccess::Sink
-// }
-// /**
-//  * Holds if the node `n` is a known sink in a modeled library.
-//  */
-// private predicate isKnownLibrarySink(DataFlow::Node n) {
-//   isKnownExternalApiQuerySink(n) or
-//   n instanceof CleartextLogging::Sink or
-//   n instanceof StackTraceExposure::Sink or
-//   n instanceof ShellCommandInjectionFromEnvironment::Sink or
-//   n instanceof InsecureRandomness::Sink or
-//   n instanceof FileAccessToHttp::Sink or
-//   n instanceof IndirectCommandInjection::Sink
-// }
-// /**
-//  * Holds if the node `n` is known as the predecessor in a modeled flow step.
-//  */
-// private predicate isKnownStepSrc(DataFlow::Node n) {
-//   TaintTracking::sharedTaintStep(n, _) or
-//   DataFlow::SharedFlowStep::step(n, _) or
-//   DataFlow::SharedFlowStep::step(n, _, _, _)
-// }
-// /**
-//  * Holds if the data flow node is a (possibly indirect) argument of a likely external library call.
-//  *
-//  * This includes direct arguments of likely external library calls as well as nested object
-//  * literals within those calls.
-//  */
-// private predicate flowsToArgumentOfLikelyExternalLibraryCall(DataFlow::Node n) {
-//   n = getACallWithoutCallee().getAnArgument()
-//   or
-//   exists(DataFlow::SourceNode src | flowsToArgumentOfLikelyExternalLibraryCall(src) |
-//     n = src.getAPropertyWrite().getRhs()
-//   )
-//   or
-//   exists(DataFlow::ArrayCreationNode arr | flowsToArgumentOfLikelyExternalLibraryCall(arr) |
-//     n = arr.getAnElement()
-//   )
-// }
-// /**
-//  * Get calls for which we do not have the callee (i.e. the definition of the called function). This
-//  * acts as a heuristic for identifying calls to external library functions.
-//  */
-// private DataFlow::CallNode getACallWithoutCallee() {
-//   forall(Function callee | callee = result.getACallee() | callee.getTopLevel().isExterns()) and
-//   not exists(DataFlow::ParameterNode param, DataFlow::FunctionNode callback |
-//     param.flowsTo(result.getCalleeNode()) and
-//     callback = getACallback(param, DataFlow::TypeBackTracker::end())
-//   )
-// }
-// /**
-//  * Gets a node that flows to callback-parameter `p`.
-//  */
-// private DataFlow::SourceNode getACallback(DataFlow::ParameterNode p, DataFlow::TypeBackTracker t) {
-//   t.start() and
-//   result = p and
-//   any(DataFlow::FunctionNode f).getLastParameter() = p and
-//   exists(p.getACall())
-//   or
-//   exists(DataFlow::TypeBackTracker t2 | result = getACallback(p, t2).backtrack(t2, t))
-// }
-/*
- * Characteristics that are indicative of a sink.
- * NOTE: Initially each sink type has only one characteristic, which is that it's a sink of this type in the standard
- * Java libraries.
- */
-
-// /**
-//  * Endpoints identified as "DomBasedXssSink" by the standard Java libraries are XSS sinks with maximal confidence.
-//  */
-// private class DomBasedXssSinkCharacteristic extends EndpointCharacteristic {
-//   DomBasedXssSinkCharacteristic() { this = any(XssSinkType type).getDescription() }
-//   override predicate appliesToEndpoint(DataFlow::Node n) { n instanceof DomBasedXss::Sink }
-//   override predicate hasImplications(
-//     EndpointType endpointClass, boolean isPositiveIndicator, float confidence
-//   ) {
-//     endpointClass instanceof XssSinkType and
-//     isPositiveIndicator = true and
-//     confidence = maximalConfidence()
-//   }
-// }
 /**
 * Endpoints identified as "create-file" sinks by the MaD modeling are tainted path sinks with maximal confidence.
