Merge pull request github#9193 from github/tombolton/add-counting-queries

TomBolton · web-flow · commit 67572bb770c3 · 2022-05-25T10:02:28.000+01:00
JS: Add individual per-security-query counting queries
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountAlertsAndSinks.qll b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountAlertsAndSinks.qll
@@ -0,0 +1,20 @@
+/*
+ * For internal use only.
+ *
+ *
+ * Count the number of sinks and alerts for a particular dataflow config.
+ */
+
+import javascript
+import evaluation.EndToEndEvaluation
+
+query predicate countAlertsAndSinks(int numAlerts, int numSinks) {
+  numAlerts =
+    count(DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink |
+      cfg.hasFlow(source, sink) and not isFlowExcluded(source, sink)
+    ) and
+  numSinks =
+    count(DataFlow::Node sink |
+      exists(DataFlow::Configuration cfg | cfg.isSink(sink) or cfg.isSink(sink, _))
+    )
+}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountCodeInjection.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountCodeInjection.ql
@@ -0,0 +1,9 @@
+/*
+ * For internal use only.
+ *
+ *
+ * Count the number of sinks and alerts for the `CodeInjection` security query.
+ */
+
+import semmle.javascript.security.dataflow.CodeInjectionQuery
+import CountAlertsAndSinks
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountNosqlInjection.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountNosqlInjection.ql
@@ -0,0 +1,9 @@
+/*
+ * For internal use only.
+ *
+ *
+ * Count the number of sinks and alerts for the `NosqlInection` security query.
+ */
+
+import semmle.javascript.security.dataflow.NosqlInjectionQuery
+import CountAlertsAndSinks
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountSqlInjection.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountSqlInjection.ql
@@ -0,0 +1,9 @@
+/*
+ * For internal use only.
+ *
+ *
+ * Count the number of sinks and alerts for the `SqlInection` security query.
+ */
+
+import semmle.javascript.security.dataflow.SqlInjectionQuery
+import CountAlertsAndSinks
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountTaintedPath.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountTaintedPath.ql
@@ -0,0 +1,9 @@
+/*
+ * For internal use only.
+ *
+ *
+ * Count the number of sinks and alerts for the `TaintedPath` security query.
+ */
+
+import semmle.javascript.security.dataflow.TaintedPathQuery
+import CountAlertsAndSinks
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountXss.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountXss.ql
@@ -0,0 +1,9 @@
+/*
+ * For internal use only.
+ *
+ *
+ * Count the number of sinks and alerts for the `DomBasedXss` security query.
+ */
+
+import semmle.javascript.security.dataflow.DomBasedXssQuery
+import CountAlertsAndSinks
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountXssThroughDom.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountXssThroughDom.ql
@@ -0,0 +1,9 @@
+/*
+ * For internal use only.
+ *
+ *
+ * Count the number of sinks and alerts for the `XssThroughDom` security query.
+ */
+
+import semmle.javascript.security.dataflow.XssThroughDomQuery
+import CountAlertsAndSinks
