ML: add defensive check to ensure Unknown endpoints cannot also be NotASink

jhelie · jhelie · commit f87cd164ce30 · 2022-04-13T18:14:16.000+02:00
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll
@@ -75,7 +75,11 @@ private DataFlow::Node getANotASink(NotASinkReason reason) {
  */
 private DataFlow::Node getAnUnknown(Query query) {
   getAtmCfg(query).isEffectiveSink(result) and
+  // Effective sinks should exclude sinks but this is a defensive requirement
   not result = getASink(query) and
+  // Effective sinks should exclude NotASink but for some queries (e.g. Xss) this is currently not always the case and
+  // so this is a defensive requirement
+  not result = getANotASink(_) and
   // Only consider the source code for the project being analyzed.
   exists(result.getFile().getRelativePath())
 }
