Skip to content

Commit 8771bf8

Browse files
asgerfasgerf
committed
Mention view-component-input in docs and threat model grouping
1 parent 4161f45 commit 8771bf8

File tree

2 files changed

+2
-0
lines changed

2 files changed

+2
-0
lines changed

docs/codeql/reusables/threat-model-description.rst

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,5 +15,6 @@ The less commonly used categories are:
1515
- ``database-access-result`` which represents a database access. Currently only used by JavaScript.
1616
- ``file-write`` which represents opening a file in write mode. Currently only used in C#.
1717
- ``reverse-dns`` which represents reverse DNS lookups. Currently only used in Java.
18+
- ``view-component-input`` which represents inputs to a React, Vue, or Angular component (also known as "props"). Currently only used by JavaScript/TypeScript.
1819

1920
When running a CodeQL analysis, the ``remote`` threat model is included by default. You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see `Analyzing your code with CodeQL queries <https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>`__ and `Customizing your advanced setup for code scanning <https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models>`__.

shared/threat-models/ext/threat-model-grouping.model.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,3 +29,4 @@ extensions:
2929
- ["database-access-result", "all"]
3030
- ["file-write", "all"]
3131
- ["reverse-dns", "all"]
32+
- ["view-component-input", "all"]

0 commit comments

Comments
 (0)