mirror of
https://github.com/github/codeql.git
synced 2026-04-30 03:05:15 +02:00
patch upper-case acronyms to be PascalCase
This commit is contained in:
Erik Krogh Kristensen
@@ -28,9 +28,9 @@ import EndpointTypes
|
||||
* `isAdditionalFlowStep` with a more generalised definition of additional edges. See
|
||||
* `NosqlInjectionATM.qll` for an example of doing this.
|
||||
*/
|
||||
abstract class ATMConfig extends string {
|
||||
abstract class AtmConfig extends string {
|
||||
bindingset[this]
|
||||
ATMConfig() { any() }
|
||||
AtmConfig() { any() }
|
||||
|
||||
/**
|
||||
* EXPERIMENTAL. This API may change in the future.
|
||||
@@ -110,3 +110,6 @@ abstract class ATMConfig extends string {
|
||||
*/
|
||||
float getScoreCutoff() { result = 0.0 }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for AtmConfig */
|
||||
deprecated class ATMConfig = AtmConfig;
|
||||
|
||||
@@ -12,7 +12,7 @@ external predicate availableMlModels(
|
||||
);
|
||||
|
||||
/** Get the ATM configuration. */
|
||||
ATMConfig getCfg() { any() }
|
||||
AtmConfig getCfg() { any() }
|
||||
|
||||
/**
|
||||
* A string containing scoring information produced by a scoring model.
|
||||
|
||||
@@ -61,7 +61,7 @@ predicate isArgumentToKnownLibrarySinkFunction(DataFlow::Node n) {
|
||||
* This corresponds to known sinks from security queries whose sources include remote flow and
|
||||
* DOM-based sources.
|
||||
*/
|
||||
predicate isKnownExternalAPIQuerySink(DataFlow::Node n) {
|
||||
predicate isKnownExternalApiQuerySink(DataFlow::Node n) {
|
||||
n instanceof Xxe::Sink or
|
||||
n instanceof TaintedPath::Sink or
|
||||
n instanceof XpathInjection::Sink or
|
||||
@@ -86,11 +86,14 @@ predicate isKnownExternalAPIQuerySink(DataFlow::Node n) {
|
||||
n instanceof HttpToFileAccess::Sink
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for isKnownExternalApiQuerySink */
|
||||
deprecated predicate isKnownExternalAPIQuerySink = isKnownExternalApiQuerySink/1;
|
||||
|
||||
/**
|
||||
* Holds if the node `n` is a known sink in a modeled library.
|
||||
*/
|
||||
predicate isKnownLibrarySink(DataFlow::Node n) {
|
||||
isKnownExternalAPIQuerySink(n) or
|
||||
isKnownExternalApiQuerySink(n) or
|
||||
n instanceof CleartextLogging::Sink or
|
||||
n instanceof StackTraceExposure::Sink or
|
||||
n instanceof ShellCommandInjectionFromEnvironment::Sink or
|
||||
@@ -207,7 +210,7 @@ predicate isOtherModeledArgument(DataFlow::Node n, FilteringReason reason) {
|
||||
DatabaseAccess and
|
||||
reason instanceof DatabaseAccessReason
|
||||
or
|
||||
call = DOM::domValueRef() and reason instanceof DOMReason
|
||||
call = DOM::domValueRef() and reason instanceof DomReason
|
||||
or
|
||||
call.getCalleeName() = "next" and
|
||||
exists(DataFlow::FunctionNode f | call = f.getLastParameter().getACall()) and
|
||||
|
||||
@@ -24,7 +24,7 @@ newtype TFilteringReason =
|
||||
TMembershipCandidateTestReason() or
|
||||
TFileSystemAccessReason() or
|
||||
TDatabaseAccessReason() or
|
||||
TDOMReason() or
|
||||
TDomReason() or
|
||||
TNextFunctionCallReason() or
|
||||
TArgumentToArrayReason() or
|
||||
TArgumentToBuiltinGlobalVarRefReason() or
|
||||
@@ -161,12 +161,15 @@ class DatabaseAccessReason extends NotASinkReason, TDatabaseAccessReason {
|
||||
override int getEncoding() { result = 21 }
|
||||
}
|
||||
|
||||
class DOMReason extends NotASinkReason, TDOMReason {
|
||||
class DomReason extends NotASinkReason, TDomReason {
|
||||
override string getDescription() { result = "DOM" }
|
||||
|
||||
override int getEncoding() { result = 22 }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for DomReason */
|
||||
deprecated class DOMReason = DomReason;
|
||||
|
||||
class NextFunctionCallReason extends NotASinkReason, TNextFunctionCallReason {
|
||||
override string getDescription() { result = "NextFunctionCall" }
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ private import FeaturizationConfig
|
||||
/**
|
||||
* Gets a tokenized representation of the AST node for use in the `enclosingFunctionBody` feature.
