hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Move the definition of isSource to the base class:

Browse Source 
A long as we're not boosting sources, `isSource` is identical to `isKnownSource`.
This commit is contained in:
tiferet
2022-11-17 17:16:37 -08:00
parent 50291c7b7c
commit cd24ec88d6
5 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll
View File

@@ -33,6 +33,12 @@ abstract class AtmConfig extends JS::TaintTracking::Configuration {
bindingset[this]
AtmConfig() { any() }
/**
* Holds if `source` is a relevant taint source. When sources are not boosted, `isSource` is equivalent to
* `isKnownSource` (i.e there are no "effective" sources to be classified by an ML model).
*/
override predicate isSource(JS::DataFlow::Node source) { this.isKnownSource(source) }
/**
* EXPERIMENTAL. This API may change in the future.
*

2
javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/NosqlInjectionATM.qll
View File

@@ -25,8 +25,6 @@ class Configuration extends AtmConfig {
* generalised to cover the sinks predicted by ATM.
*/
override predicate isSource(DataFlow::Node source) { source instanceof NosqlInjection::Source }
override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) {
TaintedObject::isSource(source, label)
}

3
javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/SqlInjectionATM.qll
View File

@@ -16,11 +16,10 @@ class Configuration extends AtmConfig {
override EndpointType getASinkEndpointType() { result instanceof SqlInjectionSinkType }
/**
/*
* This is largely a copy of the taint tracking configuration for the standard SQL injection
* query, except additional sinks have been added using the sink endpoint filter.
*/
override predicate isSource(DataFlow::Node source) { source instanceof SqlInjection::Source }
override predicate isSink(DataFlow::Node sink) {
sink instanceof SqlInjection::Sink or isEffectiveSink(sink)

3
javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/TaintedPathATM.qll
View File

@@ -16,11 +16,10 @@ class Configuration extends AtmConfig {
override EndpointType getASinkEndpointType() { result instanceof TaintedPathSinkType }
/**
/*
* This is largely a copy of the taint tracking configuration for the standard path injection
* query, except additional ATM sinks have been added to the `isSink` predicate.
*/
override predicate isSource(DataFlow::Node source) { source instanceof TaintedPath::Source }
override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) {
label = sink.(TaintedPath::Sink).getAFlowLabel()

6
javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssATM.qll
View File

@@ -1,6 +1,7 @@
/**
* For internal use only.
*
* A taint-tracking configuration for reasoning about XSS vulnerabilities.
* Defines shared code used by the XSS boosted query.
*/
@@ -15,13 +16,10 @@ class Configuration extends AtmConfig {
override EndpointType getASinkEndpointType() { result instanceof XssSinkType }
/**
* A taint-tracking configuration for reasoning about XSS vulnerabilities.
*
/*
* This is largely a copy of the taint tracking configuration for the standard XSSThroughDom query,
* except additional ATM sinks have been added to the `isSink` predicate.
*/
override predicate isSource(DataFlow::Node source) { source instanceof DomBasedXss::Source }
override predicate isSink(DataFlow::Node sink) {
sink instanceof DomBasedXss::Sink or