hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-23 15:47:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
5d62dc3d2ed2113afe2a9de0c40667672f4df44d
codeql/java/ql/experimental/adaptivethreatmodeling/src/ExtractPositiveExamples.ql

24 lines
984 B
Plaintext
Raw Blame History

/**
* Surfaces endpoints are sinks with high confidence, for use as positive examples in the prompt.
*
* @name Positive examples (experimental)
* @kind problem
* @id java/ml-powered/known-sink
* @tags experimental security
*/
private import java
import semmle.code.java.dataflow.TaintTracking
private import experimental.adaptivethreatmodeling.EndpointCharacteristics as EndpointCharacteristics
private import experimental.adaptivethreatmodeling.ATMConfig as AtmConfig
private import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
from
DataFlow::Node sink, AtmConfig::AtmConfig config,
EndpointCharacteristics::EndpointCharacteristic characteristic, float confidence
where
characteristic.appliesToEndpoint(sink) and
confidence >= characteristic.maximalConfidence() and
characteristic.hasImplications(config.getASinkEndpointType(), true, confidence)
select sink, "Sink of type " + characteristic + " with confidence " + confidence.toString()
Reference in New Issue View Git Blame Copy Permalink