|
||||
*/
|
||||
string getTokenizedAstNode(ASTNode node) {
|
||||
string getTokenizedAstNode(AstNode node) {
|
||||
// e.g. `x` -> "x"
|
||||
result = node.(Identifier).getName()
|
||||
or
|
||||
@@ -35,12 +35,15 @@ string getTokenizedAstNode(ASTNode node) {
|
||||
|
||||
/** Gets an AST node within the function `f` that we should featurize. */
|
||||
pragma[inline]
|
||||
ASTNode getAnASTNodeToFeaturize(Function f) {
|
||||
AstNode getAnAstNodeToFeaturize(Function f) {
|
||||
result.getParent*() = f and
|
||||
// Don't featurize the function name as part of the function body tokens
|
||||
not result = f.getIdentifier()
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getAnAstNodeToFeaturize */
|
||||
deprecated ASTNode getAnASTNodeToFeaturize(Function f) { result = getAnAstNodeToFeaturize(f) }
|
||||
|
||||
/**
|
||||
* Gets a function that contains the endpoint.
|
||||
*
|
||||
@@ -72,7 +75,7 @@ private int getMaxNumAstNodes() { result = 1024 }
|
||||
private int getNumAstNodesInFunction(Function function) {
|
||||
// Restrict the values `function` can take on
|
||||
function = getAFunctionForEndpoint(_) and
|
||||
result = count(getAnASTNodeToFeaturize(function))
|
||||
result = count(getAnAstNodeToFeaturize(function))
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -121,16 +124,19 @@ Function getRepresentativeFunctionForEndpoint(DataFlow::Node endpoint) {
|
||||
}
|
||||
|
||||
/** Returns an AST node within the function `f` that an associated token feature. */
|
||||
ASTNode getAnASTNodeWithAFeature(Function f) {
|
||||
AstNode getAnAstNodeWithAFeature(Function f) {
|
||||
// Performance optimization: Restrict the set of functions to those containing an endpoint to featurize.
|
||||
f = getRepresentativeFunctionForEndpoint(any(FeaturizationConfig cfg).getAnEndpointToFeaturize()) and
|
||||
result = getAnASTNodeToFeaturize(f)
|
||||
result = getAnAstNodeToFeaturize(f)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getAnAstNodeWithAFeature */
|
||||
deprecated ASTNode getAnASTNodeWithAFeature(Function f) { result = getAnAstNodeWithAFeature(f) }
|
||||
|
||||
/** Returns the number of source-code characters in a function. */
|
||||
int getNumCharsInFunction(Function f) {
|
||||
result =
|
||||
strictsum(ASTNode node | node = getAnASTNodeWithAFeature(f) | getTokenizedAstNode(node).length())
|
||||
strictsum(AstNode node | node = getAnAstNodeWithAFeature(f) | getTokenizedAstNode(node).length())
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -149,8 +155,8 @@ string getBodyTokensFeature(Function function) {
|
||||
// large body features are replaced by the absent token.
|
||||
//
|
||||
// We count nodes instead of tokens because tokens are often not unique.
|
||||
strictcount(ASTNode node |
|
||||
node = getAnASTNodeToFeaturize(function) and
|
||||
strictcount(AstNode node |
|
||||
node = getAnAstNodeToFeaturize(function) and
|
||||
exists(getTokenizedAstNode(node))
|
||||
) <= 256 and
|
||||
// Performance optimization: If a function has more than getMaxChars() characters in its body subtokens,
|
||||
@@ -161,8 +167,8 @@ string getBodyTokensFeature(Function function) {
|
||||
// The use of a nested exists here allows us to avoid duplicates due to two AST nodes in the
|
||||
// same location featurizing to the same token. By using a nested exists, we take only unique
|
||||
// (location, token) pairs.
