Merge pull request #7801 from github/henrymercer/js-atm-migrate-tests

JS: Migrate CodeQL tests for ML-powered queries

Author: henrymercer

.gitattributes

@@ -50,4 +50,9 @@
 *.pdb -text
 
 java/ql/test/stubs/**/*.java linguist-generated=true
-java/ql/test/experimental/stubs/**/*.java linguist-generated=true
+java/ql/test/experimental/stubs/**/*.java linguist-generated=true
+
+# Generated test files - these are synced from the standard JavaScript libraries using
+# `javascript/ql/experimental/adaptivethreatmodeling/test/update_endpoint_test_files.py`.
+javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/**/*.js linguist-generated=true -merge
+javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/**/*.ts linguist-generated=true -merge

.github/workflows/js-ml-tests.yml

@@ -0,0 +1,67 @@
+name: JS ML-powered queries tests
+
+on:
+  push:
+    paths:
+      - "javascript/ql/experimental/adaptivethreatmodeling/**"
+      - .github/workflows/js-ml-tests.yml
+    branches:
+      - main
+      - "rc/*"
+  pull_request:
+    paths:
+      - "javascript/ql/experimental/adaptivethreatmodeling/**"
+      - .github/workflows/js-ml-tests.yml
+
+defaults:
+  run:
+    working-directory: javascript/ql/experimental/adaptivethreatmodeling
+
+jobs:
+  qlformat:
+    name: Check QL formatting
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: ./.github/actions/fetch-codeql
+
+      - name: Check QL formatting
+        run: |
+          find . "(" -name "*.ql" -or -name "*.qll" ")" -print0 | \
+            xargs -0 codeql query format --check-only
+
+  qlcompile:
+    name: Check QL compilation
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: ./.github/actions/fetch-codeql
+
+      - name: Check QL compilation
+        run: |
+          codeql query compile \
+            --check-only \
+            --ram 5120 \
+            --additional-packs "${{ github.workspace }}" \
+            --threads=0 \
+            -- \
+            lib modelbuilding src
+
+  qltest:
+    name: Run QL tests
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: ./.github/actions/fetch-codeql
+
+      - name: Run QL tests
+        run: |
+          codeql test run \
+            --threads=0 \
+            --ram 5120 \
+            --additional-packs "${{ github.workspace }}" \
+            -- \
+            test

javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointLabelEncoding.ql

@@ -2,6 +2,7 @@
  * @name Endpoint types
  * @description Maps endpoint type encodings to human-readable descriptions.
  * @kind table
+ * @id js/ml-powered/model-building/endpoint-type-encodings
  */
 
 import experimental.adaptivethreatmodeling.EndpointTypes

javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml

@@ -1,5 +1,4 @@
 name: codeql/javascript-experimental-atm-model-building
-version: 0.0.0
 extractor: javascript
 library: false
 groups:

javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.expected

@@ -0,0 +1,34 @@
+/**
+ * EndpointFeatures.ql
+ *
+ * This tests generic token-based featurization of all endpoint candidates for all of the security
+ * queries we support. This is in comparison to the `ExtractEndpointData.qlref` test, which tests
+ * just the endpoints we extract in the training data.
+ */
+
+import javascript
+import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionATM
+import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionATM
+import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathATM
+import experimental.adaptivethreatmodeling.XssATM as XssATM
+import experimental.adaptivethreatmodeling.EndpointFeatures as EndpointFeatures
+import experimental.adaptivethreatmodeling.StandardEndpointFilters as StandardEndpointFilters
+import extraction.NoFeaturizationRestrictionsConfig
+
+query predicate tokenFeatures(DataFlow::Node endpoint, string featureName, string featureValue) {
+  (
+    not exists(NosqlInjectionATM::SinkEndpointFilter::getAReasonSinkExcluded(endpoint)) or
+    not exists(SqlInjectionATM::SinkEndpointFilter::getAReasonSinkExcluded(endpoint)) or
+    not exists(TaintedPathATM::SinkEndpointFilter::getAReasonSinkExcluded(endpoint)) or
+    not exists(XssATM::SinkEndpointFilter::getAReasonSinkExcluded(endpoint)) or
+    StandardEndpointFilters::isArgumentToModeledFunction(endpoint)
+  ) and
+  EndpointFeatures::tokenFeatures(endpoint, featureName, featureValue)
+}
+
+query predicate invalidTokenFeatures(
+  DataFlow::Node endpoint, string featureName, string featureValue
+) {
+  strictcount(string value | EndpointFeatures::tokenFeatures(endpoint, featureName, value)) > 1 and
+  EndpointFeatures::tokenFeatures(endpoint, featureName, featureValue)
+}

javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.ql

@@ -0,0 +1 @@
+extraction/ExtractEndpointData.ql