diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountCodeInjection.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountCodeInjection.ql new file mode 100644 index 00000000000..cc9016d0089 --- /dev/null +++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountCodeInjection.ql @@ -0,0 +1,22 @@ +/* + * For internal use only. + * + * + * Count the number of sinks and alerts for the `CodeInjection` security query. + */ + +import javascript +import semmle.javascript.security.dataflow.CodeInjectionQuery as CodeInjection +import evaluation.EndToEndEvaluation + +int numAlerts(DataFlow::Configuration cfg) { + result = + count(DataFlow::Node source, DataFlow::Node sink | + cfg.hasFlow(source, sink) and not isFlowExcluded(source, sink) + ) +} + +select numAlerts(any(CodeInjection::Configuration cfg)) as numCodeInjectionAlerts, + count(DataFlow::Node sink | + exists(CodeInjection::Configuration cfg | cfg.isSink(sink) or cfg.isSink(sink, _)) + ) as numCodeInjectionSinks diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountNosqlInjection.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountNosqlInjection.ql new file mode 100644 index 00000000000..9c1c9ef190b --- /dev/null +++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountNosqlInjection.ql @@ -0,0 +1,22 @@ +/* + * For internal use only. + * + * + * Count the number of sinks and alerts for the `NosqlInection` security query. + */ + +import javascript +import semmle.javascript.security.dataflow.NosqlInjectionQuery as NosqlInjection +import evaluation.EndToEndEvaluation + +int numAlerts(DataFlow::Configuration cfg) { + result = + count(DataFlow::Node source, DataFlow::Node sink | + cfg.hasFlow(source, sink) and not isFlowExcluded(source, sink) + ) +} + +select numAlerts(any(NosqlInjection::Configuration cfg)) as numNosqlAlerts, + count(DataFlow::Node sink | + exists(NosqlInjection::Configuration cfg | cfg.isSink(sink) or cfg.isSink(sink, _)) + ) as numNosqlSinks diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountSqlInjection.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountSqlInjection.ql new file mode 100644 index 00000000000..848929dc443 --- /dev/null +++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountSqlInjection.ql @@ -0,0 +1,22 @@ +/* + * For internal use only. + * + * + * Count the number of sinks and alerts for the `SqlInection` security query. + */ + +import javascript +import semmle.javascript.security.dataflow.SqlInjectionQuery as SqlInjection +import evaluation.EndToEndEvaluation + +int numAlerts(DataFlow::Configuration cfg) { + result = + count(DataFlow::Node source, DataFlow::Node sink | + cfg.hasFlow(source, sink) and not isFlowExcluded(source, sink) + ) +} + +select numAlerts(any(SqlInjection::Configuration cfg)) as numSqlAlerts, + count(DataFlow::Node sink | + exists(SqlInjection::Configuration cfg | cfg.isSink(sink) or cfg.isSink(sink, _)) + ) as numSqlSinks diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountTaintedPath.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountTaintedPath.ql new file mode 100644 index 00000000000..c941bda8241 --- /dev/null +++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountTaintedPath.ql @@ -0,0 +1,22 @@ +/* + * For internal use only. + * + * + * Count the number of sinks and alerts for the `TaintedPath` security query. + */ + +import javascript +import semmle.javascript.security.dataflow.TaintedPathQuery as TaintedPath +import evaluation.EndToEndEvaluation + +int numAlerts(DataFlow::Configuration cfg) { + result = + count(DataFlow::Node source, DataFlow::Node sink | + cfg.hasFlow(source, sink) and not isFlowExcluded(source, sink) + ) +} + +select numAlerts(any(TaintedPath::Configuration cfg)) as numTaintedPathAlerts, + count(DataFlow::Node sink | + exists(TaintedPath::Configuration cfg | cfg.isSink(sink) or cfg.isSink(sink, _)) + ) as numTaintedPathSinks diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountXss.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountXss.ql new file mode 100644 index 00000000000..c4ee3a6c3c4 --- /dev/null +++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountXss.ql @@ -0,0 +1,22 @@ +/* + * For internal use only. + * + * + * Count the number of sinks and alerts for the `DomBasedXss` security query. + */ + +import javascript +import semmle.javascript.security.dataflow.DomBasedXssQuery as DomBasedXss +import evaluation.EndToEndEvaluation + +int numAlerts(DataFlow::Configuration cfg) { + result = + count(DataFlow::Node source, DataFlow::Node sink | + cfg.hasFlow(source, sink) and not isFlowExcluded(source, sink) + ) +} + +select numAlerts(any(DomBasedXss::Configuration cfg)) as numXssAlerts, + count(DataFlow::Node sink | + exists(DomBasedXss::Configuration cfg | cfg.isSink(sink) or cfg.isSink(sink, _)) + ) as numXssSinks diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountXssThroughDom.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountXssThroughDom.ql new file mode 100644 index 00000000000..31ef44a5e0a --- /dev/null +++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountXssThroughDom.ql @@ -0,0 +1,22 @@ +/* + * For internal use only. + * + * + * Count the number of sinks and alerts for the `XssThroughDom` security query. + */ + +import javascript +import semmle.javascript.security.dataflow.XssThroughDomQuery as XssThroughDom +import evaluation.EndToEndEvaluation + +int numAlerts(DataFlow::Configuration cfg) { + result = + count(DataFlow::Node source, DataFlow::Node sink | + cfg.hasFlow(source, sink) and not isFlowExcluded(source, sink) + ) +} + +select numAlerts(any(XssThroughDom::Configuration cfg)) as numXssThroughDomAlerts, + count(DataFlow::Node sink | + exists(XssThroughDom::Configuration cfg | cfg.isSink(sink) or cfg.isSink(sink, _)) + ) as numXssThroughDomSinks