diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll index 452128083fa..cd481183afe 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll +++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll @@ -29,35 +29,35 @@ abstract class EndpointType extends TEndpointType { /** The `Negative` class that can be predicted by endpoint scoring models. */ class NegativeType extends EndpointType, TNegativeType { - override string getDescription() { result = "Negative" } + override string getDescription() { result = "non-sink" } override int getEncoding() { result = 0 } } /** The `XssSink` class that can be predicted by endpoint scoring models. */ class XssSinkType extends EndpointType, TXssSinkType { - override string getDescription() { result = "XssSink" } + override string getDescription() { result = "xss sink" } override int getEncoding() { result = 1 } } /** The `NosqlInjectionSink` class that can be predicted by endpoint scoring models. */ class NosqlInjectionSinkType extends EndpointType, TNosqlInjectionSinkType { - override string getDescription() { result = "NosqlInjectionSink" } + override string getDescription() { result = "nosql injection sink" } override int getEncoding() { result = 2 } } /** The `SqlInjectionSink` class that can be predicted by endpoint scoring models. */ class SqlInjectionSinkType extends EndpointType, TSqlInjectionSinkType { - override string getDescription() { result = "SqlInjectionSink" } + override string getDescription() { result = "sql injection sink" } override int getEncoding() { result = 3 } } /** The `TaintedPathSink` class that can be predicted by endpoint scoring models. */ class TaintedPathSinkType extends EndpointType, TTaintedPathSinkType { - override string getDescription() { result = "TaintedPathSink" } + override string getDescription() { result = "path injection sink" } override int getEncoding() { result = 4 } } diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ModelPrompt.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ModelPrompt.qll index f3ce2705dfc..49f4123632b 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ModelPrompt.qll +++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ModelPrompt.qll @@ -1,4 +1,5 @@ import javascript +import EndpointTypes as EndpointTypes module ModelPrompt { string getPrompt(DataFlow::Node endpoint) { @@ -14,7 +15,38 @@ module ModelPrompt { */ private string getTrainingSetPrompt() { result = - "# Examples of security vulnerability sinks and non-sinks\n|Dataflow node|Neighborhood|Classification|\n|---|---|---|\n|`WPUrls.ajaxurl`|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`|non-sink|\n|`[ handlebars ]`|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`|TaintedPathSink|\n|`url`|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`|non-sink|\n|`_.bind(connection.createGame, this, socket)`|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`|non-sink|\n|`sql`|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`|SqlInjectionSink|\n|`