ML: add regression test for effective sink that is also NotASink

jhelie · jhelie · commit f2b813a6e712 · 2022-04-13T18:14:16.000+02:00
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointData.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointData.expected
@@ -251,6 +251,53 @@ endpoints
 | index.js:78:30:78:39 | "someData" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:78:30:78:39 | "someData" | Xss | notASinkReason | LoggerMethod | string |
 | index.js:78:30:78:39 | "someData" | Xss | sinkLabel | NotASink | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | isConstantExpression | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | notASinkReason | ClientRequest | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | notASinkReason | JQueryArgument | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | sinkLabel | NotASink | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | isConstantExpression | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | notASinkReason | ClientRequest | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | notASinkReason | JQueryArgument | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | sinkLabel | NotASink | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | isConstantExpression | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | notASinkReason | ClientRequest | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | notASinkReason | JQueryArgument | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | sinkLabel | NotASink | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | hasFlowFromSource | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | isConstantExpression | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | notASinkReason | ClientRequest | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | notASinkReason | JQueryArgument | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | sinkLabel | NotASink | string |
+| index.js:84:12:84:18 | foo.bar | NosqlInjection | hasFlowFromSource | false | boolean |
+| index.js:84:12:84:18 | foo.bar | NosqlInjection | isConstantExpression | false | boolean |
+| index.js:84:12:84:18 | foo.bar | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:84:12:84:18 | foo.bar | NosqlInjection | notASinkReason | ClientRequest | string |
+| index.js:84:12:84:18 | foo.bar | NosqlInjection | sinkLabel | NotASink | string |
+| index.js:84:12:84:18 | foo.bar | SqlInjection | hasFlowFromSource | false | boolean |
+| index.js:84:12:84:18 | foo.bar | SqlInjection | isConstantExpression | false | boolean |
+| index.js:84:12:84:18 | foo.bar | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:84:12:84:18 | foo.bar | SqlInjection | notASinkReason | ClientRequest | string |
+| index.js:84:12:84:18 | foo.bar | SqlInjection | sinkLabel | NotASink | string |
+| index.js:84:12:84:18 | foo.bar | SqlInjection | sinkLabel | Unknown | string |
+| index.js:84:12:84:18 | foo.bar | TaintedPath | hasFlowFromSource | false | boolean |
+| index.js:84:12:84:18 | foo.bar | TaintedPath | isConstantExpression | false | boolean |
+| index.js:84:12:84:18 | foo.bar | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:84:12:84:18 | foo.bar | TaintedPath | notASinkReason | ClientRequest | string |
+| index.js:84:12:84:18 | foo.bar | TaintedPath | sinkLabel | NotASink | string |
+| index.js:84:12:84:18 | foo.bar | TaintedPath | sinkLabel | Unknown | string |
+| index.js:84:12:84:18 | foo.bar | Xss | hasFlowFromSource | false | boolean |
+| index.js:84:12:84:18 | foo.bar | Xss | isConstantExpression | false | boolean |
+| index.js:84:12:84:18 | foo.bar | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:84:12:84:18 | foo.bar | Xss | notASinkReason | ClientRequest | string |
+| index.js:84:12:84:18 | foo.bar | Xss | sinkLabel | NotASink | string |
+| index.js:84:12:84:18 | foo.bar | Xss | sinkLabel | Unknown | string |
 tokenFeatures
 | applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | argumentIndex | 0 |
 | applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | calleeAccessPath |  |
@@ -412,3 +459,19 @@ tokenFeatures
 | index.js:78:30:78:39 | "someData" | enclosingFunctionBody | console log someData |
 | index.js:78:30:78:39 | "someData" | enclosingFunctionName | identity#functionalargument |
 | index.js:78:30:78:39 | "someData" | receiverName | console |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | argumentIndex | 0 |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeAccessPath |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeAccessPathWithStructuralInfo |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeApiName |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeName | ajax |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | enclosingFunctionBody | foo $ ajax url foo bar |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | enclosingFunctionName | effectiveSinkAndNotASink |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | receiverName | $ |
+| index.js:84:12:84:18 | foo.bar | argumentIndex |  |
+| index.js:84:12:84:18 | foo.bar | calleeAccessPath |  |
+| index.js:84:12:84:18 | foo.bar | calleeAccessPathWithStructuralInfo |  |
+| index.js:84:12:84:18 | foo.bar | calleeApiName |  |
+| index.js:84:12:84:18 | foo.bar | calleeName |  |
+| index.js:84:12:84:18 | foo.bar | enclosingFunctionBody | foo $ ajax url foo bar |
+| index.js:84:12:84:18 | foo.bar | enclosingFunctionName | effectiveSinkAndNotASink |