|
||||
exists(ASTNode node |
|
||||
node = getAnASTNodeToFeaturize(function) and
|
||||
exists(AstNode node |
|
||||
node = getAnAstNodeToFeaturize(function) and
|
||||
token = getTokenizedAstNode(node) and
|
||||
l = node.getLocation()
|
||||
)
|
||||
|
||||
@@ -87,8 +87,8 @@ module SinkEndpointFilter {
|
||||
}
|
||||
}
|
||||
|
||||
class NosqlInjectionATMConfig extends ATMConfig {
|
||||
NosqlInjectionATMConfig() { this = "NosqlInjectionATMConfig" }
|
||||
class NosqlInjectionAtmConfig extends AtmConfig {
|
||||
NosqlInjectionAtmConfig() { this = "NosqlInjectionATMConfig" }
|
||||
|
||||
override predicate isKnownSource(DataFlow::Node source) {
|
||||
source instanceof NosqlInjection::Source or TaintedObject::isSource(source, _)
|
||||
@@ -103,7 +103,10 @@ class NosqlInjectionATMConfig extends ATMConfig {
|
||||
override EndpointType getASinkEndpointType() { result instanceof NosqlInjectionSinkType }
|
||||
}
|
||||
|
||||
/** Holds if src -> trg is an additional flow step in the non-boosted NoSQL injection security query. */
|
||||
/** DEPRECATED: Alias for NosqlInjectionAtmConfig */
|
||||
deprecated class NosqlInjectionATMConfig = NosqlInjectionAtmConfig;
|
||||
|
||||
/** Holds if src -> trg is an additional flow step in the non-boosted NoSql injection security query. */
|
||||
predicate isBaseAdditionalFlowStep(
|
||||
DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl
|
||||
) {
|
||||
@@ -112,7 +115,7 @@ predicate isBaseAdditionalFlowStep(
|
||||
// additional flow step to track taint through NoSQL query objects
|
||||
inlbl = TaintedObject::label() and
|
||||
outlbl = TaintedObject::label() and
|
||||
exists(NoSQL::Query query, DataFlow::SourceNode queryObj |
|
||||
exists(NoSql::Query query, DataFlow::SourceNode queryObj |
|
||||
queryObj.flowsToExpr(query) and
|
||||
queryObj.flowsTo(trg) and
|
||||
src = queryObj.getAPropertyWrite().getRhs()
|
||||
@@ -127,7 +130,7 @@ predicate isBaseAdditionalFlowStep(
|
||||
* involving more complex queries.
|
||||
*/
|
||||
DataFlow::Node getASubexpressionWithinQuery(DataFlow::Node query) {
|
||||
any(NosqlInjectionATMConfig cfg).isEffectiveSink(query) and
|
||||
any(NosqlInjectionAtmConfig cfg).isEffectiveSink(query) and
|
||||
exists(DataFlow::SourceNode receiver |
|
||||
receiver = [getASubexpressionWithinQuery(query), query].getALocalSource()
|
||||
|
|
||||
@@ -156,7 +159,7 @@ class Configuration extends TaintTracking::Configuration {
|
||||
sink.(NosqlInjection::Sink).getAFlowLabel() = label
|
||||
or
|
||||
// Allow effective sinks to have any taint label
|
||||
any(NosqlInjectionATMConfig cfg).isEffectiveSink(sink)
|
||||
any(NosqlInjectionAtmConfig cfg).isEffectiveSink(sink)
|
||||
}
|
||||
|
||||
override predicate isSanitizer(DataFlow::Node node) {
|
||||
@@ -175,7 +178,7 @@ class Configuration extends TaintTracking::Configuration {
|
||||
isBaseAdditionalFlowStep(src, trg, inlbl, outlbl)
|
||||
or
|
||||
// relaxed version of previous step to track taint through unmodeled NoSQL query objects
|
||||
any(NosqlInjectionATMConfig cfg).isEffectiveSink(trg) and
|
||||
any(NosqlInjectionAtmConfig cfg).isEffectiveSink(trg) and
|
||||
src = getASubexpressionWithinQuery(trg)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -60,8 +60,8 @@ module SinkEndpointFilter {
|
||||
}
|
||||
}
|
||||
|
||||
class SqlInjectionATMConfig extends ATMConfig {
|
||||
SqlInjectionATMConfig() { this = "SqlInjectionATMConfig" }
|
||||
class SqlInjectionAtmConfig extends AtmConfig {
|
||||
SqlInjectionAtmConfig() { this = "SqlInjectionATMConfig" }
|
||||
|
||||
override predicate isKnownSource(DataFlow::Node source) { source instanceof SqlInjection::Source }
|
||||
|
||||
@@ -74,6 +74,9 @@ class SqlInjectionATMConfig extends ATMConfig {
|
||||
override EndpointType getASinkEndpointType() { result instanceof SqlInjectionSinkType }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SqlInjectionAtmConfig */
|
||||
deprecated class SqlInjectionATMConfig = SqlInjectionAtmConfig;
|
||||
|
||||
/**
|
||||
* A taint-tracking configuration for reasoning about SQL injection vulnerabilities.
