You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst
+8-7Lines changed: 8 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -35,7 +35,7 @@ The CodeQL library for Java exposes the following extensible predicates:
35
35
- **sourceModel**\(package, type, subtypes, name, signature, ext, output, kind, provenance). This is used for **source** models.
36
36
- **sinkModel**\(package, type, subtypes, name, signature, ext, input, kind, provenance). This is used for **sink** models.
37
37
- **summaryModel**\(package, type, subtypes, name, signature, ext, input, output, kind, provenance). This is used for **summary** models.
38
-
- **neutralModel**\(package, type, name, signature, provenance). This is used for **neutral** models, which does not impact the data flow analysis, but it is included here for completeness.
38
+
- **neutralModel**\(package, type, name, signature, provenance). This is used for **neutral** models, which only have minor impact on the data flow analysis.
39
39
40
40
The extensible predicates are populated using data extensions specified in YAML files.
41
41
@@ -78,7 +78,7 @@ The first five values identify the callable (in this case a method) to be modele
78
78
- The fourth value **execute** is the method name.
79
79
- The fifth value **(String)** is the method input type signature.
80
80
81
-
The sixth value is only relevant internally and can be omitted in most use cases.
81
+
The sixth value should be left empty and is out of scope for this documentation.
82
82
The remaining values are used to define the **access path**, the **kind**, and the **provenance** (origin) of the sink.
83
83
84
84
- The seventh value **Argument[0]** is the **access path** to the first argument passed to the method, which means that this is the location of the sink.
@@ -119,7 +119,7 @@ The first five values identify the callable (in this case a method) to be modele
119
119
- The fourth value **getInputStream** is the method name.
120
120
- The fifth value **()** is the method input type signature.
121
121
122
-
The sixth value is only relevant internally and can be omitted in most use cases.
122
+
The sixth value should be left empty and is out of scope for this documentation.
123
123
The remaining values are used to define the **access path**, the **kind**, and the **provenance** (origin) of the source.
124
124
125
125
- The seventh value **ReturnValue** is the access path to the return of the method, which means that it is the return value that should be considered a source of tainted input.
@@ -166,7 +166,7 @@ These are the same for both of the rows above as we are adding two summaries for
166
166
- The fourth value **concat** is the method name.
167
167
- The fifth value **(String)** is the method input type signature.
168
168
169
-
The sixth value is only relevant internally and can be omitted in most use cases.
169
+
The sixth value should be left empty and is out of scope for this documentation.
170
170
The remaining values are used to define the **access path**, the **kind**, and the **provenance** (origin) of the summary.
171
171
172
172
- The seventh value is the access path to the input (where data flows from). **Argument[this]** is the access path to the qualifier (**s1** in the example) and **Argument[0]** is the access path to the first argument (**s2** in the example).
@@ -211,7 +211,7 @@ These are the same for both of the rows above as we are adding two summaries for
211
211
- The fourth value **map** is the method name.
212
212
- The fifth value **Function** is the method input type signature.
213
213
214
-
The sixth value is only relevant internally and can be omitted in most use cases.
214
+
The sixth value should be left empty and is out of scope for this documentation.
215
215
The remaining values are used to define the **access path**, the **kind**, and the **provenance** (origin) of the summary definition.
216
216
217
217
- The seventh value is the access path to the **input** (where data flows from).
@@ -237,9 +237,8 @@ That is, the first row models that there is value flow from the elements of the
237
237
Example: Add a **neutral** method
238
238
----------------------------------
239
239
In this example we will show how to model the **now** method as being neutral.
240
-
This is purely for completeness and has no impact on the analysis.
241
240
A neutral model is used to define that there is no flow through a method.
242
-
Please note that the neutral model for the **now** method is already added.
241
+
Please note that the neutral model for the **now** method is already added to the CodeQL Java analysis.
This extensible predicate is not typically needed externally, but included here for completeness.
375
+
It only has minor impact on the data flow analysis.
376
+
Manual neutrals are considered high confidence dispatch call targets and can reduce the number of dispatch call targets during data flow analysis (a performance optimization).
376
377
377
378
- **provenance**: Provenance (origin) of the flow through.
0 commit comments