JS: Add database threat-model source modeling

Author: RasmusWL

javascript/ql/lib/semmle/javascript/Concepts.qll

@@ -148,6 +148,17 @@ abstract class DatabaseAccess extends DataFlow::Node {
   }
 }
 
+/**
+ * A DatabaseAccess seen as a ThreatModelSource.
+ */
+private class DatabaseAccessAsThreatModelSource extends ThreatModelSource::Range {
+  DatabaseAccessAsThreatModelSource() { this = any(DatabaseAccess access).getAResult() }
+
+  override string getThreatModel() { result = "database" }
+
+  override string getSourceType() { result = "DatabaseAccess" }
+}
+
 /**
  * A data flow node that reads persistent data.
  */

javascript/ql/test/library-tests/threat-models/sources/sources.js

@@ -42,3 +42,16 @@ const program = new Command();
 program.parse(process.argv); // $ threat-source=commandargs
 
 SINK(program.opts().foo); // $ hasFlow SPURIOUS: threat-source=commandargs
+
+// ------ reading from database ------
+
+// Accessing database using mysql
+const mysql = require('mysql');
+const connection = mysql.createConnection({host: 'localhost'});
+connection.connect();
+connection.query('SELECT 1 + 1 AS solution', function (error, results, fields) { // $ threat-source=database
+    if (error) throw error;
+    SINK(results); // $ hasFlow
+    SINK(results[0]); // $ hasFlow
+    SINK(results[0].solution); // $ hasFlow
+});