hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-03 04:40:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

wip

Browse Source
This commit is contained in:
Jean Helie
2022-06-02 18:30:52 +02:00
parent b74d1fdb1a
commit 78a34811b2
4 changed files with 52 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll
View File

@@ -34,24 +34,18 @@ class XssSinkType extends EndpointType, TXssSinkType {
override int getEncoding() { result = 1 }
}
/** The `NosqlInjectionSink` class that can be predicted by endpoint scoring models. */
class NosqlInjectionSinkType extends EndpointType, TNosqlInjectionSinkType {
override string getDescription() { result = "NosqlInjectionSink" }
override int getEncoding() { result = 2 }
}
/** The `SqlInjectionSink` class that can be predicted by endpoint scoring models. */
class SqlInjectionSinkType extends EndpointType, TSqlInjectionSinkType {
override string getDescription() { result = "SqlInjectionSink" }
override int getEncoding() { result = 3 }
}
/** The `TaintedPathSink` class that can be predicted by endpoint scoring models. */
class TaintedPathSinkType extends EndpointType, TTaintedPathSinkType {
override string getDescription() { result = "TaintedPathSink" }
override int getEncoding() { result = 4 }
}
// /** The `NosqlInjectionSink` class that can be predicted by endpoint scoring models. */
// class NosqlInjectionSinkType extends EndpointType, TNosqlInjectionSinkType {
// override string getDescription() { result = "NosqlInjectionSink" }
// override int getEncoding() { result = 2 }
// }
// /** The `SqlInjectionSink` class that can be predicted by endpoint scoring models. */
// class SqlInjectionSinkType extends EndpointType, TSqlInjectionSinkType {
// override string getDescription() { result = "SqlInjectionSink" }
// override int getEncoding() { result = 3 }
// }
// /** The `TaintedPathSink` class that can be predicted by endpoint scoring models. */
// class TaintedPathSinkType extends EndpointType, TTaintedPathSinkType {
// override string getDescription() { result = "TaintedPathSink" }
// override int getEncoding() { result = 4 }
// }

32
javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll
View File

@@ -14,9 +14,9 @@ import experimental.adaptivethreatmodeling.EndpointFeatures as EndpointFeatures
import experimental.adaptivethreatmodeling.EndpointScoring as EndpointScoring
import experimental.adaptivethreatmodeling.EndpointTypes
import experimental.adaptivethreatmodeling.FilteringReasons
import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionATM
import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionATM
import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathATM
// import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionATM
// import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionATM
// import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathATM
import experimental.adaptivethreatmodeling.XssATM as XssATM
import Labels
import NoFeaturizationRestrictionsConfig
@@ -24,13 +24,13 @@ import Queries
/** Gets the ATM configuration object for the specified query. */
AtmConfig getAtmCfg(Query query) {
query instanceof NosqlInjectionQuery and
result instanceof NosqlInjectionATM::NosqlInjectionAtmConfig
or
query instanceof SqlInjectionQuery and result instanceof SqlInjectionATM::SqlInjectionAtmConfig
or
query instanceof TaintedPathQuery and result instanceof TaintedPathATM::TaintedPathAtmConfig
or
// query instanceof NosqlInjectionQuery and
// result instanceof NosqlInjectionATM::NosqlInjectionAtmConfig
// or
// query instanceof SqlInjectionQuery and result instanceof SqlInjectionATM::SqlInjectionAtmConfig
// or
// query instanceof TaintedPathQuery and result instanceof TaintedPathATM::TaintedPathAtmConfig
// or
query instanceof XssQuery and result instanceof XssATM::DomBasedXssAtmConfig
}
@@ -39,12 +39,12 @@ deprecated ATMConfig getATMCfg(Query query) { result = getAtmCfg(query) }
/** Gets the ATM data flow configuration for the specified query. */
DataFlow::Configuration getDataFlowCfg(Query query) {
query instanceof NosqlInjectionQuery and result instanceof NosqlInjectionATM::Configuration
or
query instanceof SqlInjectionQuery and result instanceof SqlInjectionATM::Configuration
or
query instanceof TaintedPathQuery and result instanceof TaintedPathATM::Configuration
or
// query instanceof NosqlInjectionQuery and result instanceof NosqlInjectionATM::Configuration
// or
// query instanceof SqlInjectionQuery and result instanceof SqlInjectionATM::Configuration
// or
// query instanceof TaintedPathQuery and result instanceof TaintedPathATM::Configuration
// or
query instanceof XssQuery and result instanceof XssATM::Configuration
}

24
javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql
View File

@@ -4,24 +4,24 @@
* Maps ML-powered queries to their `EndpointType` for clearer labelling while evaluating ML model during training.
*/
import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionATM
import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionATM
import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathATM
// import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionATM
// import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionATM
// import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathATM
import experimental.adaptivethreatmodeling.XssATM as XssATM
import experimental.adaptivethreatmodeling.AdaptiveThreatModeling
from string queryName, AtmConfig c, EndpointType e
where
(
queryName = "SqlInjection" and
c instanceof SqlInjectionATM::SqlInjectionAtmConfig
or
queryName = "NosqlInjection" and
c instanceof NosqlInjectionATM::NosqlInjectionAtmConfig
or
queryName = "TaintedPath" and
c instanceof TaintedPathATM::TaintedPathAtmConfig
or
// queryName = "SqlInjection" and
// c instanceof SqlInjectionATM::SqlInjectionAtmConfig
// or
// queryName = "NosqlInjection" and
// c instanceof NosqlInjectionATM::NosqlInjectionAtmConfig
// or
// queryName = "TaintedPath" and
// c instanceof TaintedPathATM::TaintedPathAtmConfig
// or
queryName = "Xss" and c instanceof XssATM::DomBasedXssAtmConfig
) and
e = c.getASinkEndpointType()

21
javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll
View File

@@ -16,18 +16,15 @@ abstract class Query extends TQuery {
string toString() { result = getName() }
}
class NosqlInjectionQuery extends Query, TNosqlInjectionQuery {
override string getName() { result = "NosqlInjection" }
}
class SqlInjectionQuery extends Query, TSqlInjectionQuery {
override string getName() { result = "SqlInjection" }
}
class TaintedPathQuery extends Query, TTaintedPathQuery {
override string getName() { result = "TaintedPath" }
}
// class NosqlInjectionQuery extends Query, TNosqlInjectionQuery {
// override string getName() { result = "NosqlInjection" }
// }
// class SqlInjectionQuery extends Query, TSqlInjectionQuery {
// override string getName() { result = "SqlInjection" }
// }
// class TaintedPathQuery extends Query, TTaintedPathQuery {
// override string getName() { result = "TaintedPath" }
// }
class XssQuery extends Query, TXssQuery {
override string getName() { result = "Xss" }
}