add new security queries to extraction query

2026-05-27 17:41:24 +02:00 · 2022-03-09 14:01:30 +00:00
parent b4964aa2d9
commit fdec904a7a
2 changed files with 31 additions and 1 deletions
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll
@@ -18,6 +18,9 @@ import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAT
 import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionATM
 import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathATM
 import experimental.adaptivethreatmodeling.XssATM as XssATM
+import experimental.adaptivethreatmodeling.StoredXssATM as StoredXssATM
+import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomATM
+import experimental.adaptivethreatmodeling.CodeInjectionATM as CodeInjectionATM
 import Labels
 import NoFeaturizationRestrictionsConfig
 import Queries
@@ -32,6 +35,12 @@ ATMConfig getATMCfg(Query query) {
  query instanceof TaintedPathQuery and result instanceof TaintedPathATM::TaintedPathATMConfig
  or
  query instanceof XssQuery and result instanceof XssATM::DomBasedXssATMConfig
+  or
+  query instanceof StoredXssQuery and result instanceof StoredXssATM::StoredXssATMConfig
+  or
+  query instanceof XssThroughDomQuery and result instanceof XssThroughDomATM::XssThroughDOMATMConfig
+  or
+  query instanceof CodeInjectionQuery and result instanceof CodeInjectionATM::CodeInjectionATMConfig
 }

 /** Gets the ATM data flow configuration for the specified query. */
@@ -43,6 +52,12 @@ DataFlow::Configuration getDataFlowCfg(Query query) {
  query instanceof TaintedPathQuery and result instanceof TaintedPathATM::Configuration
  or
  query instanceof XssQuery and result instanceof XssATM::Configuration
+  or
+  query instanceof StoredXssQuery and result instanceof StoredXssATM::Configuration
+  or
+  query instanceof XssThroughDomQuery and result instanceof XssThroughDomATM::Configuration
+  or
+  query instanceof CodeInjectionQuery and result instanceof CodeInjectionATM::Configuration
 }

 /** Gets a known sink for the specified query. */
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll
@@ -8,7 +8,10 @@ newtype TQuery =
  TNosqlInjectionQuery() or
  TSqlInjectionQuery() or
  TTaintedPathQuery() or
-  TXssQuery()
+  TXssQuery() or
+  TStoredXssQuery() or
+  TXssThroughDomQuery() or
+  TCodeInjectionQuery()

 abstract class Query extends TQuery {
  abstract string getName();
@@ -31,3 +34,15 @@ class TaintedPathQuery extends Query, TTaintedPathQuery {
 class XssQuery extends Query, TXssQuery {
  override string getName() { result = "Xss" }
 }
+
+class StoredXssQuery extends Query, TStoredXssQuery {
+  override string getName() { result = "StoredXss" }
+}
+
+class XssThroughDomQuery extends Query, TXssThroughDomQuery {
+  override string getName() { result = "XssThroughDom" }
+}
+
+class CodeInjectionQuery extends Query, TCodeInjectionQuery {
+  override string getName() { result = "CodeInjection" }
+}