From fd75952c1e8ea7f3b4f01a7c47b0e4445bc8d9cc Mon Sep 17 00:00:00 2001
From: tiferet <tiferet@github.com>
Date: Tue, 3 Jan 2023 11:58:55 -0800
Subject: [PATCH] Improvements to ExtractSinkCandidatesWithFlow.ql

---
 .../src/ExtractSinkCandidatesWithFlow.ql            | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/java/ql/experimental/adaptivethreatmodeling/src/ExtractSinkCandidatesWithFlow.ql b/java/ql/experimental/adaptivethreatmodeling/src/ExtractSinkCandidatesWithFlow.ql
index 101851c0e8e..68513922210 100644
--- a/java/ql/experimental/adaptivethreatmodeling/src/ExtractSinkCandidatesWithFlow.ql
+++ b/java/ql/experimental/adaptivethreatmodeling/src/ExtractSinkCandidatesWithFlow.ql
@@ -18,18 +18,15 @@ private import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjecti
 private import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
 private import experimental.adaptivethreatmodeling.RequestForgeryATM as RequestForgeryAtm
 
-// private import experimental.adaptivethreatmodeling.XssATM as XssAtm
-// private import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomAtm
-from DataFlow::PathNode sink, string message
+from DataFlow::Node sink, string message
 where
   // The message is the concatenation of all relevant configs, and we surface only sinks that have at least one relevant
   // config.
   message =
-    strictconcat(AtmConfig::AtmConfig config |
-      config.isSinkCandidateWithFlow(sink)
+    strictconcat(AtmConfig::AtmConfig config, DataFlow::PathNode sinkPathNode |
+      config.isSinkCandidateWithFlow(sinkPathNode) and
+      sinkPathNode.getNode() = sink
     |
       config.getASinkEndpointType().getDescription(), ", "
-      order by
-        config.getASinkEndpointType().getDescription()
     )
-select sink.getNode(), message
+select sink, message