JS: Minor improvements to threat-model Concepts

Mirroring what was done for Python
2026-04-25 08:45:14 +02:00 · 2024-10-29 11:29:27 +01:00
parent 1726287bf4
commit 84f6b89ced
1 changed files with 11 additions and 2 deletions
--- a/javascript/ql/lib/semmle/javascript/Concepts.qll
+++ b/javascript/ql/lib/semmle/javascript/Concepts.qll
@@ -16,6 +16,11 @@ private import codeql.threatmodels.ThreatModels
 class ThreatModelSource extends DataFlow::Node instanceof ThreatModelSource::Range {
  /**
   * Gets a string that represents the source kind with respect to threat modeling.
+   *
+   *
+   * See
+   * - https://github.com/github/codeql/blob/main/docs/codeql/reusables/threat-model-description.rst
+   * - https://github.com/github/codeql/blob/main/shared/threat-models/ext/threat-model-grouping.model.yml
   */
  string getThreatModel() { result = super.getThreatModel() }

@@ -34,6 +39,10 @@ module ThreatModelSource {
  abstract class Range extends DataFlow::Node {
    /**
     * Gets a string that represents the source kind with respect to threat modeling.
+     *
+     * See
+     * - https://github.com/github/codeql/blob/main/docs/codeql/reusables/threat-model-description.rst
+     * - https://github.com/github/codeql/blob/main/shared/threat-models/ext/threat-model-grouping.model.yml
     */
    abstract string getThreatModel();

@@ -45,11 +54,11 @@ module ThreatModelSource {
 /**
 * A data flow source that is enabled in the current threat model configuration.
 */
-class ActiveThreatModelSource extends DataFlow::Node {
+class ActiveThreatModelSource extends ThreatModelSource {
  ActiveThreatModelSource() {
    exists(string kind |
      currentThreatModel(kind) and
-      this.(ThreatModelSource).getThreatModel() = kind
+      this.getThreatModel() = kind
    )
  }
 }