Module Security

Reading from the environment, for example with ‘getenv’.

Provides classes modeling C/C++ expressions.

Provides classes for modeling functions that return data from (or send data to) potentially untrusted sources. To use this QL library, create a QL class extending DataFlowFunction with a characteristic predicate that selects the function or set of functions you are modeling. Within that class, override the predicates provided by RemoteFlowSourceFunction or RemoteFlowSinkFunction to match the flow within that function.

Security pack options.

Provides abstract classes for modeling functions that execute and escape SQL query strings. To extend this QL library, create a QL class extending SqlExecutionFunction or SqlEscapeFunction with a characteristic predicate that selects the function or set of functions you are modeling. Within that class, override the predicates provided by the class to match the way a parameter flows into the function and, in the case of SqlEscapeFunction, out of the function.

The argv parameter to the main function

Convenience accessor for SecurityOptions.isProcessOperationArgument

Convenience accessor for SecurityOptions.isPureFunction

Convenience accessor for SecurityOptions.isUserInput

Convenient accessor for SecurityOptions.raisesPrivilege

Convenience accessor for SecurityOptions.sqlArgument

Convenience accessor for SecurityOptions.userInputArgument

Convenience accessor for SecurityOptions.userInputReturn

Extend this class to customize the security queries for a particular code base. Provide no constructor in the subclass, and override any methods that need customizing.