refactor counting code into a library

2026-04-30 19:26:02 +02:00 · 2022-05-17 16:29:44 +01:00
parent 33964383d7
commit 7e32614c25
7 changed files with 26 additions and 84 deletions
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountAlertsAndSinks.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountAlertsAndSinks.qll
@@ -0,0 +1,20 @@
+/*
+ * For internal use only.
+ *
+ *
+ * Count the number of sinks and alerts for a particular dataflow config.
+ */
+
+import javascript
+import evaluation.EndToEndEvaluation
+
+query predicate countAlertsAndSinks(int numAlerts, int numSinks) {
+  numAlerts =
+    count(DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink |
+      cfg.hasFlow(source, sink) and not isFlowExcluded(source, sink)
+    ) and
+  numSinks =
+    count(DataFlow::Node sink |
+      exists(DataFlow::Configuration cfg | cfg.isSink(sink) or cfg.isSink(sink, _))
+    )
+}
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountCodeInjection.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountCodeInjection.ql
@@ -5,18 +5,5 @@
 * Count the number of sinks and alerts for the `CodeInjection` security query.
 */

-import javascript
 import semmle.javascript.security.dataflow.CodeInjectionQuery as CodeInjection
-import evaluation.EndToEndEvaluation
-
-int numAlerts(DataFlow::Configuration cfg) {
-  result =
-    count(DataFlow::Node source, DataFlow::Node sink |
-      cfg.hasFlow(source, sink) and not isFlowExcluded(source, sink)
-    )
-}
-
-select numAlerts(any(CodeInjection::Configuration cfg)) as numAlerts,
-  count(DataFlow::Node sink |
-    exists(CodeInjection::Configuration cfg | cfg.isSink(sink) or cfg.isSink(sink, _))
-  ) as numSinks
+import CountAlertsAndSinks
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountNosqlInjection.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountNosqlInjection.ql
@@ -5,18 +5,5 @@
 * Count the number of sinks and alerts for the `NosqlInection` security query.
 */

-import javascript
 import semmle.javascript.security.dataflow.NosqlInjectionQuery as NosqlInjection
-import evaluation.EndToEndEvaluation
-
-int numAlerts(DataFlow::Configuration cfg) {
-  result =
-    count(DataFlow::Node source, DataFlow::Node sink |
-      cfg.hasFlow(source, sink) and not isFlowExcluded(source, sink)
-    )
-}
-
-select numAlerts(any(NosqlInjection::Configuration cfg)) as numAlerts,
-  count(DataFlow::Node sink |
-    exists(NosqlInjection::Configuration cfg | cfg.isSink(sink) or cfg.isSink(sink, _))
-  ) as numSinks
+import CountAlertsAndSinks
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountSqlInjection.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountSqlInjection.ql
@@ -5,18 +5,5 @@
 * Count the number of sinks and alerts for the `SqlInection` security query.
 */

-import javascript
 import semmle.javascript.security.dataflow.SqlInjectionQuery as SqlInjection
-import evaluation.EndToEndEvaluation
-
-int numAlerts(DataFlow::Configuration cfg) {
-  result =
-    count(DataFlow::Node source, DataFlow::Node sink |
-      cfg.hasFlow(source, sink) and not isFlowExcluded(source, sink)
-    )
-}
-
-select numAlerts(any(SqlInjection::Configuration cfg)) as numAlerts,
-  count(DataFlow::Node sink |
-    exists(SqlInjection::Configuration cfg | cfg.isSink(sink) or cfg.isSink(sink, _))
-  ) as numSinks
+import CountAlertsAndSinks
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountTaintedPath.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountTaintedPath.ql
@@ -5,18 +5,5 @@
 * Count the number of sinks and alerts for the `TaintedPath` security query.
 */

-import javascript
 import semmle.javascript.security.dataflow.TaintedPathQuery as TaintedPath
-import evaluation.EndToEndEvaluation
-
-int numAlerts(DataFlow::Configuration cfg) {
-  result =
-    count(DataFlow::Node source, DataFlow::Node sink |
-      cfg.hasFlow(source, sink) and not isFlowExcluded(source, sink)
-    )
-}
-
-select numAlerts(any(TaintedPath::Configuration cfg)) as numAlerts,
-  count(DataFlow::Node sink |
-    exists(TaintedPath::Configuration cfg | cfg.isSink(sink) or cfg.isSink(sink, _))
-  ) as numSinks
+import CountAlertsAndSinks
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountXss.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountXss.ql
@@ -5,18 +5,5 @@
 * Count the number of sinks and alerts for the `DomBasedXss` security query.
 */

-import javascript
 import semmle.javascript.security.dataflow.DomBasedXssQuery as DomBasedXss
-import evaluation.EndToEndEvaluation
-
-int numAlerts(DataFlow::Configuration cfg) {
-  result =
-    count(DataFlow::Node source, DataFlow::Node sink |
-      cfg.hasFlow(source, sink) and not isFlowExcluded(source, sink)
-    )
-}
-
-select numAlerts(any(DomBasedXss::Configuration cfg)) as numAlerts,
-  count(DataFlow::Node sink |
-    exists(DomBasedXss::Configuration cfg | cfg.isSink(sink) or cfg.isSink(sink, _))
-  ) as numSinks
+import CountAlertsAndSinks
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountXssThroughDom.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountXssThroughDom.ql
@@ -5,18 +5,5 @@
 * Count the number of sinks and alerts for the `XssThroughDom` security query.
 */

-import javascript
 import semmle.javascript.security.dataflow.XssThroughDomQuery as XssThroughDom
-import evaluation.EndToEndEvaluation
-
-int numAlerts(DataFlow::Configuration cfg) {
-  result =
-    count(DataFlow::Node source, DataFlow::Node sink |
-      cfg.hasFlow(source, sink) and not isFlowExcluded(source, sink)
-    )
-}
-
-select numAlerts(any(XssThroughDom::Configuration cfg)) as numAlerts,
-  count(DataFlow::Node sink |
-    exists(XssThroughDom::Configuration cfg | cfg.isSink(sink) or cfg.isSink(sink, _))
-  ) as numSinks
+import CountAlertsAndSinks