Java/C#: Update the internal documentation.

2026-04-29 02:35:15 +02:00 · 2023-03-22 12:58:13 +01:00
parent 917cf7bfee
commit 03482e5e59
2 changed files with 18 additions and 11 deletions
--- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
@@ -66,11 +66,15 @@
 *    sources "remote" indicates a default remote flow source, and for summaries
 *    "taint" indicates a default additional taint step and "value" indicates a
 *    globally applicable value-preserving step.
- * 9. The `provenance` column is a tag to indicate the origin of the summary.
- *    The supported values are: "manual", "generated" and "ai-generated". "manual"
- *    means that the model has been written by hand, "generated" means that
- *    the model has been emitted by the model generator tool and
- *    "ai-generated" means that the model has been AI generated (ATM project).
+ * 9. The `provenance` column is a tag to indicate the origin and verification of a model.
+ *    The format is {origin}-{verification} or just "manual" where the origin describes
+ *    the origin of the model and verification describes how the model has been verified.
+ *    Some examples are:
+ *    - "df-generated": The model has been generated by the model generator tool.
+ *    - "df-manual": The model has been generated by the model generator and verified by a human.
+ *    - "manual": The model has been written by hand.
+ *    This information is used in a heuristic for dataflow analysis to determine, if a
+ *    model or source code should be used for determining flow.
 */

 import java