|
||||
*
|
||||
@@ -86,7 +89,7 @@ class Configuration extends TaintTracking::Configuration {
|
||||
override predicate isSource(DataFlow::Node source) { source instanceof SqlInjection::Source }
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
sink instanceof SqlInjection::Sink or any(SqlInjectionATMConfig cfg).isEffectiveSink(sink)
|
||||
sink instanceof SqlInjection::Sink or any(SqlInjectionAtmConfig cfg).isEffectiveSink(sink)
|
||||
}
|
||||
|
||||
override predicate isSanitizer(DataFlow::Node node) {
|
||||
|
||||
@@ -59,8 +59,8 @@ module SinkEndpointFilter {
|
||||
}
|
||||
}
|
||||
|
||||
class TaintedPathATMConfig extends ATMConfig {
|
||||
TaintedPathATMConfig() { this = "TaintedPathATMConfig" }
|
||||
class TaintedPathAtmConfig extends AtmConfig {
|
||||
TaintedPathAtmConfig() { this = "TaintedPathATMConfig" }
|
||||
|
||||
override predicate isKnownSource(DataFlow::Node source) { source instanceof TaintedPath::Source }
|
||||
|
||||
@@ -73,6 +73,9 @@ class TaintedPathATMConfig extends ATMConfig {
|
||||
override EndpointType getASinkEndpointType() { result instanceof TaintedPathSinkType }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for TaintedPathAtmConfig */
|
||||
deprecated class TaintedPathATMConfig = TaintedPathAtmConfig;
|
||||
|
||||
/**
|
||||
* A taint-tracking configuration for reasoning about path injection vulnerabilities.
|
||||
*
|
||||
@@ -88,7 +91,7 @@ class Configuration extends TaintTracking::Configuration {
|
||||
label = sink.(TaintedPath::Sink).getAFlowLabel()
|
||||
or
|
||||
// Allow effective sinks to have any taint label
|
||||
any(TaintedPathATMConfig cfg).isEffectiveSink(sink)
|
||||
any(TaintedPathAtmConfig cfg).isEffectiveSink(sink)
|
||||
}
|
||||
|
||||
override predicate isSanitizer(DataFlow::Node node) { node instanceof TaintedPath::Sanitizer }
|
||||
|
||||
@@ -60,8 +60,8 @@ module SinkEndpointFilter {
|
||||
}
|
||||
}
|
||||
|
||||
class DomBasedXssATMConfig extends ATMConfig {
|
||||
DomBasedXssATMConfig() { this = "DomBasedXssATMConfig" }
|
||||
class DomBasedXssAtmConfig extends AtmConfig {
|
||||
DomBasedXssAtmConfig() { this = "DomBasedXssATMConfig" }
|
||||
|
||||
override predicate isKnownSource(DataFlow::Node source) { source instanceof DomBasedXss::Source }
|
||||
|
||||
@@ -74,6 +74,9 @@ class DomBasedXssATMConfig extends ATMConfig {
|
||||
override EndpointType getASinkEndpointType() { result instanceof XssSinkType }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for DomBasedXssAtmConfig */
|
||||
deprecated class DomBasedXssATMConfig = DomBasedXssAtmConfig;
|
||||
|
||||
/**
|
||||
* A taint-tracking configuration for reasoning about XSS vulnerabilities.
