Conversation
1c8011c to
cf820e7
Compare
|
(thanks for the rename @owen-mc , will do so next time 👍 ) |
cf820e7 to
5abd885
Compare
5abd885 to
c080ee9
Compare
...ript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll
Show resolved
Hide resolved
...t/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.expected
Show resolved
Hide resolved
c080ee9 to
cb88b26
Compare
cb88b26 to
b46cbad
Compare
|
Thanks for the review @henrymercer . I agree it's a good idea to add a regression test but I will need your help to implement it. I don't think you have any more office hours this week and then you are on holidays, so do you think we can schedule something this week? I think it'd be good for this PR to be merged now rather than in 2 weeks. |
|
Here is an example of a sink that is currently labelled as both cc @annarailton |
b46cbad to
95b2ce3
Compare
95b2ce3 to
1e39a9c
Compare
|
@henrymercer : thanks to @annarailton's help I could update the tests. I've added 2 commits: one pre and post fix so that we can easily verify that the change in I think this addresses all your comments. |
henrymercer
left a comment
There was a problem hiding this comment.
Looks great, thanks for implementing that regression test and ✨ to @annarailton for 🍐ing on it!
As discussed with @henrymercer this PR adds a defensive check in the
getAnUnknown()predicate inExtractEndpointData.qll. This should now ensure that the label of an endpoint has a unique value in {NotASink,Sink,Unkknown} for a given query.The root problem should be fixed upstream by improving the endpoint filters, see https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1818.
PR checks:
I therefore propose this PR is good to merge.
Relates to https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1757