From 78a34811b27fea26d2f4ebdfd995cb3690f9e8b0 Mon Sep 17 00:00:00 2001
From: Jean Helie <jhelie@github.com>
Date: Thu, 2 Jun 2022 18:30:52 +0200
Subject: [PATCH] wip

---
 .../adaptivethreatmodeling/EndpointTypes.qll  | 36 ++++++++-----------
 .../extraction/ExtractEndpointData.qll        | 32 ++++++++---------
 .../extraction/ExtractEndpointMapping.ql      | 24 ++++++-------
 .../modelbuilding/extraction/Queries.qll      | 21 +++++------
 4 files changed, 52 insertions(+), 61 deletions(-)

diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll
index aa625b12862..85880c8e365 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll
@@ -34,24 +34,18 @@ class XssSinkType extends EndpointType, TXssSinkType {
 
   override int getEncoding() { result = 1 }
 }
-
-/** The `NosqlInjectionSink` class that can be predicted by endpoint scoring models. */
-class NosqlInjectionSinkType extends EndpointType, TNosqlInjectionSinkType {
-  override string getDescription() { result = "NosqlInjectionSink" }
-
-  override int getEncoding() { result = 2 }
-}
-
-/** The `SqlInjectionSink` class that can be predicted by endpoint scoring models. */
-class SqlInjectionSinkType extends EndpointType, TSqlInjectionSinkType {
-  override string getDescription() { result = "SqlInjectionSink" }
-
-  override int getEncoding() { result = 3 }
-}
-
-/** The `TaintedPathSink` class that can be predicted by endpoint scoring models. */
-class TaintedPathSinkType extends EndpointType, TTaintedPathSinkType {
-  override string getDescription() { result = "TaintedPathSink" }
-
-  override int getEncoding() { result = 4 }
-}
+// /** The `NosqlInjectionSink` class that can be predicted by endpoint scoring models. */
+// class NosqlInjectionSinkType extends EndpointType, TNosqlInjectionSinkType {
+//   override string getDescription() { result = "NosqlInjectionSink" }
+//   override int getEncoding() { result = 2 }
+// }
+// /** The `SqlInjectionSink` class that can be predicted by endpoint scoring models. */
+// class SqlInjectionSinkType extends EndpointType, TSqlInjectionSinkType {
+//   override string getDescription() { result = "SqlInjectionSink" }
+//   override int getEncoding() { result = 3 }
+// }
+// /** The `TaintedPathSink` class that can be predicted by endpoint scoring models. */
+// class TaintedPathSinkType extends EndpointType, TTaintedPathSinkType {
+//   override string getDescription() { result = "TaintedPathSink" }
+//   override int getEncoding() { result = 4 }
+// }
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll
index 07ee16fda50..f458977846d 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll
@@ -14,9 +14,9 @@ import experimental.adaptivethreatmodeling.EndpointFeatures as EndpointFeatures
 import experimental.adaptivethreatmodeling.EndpointScoring as EndpointScoring
 import experimental.adaptivethreatmodeling.EndpointTypes
 import experimental.adaptivethreatmodeling.FilteringReasons
-import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionATM
-import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionATM
-import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathATM
+// import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionATM
+// import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionATM
+// import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathATM
 import experimental.adaptivethreatmodeling.XssATM as XssATM
 import Labels
 import NoFeaturizationRestrictionsConfig
@@ -24,13 +24,13 @@ import Queries
 
 /** Gets the ATM configuration object for the specified query. */
 AtmConfig getAtmCfg(Query query) {
-  query instanceof NosqlInjectionQuery and
-  result instanceof NosqlInjectionATM::NosqlInjectionAtmConfig
-  or
-  query instanceof SqlInjectionQuery and result instanceof SqlInjectionATM::SqlInjectionAtmConfig
-  or
-  query instanceof TaintedPathQuery and result instanceof TaintedPathATM::TaintedPathAtmConfig
-  or
+  // query instanceof NosqlInjectionQuery and
+  // result instanceof NosqlInjectionATM::NosqlInjectionAtmConfig
+  // or
+  // query instanceof SqlInjectionQuery and result instanceof SqlInjectionATM::SqlInjectionAtmConfig
+  // or
+  // query instanceof TaintedPathQuery and result instanceof TaintedPathATM::TaintedPathAtmConfig
+  // or
   query instanceof XssQuery and result instanceof XssATM::DomBasedXssAtmConfig
 }
 
