-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy paththreat-model-grouping.model.yml
More file actions
34 lines (29 loc) · 1.04 KB
/
threat-model-grouping.model.yml
File metadata and controls
34 lines (29 loc) · 1.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
extensions:
- addsTo:
pack: codeql/threat-models
extensible: threatModelGrouping
data:
# Default threat model
- ["remote", "default"]
# Remote threat models
- ["request", "remote"]
- ["response", "remote"]
# Local threat models
- ["database", "local"]
- ["commandargs", "local"]
- ["environment", "local"]
- ["stdin", "local"]
- ["file", "local"]
- ["windows-registry", "local"]
# Client-side threat models for request responses.
- ["client-response", "local"]
# Android threat models
- ["android-external-storage-dir", "android"]
- ["contentprovider", "android"]
# Threat models that are not grouped with any other threat models.
# (Note that all threat models are a child of "all" implicitly, and we
# make it explicit here just to make sure all threat models are listed.)
- ["database-access-result", "all"]
- ["file-write", "all"]
- ["reverse-dns", "all"]
- ["view-component-input", "all"]