Is your feature request related to a problem? Please describe.
The codeql CLI interface offers the option to specify a threat model by e.g. using the --threat-model local flag.
However, as far as I'm aware, there is not such feature in the IDE itself to configure the threat model.
Describe the solution you'd like
Either:
- add a dropdown when running a query using
CodeQL: Run Query on Selected Database where the user has to select the threat model every time they run a query
- add a global config option to the plugin (could be problematic when different languages potentially support different threat models)
- add a new
CodeQL: Run Query on Selected Database with Thread Model option.
- add a "Set Threat Model" for database command.
Describe alternatives you've considered
Run the query on the db using codeql database analyze yada yada yada --threat-model local.
However, looking at the result in SARIF isn't as nice as looking at the result of the CodeQL extension directly in the IDE.
Is your feature request related to a problem? Please describe.
The
codeqlCLI interface offers the option to specify a threat model by e.g. using the--threat-model localflag.However, as far as I'm aware, there is not such feature in the IDE itself to configure the threat model.
Describe the solution you'd like
Either:
CodeQL: Run Query on Selected Databasewhere the user has to select the threat model every time they run a queryCodeQL: Run Query on Selected Database with Thread Modeloption.Describe alternatives you've considered
Run the query on the db using
codeql database analyze yada yada yada --threat-model local.However, looking at the result in SARIF isn't as nice as looking at the result of the CodeQL extension directly in the IDE.