You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/codeql/codeql-language-guides/customizing-library-models-for-go.rst
+5-6Lines changed: 5 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -97,7 +97,7 @@ The first five values identify the callable (in this case a method) to be modele
97
97
- The first value ``database/sql`` is the package name.
98
98
- The second value ``DB`` is the name of the type that the method is associated with.
99
99
- The third value ``False`` is a flag that indicates whether or not the sink also applies to all overrides of the method.
100
-
- The fourth value ``Prepare`` is the method name. Constructors are named after the class.
100
+
- The fourth value ``Prepare`` is the method name.
101
101
- The fifth value ``""`` is the method input type signature. For Go it should always be an empty string. It is needed for other languages where multiple functions or methods may have the same name and they need to be distinguished by the number and types of the arguments.
102
102
103
103
The sixth value should be left empty and is out of scope for this documentation.
@@ -158,7 +158,7 @@ This pattern covers many of the cases where we need to summarize flow through a
158
158
func TaintFlow() {
159
159
ss := []string{"Hello", "World"}
160
160
sep := " "
161
-
t := strings.Join(ss, sep) // There is taint flow from s1 and s2 to t.
161
+
t := strings.Join(ss, sep) // There is taint flow from ss and sep to t.
162
162
...
163
163
}
164
164
@@ -235,7 +235,6 @@ Each tuple defines flow from one argument to the return value.
235
235
The first row defines flow from the qualifier of the method call (``u`` in the example) to the return value (``host`` in the example).
236
236
237
237
The first five values identify the callable (in this case a method) to be modeled as a summary.
238
-
These are the same for both of the rows above as we are adding two summaries for the same method.
239
238
240
239
- The first value ``net/url`` is the package name.
241
240
- The second value ``URL`` is the receiver type.
@@ -346,7 +345,7 @@ The first four values identify the callable (in this case the getter of the ``No
346
345
347
346
Example: Accessing the ``Body`` field of an HTTP request
This example shows how we can model a field as a source of tainted data.
348
+
This example shows how we can model a field read as a source of tainted data.
350
349
351
350
.. code-block:: go
352
351
@@ -387,7 +386,7 @@ Package grouping
387
386
388
387
Since Go uses URLs for package identifiers, it is possible for packages to be imported with different paths. For example, the ``glog`` package can be imported using both the ``github.com/golang/glog`` and ``gopkg.in/glog`` paths.
389
388
390
-
To handle this, the CodeQL Go library uses a mapping from the package path to a name for the package. This mapping can be specified using the ``packageGrouping`` extensible predicate, and then the models for the APIs in the package
389
+
To handle this, the CodeQL Go library uses a mapping from the package path to a group name for the package. This mapping can be specified using the ``packageGrouping`` extensible predicate, and then the models for the APIs in the package
391
390
will use the group name in place of the package path. The package field in models will be the prefix ``group:`` followed by the group name.
392
391
393
392
.. code-block:: yaml
@@ -403,7 +402,7 @@ will use the group name in place of the package path. The package field in model
0 commit comments