You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/codeql/codeql-language-guides/customizing-library-models-for-cpp.rst
+10-10Lines changed: 10 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -96,11 +96,11 @@ The first five values identify the callable (in this case a free function) to be
96
96
- The fifth value is the function input type signature, which can be used to narrow down between functions that have the same name. In this case, we want the model to include all functions in ``boost::asio`` called ``read_until``.
97
97
98
98
The sixth value should be left empty and is out of scope for this documentation.
99
-
The remaining values are used to define the ``access path``, the ``kind``, and the ``provenance`` (origin) of the source.
99
+
The remaining values are used to define the output specification, the ``kind``, and the ``provenance`` (origin) of the source.
100
100
101
-
- The seventh value ``"Argument[*1]"`` is the ``access path``, which means that the sink is the first indirection (or pointed-to value, ``*``) of the second argument (``Argument[1]``) passed to the function.
101
+
- The seventh value ``"Argument[*1]"`` is the output specification, which means in this case that the sink is the first indirection (or pointed-to value, ``*``) of the second argument (``Argument[1]``) passed to the function.
102
102
- The eighth value ``"remote"`` is the kind of the source. The source kind is used to define the threat model where the source is in scope. ``remote`` applies to many of the security related queries as it means a remote source of untrusted data. For more information, see ":ref:`Threat models <threat-models-cpp>`."
103
-
- The ninth value ``"manual"`` is the provenance of the source, which is used to identify the origin of the source.
103
+
- The ninth value ``"manual"`` is the provenance of the source, which is used to identify the origin of the source model.
104
104
105
105
Example: Taint sink in the ``boost::asio`` namespace
@@ -132,11 +132,11 @@ The first five values identify the callable (in this case a free function) to be
132
132
- The fifth value is the function input type signature, which can be used to narrow down between functions that have the same name. In this case, we want the model to include all functions in ``boost::asio`` called ``write``.
133
133
134
134
The sixth value should be left empty and is out of scope for this documentation.
135
-
The remaining values are used to define the ``access path``, the ``kind``, and the ``provenance`` (origin) of the sink.
135
+
The remaining values are used to define the output specification, the ``kind``, and the ``provenance`` (origin) of the sink.
136
136
137
-
- The seventh value ``"Argument[*1]"`` is the ``access path``, which means that the sink is the first indirection (or pointed-to value, ``*``) of the second argument (``Argument[1]``) passed to the function.
137
+
- The seventh value ``"Argument[*1]"`` is the output specification, which means in this case that the sink is the first indirection (or pointed-to value, ``*``) of the second argument (``Argument[1]``) passed to the function.
138
138
- The eighth value ``"remote-sink"`` is the kind of the sink. The sink kind is used to define the queries where the sink is in scope.
139
-
- The ninth value ``"manual"`` is the provenance of the sink, which is used to identify the origin of the sink.
139
+
- The ninth value ``"manual"`` is the provenance of the sink, which is used to identify the origin of the sink model.
140
140
141
141
Example: Add flow through the ``boost::asio::buffer`` method
@@ -169,12 +169,12 @@ The first five values identify the callable (in this case free function) to be m
169
169
- The fifth value is the function input type signature, which can be used to narrow down between functions that have the same name. In this case, we want the model to include all functions in ``boost::asio`` called ``buffer``.
170
170
171
171
The sixth value should be left empty and is out of scope for this documentation.
172
-
The remaining values are used to define the ``access path``, the ``kind``, and the ``provenance`` (origin) of the summary.
172
+
The remaining values are used to define the input and output specifications, the ``kind``, and the ``provenance`` (origin) of the summary.
173
173
174
-
- The seventh value is the access path to the input (where data flows from). ``Argument[*0]`` is the access path to the first indirection (or pointed-to value, ``*``) of the first argument (``Argument[0]``) passed to the function.
175
-
- The eighth value ``"ReturnValue"`` is the access path to the output (where data flows to), in this case the return value.
174
+
- The seventh value is the input specification (where data flows from). ``Argument[*0]`` specifies the first indirection (or pointed-to value, ``*``) of the first argument (``Argument[0]``) passed to the function.
175
+
- The eighth value ``"ReturnValue"`` is the output specification (where data flows to), in this case the return value.
176
176
- The ninth value ``"taint"`` is the kind of the flow. ``taint`` means that taint is propagated through the call.
177
-
- The tenth value ``"manual"`` is the provenance of the summary, which is used to identify the origin of the summary.
177
+
- The tenth value ``"manual"`` is the provenance of the summary, which is used to identify the origin of the summary model.
0 commit comments