From 7c2bfef253ba942251dc4be153b80588b8dedade Mon Sep 17 00:00:00 2001
From: Esben Sparre Andreasen <esbena@github.com>
Date: Wed, 30 Mar 2022 00:01:21 +0200
Subject: [PATCH] add CompareFeatures.ql

---
 .../modelbuilding/debug/CompareFeatures.ql    | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/debug/CompareFeatures.ql

diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/debug/CompareFeatures.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/debug/CompareFeatures.ql
new file mode 100644
index 00000000000..97a2b2c3f47
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/debug/CompareFeatures.ql
@@ -0,0 +1,23 @@
+import experimental.adaptivethreatmodeling.TaintedPathATM
+import experimental.adaptivethreatmodeling.EndpointFeatures
+import experimental.adaptivethreatmodeling.EndpointScoring
+
+string getValueOrNone(EndpointFeature feature, DataFlow::Node endpoint) {
+  if exists(feature.getValue(endpoint)) then feature.getValue(endpoint) = result else isNone(result)
+}
+
+predicate isNone(string value) { value = "" }
+
+// query for comparing feature values
+from
+  DataFlow::Node endpoint, EndpointFeature feature1, EndpointFeature feature2, string featureValue1,
+  string featureValue2
+where
+  feature1 instanceof ArgumentIndexFromArgumentTraversal and
+  feature2 instanceof ArgumentIndex and
+  featureValue1 = getValueOrNone(feature1, endpoint) and
+  featureValue2 = getValueOrNone(feature2, endpoint) and
+  featureValue1 != featureValue2 and
+  isNone([featureValue1, featureValue2])
+select endpoint, endpoint.getFile().getBaseName() as file, endpoint.getStartLine() as line,
+  featureValue1, featureValue2