use new sink mad kinds and simplify isKnownKind predicate

2026-04-27 17:55:19 +02:00 · 2023-06-14 17:54:16 +02:00
parent daf2743143
commit baf6b74945
5 changed files with 20 additions and 30 deletions
--- a/java/ql/src/Telemetry/AutomodelJavaUtil.qll
+++ b/java/ql/src/Telemetry/AutomodelJavaUtil.qll
@@ -27,31 +27,17 @@ class DollarAtString extends string {
 * Holds for all combinations of MaD kinds (`kind`) and their human readable
 * descriptions.
 */
-predicate isKnownKind(
-  string kind, string humanReadableKind, AutomodelEndpointTypes::EndpointType type
-) {
-  kind = "read-file" and
-  humanReadableKind = "read file" and
-  type instanceof AutomodelEndpointTypes::TaintedPathSinkType
+predicate isKnownKind(string kind, AutomodelEndpointTypes::EndpointType type) {
+  kind = "path-injection" and
+  type instanceof AutomodelEndpointTypes::PathInjectionSinkType
  or
-  kind = "create-file" and
-  humanReadableKind = "create file" and
-  type instanceof AutomodelEndpointTypes::TaintedPathSinkType
+  kind = "sql-injection" and
+  type instanceof AutomodelEndpointTypes::SqlInjectionSinkType
  or
-  kind = "sql" and
-  humanReadableKind = "mad modeled sql" and
-  type instanceof AutomodelEndpointTypes::SqlSinkType
-  or
-  kind = "open-url" and
-  humanReadableKind = "open url" and
-  type instanceof AutomodelEndpointTypes::RequestForgerySinkType
-  or
-  kind = "jdbc-url" and
-  humanReadableKind = "jdbc url" and
+  kind = "request-forgery" and
  type instanceof AutomodelEndpointTypes::RequestForgerySinkType
  or
  kind = "command-injection" and
-  humanReadableKind = "command injection" and
  type instanceof AutomodelEndpointTypes::CommandInjectionSinkType
 }