Rename AtmConfig to AtmConfigs and fix some imports.

2026-05-24 16:17:07 +02:00 · 2023-02-27 17:22:36 -08:00
parent e9da1f3751
commit d47007a930
5 changed files with 8 additions and 9 deletions
--- a/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfigs.qll
+++ b/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfigs.qll
@@ -5,12 +5,10 @@
 * possible. Java queries that are defined in a `.ql` file get copied into this file.
 */

-private import java as java
 private import semmle.code.java.dataflow.TaintTracking
+/* Configurations of queries we boost with ATM */
 import semmle.code.java.security.RequestForgeryConfig
 import semmle.code.java.security.SqlInjectionQuery
-import EndpointTypes
-import EndpointCharacteristics as EndpointCharacteristics
 /* Copied from java/ql/src/Security/CWE/CWE-022/TaintedPath.ql */
 private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.security.PathCreation
--- a/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll
+++ b/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll
@@ -10,7 +10,7 @@ import semmle.code.java.security.RequestForgery
 private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 import experimental.adaptivethreatmodeling.EndpointTypes
-private import experimental.adaptivethreatmodeling.ATMConfig
+private import experimental.adaptivethreatmodeling.ATMConfigs // To import the configurations of all supported Java queries
 private import semmle.code.java.security.ExternalAPIs as ExternalAPIs
 private import semmle.code.java.Expr as Expr

@@ -25,7 +25,7 @@ predicate isKnownSink(DataFlow::Node sink, SinkType sinkType) {
  // If the list of characteristics includes positive indicators with maximal confidence for this class, then it's a
  // known sink for the class.
  sinkType != any(NegativeSinkType negative) and
-  exists(EndpointCharacteristics::EndpointCharacteristic characteristic |
+  exists(EndpointCharacteristic characteristic |
    characteristic.appliesToEndpoint(sink) and
    characteristic.hasImplications(sinkType, true, characteristic.maximalConfidence())
  )
@@ -97,8 +97,8 @@ predicate erroneousConfidences(
 //  * both characteristics belong to the same query.
 //  */
 // private predicate knownOverlappingCharacteristics(
-//   EndpointCharacteristics::EndpointCharacteristic characteristic1,
-//   EndpointCharacteristics::EndpointCharacteristic characteristic2
+//   EndpointCharacteristic characteristic1,
+//   EndpointCharacteristic characteristic2
 // ) {
 //   characteristic1 != characteristic2 and
 //   characteristic1 = ["file creation sink", "other path injection sink"] and
--- a/java/ql/experimental/adaptivethreatmodeling/src/ExtractNegativeExamples.ql
+++ b/java/ql/experimental/adaptivethreatmodeling/src/ExtractNegativeExamples.ql
@@ -11,6 +11,7 @@ private import java
 import semmle.code.java.dataflow.TaintTracking
 private import experimental.adaptivethreatmodeling.EndpointCharacteristics as EndpointCharacteristics
 private import experimental.adaptivethreatmodeling.EndpointTypes
+private import experimental.adaptivethreatmodeling.ATMConfigs // To import the configurations of all supported Java queries

 bindingset[rate]
 DataFlow::Node getSampleFromSampleRate(float rate) {
--- a/java/ql/experimental/adaptivethreatmodeling/src/ExtractPositiveExamples.ql
+++ b/java/ql/experimental/adaptivethreatmodeling/src/ExtractPositiveExamples.ql
@@ -12,7 +12,7 @@ import semmle.code.java.dataflow.TaintTracking
 private import semmle.code.java.security.ExternalAPIs as ExternalAPIs
 private import experimental.adaptivethreatmodeling.EndpointCharacteristics as EndpointCharacteristics
 private import experimental.adaptivethreatmodeling.EndpointTypes
-private import experimental.adaptivethreatmodeling.ATMConfig as AtmConfig
+private import experimental.adaptivethreatmodeling.ATMConfigs // To import the configurations of all supported Java queries

 /*
 * ****** WARNING: ******
--- a/java/ql/experimental/adaptivethreatmodeling/src/ExtractSinkCandidatesWithFlow.ql
+++ b/java/ql/experimental/adaptivethreatmodeling/src/ExtractSinkCandidatesWithFlow.ql
@@ -16,7 +16,7 @@ import semmle.code.java.dataflow.TaintTracking
 private import semmle.code.java.dataflow.ExternalFlow
 private import experimental.adaptivethreatmodeling.EndpointCharacteristics as EndpointCharacteristics
 private import experimental.adaptivethreatmodeling.EndpointTypes
-private import experimental.adaptivethreatmodeling.ATMConfig as AtmConfig
+private import experimental.adaptivethreatmodeling.ATMConfigs // To import the configurations of all supported Java queries

 /**
 * Holds if the candidate sink `candidateSink` should be considered as a possible sink of type `sinkType`, and