CodeQL library for Java
Search

Module FlowSources

Provides classes representing various flow sources for taint tracking.

Import path

import semmle.code.java.dataflow.FlowSources

Imports

Android

Provides classes and predicates for working with Android components.

ApacheHttp

Provides classes and predicates related to org.apache.http.* and org.apache.hc.*.

DataFlow

Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses.

DefUse

Provides classes and predicates for def-use and use-use pairs. Built on top of the SSA library for maximal precision.

Guice

Provides classes and predicates for working with the Guice framework.

Intent
JSFRenderer

Provides classes and predicates for working with JavaServer Faces renderer.

JaxWS

Definitions relating to JAX-WS (Java/Jakarta API for XML Web Services) and JAX-RS (Java/Jakarta API for RESTful Web Services).

Jdbc

Provides classes and predicates for working with the Java JDBC API.

Networking

Definitions related to java.net.*.

Play

Provides classes and predicates for working with the Play framework.

Properties
Rmi
Servlets

Provides classes and predicates for working with the Java Servlet API.

SpringController
SpringWeb

Provides classes for working with Spring web requests.

SpringWebClient

Provides classes for working with Spring web clients.

StrutsActions
TaintTracking

Provides classes for performing local (intra-procedural) and global (inter-procedural) taint-tracking analyses.

Thrift

Provides classes and predicates for working with the Apache Thrift framework.

WebSocket

Provides classes for identifying methods called by the Java SE WebSocket package.

WebView
XmlParsing
java

Provides all default Java QL imports.

Classes

AndroidIntentInput

Android Intent that may have come from a hostile application.

DatabaseInput

A node with input from a database.

EnvInput

A node with input from the local environment, such as files, standard in, environment variables, and main method parameters.

EnvReadMethod

A method that reads from the environment, such as System.getProperty or System.getenv.

ExportedAndroidIntentInput

Exported Android Intent that may have come from a hostile application.

LocalUserInput

A node with input that may be controlled by a local user.

RemoteFlowSource

A data flow source of remote user input.

ReverseDNSMethod

A reverse DNS method.

TypeInetAddr

The type java.net.InetAddress.

UserInput

Class for tainted user input.