|
||||
*
|
||||
@@ -87,7 +90,7 @@ class Configuration extends TaintTracking::Configuration {
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
sink instanceof DomBasedXss::Sink or
|
||||
any(DomBasedXssATMConfig cfg).isEffectiveSink(sink)
|
||||
any(DomBasedXssAtmConfig cfg).isEffectiveSink(sink)
|
||||
}
|
||||
|
||||
override predicate isSanitizer(DataFlow::Node node) {
|
||||
|
||||
@@ -33,7 +33,7 @@ string getDescriptionForAlertCandidate(
|
||||
) {
|
||||
result = "excluded[reason=" + getAReasonSinkExcluded(sinkCandidate, query) + "]"
|
||||
or
|
||||
getATMCfg(query).isKnownSink(sinkCandidate) and
|
||||
getAtmCfg(query).isKnownSink(sinkCandidate) and
|
||||
result = "excluded[reason=known-sink]"
|
||||
or
|
||||
not exists(getAReasonSinkExcluded(sinkCandidate, query)) and
|
||||
|
||||
@@ -20,7 +20,7 @@ import semmle.javascript.security.dataflow.DeepObjectResourceExhaustionQuery as
|
||||
import semmle.javascript.security.dataflow.DifferentKindsComparisonBypassQuery as DifferentKindsComparisonBypass
|
||||
import semmle.javascript.security.dataflow.DomBasedXssQuery as DomBasedXss
|
||||
import semmle.javascript.security.dataflow.ExceptionXssQuery as ExceptionXss
|
||||
import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedDataQuery as ExternalAPIUsedWithUntrustedData
|
||||
import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedDataQuery as ExternalApiUsedWithUntrustedData
|
||||
import semmle.javascript.security.dataflow.FileAccessToHttpQuery as FileAccessToHttp
|
||||
import semmle.javascript.security.dataflow.HardcodedCredentialsQuery as HardcodedCredentials
|
||||
import semmle.javascript.security.dataflow.HardcodedDataInterpretedAsCodeQuery as HardcodedDataInterpretedAsCode
|
||||
|
||||
@@ -23,17 +23,20 @@ import NoFeaturizationRestrictionsConfig
|
||||
import Queries
|
||||
|
||||
/** Gets the ATM configuration object for the specified query. */
|
||||
ATMConfig getATMCfg(Query query) {
|
||||
AtmConfig getAtmCfg(Query query) {
|
||||
query instanceof NosqlInjectionQuery and
|
||||
result instanceof NosqlInjectionATM::NosqlInjectionATMConfig
|
||||
result instanceof NosqlInjectionATM::NosqlInjectionAtmConfig
|
||||
or
|
||||
query instanceof SqlInjectionQuery and result instanceof SqlInjectionATM::SqlInjectionATMConfig
|
||||
query instanceof SqlInjectionQuery and result instanceof SqlInjectionATM::SqlInjectionAtmConfig
|
||||
or
|
||||
query instanceof TaintedPathQuery and result instanceof TaintedPathATM::TaintedPathATMConfig
|
||||
query instanceof TaintedPathQuery and result instanceof TaintedPathATM::TaintedPathAtmConfig
|
||||
or
|
||||
query instanceof XssQuery and result instanceof XssATM::DomBasedXssATMConfig
|
||||
query instanceof XssQuery and result instanceof XssATM::DomBasedXssAtmConfig
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getAtmCfg */
|
||||
deprecated ATMConfig getATMCfg(Query query) { result = getAtmCfg(query) }
|
||||
|
||||
/** Gets the ATM data flow configuration for the specified query. */
|
||||
DataFlow::Configuration getDataFlowCfg(Query query) {
|
||||
query instanceof NosqlInjectionQuery and result instanceof NosqlInjectionATM::Configuration
|
||||
@@ -47,7 +50,7 @@ DataFlow::Configuration getDataFlowCfg(Query query) {
|
||||
|
||||
/** Gets a known sink for the specified query. */
|
||||
private DataFlow::Node getASink(Query query) {
|
||||
getATMCfg(query).isKnownSink(result) and
|
||||
getAtmCfg(query).isKnownSink(result) and
|
||||
// Only consider the source code for the project being analyzed.
