From 459050151ae87a6269f4589efd27117d9b97f4f8 Mon Sep 17 00:00:00 2001
From: tiferet <tiferet@github.com>
Date: Mon, 19 Dec 2022 09:31:15 -0800
Subject: [PATCH] Give more explicit instructions in the codex prompt, but
 don't solicit rare sink types.

---
 .../lib/experimental/adaptivethreatmodeling/ModelPrompt.qll     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ModelPrompt.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ModelPrompt.qll
index f01fb546a43..d74643cebc5 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ModelPrompt.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ModelPrompt.qll
@@ -16,7 +16,7 @@ module ModelPrompt {
    */
   private string getTrainingSetPrompt() {
     result =
-      "# Make a markdown table that expertly classifies JavaScript code snippets as sinks or non-sinks. Include uncommon sinks and sinks from less-used libraries. Classify each snippet as a nosql injection sink, sql injection sink, xss sink, path injection sink, or non-sink.\n|Code snippet|Neighborhood|Classification|\n|---|---|---|\n|`WPUrls.ajaxurl`|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`|"
+      "# Make a markdown table that expertly classifies JavaScript code snippets as sinks or non-sinks for potential security vulnerabilities. Classify each snippet as a nosql injection sink, sql injection sink, xss sink, path injection sink, or non-sink.\n|Code snippet|Neighborhood|Classification|\n|---|---|---|\n|`WPUrls.ajaxurl`|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`|"
         + any(EndpointTypes::NegativeType endpointType).getDescription() +
         "|\n|`[ handlebars ]`|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`|"
         + any(EndpointTypes::TaintedPathSinkType endpointType).getDescription() +