Use names constants for confidence levels

tiferet · tiferet · commit dbcdc2209e55 · 2022-11-09T14:25:08.000-08:00
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll
@@ -50,7 +50,8 @@ abstract class AtmConfig extends string {
     // known sink for the class.
     exists(EndpointCharacteristic characteristic |
       characteristic.getEndpoints(sink) and
-      characteristic.getImplications(this.getASinkEndpointType(), true, 1.0)
+      characteristic
+          .getImplications(this.getASinkEndpointType(), true, characteristic.maximalConfidence())
     )
   }
 
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll
@@ -44,6 +44,14 @@ abstract class EndpointCharacteristic extends string {
   abstract predicate getImplications(
     EndpointType endpointClass, boolean isPositiveIndicator, float confidence
   );
+
+  // The following are some confidence values that are used in practice by the subclasses. They are defined as named
+  // constants here to make it easier to change them in the future.
+  final float maximalConfidence() { result = 1.0 }
+
+  final float highConfidence() { result = 0.9 }
+
+  final float mediumConfidence() { result = 0.6 }
 }
 
 /*
@@ -63,7 +71,9 @@ private class DomBasedXssSinkCharacteristic extends EndpointCharacteristic {
   override predicate getImplications(
     EndpointType endpointClass, boolean isPositiveIndicator, float confidence
   ) {
-    endpointClass instanceof XssSinkType and isPositiveIndicator = true and confidence = 1.0
+    endpointClass instanceof XssSinkType and
+    isPositiveIndicator = true and
+    confidence = maximalConfidence()
   }
 }
 
@@ -79,7 +89,9 @@ private class TaintedPathSinkCharacteristic extends EndpointCharacteristic {
   override predicate getImplications(
     EndpointType endpointClass, boolean isPositiveIndicator, float confidence
   ) {
-    endpointClass instanceof TaintedPathSinkType and isPositiveIndicator = true and confidence = 1.0
+    endpointClass instanceof TaintedPathSinkType and
+    isPositiveIndicator = true and
+    confidence = maximalConfidence()
   }
 }
 
@@ -97,7 +109,7 @@ private class SqlInjectionSinkCharacteristic extends EndpointCharacteristic {
   ) {
     endpointClass instanceof SqlInjectionSinkType and
     isPositiveIndicator = true and
-    confidence = 1.0
+    confidence = maximalConfidence()
   }
 }
 
@@ -115,7 +127,7 @@ private class NosqlInjectionSinkCharacteristic extends EndpointCharacteristic {
   ) {
     endpointClass instanceof NosqlInjectionSinkType and
     isPositiveIndicator = true and
-    confidence = 1.0
+    confidence = maximalConfidence()
   }
 }
 
@@ -151,7 +163,9 @@ abstract private class NotASinkCharacteristic extends OtherModeledArgumentCharac
   override predicate getImplications(
     EndpointType endpointClass, boolean isPositiveIndicator, float confidence
   ) {
-    endpointClass instanceof NegativeType and isPositiveIndicator = true and confidence = 0.9
+    endpointClass instanceof NegativeType and
+    isPositiveIndicator = true and
+    confidence = highConfidence()
   }
 }
 
