Merge pull request github#8605 from github/annarailton/new-query-label-mappings

Anna Railton · web-flow · commit eacfceb6ce6b · 2022-04-26T16:39:06.000+01:00
Experimental (ATM): update query label mappings
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll
@@ -6,7 +6,7 @@
  * representation of each of these classes.
  */
 newtype TEndpointType =
-  TNotASinkType() or
+  TNegativeType() or
   TXssSinkType() or
   TNosqlInjectionSinkType() or
   TSqlInjectionSinkType() or
@@ -21,9 +21,9 @@ abstract class EndpointType extends TEndpointType {
   string toString() { result = getDescription() }
 }
 
-/** The `NotASink` class that can be predicted by endpoint scoring models. */
-class NotASinkType extends EndpointType, TNotASinkType {
-  override string getDescription() { result = "NotASink" }
+/** The `Negative` class that can be predicted by endpoint scoring models. */
+class NegativeType extends EndpointType, TNegativeType {
+  override string getDescription() { result = "Negative" }
 
   override int getEncoding() { result = 0 }
 }
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointLabelEncoding.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointLabelEncoding.ql
@@ -8,4 +8,4 @@
 import experimental.adaptivethreatmodeling.EndpointTypes
 
 from EndpointType type
-select type.getEncoding() as encoding, type.getDescription() as description order by encoding
+select type.getEncoding() as label, type.getDescription() as labelName order by label
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql
@@ -13,16 +13,16 @@ import experimental.adaptivethreatmodeling.AdaptiveThreatModeling
 from string queryName, AtmConfig c, EndpointType e
 where
   (
-    queryName = "SqlInjectionATM.ql" and
+    queryName = "SqlInjection" and
     c instanceof SqlInjectionATM::SqlInjectionAtmConfig
     or
-    queryName = "NosqlInjectionATM.ql" and
+    queryName = "NosqlInjection" and
     c instanceof NosqlInjectionATM::NosqlInjectionAtmConfig
     or
-    queryName = "TaintedPathInjectionATM.ql" and
+    queryName = "TaintedPathInjection" and
     c instanceof TaintedPathATM::TaintedPathAtmConfig
     or
-    queryName = "XssATM.ql" and c instanceof XssATM::DomBasedXssAtmConfig
+    queryName = "Xss" and c instanceof XssATM::DomBasedXssAtmConfig
   ) and
   e = c.getASinkEndpointType()
-select queryName, e.getEncoding() as endpointTypeEncoded
+select queryName, e.getEncoding() as label
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/query_mappings/ExtractEndpointLabelEncoding.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/query_mappings/ExtractEndpointLabelEncoding.expected
@@ -0,0 +1,5 @@
+| 0 | Negative |
+| 1 | XssSink |
+| 2 | NosqlInjectionSink |
+| 3 | SqlInjectionSink |
+| 4 | TaintedPathSink |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/query_mappings/ExtractEndpointLabelEncoding.qlref b/javascript/ql/experimental/adaptivethreatmodeling/test/query_mappings/ExtractEndpointLabelEncoding.qlref
@@ -0,0 +1 @@
+extraction/ExtractEndpointLabelEncoding.ql
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/query_mappings/index.js b/javascript/ql/experimental/adaptivethreatmodeling/test/query_mappings/index.js

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+extraction/ExtractEndpointLabelEncoding.ql`