diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll index 4f4bc2782ab..cbdc43b5ecc 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll +++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll @@ -23,7 +23,7 @@ abstract class EndpointType extends TEndpointType { /** The `NotASink` class that can be predicted by endpoint scoring models. */ class NotASinkType extends EndpointType, TNotASinkType { - override string getDescription() { result = "NotASink" } + override string getDescription() { result = "Negative" } override int getEncoding() { result = 0 } } diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointLabelEncoding.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointLabelEncoding.ql index e7c91e597a2..1ececb9a1ea 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointLabelEncoding.ql +++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointLabelEncoding.ql @@ -8,5 +8,4 @@ import experimental.adaptivethreatmodeling.EndpointTypes from EndpointType type -select type.getEncoding() as encodingTypeEncoded, type.getDescription() as endpointType order by - encodingTypeEncoded +select type.getEncoding() as label, type.getDescription() as labelName order by label diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql index 60e397187a5..4bd74bd1a22 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql +++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql @@ -12,37 +12,40 @@ import experimental.adaptivethreatmodeling.StoredXssATM as StoredXssATM import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomATM import experimental.adaptivethreatmodeling.AdaptiveThreatModeling -from string queryName, ATMConfig c, int endpointTypeEncoded +from string queryName, ATMConfig c, int label where ( queryName = "Unknown" and - endpointTypeEncoded = 0 + label = 0 or queryName = "NotASink" and - endpointTypeEncoded = 0 + label = 0 + or + queryName = "LikelyNotASink" and + label = 0 or queryName = "XssSink" and c instanceof XssATM::DomBasedXssATMConfig and - endpointTypeEncoded = c.getASinkEndpointType().getEncoding() + label = c.getASinkEndpointType().getEncoding() or queryName = "StoredXssSink" and c instanceof StoredXssATM::StoredXssATMConfig and - endpointTypeEncoded = c.getASinkEndpointType().getEncoding() + label = c.getASinkEndpointType().getEncoding() or queryName = "XssThroughDomSink" and c instanceof XssThroughDomATM::XssThroughDOMATMConfig and - endpointTypeEncoded = c.getASinkEndpointType().getEncoding() + label = c.getASinkEndpointType().getEncoding() or queryName = "SqlInjectionSink" and c instanceof SqlInjectionATM::SqlInjectionATMConfig and - endpointTypeEncoded = c.getASinkEndpointType().getEncoding() + label = c.getASinkEndpointType().getEncoding() or queryName = "NosqlInjectionSink" and c instanceof NosqlInjectionATM::NosqlInjectionATMConfig and - endpointTypeEncoded = c.getASinkEndpointType().getEncoding() + label = c.getASinkEndpointType().getEncoding() or queryName = "TaintedPathSink" and c instanceof TaintedPathATM::TaintedPathATMConfig and - endpointTypeEncoded = c.getASinkEndpointType().getEncoding() + label = c.getASinkEndpointType().getEncoding() ) -select queryName, endpointTypeEncoded order by endpointTypeEncoded +select queryName, label order by label