 */
@@ -557,22 +445,6 @@ private class ExceptionCharacteristic extends NotASinkCharacteristic {
  }
 }

-// private class JQueryArgumentCharacteristic extends NotASinkCharacteristic,
-//   OtherModeledArgumentCharacteristic {
-//   JQueryArgumentCharacteristic() { this = "JQueryArgument" }
-//   override predicate appliesToEndpoint(DataFlow::Node n) {
-//     any(JQuery::MethodCall m).getAnArgument() = n
-//   }
-// }
-// private class ClientRequestCharacteristic extends NotASinkCharacteristic,
-//   OtherModeledArgumentCharacteristic {
-//   ClientRequestCharacteristic() { this = "ClientRequest" }
-//   override predicate appliesToEndpoint(DataFlow::Node n) {
-//     exists(ClientRequest r |
-//       r.getAnArgument() = n or n = r.getUrl() or n = r.getHost() or n = r.getADataNode()
-//     )
-//   }
-// }
 /*
 * Characteristics that have historically acted as endpoint filters to exclude endpoints from scoring at inference time.
 */
@@ -678,73 +550,3 @@ private class TestFileCharacteristic extends StandardEndpointFilterCharacteristi
    file.getAbsolutePath().matches("%/guava-testlib/%")
  }
 }
-// class IsArgumentToModeledFunctionCharacteristic extends StandardEndpointFilterCharacteristic {
-//   IsArgumentToModeledFunctionCharacteristic() { this = "argument to modeled function" }
-//   override predicate appliesToEndpoint(DataFlow::Node n) {
-//     exists(DataFlow::InvokeNode invk, DataFlow::Node known |
-//       invk.getAnArgument() = n and
-//       invk.getAnArgument() = known and
-//       (
-//         isKnownLibrarySink(known)
-//         or
-//         isKnownStepSrc(known)
-//         or
-//         exists(OtherModeledArgumentCharacteristic characteristic |
-//           characteristic.appliesToEndpoint(known)
-//         )
-//       )
-//     )
-//   }
-// }
-// private class IsArgumentToSinklessLibraryCharacteristic extends StandardEndpointFilterCharacteristic {
-//   IsArgumentToSinklessLibraryCharacteristic() { this = "argument to sinkless library" }
-//   override predicate appliesToEndpoint(DataFlow::Node n) {
-//     exists(DataFlow::InvokeNode invk, DataFlow::SourceNode commonSafeLibrary, string libraryName |
-//       libraryName = ["slugify", "striptags", "marked"]
-//     |
-//       commonSafeLibrary = DataFlow::moduleImport(libraryName) and
-//       invk = [commonSafeLibrary, commonSafeLibrary.getAPropertyRead()].getAnInvocation() and
-//       n = invk.getAnArgument()
-//     )
-//   }
-// }
-// private class IsSanitizerCharacteristic extends StandardEndpointFilterCharacteristic {
-//   IsSanitizerCharacteristic() { this = "sanitizer" }
-//   override predicate appliesToEndpoint(DataFlow::Node n) {
-//     exists(DataFlow::CallNode call | n = call.getAnArgument() |
-//       call.getCalleeName().regexpMatch("(?i).*(escape|valid(ate)?|sanitize|purify).*")
-//     )
-//   }
-// }
-// private class IsPredicateCharacteristic extends StandardEndpointFilterCharacteristic {
-//   IsPredicateCharacteristic() { this = "predicate" }
-//   override predicate appliesToEndpoint(DataFlow::Node n) {
-//     exists(DataFlow::CallNode call | n = call.getAnArgument() |
-//       call.getCalleeName().regexpMatch("(equals|(|is|has|can)(_|[A-Z])).*")
-//     )
-//   }
-// }
-// private class IsHashCharacteristic extends StandardEndpointFilterCharacteristic {
-//   IsHashCharacteristic() { this = "hash" }
-//   override predicate appliesToEndpoint(DataFlow::Node n) {
-//     exists(DataFlow::CallNode call | n = call.getAnArgument() |
-//       call.getCalleeName().regexpMatch("(?i)^(sha\\d*|md5|hash)$")
-//     )
-//   }
-// }
-// private class IsNumericCharacteristic extends StandardEndpointFilterCharacteristic {
-//   IsNumericCharacteristic() { this = "numeric" }
-//   override predicate appliesToEndpoint(DataFlow::Node n) {
-//     SyntacticHeuristics::isReadFrom(n, ".*index.*")
-//   }
-// }
-// private class InIrrelevantFileCharacteristic extends StandardEndpointFilterCharacteristic {
-//   private string category;
-//   InIrrelevantFileCharacteristic() {
-//     this = "in " + category + " file" and category = ["externs", "generated", "library", "test"]
-//   }
-//   override predicate appliesToEndpoint(DataFlow::Node n) {
-//     // Ignore candidate sinks within externs, generated, library, and test code
-//     ClassifyFiles::classify(n.getFile(), category)
-//   }
-// }