Minor changes from code review

tiferet · tiferet · commit 74c8bfff4f0c · 2022-11-04T09:30:31.000-07:00
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll
@@ -45,7 +45,7 @@ abstract class AtmConfig extends string {
    *
    * Holds if `sink` is a known sink of flow.
    */
-  predicate isKnownSink(JS::DataFlow::Node sink) {
+  final predicate isKnownSink(JS::DataFlow::Node sink) {
     // If the list of characteristics includes positive indicators with maximal confidence for this class, then it's a
     // known sink for the class.
     exists(EndpointCharacteristic characteristic |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll
@@ -1,9 +1,5 @@
 /**
  * For internal use only.
- *
- * Defines a set of characteristics that a particular endpoint might have. This set of characteristics is used to make
- * decisions about whether to include the endpoint in the training set and with what label, as well as whether to score
- * the endpoint at inference time.
  */
 
 import experimental.adaptivethreatmodeling.EndpointTypes
@@ -12,37 +8,45 @@ private import semmle.javascript.security.dataflow.DomBasedXssCustomizations
 private import semmle.javascript.security.dataflow.NosqlInjectionCustomizations
 private import semmle.javascript.security.dataflow.TaintedPathCustomizations
 
+/**
+ * Defines a set of characteristics that a particular endpoint might have. This set of characteristics is used to make
+ * decisions about whether to include the endpoint in the training set and with what label, as well as whether to score
+ * the endpoint at inference time.
+ */
 abstract class EndpointCharacteristic extends string {
-  // The name of the characteristic, which should describe some characteristic of the endpoint that is meaningful for
-  // determining whether it's a sink and if so of which type
+  /**
+   * The name of the characteristic, which should describe some characteristic of the endpoint that is meaningful for
+   *  determining whether it's a sink and if so of which type
+   */
   bindingset[this]
   EndpointCharacteristic() { any() }
 
-  // Indicators with confidence at or above this threshold are considered to be high-confidence indicators.
+  /** Indicators with confidence at or above this threshold are considered to be high-confidence indicators. */
   float getHighConfidenceThreshold() { result = 0.8 }
 
-  // Indicators with confidence at or above this threshold are considered to be medium-confidence indicators.
+  /** Indicators with confidence at or above this threshold are considered to be medium-confidence indicators. */
   float getMediumConfidenceThreshold() { result = 0.5 }
 
-  // The logic to identify which endpoints have this characteristic.
+  /** The logic to identify which endpoints have this characteristic. */
   abstract predicate getEndpoints(DataFlow::Node n);
 
-  // This predicate describes what the characteristic tells us about an endpoint.
-  //
-  // Params:
-  // endpointClass: Class 0 is the negative class. Each positive int corresponds to a single sink type.
-  // isPositiveIndicator: Does this characteristic indicate this endpoint _is_ a member of the class, or that it
-  // _isn't_ a member of the class?
-  // confidence: A number in [0, 1], which tells us how strong an indicator this characteristic is for the endpoint
-  // belonging / not belonging to the given class.
+  /**
+   * This predicate describes what the characteristic tells us about an endpoint.
+   *
+   *  Params:
+   *  endpointClass: Class 0 is the negative class. Each positive int corresponds to a single sink type.
+   *  isPositiveIndicator: Does this characteristic indicate this endpoint _is_ a member of the class, or that it
+   *  _isn't_ a member of the class?
+   *  confidence: A number in [0, 1], which tells us how strong an indicator this characteristic is for the endpoint
+   *  belonging / not belonging to the given class.
+   */
   abstract predicate getImplications(
     EndpointType endpointClass, boolean isPositiveIndicator, float confidence
   );
 }
 
 /**
- * Endpoints that were identified as "DomBasedXssSink" by the standard Javascript library are XSS sinks with maximal
- * confidence.
+ * Endpoints identified as "DomBasedXssSink" by the standard JavaScript libraries are XSS sinks with maximal confidence.
  */
 private class DomBasedXssSinkCharacteristic extends EndpointCharacteristic {
   DomBasedXssSinkCharacteristic() { this = "DomBasedXssSink" }
@@ -57,8 +61,8 @@ private class DomBasedXssSinkCharacteristic extends EndpointCharacteristic {
 }
 
 /**
- * Endpoints that were identified as "TaintedPathSink" by the standard Javascript library are path injection sinks with
- * maximal confidence.
+ * Endpoints identified as "TaintedPathSink" by the standard JavaScript libraries are path injection sinks with maximal
+ * confidence.
  */
 private class TaintedPathSinkCharacteristic extends EndpointCharacteristic {
   TaintedPathSinkCharacteristic() { this = "TaintedPathSink" }
@@ -73,8 +77,8 @@ private class TaintedPathSinkCharacteristic extends EndpointCharacteristic {
 }
 
 /**
- * Endpoints that were identified as "SqlInjectionSink" by the standard Javascript library are SQL injection sinks with
- * maximal confidence.
+ * Endpoints identified as "SqlInjectionSink" by the standard JavaScript libraries are SQL injection sinks with maximal
+ * confidence.
  */
 private class SqlInjectionSinkCharacteristic extends EndpointCharacteristic {
   SqlInjectionSinkCharacteristic() { this = "SqlInjectionSink" }
@@ -91,8 +95,8 @@ private class SqlInjectionSinkCharacteristic extends EndpointCharacteristic {
 }
 
 /**
- * Endpoints that were identified as "NosqlInjectionSink" by the standard Javascript library are NoSQL injection sinks
- * with maximal confidence.
+ * Endpoints identified as "NosqlInjectionSink" by the standard JavaScript libraries are NoSQL injection sinks with
+ * maximal confidence.
  */
 private class NosqlInjectionSinkCharacteristic extends EndpointCharacteristic {
   NosqlInjectionSinkCharacteristic() { this = "NosqlInjectionSink" }

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ abstract class AtmConfig extends string {`
`45`	`45`	`*`
`46`	`46`	* Holds if `sink` is a known sink of flow.
`47`	`47`	`*/`
`48`		`- predicate isKnownSink(JS::DataFlow::Node sink) {`
	`48`	`+ final predicate isKnownSink(JS::DataFlow::Node sink) {`
`49`	`49`	`// If the list of characteristics includes positive indicators with maximal confidence for this class, then it's a`
`50`	`50`	`// known sink for the class.`
`51`	`51`	`exists(EndpointCharacteristic characteristic \|`