hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 00:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update customizing-library-models-for-java-and-kotlin.rst

Browse Source
This commit is contained in:
Sarita Iyer
2023-12-01 09:57:11 -05:00
parent 848293470a
commit d96d71384d
1 changed files with 0 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst
View File

@@ -297,8 +297,6 @@ The first four values identify the callable (in this case a method) to be modele
Threat models
-------------
.. include:: ../reusables/beta-note-threat-models-java.rst
A threat model is a named class of dataflow sources that can be enabled or disabled independently. Threat models allow you to control the set of dataflow sources that you want to consider unsafe. For example, one codebase may only consider remote HTTP requests to be tainted, whereas another may also consider data from local files to be unsafe. You can use threat models to ensure that the relevant taint sources are used in a CodeQL analysis.
The ``kind`` property of the ``sourceModel`` determines which threat model a source is associated with. There are two main categories: