diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ATMQuery.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ATMQuery.expected
new file mode 100644
index 00000000000..e392de09c67
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ATMQuery.expected
@@ -0,0 +1,157 @@
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:13:22:13:29 | req.body | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:70:13:70:25 | req.query.tag | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:70:13:70:25 | req.query.tag | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:115:11:115:22 | req.query.id | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:115:11:115:22 | req.query.id | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:10:22:10:29 | req.body | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:29 | req.body | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:25:13:32 | req.body | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | autogenerated/Xss/DomBasedXss/classnames.js:7:58:7:68 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | autogenerated/Xss/DomBasedXss/classnames.js:8:59:8:69 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | autogenerated/Xss/DomBasedXss/classnames.js:9:59:9:69 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | autogenerated/Xss/DomBasedXss/classnames.js:13:57:13:67 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | autogenerated/Xss/DomBasedXss/classnames.js:15:52:15:62 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:55 | window.location.hash | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:55 | window.location.hash | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | autogenerated/Xss/DomBasedXss/jquery.js:2:17:2:40 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | autogenerated/Xss/DomBasedXss/nodemailer.js:12:50:12:66 | req.query.message | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | autogenerated/Xss/DomBasedXss/sanitiser.js:16:17:16:27 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | autogenerated/Xss/DomBasedXss/sanitiser.js:16:17:16:27 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | autogenerated/Xss/DomBasedXss/sanitiser.js:16:17:16:27 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | autogenerated/Xss/DomBasedXss/sanitiser.js:16:17:16:27 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | autogenerated/Xss/DomBasedXss/sanitiser.js:16:17:16:27 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | autogenerated/Xss/DomBasedXss/tst3.js:2:42:2:63 | window. ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | autogenerated/Xss/DomBasedXss/tst.js:31:10:31:33 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | autogenerated/Xss/DomBasedXss/tst.js:46:21:46:44 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | autogenerated/Xss/DomBasedXss/tst.js:355:19:355:42 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | autogenerated/Xss/DomBasedXss/tst.js:355:19:355:42 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:2:16:2:39 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:2:16:2:39 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:2:16:2:39 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:2:16:2:39 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:2:16:2:39 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:2:16:2:39 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:17:20:40 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | autogenerated/Xss/ExceptionXss/exception-xss.js:146:12:146:35 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:13:22:13:29 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | autogenerated/TaintedPath/pupeteer.js:5:28:5:53 | parseTo ... t).name | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | autogenerated/TaintedPath/pupeteer.js:5:28:5:53 | parseTo ... t).name | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:55 | window.location.hash | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:55 | window.location.hash | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | autogenerated/Xss/DomBasedXss/nodemailer.js:12:50:12:66 | req.query.message | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | autogenerated/Xss/DomBasedXss/nodemailer.js:13:50:13:66 | req.query.message | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | autogenerated/Xss/DomBasedXss/tst3.js:2:42:2:63 | window. ... .search | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | autogenerated/Xss/DomBasedXss/tst.js:197:19:197:42 | documen ... .search | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | autogenerated/Xss/DomBasedXss/tst.js:197:19:197:42 | documen ... .search | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | autogenerated/Xss/DomBasedXss/tst.js:355:19:355:42 | documen ... .search | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | autogenerated/Xss/ExceptionXss/exception-xss.js:146:12:146:35 | documen ... .search | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:13:22:13:29 | req.body | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:70:13:70:25 | req.query.tag | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:70:13:70:25 | req.query.tag | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:115:11:115:22 | req.query.id | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:115:11:115:22 | req.query.id | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:10:22:10:29 | req.body | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:29 | req.body | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:25:13:32 | req.body | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:8:16:8:34 | req.params.category | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:8:16:8:34 | req.params.category | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:46:8:60 | $routeParams.id | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:46:10:58 | req.params.id | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:55 | window.location.hash | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:55 | window.location.hash | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | autogenerated/Xss/DomBasedXss/nodemailer.js:12:50:12:66 | req.query.message | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | autogenerated/Xss/DomBasedXss/tst3.js:2:42:2:63 | window. ... .search | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | autogenerated/Xss/ExceptionXss/exception-xss.js:146:12:146:35 | documen ... .search | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:13:22:13:29 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:13:19:13:26 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:13:19:13:26 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:70:13:70:25 | req.query.tag | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:70:13:70:25 | req.query.tag | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:115:11:115:22 | req.query.id | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:115:11:115:22 | req.query.id | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:10:22:10:29 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:29 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:25:13:32 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:73:42:73:55 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:130:35:130:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:139:48:139:61 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | autogenerated/Xss/DomBasedXss/nodemailer.js:12:50:12:66 | req.query.message | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | 1.0 |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ATMQuery.ql b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ATMQuery.ql
new file mode 100644
index 00000000000..5d358e7d739
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ATMQuery.ql
@@ -0,0 +1,22 @@
+/*
+ * ATMQuery.ql
+ *
+ * This test surfaces the endpoints that pass the endpoint filters and have flow from a source for each query config,
+ * and which codex predicts to in fact be sinks for the relevant sink type. It can be used to determine the alerts codex
+ * will surface for each query.
+ */
+
+private import javascript as JS
+import extraction.NoFeaturizationRestrictionsConfig
+private import experimental.adaptivethreatmodeling.ATMConfig as AtmConfig
+private import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAtm
+private import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
+private import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
+private import experimental.adaptivethreatmodeling.XssATM as XssAtm
+private import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomATM
+import experimental.adaptivethreatmodeling.AdaptiveThreatModeling::ATM::ResultsInfo as AtmResultsInfo
+
+from
+  AtmConfig::AtmConfig cfg, JS::DataFlow::PathNode source, JS::DataFlow::PathNode sink, float score
+where cfg.hasBoostedFlowPath(source, sink, score)
+select cfg, cfg.getASinkEndpointType().getEncoding(), sink.getNode(), source.getNode(), score