Skip to content

Commit 9cdb9d6

Browse files
Jami CogswellJami Cogswell
Jami Cogswell
authored and
Jami Cogswell
committed
Java: remove url-open-stream kind from docs
1 parent 917268e commit 9cdb9d6

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ The remaining values are used to define the **access path**, the **kind**, and t
8484
- The seventh value **Argument[0]** is the **access path** to the first argument passed to the method, which means that this is the location of the sink.
8585
- The eighth value **sql** is the kind of the sink. The sink kind is used to define the queries where the sink is in scope. In this case - the SQL injection queries.
8686
- The ninth value **manual** is the provenance of the sink, which is used to identify the origin of the sink.
87-
87+
8888
Example: Taint source from the **java.net** package
8989
----------------------------------------------------
9090
In this example we show how to model the return value from the **getInputStream** method as a **remote** source.
@@ -241,7 +241,7 @@ A neutral model is used to define that there is no flow through a method.
241241
Note that the neutral model for the **now** method is already added to the CodeQL Java analysis.
242242

243243
.. code-block:: java
244-
244+
245245
public static void taintflow() {
246246
Instant t = Instant.now(); // There is no flow from now to t.
247247
...
@@ -334,7 +334,7 @@ Below is an enumeration of the remaining sinks, but they are out of scope for th
334334

335335
- **open-url**, **jndi-injection**, **ldap**, **jdbc-url**
336336
- **mvel**, **xpath**, **groovy**, **ognl-injection**
337-
- **intent-start**, **pending-intent-sent**, **url-open-stream**, **url-redirect**
337+
- **intent-start**, **pending-intent-sent**, **url-redirect**
338338
- **create-file**, **read-file**, **write-file**, **set-hostname-verifier**
339339
- **header-splitting**, **information-leak**, **xslt**, **jexl**
340340
- **bean-validation**, **ssti**, **fragment-injection**, **regex-use[**\ `arg`\ **]**
@@ -414,4 +414,4 @@ Furthermore, it impacts the data flow analysis in the following way:
414414
That is, generated models are less trusted than manual models and only used if neither source code nor a manual model is available.
415415

416416

417-
.. include:: ../reusables/data-extensions.rst
417+
.. include:: ../reusables/data-extensions.rst

0 commit comments

Comments
 (0)