From 5d62dc3d2ed2113afe2a9de0c40667672f4df44d Mon Sep 17 00:00:00 2001
From: tiferet <tiferet@github.com>
Date: Thu, 22 Dec 2022 23:40:49 -0800
Subject: [PATCH] Add a Java NotASinkCharacteristic `safe external API method`

---
 .../EndpointCharacteristics.qll               | 21 ++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll b/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll
index c3dca2622e6..88eb5ad59e2 100644
--- a/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll
+++ b/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll
@@ -8,6 +8,8 @@ import semmle.code.java.security.QueryInjection
 import experimental.adaptivethreatmodeling.EndpointTypes
 private import experimental.adaptivethreatmodeling.ATMConfig
 private import experimental.adaptivethreatmodeling.SqlInjectionATM
+private import semmle.code.java.security.ExternalAPIs as ExternalAPIs
+private import semmle.code.java.Expr as Expr
 
 /**
  * A set of characteristics that a particular endpoint might have. This set of characteristics is used to make decisions
@@ -190,7 +192,7 @@ abstract class EndpointCharacteristic extends string {
  * confidence.
  */
 private class SqlInjectionSinkCharacteristic extends EndpointCharacteristic {
-  SqlInjectionSinkCharacteristic() { this = "SqlInjectionSink" }
+  SqlInjectionSinkCharacteristic() { this = any(SqlInjectionSinkType type).getDescription() }
 
   override predicate appliesToEndpoint(DataFlow::Node n) { n instanceof QueryInjectionSink }
 
@@ -287,6 +289,23 @@ private class IsSanitizerCharacteristic extends NotASinkCharacteristic {
   }
 }
 
+/**
+ * An EndpointFilterCharacteristic that indicates that an endpoint is a sanitizer for some sink type. A sanitizer can
+ * never be a sink.
+ *
+ * TODO: Is this correct?
+ */
+private class SafeExternalApiMethodCharacteristic extends NotASinkCharacteristic {
+  SafeExternalApiMethodCharacteristic() { this = "safe external API method" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(Expr::Call call |
+      n.asExpr() = call.getArgument(_) and
+      call.getCallee() instanceof ExternalAPIs::SafeExternalApiMethod
+    )
+  }
+}
+
 // private class JQueryArgumentCharacteristic extends NotASinkCharacteristic,
 //   OtherModeledArgumentCharacteristic {
 //   JQueryArgumentCharacteristic() { this = "JQueryArgument" }