You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/codeql/codeql-language-guides/customizing-library-models-for-cpp.rst
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -253,7 +253,7 @@ The first five values identify the callable (in this case a free function) to be
253
253
- The fifth value is the function input type signature, which can be used to narrow down between functions that have the same name.
254
254
255
255
The sixth value should be left empty and is out of scope for this documentation.
256
-
The remaining values are used to define the input specification, the ``acceptingvalue``, the ``kind``, and the ``provenance`` (origin) of the barrier guard.
256
+
The remaining values are used to define the input specification, the ``accepting-value``, the ``kind``, and the ``provenance`` (origin) of the barrier guard.
257
257
258
258
- The seventh value ``Argument[*0]`` is the input specification (the value being validated). In this case, the first indirection (or pointed-to value, ``*``) of the first argument (``Argument[0]``) passed to the function.
259
259
- The eighth value ``true`` is the accepting value of the barrier guard. This is the value that the conditional check must return for the barrier to apply.
Copy file name to clipboardExpand all lines: docs/codeql/codeql-language-guides/customizing-library-models-for-csharp.rst
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -103,9 +103,9 @@ The first five values identify the callable (in this case a method) to be modele
103
103
- The fifth value ``(System.String,System.Data.SqlClient.SqlConnection)`` is the method input type signature. The type names must be fully qualified.
104
104
105
105
The sixth value should be left empty and is out of scope for this documentation.
106
-
The remaining values are used to define the ``accesspath``, the ``kind``, and the ``provenance`` (origin) of the sink.
106
+
The remaining values are used to define the ``access-path``, the ``kind``, and the ``provenance`` (origin) of the sink.
107
107
108
-
- The seventh value ``Argument[0]`` is the ``accesspath`` to the first argument passed to the method, which means that this is the location of the sink.
108
+
- The seventh value ``Argument[0]`` is the ``access-path`` to the first argument passed to the method, which means that this is the location of the sink.
109
109
- The eighth value ``sql-injection`` is the kind of the sink. The sink kind is used to define the queries where the sink is in scope. In this case - the SQL injection queries.
110
110
- The ninth value ``manual`` is the provenance of the sink, which is used to identify the origin of the sink.
111
111
@@ -143,7 +143,7 @@ The first five values identify the callable (in this case a method) to be modele
143
143
- The fifth value ``()`` is the method input type signature.
144
144
145
145
The sixth value should be left empty and is out of scope for this documentation.
146
-
The remaining values are used to define the ``accesspath``, the ``kind``, and the ``provenance`` (origin) of the source.
146
+
The remaining values are used to define the ``access-path``, the ``kind``, and the ``provenance`` (origin) of the source.
147
147
148
148
- The seventh value ``ReturnValue`` is the access path to the return of the method, which means that it is the return value that should be considered a source of tainted input.
149
149
- The eighth value ``remote`` is the kind of the source. The source kind is used to define the threat model where the source is in scope. ``remote`` applies to many of the security related queries as it means a remote source of untrusted data. As an example the SQL injection query uses ``remote`` sources. For more information, see ":ref:`Threat models <threat-models-csharp>`."
@@ -187,7 +187,7 @@ These are the same for both of the rows above as we are adding two summaries for
187
187
- The fifth value ``(System.Object,System.Object)`` is the method input type signature.
188
188
189
189
The sixth value should be left empty and is out of scope for this documentation.
190
-
The remaining values are used to define the ``accesspath``, the ``kind``, and the ``provenance`` (origin) of the summary.
190
+
The remaining values are used to define the ``access-path``, the ``kind``, and the ``provenance`` (origin) of the summary.
191
191
192
192
- The seventh value is the access path to the input (where data flows from). ``Argument[0]`` is the access path to the first argument (``s1`` in the example) and ``Argument[1]`` is the access path to the second argument (``s2`` in the example).
193
193
- The eighth value ``ReturnValue`` is the access path to the output (where data flows to), in this case ``ReturnValue``, which means that the input flows to the return value.
