[JAVA] What is the ThreatModelFlowSource
?
#16351
-
I'm using CodeQL to do dataflow analysis now, and I'm curious about the module MyFlowConfiguration implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
source instanceof ThreatModelFlowSource
}
predicate isSink(DataFlow::Node sink) {
any()
}
} Is it possible to enumerate all data flows? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
Yes,
|
Beta Was this translation helpful? Give feedback.
The sources in
ThreatModelFlowSource
is defined as a combination of Models as Data and QL. Sources are "often" return values of a method (API) call.An example:
In
java.net.model.yml
the following source model is defined:This means that the return value of calling the method
getInputStream
(defined in the classSocket
in the packagejava.net
) is considered a remote source of input (which is included in the default threat model). Models as Data is documented here: https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/The dataflow library works by fi…