+| index.js:84:12:84:18 | foo.bar | receiverName |  |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.expected
@@ -231,6 +231,53 @@ endpoints
 | index.js:78:30:78:39 | "someData" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:78:30:78:39 | "someData" | Xss | notASinkReason | LoggerMethod | string |
 | index.js:78:30:78:39 | "someData" | Xss | sinkLabel | NotASink | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | isConstantExpression | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | notASinkReason | ClientRequest | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | notASinkReason | JQueryArgument | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | sinkLabel | NotASink | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | isConstantExpression | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | notASinkReason | ClientRequest | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | notASinkReason | JQueryArgument | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | sinkLabel | NotASink | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | isConstantExpression | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | notASinkReason | ClientRequest | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | notASinkReason | JQueryArgument | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | sinkLabel | NotASink | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | hasFlowFromSource | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | isConstantExpression | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | notASinkReason | ClientRequest | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | notASinkReason | JQueryArgument | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | sinkLabel | NotASink | string |
+| index.js:84:12:84:18 | foo.bar | NosqlInjection | hasFlowFromSource | false | boolean |
+| index.js:84:12:84:18 | foo.bar | NosqlInjection | isConstantExpression | false | boolean |
+| index.js:84:12:84:18 | foo.bar | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:84:12:84:18 | foo.bar | NosqlInjection | notASinkReason | ClientRequest | string |
+| index.js:84:12:84:18 | foo.bar | NosqlInjection | sinkLabel | NotASink | string |
+| index.js:84:12:84:18 | foo.bar | SqlInjection | hasFlowFromSource | false | boolean |
+| index.js:84:12:84:18 | foo.bar | SqlInjection | isConstantExpression | false | boolean |
+| index.js:84:12:84:18 | foo.bar | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:84:12:84:18 | foo.bar | SqlInjection | notASinkReason | ClientRequest | string |
+| index.js:84:12:84:18 | foo.bar | SqlInjection | sinkLabel | NotASink | string |
+| index.js:84:12:84:18 | foo.bar | SqlInjection | sinkLabel | Unknown | string |
+| index.js:84:12:84:18 | foo.bar | TaintedPath | hasFlowFromSource | false | boolean |
+| index.js:84:12:84:18 | foo.bar | TaintedPath | isConstantExpression | false | boolean |
+| index.js:84:12:84:18 | foo.bar | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:84:12:84:18 | foo.bar | TaintedPath | notASinkReason | ClientRequest | string |
+| index.js:84:12:84:18 | foo.bar | TaintedPath | sinkLabel | NotASink | string |
+| index.js:84:12:84:18 | foo.bar | TaintedPath | sinkLabel | Unknown | string |
+| index.js:84:12:84:18 | foo.bar | Xss | hasFlowFromSource | false | boolean |
+| index.js:84:12:84:18 | foo.bar | Xss | isConstantExpression | false | boolean |
+| index.js:84:12:84:18 | foo.bar | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:84:12:84:18 | foo.bar | Xss | notASinkReason | ClientRequest | string |
+| index.js:84:12:84:18 | foo.bar | Xss | sinkLabel | NotASink | string |
+| index.js:84:12:84:18 | foo.bar | Xss | sinkLabel | Unknown | string |
 tokenFeatures
 | index.js:1:25:1:33 | "express" | argumentIndex | 0 |
 | index.js:1:25:1:33 | "express" | calleeAccessPath |  |
@@ -384,3 +431,19 @@ tokenFeatures
 | index.js:78:30:78:39 | "someData" | enclosingFunctionBody | console log someData |
 | index.js:78:30:78:39 | "someData" | enclosingFunctionName | identity#functionalargument |
 | index.js:78:30:78:39 | "someData" | receiverName | console |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | argumentIndex | 0 |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeAccessPath |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeAccessPathWithStructuralInfo |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeApiName |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeName | ajax |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | enclosingFunctionBody | foo $ ajax url foo bar |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | enclosingFunctionName | effectiveSinkAndNotASink |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | receiverName | $ |
+| index.js:84:12:84:18 | foo.bar | argumentIndex |  |
+| index.js:84:12:84:18 | foo.bar | calleeAccessPath |  |
+| index.js:84:12:84:18 | foo.bar | calleeAccessPathWithStructuralInfo |  |
+| index.js:84:12:84:18 | foo.bar | calleeApiName |  |
+| index.js:84:12:84:18 | foo.bar | calleeName |  |
+| index.js:84:12:84:18 | foo.bar | enclosingFunctionBody | foo $ ajax url foo bar |
+| index.js:84:12:84:18 | foo.bar | enclosingFunctionName | effectiveSinkAndNotASink |
+| index.js:84:12:84:18 | foo.bar | receiverName |  |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataTraining.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataTraining.expected
@@ -31,6 +31,53 @@ endpoints
 | index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | isConstantExpression | false | boolean |
