From db9cec6ea6694729852e49d24768e87a423aa966 Mon Sep 17 00:00:00 2001
From: tiferet <tiferet@github.com>
Date: Thu, 26 Jan 2023 14:55:45 -0800
Subject: [PATCH] Add an endpoint filter to filter out flow steps

---
 .../EndpointCharacteristics.qll                  | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll b/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll
index b7732ca8f38..828e0373666 100644
--- a/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll
+++ b/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll
@@ -487,6 +487,22 @@ private class IsExternalCharacteristic extends StandardEndpointFilterCharacteris
     not exists(n.getLocation().getFile().getRelativePath())
   }
 }
+
+private class IsFlowStep extends StandardEndpointFilterCharacteristic {
+  IsFlowStep() { this = "flow step" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(Call call | n.asExpr() = call.getAnArgument() | isKnownStepSrc(n))
+  }
+
+  /**
+   * Holds if the node `n` is known as the predecessor in a modeled flow step.
+   */
+  private predicate isKnownStepSrc(DataFlow::Node n) {
+    any(TaintTracking::Configuration c).isAdditionalFlowStep(n, _) or
+    TaintTracking::localTaintStep(n, _)
+  }
+}
 // class IsArgumentToModeledFunctionCharacteristic extends StandardEndpointFilterCharacteristic {
 //   IsArgumentToModeledFunctionCharacteristic() { this = "argument to modeled function" }
 //   override predicate appliesToEndpoint(DataFlow::Node n) {