Suggestion from code review:

Name the query configuration e.g. `NosqlInjectionATMConfig` rather than `Configuration`.

Author: tiferet

javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/NosqlInjectionATM.qll

@@ -10,8 +10,8 @@ private import semmle.javascript.heuristics.SyntacticHeuristics
 private import semmle.javascript.security.dataflow.NosqlInjectionCustomizations
 import AdaptiveThreatModeling
 
-class Configuration extends AtmConfig {
-  Configuration() { this = "NosqlInjectionATMConfig" }
+class NosqlInjectionAtmConfig extends AtmConfig {
+  NosqlInjectionAtmConfig() { this = "NosqlInjectionAtmConfig" }
 
   override predicate isKnownSource(DataFlow::Node source) {
     source instanceof NosqlInjection::Source or TaintedObject::isSource(source, _)

javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/SqlInjectionATM.qll

@@ -9,8 +9,8 @@ import semmle.javascript.heuristics.SyntacticHeuristics
 import semmle.javascript.security.dataflow.SqlInjectionCustomizations
 import AdaptiveThreatModeling
 
-class Configuration extends AtmConfig {
-  Configuration() { this = "SqlInjectionATMConfig" }
+class SqlInjectionAtmConfig extends AtmConfig {
+  SqlInjectionAtmConfig() { this = "SqlInjectionAtmConfig" }
 
   override predicate isKnownSource(DataFlow::Node source) { source instanceof SqlInjection::Source }
 

javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/TaintedPathATM.qll

@@ -9,8 +9,8 @@ import semmle.javascript.heuristics.SyntacticHeuristics
 import semmle.javascript.security.dataflow.TaintedPathCustomizations
 import AdaptiveThreatModeling
 
-class Configuration extends AtmConfig {
-  Configuration() { this = "TaintedPathATMConfig" }
+class TaintedPathAtmConfig extends AtmConfig {
+  TaintedPathAtmConfig() { this = "TaintedPathAtmConfig" }
 
   override predicate isKnownSource(DataFlow::Node source) { source instanceof TaintedPath::Source }
 

javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssATM.qll

@@ -9,8 +9,8 @@ private import semmle.javascript.heuristics.SyntacticHeuristics
 private import semmle.javascript.security.dataflow.DomBasedXssCustomizations
 import AdaptiveThreatModeling
 
-class Configuration extends AtmConfig {
-  Configuration() { this = "DomBasedXssATMConfig" }
+class DomBasedXssAtmConfig extends AtmConfig {
+  DomBasedXssAtmConfig() { this = "DomBasedXssAtmConfig" }
 
   override predicate isKnownSource(DataFlow::Node source) { source instanceof DomBasedXss::Source }
 

javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/DebugResultInclusion.ql

@@ -19,16 +19,16 @@ private import experimental.adaptivethreatmodeling.XssATM as XssAtm
 
 string getAReasonSinkExcluded(DataFlow::Node sinkCandidate, Query query) {
   query instanceof NosqlInjectionQuery and
-  result = any(NosqlInjectionAtm::Configuration cfg).getAReasonSinkExcluded(sinkCandidate)
+  result = any(NosqlInjectionAtm::NosqlInjectionAtmConfig cfg).getAReasonSinkExcluded(sinkCandidate)
   or
   query instanceof SqlInjectionQuery and
-  result = any(SqlInjectionAtm::Configuration cfg).getAReasonSinkExcluded(sinkCandidate)
+  result = any(SqlInjectionAtm::SqlInjectionAtmConfig cfg).getAReasonSinkExcluded(sinkCandidate)
   or
   query instanceof TaintedPathQuery and
-  result = any(TaintedPathAtm::Configuration cfg).getAReasonSinkExcluded(sinkCandidate)
+  result = any(TaintedPathAtm::TaintedPathAtmConfig cfg).getAReasonSinkExcluded(sinkCandidate)
   or
   query instanceof XssQuery and
-  result = any(XssAtm::Configuration cfg).getAReasonSinkExcluded(sinkCandidate)
+  result = any(XssAtm::DomBasedXssAtmConfig cfg).getAReasonSinkExcluded(sinkCandidate)
 }
 
 pragma[inline]

javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataTraining.qll

@@ -206,13 +206,14 @@ query predicate reformattedTrainingEndpoints(
  * TODO: Delete this once we are no longer surfacing `hasFlowFromSource`.
  */
 DataFlow::Configuration getDataFlowCfg(Query query) {
-  query instanceof NosqlInjectionQuery and result instanceof NosqlInjectionAtm::Configuration
+  query instanceof NosqlInjectionQuery and
+  result instanceof NosqlInjectionAtm::NosqlInjectionAtmConfig
   or
-  query instanceof SqlInjectionQuery and result instanceof SqlInjectionAtm::Configuration
+  query instanceof SqlInjectionQuery and result instanceof SqlInjectionAtm::SqlInjectionAtmConfig
   or
-  query instanceof TaintedPathQuery and result instanceof TaintedPathAtm::Configuration
+  query instanceof TaintedPathQuery and result instanceof TaintedPathAtm::TaintedPathAtmConfig
   or
-  query instanceof XssQuery and result instanceof XssAtm::Configuration
+  query instanceof XssQuery and result instanceof XssAtm::DomBasedXssAtmConfig
 }
 
 // TODO: Delete this once we are no longer surfacing `hasFlowFromSource`.

javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql

@@ -14,15 +14,15 @@ from string queryName, AtmConfig c, EndpointType e
 where
   (
     queryName = "SqlInjection" and
-    c instanceof SqlInjectionAtm::Configuration
+    c instanceof SqlInjectionAtm::SqlInjectionAtmConfig
     or
     queryName = "NosqlInjection" and
-    c instanceof NosqlInjectionAtm::Configuration
+    c instanceof NosqlInjectionAtm::NosqlInjectionAtmConfig
     or
     queryName = "TaintedPath" and
-    c instanceof TaintedPathAtm::Configuration
+    c instanceof TaintedPathAtm::TaintedPathAtmConfig
     or
-    queryName = "Xss" and c instanceof XssAtm::Configuration
+    queryName = "Xss" and c instanceof XssAtm::DomBasedXssAtmConfig
   ) and
   e = c.getASinkEndpointType()
 select queryName, e.getEncoding() as label

javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.ql

@@ -17,10 +17,10 @@ private import experimental.adaptivethreatmodeling.EndpointCharacteristics as En
 
 query predicate tokenFeatures(DataFlow::Node endpoint, string featureName, string featureValue) {
   (
-    not exists(any(NosqlInjectionAtm::Configuration cfg).getAReasonSinkExcluded(endpoint)) or
-    not exists(any(SqlInjectionAtm::Configuration cfg).getAReasonSinkExcluded(endpoint)) or
-    not exists(any(TaintedPathAtm::Configuration cfg).getAReasonSinkExcluded(endpoint)) or
-    not exists(any(XssAtm::Configuration cfg).getAReasonSinkExcluded(endpoint)) or
+    not exists(any(NosqlInjectionAtm::NosqlInjectionAtmConfig cfg).getAReasonSinkExcluded(endpoint)) or
+    not exists(any(SqlInjectionAtm::SqlInjectionAtmConfig cfg).getAReasonSinkExcluded(endpoint)) or
+    not exists(any(TaintedPathAtm::TaintedPathAtmConfig cfg).getAReasonSinkExcluded(endpoint)) or
+    not exists(any(XssAtm::DomBasedXssAtmConfig cfg).getAReasonSinkExcluded(endpoint)) or
     any(EndpointCharacteristics::IsArgumentToModeledFunctionCharacteristic characteristic)
         .getEndpoints(endpoint)
   ) and

javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.ql

@@ -23,24 +23,24 @@ import experimental.adaptivethreatmodeling.XssATM as XssAtm
 
 query predicate nosqlFilteredTruePositives(DataFlow::Node endpoint, string reason) {
   endpoint instanceof NosqlInjection::Sink and
-  reason = any(NosqlInjectionAtm::Configuration cfg).getAReasonSinkExcluded(endpoint) and
+  reason = any(NosqlInjectionAtm::NosqlInjectionAtmConfig cfg).getAReasonSinkExcluded(endpoint) and
   not reason = ["argument to modeled function", "modeled sink", "modeled database access"]
 }
 
 query predicate sqlFilteredTruePositives(DataFlow::Node endpoint, string reason) {
   endpoint instanceof SqlInjection::Sink and
-  reason = any(SqlInjectionAtm::Configuration cfg).getAReasonSinkExcluded(endpoint) and
+  reason = any(SqlInjectionAtm::SqlInjectionAtmConfig cfg).getAReasonSinkExcluded(endpoint) and
   reason != "argument to modeled function"
 }
 
 query predicate taintedPathFilteredTruePositives(DataFlow::Node endpoint, string reason) {
   endpoint instanceof TaintedPath::Sink and
-  reason = any(TaintedPathAtm::Configuration cfg).getAReasonSinkExcluded(endpoint) and
+  reason = any(TaintedPathAtm::TaintedPathAtmConfig cfg).getAReasonSinkExcluded(endpoint) and
   reason != "argument to modeled function"
 }
 
 query predicate xssFilteredTruePositives(DataFlow::Node endpoint, string reason) {
   endpoint instanceof DomBasedXss::Sink and
-  reason = any(XssAtm::Configuration cfg).getAReasonSinkExcluded(endpoint) and
+  reason = any(XssAtm::DomBasedXssAtmConfig cfg).getAReasonSinkExcluded(endpoint) and
   reason != "argument to modeled function"
 }

javascript/ql/experimental/adaptivethreatmodeling/test/modeled_apis/nosql_endpoint_filter_ignores_modeled_apis.ql

@@ -2,5 +2,5 @@ import javascript
 import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAtm
 
 query predicate effectiveSinks(DataFlow::Node node) {
-  not exists(any(NosqlInjectionAtm::Configuration cfg).getAReasonSinkExcluded(node))
+  not exists(any(NosqlInjectionAtm::NosqlInjectionAtmConfig cfg).getAReasonSinkExcluded(node))
 }