diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll index 520ae82dd1e..9ae700f0b7c 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll +++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll @@ -231,7 +231,6 @@ private newtype TEndpointFeature = TCalleeAccessPathWithStructuralInfo() or TEnclosingFunctionBody() or TCallee_AccessPath() or - TInput_ArgumentIndexAndAccessPathFromCallee() or TInput_AccessPathFromCallee() or TInput_ArgumentIndex() @@ -561,43 +560,12 @@ class Callee_AccessPath extends EndpointFeature, TCallee_AccessPath { } } -/** - * The feature for how a callee can refer to a the endpoint that is "contained" in an argument to a call - * - * "Containment" is syntactic, and currently means that the endpoint is an argument to the call, or that the endpoint is a (nested) property value of an argument. - * - * This feature is intended as a superior version of the `ArgumentIndexFeature`. - * - * Examples: - * ``` - * foo(endpoint); // -> 0 - * foo({ bar: endpoint }); // -> 0.bar - * foo(x, { bar: { baz: endpoint } }); // -> 1.bar.baz - * ``` - */ -class Input_ArgumentIndexAndAccessPathFromCallee extends EndpointFeature, - TInput_ArgumentIndexAndAccessPathFromCallee { - override string getName() { result = "Input_ArgumentIndexAndAccessPathFromCallee" } - - override string getValue(DataFlow::Node endpoint) { - exists(DataFlow::InvokeNode invk | - result = SyntacticUtilities::getSimpleParameterAccessPath(endpoint) and - ( - invk.getAnArgument() = endpoint or - SyntacticUtilities::getANestedInitializerValue(invk.getAnArgument() - .asExpr() - .getUnderlyingValue()).flow() = endpoint - ) - ) - } -} - /** * The feature for how a callee can refer to a the endpoint that is "contained" in some argument to a call * * "Containment" is syntactic, and currently means that the endpoint is an argument to the call, or that the endpoint is a (nested) property value of an argument. * - * This feature is intended as a superior version of the `ArgumentIndexFeature`. + * This feature, together with `Input_ArgumentIndex` is intended as a far superior version of the `ArgumentIndexFeature`. * * Examples: * ``` diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/FeatureValue.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/FeatureValue.expected index dfef635cabd..753724d28de 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/FeatureValue.expected +++ b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/FeatureValue.expected @@ -1,13 +1,11 @@ | test.html:2:61:2:68 | endpoint | Callee_AccessPath | $event.target.files.item | | test.html:2:61:2:68 | endpoint | Input_ArgumentIndex | 0 | -| test.html:2:61:2:68 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | | test.html:2:61:2:68 | endpoint | argumentIndex | 0 | | test.html:2:61:2:68 | endpoint | calleeAccessPath | | | test.html:2:61:2:68 | endpoint | calleeAccessPathWithStructuralInfo | | | test.html:2:61:2:68 | endpoint | calleeName | item | | test.js:2:7:2:14 | endpoint | Callee_AccessPath | f | | test.js:2:7:2:14 | endpoint | Input_ArgumentIndex | 0 | -| test.js:2:7:2:14 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | | test.js:2:7:2:14 | endpoint | argumentIndex | 0 | | test.js:2:7:2:14 | endpoint | calleeAccessPath | | | test.js:2:7:2:14 | endpoint | calleeAccessPathWithStructuralInfo | | @@ -17,7 +15,6 @@ | test.js:3:11:3:18 | endpoint | Callee_AccessPath | f | | test.js:3:11:3:18 | endpoint | Input_AccessPathFromCallee | 0.p | | test.js:3:11:3:18 | endpoint | Input_ArgumentIndex | 0 | -| test.js:3:11:3:18 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0.p | | test.js:3:11:3:18 | endpoint | calleeAccessPath | | | test.js:3:11:3:18 | endpoint | calleeAccessPathWithStructuralInfo | | | test.js:3:11:3:18 | endpoint | enclosingFunctionBody | f endpoint f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint | @@ -25,14 +22,12 @@ | test.js:4:15:4:22 | endpoint | Callee_AccessPath | f | | test.js:4:15:4:22 | endpoint | Input_AccessPathFromCallee | 0.p.q | | test.js:4:15:4:22 | endpoint | Input_ArgumentIndex | 0 | -| test.js:4:15:4:22 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0.p.q | | test.js:4:15:4:22 | endpoint | calleeAccessPath | | | test.js:4:15:4:22 | endpoint | calleeAccessPathWithStructuralInfo | | | test.js:4:15:4:22 | endpoint | enclosingFunctionBody | f endpoint f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint | | test.js:4:15:4:22 | endpoint | enclosingFunctionName | | | test.js:5:9:5:16 | endpoint | Callee_AccessPath | o.m | | test.js:5:9:5:16 | endpoint | Input_ArgumentIndex | 0 | -| test.js:5:9:5:16 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | | test.js:5:9:5:16 | endpoint | argumentIndex | 0 | | test.js:5:9:5:16 | endpoint | calleeAccessPath | | | test.js:5:9:5:16 | endpoint | calleeAccessPathWithStructuralInfo | | @@ -43,7 +38,6 @@ | test.js:6:13:6:20 | endpoint | Callee_AccessPath | o.m | | test.js:6:13:6:20 | endpoint | Input_AccessPathFromCallee | 0.p | | test.js:6:13:6:20 | endpoint | Input_ArgumentIndex | 0 | -| test.js:6:13:6:20 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0.p | | test.js:6:13:6:20 | endpoint | calleeAccessPath | | | test.js:6:13:6:20 | endpoint | calleeAccessPathWithStructuralInfo | | | test.js:6:13:6:20 | endpoint | enclosingFunctionBody | f endpoint f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint | @@ -51,21 +45,18 @@ | test.js:7:17:7:24 | endpoint | Callee_AccessPath | o.m | | test.js:7:17:7:24 | endpoint | Input_AccessPathFromCallee | 0.p.q | | test.js:7:17:7:24 | endpoint | Input_ArgumentIndex | 0 | -| test.js:7:17:7:24 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0.p.q | | test.js:7:17:7:24 | endpoint | calleeAccessPath | | | test.js:7:17:7:24 | endpoint | calleeAccessPathWithStructuralInfo | | | test.js:7:17:7:24 | endpoint | enclosingFunctionBody | f endpoint f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint | | test.js:7:17:7:24 | endpoint | enclosingFunctionName | | | test.js:8:11:8:18 | endpoint | Callee_AccessPath | F | | test.js:8:11:8:18 | endpoint | Input_ArgumentIndex | 0 | -| test.js:8:11:8:18 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | ? | | test.js:8:11:8:18 | endpoint | calleeAccessPath | | | test.js:8:11:8:18 | endpoint | calleeAccessPathWithStructuralInfo | | | test.js:8:11:8:18 | endpoint | enclosingFunctionBody | f endpoint f p endpoint f p q endpoint o m endpoint o m p endpoint o m p q endpoint F endpoint o m m m endpoint f endpoint o x m endpoint o m x p m endpoint p endpoint foo bar baz endpoint foo bar endpoint | | test.js:8:11:8:18 | endpoint | enclosingFunctionName | | | test.js:9:17:9:24 | endpoint | Callee_AccessPath | o.m().m().m | | test.js:9:17:9:24 | endpoint | Input_ArgumentIndex | 0 | -| test.js:9:17:9:24 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | | test.js:9:17:9:24 | endpoint | argumentIndex | 0 | | test.js:9:17:9:24 | endpoint | calleeAccessPath | | | test.js:9:17:9:24 | endpoint | calleeAccessPathWithStructuralInfo | | @@ -74,7 +65,6 @@ | test.js:9:17:9:24 | endpoint | enclosingFunctionName | | | test.js:10:9:10:16 | endpoint | Callee_AccessPath | f() | | test.js:10:9:10:16 | endpoint | Input_ArgumentIndex | 0 | -| test.js:10:9:10:16 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | | test.js:10:9:10:16 | endpoint | argumentIndex | 0 | | test.js:10:9:10:16 | endpoint | calleeAccessPath | | | test.js:10:9:10:16 | endpoint | calleeAccessPathWithStructuralInfo | | @@ -82,7 +72,6 @@ | test.js:10:9:10:16 | endpoint | enclosingFunctionName | | | test.js:11:12:11:19 | endpoint | Callee_AccessPath | o.?.m | | test.js:11:12:11:19 | endpoint | Input_ArgumentIndex | 0 | -| test.js:11:12:11:19 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | | test.js:11:12:11:19 | endpoint | argumentIndex | 0 | | test.js:11:12:11:19 | endpoint | calleeAccessPath | | | test.js:11:12:11:19 | endpoint | calleeAccessPathWithStructuralInfo | | @@ -91,7 +80,6 @@ | test.js:11:12:11:19 | endpoint | enclosingFunctionName | | | test.js:12:16:12:23 | endpoint | Callee_AccessPath | o.m.?.p.m | | test.js:12:16:12:23 | endpoint | Input_ArgumentIndex | 0 | -| test.js:12:16:12:23 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | | test.js:12:16:12:23 | endpoint | argumentIndex | 0 | | test.js:12:16:12:23 | endpoint | calleeAccessPath | | | test.js:12:16:12:23 | endpoint | calleeAccessPathWithStructuralInfo | | @@ -100,7 +88,6 @@ | test.js:12:16:12:23 | endpoint | enclosingFunctionName | | | test.js:13:15:13:22 | endpoint | Callee_AccessPath | (await p) | | test.js:13:15:13:22 | endpoint | Input_ArgumentIndex | 0 | -| test.js:13:15:13:22 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | | test.js:13:15:13:22 | endpoint | argumentIndex | 0 | | test.js:13:15:13:22 | endpoint | calleeAccessPath | | | test.js:13:15:13:22 | endpoint | calleeAccessPathWithStructuralInfo | | @@ -108,7 +95,6 @@ | test.js:13:15:13:22 | endpoint | enclosingFunctionName | | | test.js:14:27:14:34 | endpoint | Callee_AccessPath | import(!).bar.baz | | test.js:14:27:14:34 | endpoint | Input_ArgumentIndex | 0 | -| test.js:14:27:14:34 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | | test.js:14:27:14:34 | endpoint | argumentIndex | 0 | | test.js:14:27:14:34 | endpoint | calleeAccessPath | foo bar baz | | test.js:14:27:14:34 | endpoint | calleeAccessPathWithStructuralInfo | foo member bar member baz instanceorreturn | @@ -118,7 +104,6 @@ | test.js:14:27:14:34 | endpoint | enclosingFunctionName | | | test.js:16:13:16:20 | endpoint | Callee_AccessPath | bar | | test.js:16:13:16:20 | endpoint | Input_ArgumentIndex | 0 | -| test.js:16:13:16:20 | endpoint | Input_ArgumentIndexAndAccessPathFromCallee | 0 | | test.js:16:13:16:20 | endpoint | argumentIndex | 0 | | test.js:16:13:16:20 | endpoint | calleeAccessPath | | | test.js:16:13:16:20 | endpoint | calleeAccessPathWithStructuralInfo | |