JS: Remove 'response' from default threat-models

RasmusWL · RasmusWL · commit dbfbd2c00a3f · 2024-10-25T14:52:49.000+02:00
I didn't want to put the configuration file in
`semmle/javascript/frameworks/**/*.model.yml`, so created `ext/` as in other
languages
diff --git a/javascript/ql/lib/ext/default-threat-models-fixup.model.yml b/javascript/ql/lib/ext/default-threat-models-fixup.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/threat-models
+      extensible: threatModelConfiguration
+    data:
+    # Since responses are enabled by default in the shared threat-models configuration,
+    # we need to disable it here to keep existing behavior for the javascript analysis.
+      - ["response", false, -2147483647]
diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml
@@ -18,4 +18,5 @@ dataExtensions:
   - semmle/javascript/frameworks/**/model.yml
   - semmle/javascript/frameworks/**/*.model.yml
   - semmle/javascript/security/domains/**/*.model.yml
+  - ext/*.model.yml
 warnOnImplicitThis: true
diff --git a/javascript/ql/test/library-tests/threat-models/default/ActiveKinds.expected b/javascript/ql/test/library-tests/threat-models/default/ActiveKinds.expected
@@ -1,4 +1,3 @@
 | default |
 | remote |
 | request |
-| response |
