Make predicates private if they don't need to be public

2026-06-03 04:40:14 +02:00 · 2022-11-28 17:16:24 -08:00
parent 1919206e1e
commit 456aab0497
1 changed files with 4 additions and 4 deletions
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll
@@ -163,7 +163,7 @@ class CodexPrompt extends EndpointFeature, TCodexPrompt {
   * We can find hard TP examples for the codex prompt by extracting sinks that are found by the classical queries but
   * filtered by the endpoint filters.
   */
-  predicate hardTPExamples(
+  private predicate hardTPExamples(
    DataFlow::Node endpoint, EndpointTypes::EndpointType sinkType, string reason
  ) {
    sinkType instanceof EndpointTypes::NosqlInjectionSinkType and
@@ -186,7 +186,7 @@ class CodexPrompt extends EndpointFeature, TCodexPrompt {
  /**
   * Hardcode some hard FP examples for each query from the manual triage of the model shipped in 0.4.0.
   */
-  predicate hardFPExamples(DataFlow::Node endpoint, EndpointTypes::EndpointType sinkType) {
+  private predicate hardFPExamples(DataFlow::Node endpoint, EndpointTypes::EndpointType sinkType) {
    sinkType instanceof EndpointTypes::NosqlInjectionSinkType
    or
    // and
@@ -206,7 +206,7 @@ class CodexPrompt extends EndpointFeature, TCodexPrompt {
   * reason.
   */
  bindingset[numExamples]
-  predicate hardTPExamplesForCodexPrompt(
+  private predicate hardTPExamplesForCodexPrompt(
    int numExamples, DataFlow::Node endpoint, EndpointTypes::EndpointType sinkType, string reason
  ) {
    hardTPExamples(endpoint, sinkType, reason)
@@ -218,7 +218,7 @@ class CodexPrompt extends EndpointFeature, TCodexPrompt {
   * Select the specified number of hard FP examples for the codex prompt for each query.
   * TODO
   */
-  private string hardFPExamplesForCodexPrompt() {
+  private private string hardFPExamplesForCodexPrompt() {
    result =
      "# Examples of security vulnerability sinks and non-sinks\n|Dataflow node|Neighborhood|Classification|\n|---|---|---|\n|`m[9] ? m[10] : null`|`                        this.authority = m[5] ? m[6] : null;                    this.path = m[7];                       this.query = m[9] ? m[10] : null;                       this.fragment = m[12] ? m[13] : null;  return this;`|non-sink|\n|`this.flowRunId`|`          variables: {            input: {              flow_run_id: this.flowRunId,              name: e            }`|non-sink|\n|`req.body.firstName`|`    res.json({      firstName: req.body.firstName,      lastName: req.body.lastName,      email: req.body.email`|non-sink|\n|`lang[1]`|`            if (lang) {                document.getElementsByTagName('html')[0].setAttribute('lang', lang[1]);            }`|non-sink|\n|`token`|`    },  });  tokenProvider.saveNewToken(token).then(ok => {    insights.trackEvent({      name: 'ReposCreateTokenFinish',`|non-sink|\n|`filename`|`function sendFile(filename, response) {  response.setHeader('Content-Type', mime.lookup(filename));  response.writeHead(200);  const fileStream = createReadStream(filename);`|non-sink|\n|`year`|`      postsData = await getPostsDateArchive(        postType,        !isNaN(parseInt(year, 10)) ? parseInt(year, 10) : null,        !isNaN(parseInt(month, 10)) ? parseInt(month, 10) : null,        !isNaN(parseInt(day, 10)) ? parseInt(day, 10) : null,`|non-sink|\n|`redirectTo === 'login' ? {redirectTo: to.path,} : to.query`|`    return next({      name: redirectTo,      query: redirectTo === 'login' ? {        redirectTo: to.path,      } : to.query,    });  }`|non-sink|\n"
  }