 | index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | sinkLabel | Sink | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | isConstantExpression | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | notASinkReason | ClientRequest | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | notASinkReason | JQueryArgument | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | sinkLabel | NotASink | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | isConstantExpression | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | notASinkReason | ClientRequest | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | notASinkReason | JQueryArgument | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | sinkLabel | NotASink | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | isConstantExpression | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | notASinkReason | ClientRequest | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | notASinkReason | JQueryArgument | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | sinkLabel | NotASink | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | hasFlowFromSource | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | isConstantExpression | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | notASinkReason | ClientRequest | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | notASinkReason | JQueryArgument | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | sinkLabel | NotASink | string |
+| index.js:84:12:84:18 | foo.bar | NosqlInjection | hasFlowFromSource | false | boolean |
+| index.js:84:12:84:18 | foo.bar | NosqlInjection | isConstantExpression | false | boolean |
+| index.js:84:12:84:18 | foo.bar | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:84:12:84:18 | foo.bar | NosqlInjection | notASinkReason | ClientRequest | string |
+| index.js:84:12:84:18 | foo.bar | NosqlInjection | sinkLabel | NotASink | string |
+| index.js:84:12:84:18 | foo.bar | SqlInjection | hasFlowFromSource | false | boolean |
+| index.js:84:12:84:18 | foo.bar | SqlInjection | isConstantExpression | false | boolean |
+| index.js:84:12:84:18 | foo.bar | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:84:12:84:18 | foo.bar | SqlInjection | notASinkReason | ClientRequest | string |
+| index.js:84:12:84:18 | foo.bar | SqlInjection | sinkLabel | NotASink | string |
+| index.js:84:12:84:18 | foo.bar | SqlInjection | sinkLabel | Unknown | string |
+| index.js:84:12:84:18 | foo.bar | TaintedPath | hasFlowFromSource | false | boolean |
+| index.js:84:12:84:18 | foo.bar | TaintedPath | isConstantExpression | false | boolean |
+| index.js:84:12:84:18 | foo.bar | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:84:12:84:18 | foo.bar | TaintedPath | notASinkReason | ClientRequest | string |
+| index.js:84:12:84:18 | foo.bar | TaintedPath | sinkLabel | NotASink | string |
+| index.js:84:12:84:18 | foo.bar | TaintedPath | sinkLabel | Unknown | string |
+| index.js:84:12:84:18 | foo.bar | Xss | hasFlowFromSource | false | boolean |
+| index.js:84:12:84:18 | foo.bar | Xss | isConstantExpression | false | boolean |
+| index.js:84:12:84:18 | foo.bar | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:84:12:84:18 | foo.bar | Xss | notASinkReason | ClientRequest | string |
+| index.js:84:12:84:18 | foo.bar | Xss | sinkLabel | NotASink | string |
+| index.js:84:12:84:18 | foo.bar | Xss | sinkLabel | Unknown | string |
 tokenFeatures
 | index.js:9:15:9:45 | { 'isAd ... Admin } | argumentIndex | 0 |
 | index.js:9:15:9:45 | { 'isAd ... Admin } | calleeAccessPath | mongoose model find |
@@ -64,3 +111,19 @@ tokenFeatures
 | index.js:28:13:28:28 | UNDEFINED_GLOBAL | enclosingFunctionBody | User find UNDEFINED_GLOBAL |
 | index.js:28:13:28:28 | UNDEFINED_GLOBAL | enclosingFunctionName | notConstantExpression |
 | index.js:28:13:28:28 | UNDEFINED_GLOBAL | receiverName | User |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | argumentIndex | 0 |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeAccessPath |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeAccessPathWithStructuralInfo |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeApiName |  |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeName | ajax |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | enclosingFunctionBody | foo $ ajax url foo bar |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | enclosingFunctionName | effectiveSinkAndNotASink |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | receiverName | $ |
+| index.js:84:12:84:18 | foo.bar | argumentIndex |  |
+| index.js:84:12:84:18 | foo.bar | calleeAccessPath |  |
+| index.js:84:12:84:18 | foo.bar | calleeAccessPathWithStructuralInfo |  |
+| index.js:84:12:84:18 | foo.bar | calleeApiName |  |
+| index.js:84:12:84:18 | foo.bar | calleeName |  |
+| index.js:84:12:84:18 | foo.bar | enclosingFunctionBody | foo $ ajax url foo bar |
+| index.js:84:12:84:18 | foo.bar | enclosingFunctionName | effectiveSinkAndNotASink |
+| index.js:84:12:84:18 | foo.bar | receiverName |  |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/index.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/index.js
@@ -77,3 +77,10 @@ function veryLongFunctionBody() {
   // We should name the anonymous function here that's passed as an argument to `identity`.
   identity(() => console.log("someData"));
 }
+
+
+function effectiveSinkAndNotASink(foo) {
+  $.ajax({
+    "url": foo.bar,
+  });
+}