@@ -39,12 +39,12 @@ deprecated ATMConfig getATMCfg(Query query) { result = getAtmCfg(query) }
 
 /** Gets the ATM data flow configuration for the specified query. */
 DataFlow::Configuration getDataFlowCfg(Query query) {
-  query instanceof NosqlInjectionQuery and result instanceof NosqlInjectionATM::Configuration
-  or
-  query instanceof SqlInjectionQuery and result instanceof SqlInjectionATM::Configuration
-  or
-  query instanceof TaintedPathQuery and result instanceof TaintedPathATM::Configuration
-  or
+  // query instanceof NosqlInjectionQuery and result instanceof NosqlInjectionATM::Configuration
+  // or
+  // query instanceof SqlInjectionQuery and result instanceof SqlInjectionATM::Configuration
+  // or
+  // query instanceof TaintedPathQuery and result instanceof TaintedPathATM::Configuration
+  // or
   query instanceof XssQuery and result instanceof XssATM::Configuration
 }
 
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql
index 11986562085..a17f02ababf 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql
@@ -4,24 +4,24 @@
  * Maps ML-powered queries to their `EndpointType` for clearer labelling while evaluating ML model during training.
  */
 
-import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionATM
-import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionATM
-import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathATM
+// import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionATM
+// import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionATM
+// import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathATM
 import experimental.adaptivethreatmodeling.XssATM as XssATM
 import experimental.adaptivethreatmodeling.AdaptiveThreatModeling
 
 from string queryName, AtmConfig c, EndpointType e
 where
   (
-    queryName = "SqlInjection" and
-    c instanceof SqlInjectionATM::SqlInjectionAtmConfig
-    or
-    queryName = "NosqlInjection" and
-    c instanceof NosqlInjectionATM::NosqlInjectionAtmConfig
-    or
-    queryName = "TaintedPath" and
-    c instanceof TaintedPathATM::TaintedPathAtmConfig
-    or
+    // queryName = "SqlInjection" and
+    // c instanceof SqlInjectionATM::SqlInjectionAtmConfig
+    // or
+    // queryName = "NosqlInjection" and
+    // c instanceof NosqlInjectionATM::NosqlInjectionAtmConfig
+    // or
+    // queryName = "TaintedPath" and
+    // c instanceof TaintedPathATM::TaintedPathAtmConfig
+    // or
     queryName = "Xss" and c instanceof XssATM::DomBasedXssAtmConfig
   ) and
   e = c.getASinkEndpointType()
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll
index 51dd3ffec84..7f57c2e0810 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll
@@ -16,18 +16,15 @@ abstract class Query extends TQuery {
   string toString() { result = getName() }
 }
 
-class NosqlInjectionQuery extends Query, TNosqlInjectionQuery {
-  override string getName() { result = "NosqlInjection" }
-}
-
-class SqlInjectionQuery extends Query, TSqlInjectionQuery {
-  override string getName() { result = "SqlInjection" }
-}
-
-class TaintedPathQuery extends Query, TTaintedPathQuery {
-  override string getName() { result = "TaintedPath" }
-}
-
+// class NosqlInjectionQuery extends Query, TNosqlInjectionQuery {
+//   override string getName() { result = "NosqlInjection" }
+// }
+// class SqlInjectionQuery extends Query, TSqlInjectionQuery {
+//   override string getName() { result = "SqlInjection" }
+// }
+// class TaintedPathQuery extends Query, TTaintedPathQuery {
+//   override string getName() { result = "TaintedPath" }
+// }
 class XssQuery extends Query, TXssQuery {
   override string getName() { result = "Xss" }
 }