@@ -243,7 +243,7 @@ These are the same for both of the rows above as we are adding two summaries for
243
243
- The fifth value ``()`` is the method input type signature.
244
244
245
245
The sixth value should be left empty and is out of scope for this documentation.
246
-
The remaining values are used to define the ``accesspath``, the ``kind``, and the ``provenance`` (origin) of the summary.
246
+
The remaining values are used to define the ``access-path``, the ``kind``, and the ``provenance`` (origin) of the summary.
247
247
248
248
- The seventh value is the access path to the input (where data flows from). ``Argument[this]`` is the access path to the qualifier (``s`` in the example).
249
249
- The eighth value ``ReturnValue`` is the access path to the output (where data flows to), in this case ``ReturnValue``, which means that the input flows to the return value.
@@ -287,7 +287,7 @@ These are the same for both of the rows above as we are adding two summaries for
287
287
- The fifth value ``(System.Collections.Generic.IEnumerable<TSource>,System.Func<TSource,TResult>)`` is the method input type signature. The generics in the signature must match the generics in the method signature in the source code.
288
288
289
289
The sixth value should be left empty and is out of scope for this documentation.
290
-
The remaining values are used to define the ``accesspath``, the ``kind``, and the ``provenance`` (origin) of the summary definition.
290
+
The remaining values are used to define the ``access-path``, the ``kind``, and the ``provenance`` (origin) of the summary definition.
291
291
292
292
- The seventh value is the access path to the ``input`` (where data flows from).
293
293
- The eighth value is the access path to the ``output`` (where data flows to).
@@ -344,7 +344,7 @@ The first five values identify the callable (in this case the getter of a proper
344
344
- The fifth value ``()`` is the method input type signature.
345
345
346
346
The sixth value should be left empty and is out of scope for this documentation.
347
-
The remaining values are used to define the ``accesspath``, the ``kind``, and the ``provenance`` (origin) of the barrier.
347
+
The remaining values are used to define the ``access-path``, the ``kind``, and the ``provenance`` (origin) of the barrier.
348
348
349
349
- The seventh value ``ReturnValue`` is the access path to the return value of the property getter, which means that the return value is considered safe.
350
350
- The eighth value ``url-redirection`` is the kind of the barrier. The barrier kind is used to define the queries where the barrier is in scope. In this case - the URL redirection queries.
@@ -386,7 +386,7 @@ The first five values identify the callable (in this case the getter of a proper
386
386
- The fifth value ``()`` is the method input type signature.
387
387
388
388
The sixth value should be left empty and is out of scope for this documentation.
389
-
The remaining values are used to define the ``accesspath``, the ``acceptingvalue``, the ``kind``, and the ``provenance`` (origin) of the barrier guard.
389
+
The remaining values are used to define the ``access-path``, the ``accepting-value``, the ``kind``, and the ``provenance`` (origin) of the barrier guard.
390
390
391
391
- The seventh value ``Argument[this]`` is the access path to the input whose flow is blocked. In this case, the qualifier of the property access (``uri`` in the example).
392
392
- The eighth value ``false`` is the accepting value of the barrier guard. This is the value that the conditional check must return for the barrier to apply. In this case, when ``IsAbsoluteUri`` is ``false``, the URL is relative and considered safe.
Copy file name to clipboardExpand all lines: docs/codeql/codeql-language-guides/customizing-library-models-for-go.rst
+10-10Lines changed: 10 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -103,9 +103,9 @@ The first five values identify the function (in this case a method) to be modele
103
103
- The fifth value ``""`` is the input type signature. For Go it should always be an empty string. It is needed for other languages where multiple functions may have the same name and they need to be distinguished by the number and types of the arguments.
104
104
105
105
The sixth value should be left empty and is out of scope for this documentation.
106
-
The remaining values are used to define the ``accesspath``, the ``kind``, and the ``provenance`` (origin) of the sink.
106
+
The remaining values are used to define the ``access-path``, the ``kind``, and the ``provenance`` (origin) of the sink.
107
107
108
-
- The seventh value ``Argument[0]`` is the ``accesspath`` to the first argument passed to the method, which means that this is the location of the sink.
