Query for all JavaScript security related sources and sinks

[yonajix]

Hello, I'm working on a project and it requires me to examine npm packages for potential source and sinks for CWEs. I want to use CodeQL for this, I know how to get sources and sinks for specific CWE queries like so:

 import javascript
 import semmle.javascript.security.dataflow.CodeInjectionQuery
 import DataFlow::PathGraph
 
 from Configuration cfg, DataFlow::Node source
 where cfg.isSource(source)
 select source

I would like to create a single query to check through all possible sources relating to the existing CWE queries. Is there a way to do this? Perhaps through a new configuration?

Thanks!

[smowton]

Specifically for sources, you'll find most standard queries use RemoteFlowSource, a common dataflow node classification representing data expected to have come from a remote / outside / untrusted user. There's also ThreatModelSource which is a little broader and includes other possible sources including environment variables that most queries don't consider a threat. Finally as you've noted it's possible to import configurations from different queries and query their source nodes; this will pick up those few queries with extra query-specific sources. If importing multiple of these causes a name clash anywhere you might use import ... as NamespaceName syntax and reference NamespaceName::Configuration instead of just Configuration.