make ATM anti sink model for dojo.require

Author: esbena

javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/CoreKnowledge.qll

@@ -209,6 +209,9 @@ predicate isOtherModeledArgument(DataFlow::Node n, FilteringReason reason) {
     call.getCalleeName() = "next" and
     exists(DataFlow::FunctionNode f | call = f.getLastParameter().getACall()) and
     reason instanceof NextFunctionCallReason
+    or
+    call = DataFlow::globalVarRef("dojo").getAPropertyRead("require").getACall() and
+    reason instanceof DojoRequireReason
   )
   or
   (exists(Base64::Decode d | n = d.getInput()) or exists(Base64::Encode d | n = d.getInput())) and

javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FilteringReasons.qll

@@ -31,7 +31,8 @@ newtype TFilteringReason =
   TConstantReceiverReason() or
   TBuiltinCallNameReason() or
   TBase64ManipulationReason() or
-  TJQueryArgumentReason()
+  TJQueryArgumentReason() or
+  TDojoRequireReason()
 
 /** A reason why a particular endpoint was filtered out by the endpoint filters. */
 abstract class FilteringReason extends TFilteringReason {
@@ -208,3 +209,9 @@ class JQueryArgumentReason extends NotASinkReason, TJQueryArgumentReason {
 
   override int getEncoding() { result = 29 }
 }
+
+class DojoRequireReason extends NotASinkReason, TDojoRequireReason {
+  override string getDescription() { result = "DojoRequire" }
+
+  override int getEncoding() { result = 30 }
+}