108
+
- The seventh value ``Argument[0]`` is the ``access-path`` to the first argument passed to the method, which means that this is the location of the sink.
109
109
- The eighth value ``sql-injection`` is the kind of the sink. The sink kind is used to define the queries where the sink is in scope. In this case - the SQL injection queries.
110
110
- The ninth value ``manual`` is the provenance of the sink, which is used to identify the origin of the sink.
111
111
@@ -144,7 +144,7 @@ The first five values identify the function to be modeled as a source.
144
144
- The fifth value ``""`` is the input type signature. For Go it should always be an empty string. It is needed for other languages where multiple functions may have the same name and they need to be distinguished by the number and types of the arguments.
145
145
146
146
The sixth value should be left empty and is out of scope for this documentation.
147
-
The remaining values are used to define the ``accesspath``, the ``kind``, and the ``provenance`` (origin) of the source.
147
+
The remaining values are used to define the ``access-path``, the ``kind``, and the ``provenance`` (origin) of the source.
148
148
149
149
- The seventh value ``ReturnValue`` is the access path to the return of the method, which means that it is the return value that should be considered a source of tainted input.
150
150
- The eighth value ``remote`` is the kind of the source. The source kind is used to define the threat model where the source is in scope. ``remote`` applies to many of the security related queries as it means a remote source of untrusted data. As an example the SQL injection query uses ``remote`` sources. For more information, see ":ref:`Threat models <threat-models-go>`."
@@ -187,7 +187,7 @@ The first five values identify the function to be modeled as a summary.
187
187
- The fifth value ``""`` is the input type signature. For Go it should always be an empty string. It is needed for other languages where multiple functions may have the same name and they need to be distinguished by the number and types of the arguments.
188
188
189
189
The sixth value should be left empty and is out of scope for this documentation.
190
-
The remaining values are used to define the ``accesspath``, the ``kind``, and the ``provenance`` (origin) of the summary.
190
+
The remaining values are used to define the ``access-path``, the ``kind``, and the ``provenance`` (origin) of the summary.
191
191
192
192
- The seventh value is the access path to the input (where data flows from). ``Argument[0].ArrayElement`` is the access path to the array elements of the first argument (the elements of the slice in the example).
193
193
- The eighth value ``ReturnValue`` is the access path to the output (where data flows to), in this case ``ReturnValue``, which means that the input flows to the return value.
@@ -232,7 +232,7 @@ The first five values identify the function to be modeled as a summary.
232
232
- The fifth value ``""`` is the input type signature. For Go it should always be an empty string. It is needed for other languages where multiple functions may have the same name and they need to be distinguished by the number and types of the arguments.
233
233
234
234
The sixth value should be left empty and is out of scope for this documentation.
235
-
The remaining values are used to define the ``accesspath``, the ``kind``, and the ``provenance`` (origin) of the summary.
235
+
The remaining values are used to define the ``access-path``, the ``kind``, and the ``provenance`` (origin) of the summary.
236
236
237
237
- The seventh value is the access path to the input (where data flows from). ``Argument[0].ArrayElement.ArrayElement`` is the access path to the array elements of the array elements of the first argument. Note that a variadic parameter of type `...T` is treated as if it has type `[]T` and arguments corresponding to the variadic parameter are accessed as elements of this slice.
238
238
- The eighth value ``ReturnValue.ArrayElement`` is the access path to the output (where data flows to), in this case ``ReturnValue.ArrayElement``, which means that the input flows to the array elements of the return value.
@@ -279,7 +279,7 @@ These are the same for both of the rows above as we are adding two summaries for
279
279
- The fifth value ``""`` is the input type signature. For Go it should always be an empty string. It is needed for other languages where multiple functions may have the same name and they need to be distinguished by the number and types of the arguments.
280
280
281
281
The sixth value should be left empty and is out of scope for this documentation.
282
-
The remaining values are used to define the ``accesspath``, the ``kind``, and the ``provenance`` (origin) of the summary.
