Add links on threat models to change note

2026-04-28 02:05:14 +02:00 · 2024-07-08 15:39:27 +01:00
parent 8241d0b7ef
commit b83147fa44
1 changed files with 1 additions and 1 deletions
--- a/java/ql/lib/change-notes/2024-06-14-reverse-dns-separate-threat-model-kind.md
+++ b/java/ql/lib/change-notes/2024-06-14-reverse-dns-separate-threat-model-kind.md
@@ -1,4 +1,4 @@
 ---
 category: majorAnalysis
 ---
-* We previously considered reverse DNS resolutions (IP address -> domain name) as sources of untrusted data, since compromised/malicious DNS servers could potentially return malicious responses to arbitrary requests. We have now removed this source from the default set of untrusted sources and made a new threat model kind for them, called "reverse-dns".
+* We previously considered reverse DNS resolutions (IP address -> domain name) as sources of untrusted data, since compromised/malicious DNS servers could potentially return malicious responses to arbitrary requests. We have now removed this source from the default set of untrusted sources and made a new threat model kind for them, called "reverse-dns". You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models).