Skip to content

Commit 48e23e6

Browse files
saritaisaritai
committed
add info
1 parent 30e62d3 commit 48e23e6

File tree

2 files changed

+39
-0
lines changed

2 files changed

+39
-0
lines changed

docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -291,3 +291,37 @@ The first four values identify the callable (in this case a method) to be modele
291291
- The fourth value ``()`` is the method input type signature.
292292
- The fifth value ``summary`` is the kind of the neutral.
293293
- The sixth value ``manual`` is the provenance of the neutral.
294+
295+
Threat models
296+
~~~~~~~~~~~~~
297+
298+
.. include:: ../reusables/beta-note-threat-models-java.rst
299+
300+
A threat model is a named class of dataflow sources that can be enabled or disabled independently. Threat models allow you to control the set of dataflow sources that you want to consider unsafe. Threat models are defined in a hierarchy. A threat model can have child threat models, so that enabling or disabling the parent threat model does the same for each of its children.
301+
302+
The ``default`` threat model is included by default. The ``default`` grouping only contains one child threat model, the ``remote`` threat model, which represents remote HTTP requests.
303+
304+
You can extend the CodeQL threat model to specify other sources of untrusted data. For example, if your codebase considers local files to be sources of tainted data, you can specify the `local` threat model to be used in CodeQL analysis.
305+
306+
The shared `threat-models` library pack exposes the following extensible predicates:
307+
- ``threatModelConfiguration(string kind, boolean enabled, int priority)``. This is used to configure which threat models are enabled or disabled for the analysis.
308+
- ``threatModelGrouping(string kind, string group)``. This is used to define the taxonomy of threat models as a parent-child hierarchy.
309+
310+
You can specify a threat model to use during analysis by adding a data extension YAML file named ``<test-name>.ext.yml`` in your test directory. In the YAML file, you can extend the ``threatModelConfiguration`` predicate.
311+
312+
.. code-block:: yaml
313+
314+
extensions:
315+
- addsTo:
316+
pack: codeql/threat-models
317+
extensible: threatModelConfiguration
318+
data:
319+
- [local, true, 0]
320+
- [environment, false, 1]
321+
322+
Each data row consists of three columns:
323+
324+
- The first value ``local`` is the name of the threat model to enable or disable.
325+
- The second value ``true`` is a boolean that you can set to ``true`` to enable the named threat model, or ``false`` to disable it.
326+
- The third value `0` is an integer specifying the order in which to process the row. Rows are processed in ascending order of priority.
327+

docs/codeql/reusables/beta-note-threat-models-java.rst

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
.. pull-quote::
2+
3+
Note
4+
5+
Threat models are currently in beta and subject to change. During the beta, threat models are supported only by Java analysis.

0 commit comments

Comments
 (0)