282
+
The remaining values are used to define the ``access-path``, the ``kind``, and the ``provenance`` (origin) of the summary.
283
283
284
284
- The seventh value is the access path to the input (where data flows from). ``Argument[0]`` is the access path to the first argument (``elems`` in the example) and ``Argument[1]`` is the access path to the second argument (``sep`` in the example).
285
285
- The eighth value ``ReturnValue`` is the access path to the output (where data flows to), in this case ``ReturnValue``, which means that the input flows to the return value.
@@ -334,7 +334,7 @@ The first five values identify the function (in this case a method) to be modele
334
334
- The fifth value ``""`` is the input type signature. For Go it should always be an empty string. It is needed for other languages where multiple functions may have the same name and they need to be distinguished by the number and types of the arguments.
335
335
336
336
The sixth value should be left empty and is out of scope for this documentation.
337
-
The remaining values are used to define the ``accesspath``, the ``kind``, and the ``provenance`` (origin) of the summary.
337
+
The remaining values are used to define the ``access-path``, the ``kind``, and the ``provenance`` (origin) of the summary.
338
338
339
339
- The seventh value is the access path to the input (where data flows from). ``Argument[receiver]`` is the access path to the receiver (``u`` in the example).
340
340
- The eighth value ``ReturnValue`` is the access path to the output (where data flows to), in this case ``ReturnValue``, which means that the input flows to the return value. When there are multiple return values, use ``ReturnValue[i]`` to refer to the ``i`` th return value (starting from 0).
@@ -375,7 +375,7 @@ The first five values identify the function to be modeled as a barrier.
375
375
- The fifth value ``""`` is the input type signature. For Go it should always be an empty string.
376
376
377
377
The sixth value should be left empty and is out of scope for this documentation.
378
-
The remaining values are used to define the ``accesspath``, the ``kind``, and the ``provenance`` (origin) of the barrier.
378
+
The remaining values are used to define the ``access-path``, the ``kind``, and the ``provenance`` (origin) of the barrier.
379
379
380
380
- The seventh value ``ReturnValue`` is the access path to the output of the barrier, which means that the return value is considered sanitized.
381
381
- The eighth value ``html-injection`` is the kind of the barrier. The barrier kind must match the kind used in the query where the barrier should take effect. In this case, it matches the ``html-injection`` sink kind used by XSS queries.
@@ -416,7 +416,7 @@ The first five values identify the function to be modeled as a barrier guard.
416
416
- The fifth value ``""`` is the input type signature. For Go it should always be an empty string.
417
417
418
418
The sixth value should be left empty and is out of scope for this documentation.
419
-
The remaining values are used to define the ``accesspath``, the ``acceptingvalue``, the ``kind``, and the ``provenance`` (origin) of the barrier guard.
419
+
The remaining values are used to define the ``access-path``, the ``accepting-value``, the ``kind``, and the ``provenance`` (origin) of the barrier guard.
420
420
421
421
- The seventh value ``Argument[0]`` is the access path to the input whose flow is blocked. In this case, the first argument to the function (``input`` in the example).
422
422
- The eighth value ``true`` is the accepting value of the barrier guard. This is the value that the conditional check must return for the barrier to apply. In this case, when ``IsSafe`` returns ``true``, the input is considered safe.
@@ -455,7 +455,7 @@ The first five values identify the field to be modeled as a source.
455
455
- The fifth value ``""`` is the input type signature. For Go it should always be an empty string. It is needed for other languages where multiple functions may have the same name and they need to be distinguished by the number and types of the arguments.
456
456
457
457
The sixth value should be left empty and is out of scope for this documentation.
458
-
The remaining values are used to define the ``accesspath``, the ``kind``, and the ``provenance`` (origin) of the source.
458
+
The remaining values are used to define the ``access-path``, the ``kind``, and the ``provenance`` (origin) of the source.
459
459
460
460
- The seventh value ``""`` is left blank. Leaving the access path of a source model blank indicates that it is a field access.
461
461
- The eighth value ``remote`` is the source kind. This indicates that the source is a remote source of untrusted data.
0 commit comments