hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update the documentation

Browse Source
This commit is contained in:
tiferet
2022-11-28 11:16:06 -08:00
parent 03b8e649f1
commit 963407de4c
1 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll
View File

@@ -73,16 +73,23 @@ abstract class AtmConfig extends string {
not exists(this.getAReasonSinkExcluded(candidateSink)) not exists(this.getAReasonSinkExcluded(candidateSink))
} }
/**
* Gets the list of characteristics that cause `candidateSink` to be excluded as an effective sink.
*/
final EndpointCharacteristics::EndpointCharacteristic getAReasonSinkExcluded( final EndpointCharacteristics::EndpointCharacteristic getAReasonSinkExcluded(
JS::DataFlow::Node candidateSink JS::DataFlow::Node candidateSink
) { ) {
// An endpoint is an effective sink if it has neither standard endpoint filter characteristics nor endpoint filter // An endpoint is an effective sink (sink candidate) if none of its characteristics give much indication whether or
// characteristics that are specific to this sink type. // not it is a sink. Historically, we used endpoint filters, and scored endpoints that are filtered out neither by
// TODO: Experiment with excluding all endpoints that have a medium- or high-confidence characteristic that implies // a standard endpoint filter nor by an endpoint filter specific to this sink type. To replicate this behaviour, we
// they're not sinks for this sink type (or not sinks for any sink type), not just the EndpointFilterCharacteristics. // have given the endpoint filter characteristics medium confidence, and we exclude endpoints that have a
// medium-confidence characteristic that indicates that they are not sinks, either in general or for this sink type.
exists(EndpointCharacteristics::EndpointCharacteristic filter, float confidence | exists(EndpointCharacteristics::EndpointCharacteristic filter, float confidence |
filter.getEndpoints(candidateSink) and filter.getEndpoints(candidateSink) and
confidence >= filter.mediumConfidence() and confidence >= filter.mediumConfidence() and
// TODO: Experiment with excluding all endpoints that have a medium- or high-confidence characteristic that
// implies they're not sinks, rather than using only medium-confidence characteristics, by deleting the following
// line.
confidence < filter.highConfidence() and confidence < filter.highConfidence() and
( (
// Exclude endpoints that have a characteristic that implies they're not sinks for _any_ sink type. // Exclude endpoints that have a characteristic that implies they're not sinks for _any_ sink type.