Update threat model documentation

owen-mc · owen-mc · commit 07a25a233de8 · 2024-07-08T15:32:47.000+01:00
diff --git a/docs/codeql/reusables/threat-model-description.rst b/docs/codeql/reusables/threat-model-description.rst
@@ -4,7 +4,16 @@ A threat model is a named class of dataflow sources that can be enabled or disab
 
 The ``kind`` property of the ``sourceModel`` determines which threat model a source is associated with. There are two main categories:
 
-- ``remote`` which represents requests and responses from the network.
-- ``local`` which represents data from local files (``file``), command-line arguments (``commandargs``), database reads (``database``), and environment variables(``environment``).
+- ``remote`` which represents requests (``request``) and responses (``response``) from the network.
+- ``local`` which represents data from local files (``file``), command-line arguments (``commandargs``), database reads (``database``), environment variables(``environment``) and Windows registry values ("windows-registry").
+
+Note that subcategories can be turned included or excluded separately, so you can specify ``local`` without ``database``, or just ``commandargs`` and ``environment`` without the rest of ``local``.
+
+The less commonly used categories are:
+
+- ``android`` which represents reads from external files in Android (``android-external-storage-dir``) and parameter of an entry-point method declared in a ``ContentProvider`` class (``contentprovider``).
+- ``database-access-result`` which represents a database access (currently only used by javascript).
+- ``file-write`` which represents opening a file in write mode (currently only used in C#).
+- ``reverse-dns`` which represents reverse DNS lookups (currently only used in java).
 
 When running a CodeQL analysis, the ``remote`` threat model is included by default. You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see `Analyzing your code with CodeQL queries <https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>`__ and `Customizing your advanced setup for code scanning <https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models>`__.
