ATM: add XSSThroughDOM boosted query #11333
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
ATM
C#
C++
DataFlow Library
documentation
Go
Java
JS
Kotlin
Python
QL-for-QL
Ruby
Swift
labels
tiferet
removed
C#
JS
C++
documentation
Java
Python
Go
Ruby
QL-for-QL
Swift
Kotlin
DataFlow Library
labels
tiferet
changed the title
`isOtherModeledArgument` and `isArgumentToBuiltinFunction` contained the old logic for selecting negative endpoints for training. These can now be deleted, and replaced by a single base class that collects all EndpointCharacteristics that are currently used to indicate negative training samples: `OtherModeledArgumentCharacteristic`. This in turn lets us delete code from `StandardEndpointFilters` that effectively said that endpoints that are high-confidence non-sinks shouldn't be scored at inference time, either.
All remaining functionality in `CoreKnowledge` is only being used in `EndpointCharacteristics`, so it can be moved there as a small set of helper predicates.
All remaining functionality in `StandardEndpointFilters` is only being used in `EndpointCharacteristics`, so it can be moved there as a small set of helper predicates.
That way the specific configs which inherit from `AtmConfig` also inherit from `TaintTracking::Configuration`. This removes the need for two separate config classes for each query.
A long as we're not boosting sources, `isSource` is identical to `isKnownSource`.
Holds if `sink` is a known taint sink or an "effective" sink.
Define the query for finding ATM alerts in the base class `AtmConfig`, and call it from each query's .ql file.
tiferet
force-pushed
the
tiferet/simplify-configs
branch
from
a543d95 to
d8ef142
Compare
tiferet
force-pushed
the
tiferet/add-xss-through-dom
branch
from
ea21dd9 to
d79b35b
Compare
jhelie
reviewed
Nov 21, 2022
| private import semmle.javascript.security.dataflow.UnsafeJQueryPluginCustomizations::UnsafeJQueryPlugin as UnsafeJQuery | ||
| import AdaptiveThreatModeling | ||
|
|
||
| class Configuration extends AtmConfig { |
Contributor
There was a problem hiding this comment.
Does the refactoring in the previous PR essentially merge the TaintTracking::Configuration with the AtmConfig ?
tiferet
force-pushed
the
tiferet/simplify-configs
branch
from
d8ef142 to
42cc1bc
Compare
tiferet
force-pushed
the
tiferet/simplify-configs
branch
from
6813358 to
6f807e9
Compare
Contributor
Author
|
Replaced by #11486 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.