|
||||
exists(result.getFile().getRelativePath())
|
||||
}
|
||||
@@ -72,8 +75,8 @@ private DataFlow::Node getANotASink(NotASinkReason reason) {
|
||||
*/
|
||||
private DataFlow::Node getAnUnknown(Query query) {
|
||||
(
|
||||
getATMCfg(query).isEffectiveSink(result) or
|
||||
getATMCfg(query).isEffectiveSinkWithOverridingScore(result, _, _)
|
||||
getAtmCfg(query).isEffectiveSink(result) or
|
||||
getAtmCfg(query).isEffectiveSinkWithOverridingScore(result, _, _)
|
||||
) and
|
||||
not result = getASink(query) and
|
||||
// Only consider the source code for the project being analyzed.
|
||||
|
||||
@@ -4,19 +4,19 @@ import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathATM
|
||||
import experimental.adaptivethreatmodeling.XssATM as XssATM
|
||||
import experimental.adaptivethreatmodeling.AdaptiveThreatModeling
|
||||
|
||||
from string queryName, ATMConfig c, EndpointType e
|
||||
from string queryName, AtmConfig c, EndpointType e
|
||||
where
|
||||
(
|
||||
queryName = "SqlInjectionATM.ql" and
|
||||
c instanceof SqlInjectionATM::SqlInjectionATMConfig
|
||||
c instanceof SqlInjectionATM::SqlInjectionAtmConfig
|
||||
or
|
||||
queryName = "NosqlInjectionATM.ql" and
|
||||
c instanceof NosqlInjectionATM::NosqlInjectionATMConfig
|
||||
c instanceof NosqlInjectionATM::NosqlInjectionAtmConfig
|
||||
or
|
||||
queryName = "TaintedPathInjectionATM.ql" and
|
||||
c instanceof TaintedPathATM::TaintedPathATMConfig
|
||||
c instanceof TaintedPathATM::TaintedPathAtmConfig
|
||||
or
|
||||
queryName = "XssATM.ql" and c instanceof XssATM::DomBasedXssATMConfig
|
||||
queryName = "XssATM.ql" and c instanceof XssATM::DomBasedXssAtmConfig
|
||||
) and
|
||||
e = c.getASinkEndpointType()
|
||||
select queryName, e.getEncoding() as endpointTypeEncoded
|
||||
|
||||
@@ -19,8 +19,8 @@ EndpointType getEndpointType() { result instanceof NosqlInjectionSinkType }
|
||||
DataFlow::Node getAPositiveEndpoint() { result instanceof NosqlInjection::Sink }
|
||||
|
||||
/** An ATM configuration to find misclassified endpoints of type `getEndpointType()`. */
|
||||
class ExtractMisclassifiedEndpointsATMConfig extends ATMConfig {
|
||||
ExtractMisclassifiedEndpointsATMConfig() { this = "ExtractMisclassifiedEndpointsATMConfig" }
|
||||
class ExtractMisclassifiedEndpointsAtmConfig extends AtmConfig {
|
||||
ExtractMisclassifiedEndpointsAtmConfig() { this = "ExtractMisclassifiedEndpointsATMConfig" }
|
||||
|
||||
override predicate isEffectiveSink(DataFlow::Node sinkCandidate) {
|
||||
sinkCandidate = getAPositiveEndpoint()
|
||||
@@ -31,7 +31,7 @@ class ExtractMisclassifiedEndpointsATMConfig extends ATMConfig {
|
||||
|
||||
/** Get an endpoint from `getAPositiveEndpoint()` that is incorrectly excluded from the results. */
|
||||
DataFlow::Node getAMisclassifedEndpoint() {
|
||||
any(ExtractMisclassifiedEndpointsATMConfig config).isEffectiveSink(result) and
|
||||
any(ExtractMisclassifiedEndpointsAtmConfig config).isEffectiveSink(result) and
|
||||
not any(ScoringResults results).shouldResultBeIncluded(_, result)
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user