@@ -168,7 +182,9 @@ abstract class LikelyNotASinkCharacteristic extends OtherModeledArgumentCharacte
   override predicate getImplications(
     EndpointType endpointClass, boolean isPositiveIndicator, float confidence
   ) {
-    endpointClass instanceof NegativeType and isPositiveIndicator = true and confidence = 0.6
+    endpointClass instanceof NegativeType and
+    isPositiveIndicator = true and
+    confidence = mediumConfidence()
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,8 @@ abstract class AtmConfig extends string {`
`50`	`50`	`// known sink for the class.`
`51`	`51`	`exists(EndpointCharacteristic characteristic \|`
`52`	`52`	`characteristic.getEndpoints(sink) and`
`53`		`- characteristic.getImplications(this.getASinkEndpointType(), true, 1.0)`
	`53`	`+ characteristic`
	`54`	`+ .getImplications(this.getASinkEndpointType(), true, characteristic.maximalConfidence())`
`54`	`55`	`)`
`55`	`56`	`}`
`56`	`57`
Original file line number	Diff line number	Diff line change
`@@ -44,6 +44,14 @@ abstract class EndpointCharacteristic extends string {`
`44`	`44`	`abstract predicate getImplications(`
`45`	`45`	`EndpointType endpointClass, boolean isPositiveIndicator, float confidence`
`46`	`46`	`);`
	`47`	`+`
	`48`	`+ // The following are some confidence values that are used in practice by the subclasses. They are defined as named`
	`49`	`+ // constants here to make it easier to change them in the future.`
	`50`	`+ final float maximalConfidence() { result = 1.0 }`
	`51`	`+`
	`52`	`+ final float highConfidence() { result = 0.9 }`
	`53`	`+`
	`54`	`+ final float mediumConfidence() { result = 0.6 }`
`47`	`55`	`}`
`48`	`56`
`49`	`57`	`/*`
`@@ -63,7 +71,9 @@ private class DomBasedXssSinkCharacteristic extends EndpointCharacteristic {`
`63`	`71`	`override predicate getImplications(`
`64`	`72`	`EndpointType endpointClass, boolean isPositiveIndicator, float confidence`
`65`	`73`	`) {`
`66`		`- endpointClass instanceof XssSinkType and isPositiveIndicator = true and confidence = 1.0`
	`74`	`+ endpointClass instanceof XssSinkType and`
	`75`	`+ isPositiveIndicator = true and`
	`76`	`+ confidence = maximalConfidence()`
`67`	`77`	`}`
`68`	`78`	`}`
`69`	`79`
`@@ -79,7 +89,9 @@ private class TaintedPathSinkCharacteristic extends EndpointCharacteristic {`
`79`	`89`	`override predicate getImplications(`
`80`	`90`	`EndpointType endpointClass, boolean isPositiveIndicator, float confidence`
`81`	`91`	`) {`
`82`		`- endpointClass instanceof TaintedPathSinkType and isPositiveIndicator = true and confidence = 1.0`
	`92`	`+ endpointClass instanceof TaintedPathSinkType and`
	`93`	`+ isPositiveIndicator = true and`
	`94`	`+ confidence = maximalConfidence()`
`83`	`95`	`}`
`84`	`96`	`}`
`85`	`97`
`@@ -97,7 +109,7 @@ private class SqlInjectionSinkCharacteristic extends EndpointCharacteristic {`
`97`	`109`	`) {`
`98`	`110`	`endpointClass instanceof SqlInjectionSinkType and`
`99`	`111`	`isPositiveIndicator = true and`
`100`		`- confidence = 1.0`
	`112`	`+ confidence = maximalConfidence()`
`101`	`113`	`}`
`102`	`114`	`}`
`103`	`115`
`@@ -115,7 +127,7 @@ private class NosqlInjectionSinkCharacteristic extends EndpointCharacteristic {`
`115`	`127`	`) {`
`116`	`128`	`endpointClass instanceof NosqlInjectionSinkType and`
`117`	`129`	`isPositiveIndicator = true and`
`118`		`- confidence = 1.0`
	`130`	`+ confidence = maximalConfidence()`
`119`	`131`	`}`
`120`	`132`	`}`
`121`	`133`
`@@ -151,7 +163,9 @@ abstract private class NotASinkCharacteristic extends OtherModeledArgumentCharac`
`151`	`163`	`override predicate getImplications(`
`152`	`164`	`EndpointType endpointClass, boolean isPositiveIndicator, float confidence`
`153`	`165`	`) {`
`154`		`- endpointClass instanceof NegativeType and isPositiveIndicator = true and confidence = 0.9`
	`166`	`+ endpointClass instanceof NegativeType and`
	`167`	`+ isPositiveIndicator = true and`
	`168`	`+ confidence = highConfidence()`
`155`	`169`	`}`
`156`	`170`	`}`
`157`	`171`
`@@ -168,7 +182,9 @@ abstract class LikelyNotASinkCharacteristic extends OtherModeledArgumentCharacte`
`168`	`182`	`override predicate getImplications(`
`169`	`183`	`EndpointType endpointClass, boolean isPositiveIndicator, float confidence`
`170`	`184`	`) {`
`171`		`- endpointClass instanceof NegativeType and isPositiveIndicator = true and confidence = 0.6`
	`185`	`+ endpointClass instanceof NegativeType and`
	`186`	`+ isPositiveIndicator = true and`
	`187`	`+ confidence = mediumConfidence()`
`172`	`188`	`}`
`173`	`189`	`}`
`174`	`190`