hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update customizing-library-models-for-java-and-kotlin.rst

Browse Source
This commit is contained in:
Sarita Iyer
2023-11-30 17:21:59 -05:00
committed by GitHub
parent 48e23e68c1
commit 849ec72728
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst
View File

@@ -293,7 +293,7 @@ The first four values identify the callable (in this case a method) to be modele
- The sixth value ``manual`` is the provenance of the neutral.
Threat models
~~~~~~~~~~~~~
-------------
.. include:: ../reusables/beta-note-threat-models-java.rst
@@ -304,6 +304,7 @@ Threat models
You can extend the CodeQL threat model to specify other sources of untrusted data. For example, if your codebase considers local files to be sources of tainted data, you can specify the `local` threat model to be used in CodeQL analysis.
The shared `threat-models` library pack exposes the following extensible predicates:
- ``threatModelConfiguration(string kind, boolean enabled, int priority)``. This is used to configure which threat models are enabled or disabled for the analysis.
- ``threatModelGrouping(string kind, string group)``. This is used to define the taxonomy of threat models as a parent-child hierarchy.