From 8771bf81b3c2d01bbb92b8b8bd8725ae31941158 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 22 Jan 2025 11:23:05 +0100 Subject: [PATCH] Mention view-component-input in docs and threat model grouping --- docs/codeql/reusables/threat-model-description.rst | 1 + shared/threat-models/ext/threat-model-grouping.model.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/docs/codeql/reusables/threat-model-description.rst b/docs/codeql/reusables/threat-model-description.rst index 05a88c9e90c..ff1718fcedc 100644 --- a/docs/codeql/reusables/threat-model-description.rst +++ b/docs/codeql/reusables/threat-model-description.rst @@ -15,5 +15,6 @@ The less commonly used categories are: - ``database-access-result`` which represents a database access. Currently only used by JavaScript. - ``file-write`` which represents opening a file in write mode. Currently only used in C#. - ``reverse-dns`` which represents reverse DNS lookups. Currently only used in Java. +- ``view-component-input`` which represents inputs to a React, Vue, or Angular component (also known as "props"). Currently only used by JavaScript/TypeScript. When running a CodeQL analysis, the ``remote`` threat model is included by default. You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see `Analyzing your code with CodeQL queries `__ and `Customizing your advanced setup for code scanning `__. diff --git a/shared/threat-models/ext/threat-model-grouping.model.yml b/shared/threat-models/ext/threat-model-grouping.model.yml index 35d4f4f08e5..1c8229b81f6 100644 --- a/shared/threat-models/ext/threat-model-grouping.model.yml +++ b/shared/threat-models/ext/threat-model-grouping.model.yml @@ -29,3 +29,4 @@ extensions: - ["database-access-result", "all"] - ["file-write", "all"] - ["reverse-dns", "all"] + - ["view-component-input", "all"]