You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst
+10-8Lines changed: 10 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -35,7 +35,7 @@ The CodeQL library for Java exposes the following extensible predicates:
35
35
- **sourceModel**\(package, type, subtypes, name, signature, ext, output, kind, provenance). This is used for **source** models.
36
36
- **sinkModel**\(package, type, subtypes, name, signature, ext, input, kind, provenance). This is used for **sink** models.
37
37
- **summaryModel**\(package, type, subtypes, name, signature, ext, input, output, kind, provenance). This is used for **summary** models.
38
-
- **neutralModel**\(package, type, name, signature, provenance). This is used for **neutral** models, which only have minor impact on the data flow analysis.
38
+
- **neutralModel**\(package, type, name, signature, kind, provenance). This is used for **neutral** models, which only have minor impact on the data flow analysis.
39
39
40
40
The extensible predicates are populated using data extensions specified in YAML files.
41
41
@@ -236,7 +236,7 @@ That is, the first row models that there is value flow from the elements of the
236
236
237
237
Example: Add a **neutral** method
238
238
----------------------------------
239
-
In this example we will show how to model the **now** method as being neutral.
239
+
In this example we will show how to model the **now** method as being neutral with respect to flow.
240
240
A neutral model is used to define that there is no flow through a method.
241
241
Note that the neutral model for the **now** method is already added to the CodeQL Java analysis.
242
242
@@ -247,7 +247,7 @@ Note that the neutral model for the **now** method is already added to the CodeQ
247
247
...
248
248
}
249
249
250
-
We need to add a tuple to the **neutralModel**\(package, type, name, signature, provenance) extensible predicate. To do this, add the following to a data extension file:
250
+
We need to add a tuple to the **neutralModel**\(package, type, name, signature, kind, provenance) extensible predicate. To do this, add the following to a data extension file:
251
251
252
252
.. code-block:: yaml
253
253
@@ -256,17 +256,18 @@ We need to add a tuple to the **neutralModel**\(package, type, name, signature,
Since we are adding a neutral model, we need to add tuples to the **neutralModel** extensible predicate.
263
-
The first five values identify the callable (in this case a method) to be modeled as a neutraland the fifth value is the provenance (origin) of the neutral.
263
+
The first four values identify the callable (in this case a method) to be modeled as a neutral, the fifth value is the kind, and the sixth value is the provenance (origin) of the neutral.
264
264
265
265
- The first value **java.time** is the package name.
266
266
- The second value **Instant** is the class (type) name.
267
267
- The third value **now** is the method name.
268
268
- The fourth value **()** is the method input type signature.
269
-
- The fifth value **manual** is the provenance of the neutral.
269
+
- The fifth value **summary** is the kind of the neutral.
270
+
- The sixth value **manual** is the provenance of the neutral.
270
271
271
272
.. _reference-material:
272
273
@@ -354,13 +355,14 @@ The following kinds are supported:
354
355
- **taint**: This means the output is not necessarily equal to the input, but it was derived from the input in an unrestrictive way. An attacker who controls the input will have significant control over the output as well.
355
356
- **value**: This means that the output equals the input or a copy of the input such that all of its properties are preserved.
This extensible predicate is not typically needed externally, but included here for completeness.
361
362
It only has minor impact on the data flow analysis.
362
363
Manual neutrals are considered high confidence dispatch call targets and can reduce the number of dispatch call targets during data flow analysis (a performance optimization).
363
364
365
+
- **kind**: Kind of the neutral. For neutrals the kind can be **summary**, **source**, or **sink** to indicate that the callable is neutral with respect to flow (no summary), source (is not a source) or sink (is not a sink).
364
366
- **provenance**: Provenance (origin) of the flow through.
0 commit comments