From 74765282443710a4d60aceaa2f10c61d24f13e67 Mon Sep 17 00:00:00 2001
From: tiferet <tiferet@github.com>
Date: Thu, 17 Nov 2022 17:57:57 -0800
Subject: [PATCH] Move the definition of `isSink` to the base class:

Holds if `sink` is a known taint sink or an "effective" sink.
---
 .../lib/experimental/adaptivethreatmodeling/ATMConfig.qll  | 7 +++++++
 .../adaptivethreatmodeling/SqlInjectionATM.qll             | 4 ----
 .../lib/experimental/adaptivethreatmodeling/XssATM.qll     | 5 -----
 3 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll
index db17e70c525..2e48c5f230b 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll
@@ -39,6 +39,13 @@ abstract class AtmConfig extends JS::TaintTracking::Configuration {
    */
   override predicate isSource(JS::DataFlow::Node source) { this.isKnownSource(source) }
 
+  /**
+   * Holds if `sink` is a known taint sink or an "effective" sink (a candidate to be classified by an ML model).
+   */
+  override predicate isSink(JS::DataFlow::Node sink) {
+    this.isKnownSink(sink) or this.isEffectiveSink(sink)
+  }
+
   /**
    * EXPERIMENTAL. This API may change in the future.
    *
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/SqlInjectionATM.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/SqlInjectionATM.qll
index cfca6bdebce..3dd9b595327 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/SqlInjectionATM.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/SqlInjectionATM.qll
@@ -21,10 +21,6 @@ class Configuration extends AtmConfig {
    * query, except additional sinks have been added using the sink endpoint filter.
    */
 
-  override predicate isSink(DataFlow::Node sink) {
-    sink instanceof SqlInjection::Sink or isEffectiveSink(sink)
-  }
-
   override predicate isSanitizer(DataFlow::Node node) {
     super.isSanitizer(node) or
     node instanceof SqlInjection::Sanitizer
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssATM.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssATM.qll
index cd3240e8cfc..43d8375b8a5 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssATM.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssATM.qll
@@ -21,11 +21,6 @@ class Configuration extends AtmConfig {
    * except additional ATM sinks have been added to the `isSink` predicate.
    */
 
-  override predicate isSink(DataFlow::Node sink) {
-    sink instanceof DomBasedXss::Sink or
-    isEffectiveSink(sink)
-  }
-
   override predicate isSanitizer(DataFlow::Node node) {
     super.isSanitizer(node) or
     node instanceof DomBasedXss::Sanitizer