Skip to content

Commit c5dbaa6

Browse files
egregius313subatoi
andcommitted
Docs team review suggestions
Co-authored-by: Ben Ahmady <[email protected]>
1 parent 8be9b8b commit c5dbaa6

File tree

3 files changed

+4
-4
lines changed

3 files changed

+4
-4
lines changed

docs/codeql/codeql-language-guides/codeql-for-csharp.rst

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,5 +19,5 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
1919

2020
- :doc:`Analyzing data flow in C# <analyzing-data-flow-in-csharp>`: You can use CodeQL to track the flow of data through a C# program to its use.
2121

22-
- :doc:`Customizing library models for C# <customizing-library-models-for-csharp>`: You can model frameworks and libraries that your code base depends on using data extensions and publish them as CodeQL model packs.
22+
- :doc:`Customizing library models for C# <customizing-library-models-for-csharp>`: You can model frameworks and libraries that your codebase depends on using data extensions and publish them as CodeQL model packs.
2323

docs/codeql/codeql-language-guides/customizing-library-models-for-csharp.rst

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ The CodeQL library for C# analysis exposes the following extensible predicates:
5858
- ``sourceModel(namespace, type, subtypes, name, signature, ext, output, kind, provenance)``. This is used to model sources of potentially tainted data.
5959
- ``sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, provenance)``. This is used to model sinks where tainted data may be used in a way that makes the code vulnerable.
6060
- ``summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, provenance)``. This is used to model flow through elements.
61-
- ``neutralModel(namespace, type, name, signature, kind, provenance)``. This is similar to a summary model but used to model the flow of values that have only a minor impact on the dataflow analysis. Manual neutral models (those with a provenance such as ``manual`` or ``ai-manual``) can be used to override generated summary models (those a provenance such as ``df-generated``), such that the summary model will be ignored. Other than that, neutral models have no effect.
61+
- ``neutralModel(namespace, type, name, signature, kind, provenance)``. This is similar to a summary model but used to model the flow of values that have only a minor impact on the dataflow analysis. Manual neutral models (those with a provenance such as ``manual`` or ``ai-manual``) can be used to override generated summary models (those with a provenance such as ``df-generated``), so that the summary model will be ignored. Other than that, neutral models have no effect.
6262

6363
The extensible predicates are populated using the models defined in data extension files.
6464

@@ -192,7 +192,7 @@ The remaining values are used to define the ``access path``, the ``kind``, and t
192192
- The ninth value ``taint`` is the kind of the flow. ``taint`` means that taint is propagated through the call.
193193
- The tenth value ``manual`` is the provenance of the summary, which is used to identify the origin of the summary.
194194

195-
It would also be possible to merge the two rows into one by using a comma separated list in the seventh value. This would be useful if the method has many arguments and the flow is the same for all of them.
195+
It would also be possible to merge the two rows into one by using a comma-separated list in the seventh value. This would be useful if the method has many arguments and the flow is the same for all of them.
196196

197197
.. code-block:: yaml
198198

docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ The CodeQL library for Java and Kotlin analysis exposes the following extensible
6464
- ``sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance)``. This is used to model sources of potentially tainted data. The ``kind`` of the sources defined using this predicate determine which threat model they are associated with. Different threat models can be used to customize the sources used in an analysis. For more information, see ":ref:`Threat models <threat-models-java>`."
6565
- ``sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance)``. This is used to model sinks where tainted data maybe used in a way that makes the code vulnerable.
6666
- ``summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance)``. This is used to model flow through elements.
67-
- ``neutralModel(package, type, name, signature, kind, provenance)``. This is similar to a summary model but used to model the flow of values that have only a minor impact on the dataflow analysis. Manual neutral models (those with a provenance such as ``manual`` or ``ai-manual``) override generated summary models (those with a provenance such as ``df-generated``) such that the summary will be ignored. Other than that, neutral models have a slight impact on the dataflow dispatch logic, which is out of scope for this documentation.
67+
- ``neutralModel(package, type, name, signature, kind, provenance)``. This is similar to a summary model but used to model the flow of values that have only a minor impact on the dataflow analysis. Manual neutral models (those with a provenance such as ``manual`` or ``ai-manual``) override generated summary models (those with a provenance such as ``df-generated``) so that the summary will be ignored. Other than that, neutral models have a slight impact on the dataflow dispatch logic, which is out of scope for this documentation.
6868

6969
The extensible predicates are populated using the models defined in data extension files.
7070

0 commit comments

Comments
 (0)