Module FlowSources

Provides classes representing various flow sources for taint tracking.

Import path

import semmle.code.java.dataflow.FlowSources

Imports

Android	Provides classes and predicates for working with Android components.
ApacheHttp	Provides classes and predicates related to `org.apache.http.` and `org.apache.hc.`.
DataFlow	Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses.
DefUse	Provides classes and predicates for def-use and use-use pairs. Built on top of the SSA library for maximal precision.
ExternalStorage	Provides definitions for working with uses of Android external storage
Guice	Provides classes and predicates for working with the Guice framework.
Intent
JSFRenderer	Provides classes and predicates for working with JavaServer Faces renderer.
JaxWS	Definitions relating to JAX-WS (Java/Jakarta API for XML Web Services) and JAX-RS (Java/Jakarta API for RESTful Web Services).
Jdbc	Provides classes and predicates for working with the Java JDBC API.
Networking	Definitions related to `java.net.*`.
OnActivityResultSource	Provides a remote flow source for Android’s `Activity.onActivityResult` method.
Play	Provides classes and predicates for working with the Play framework.
Properties	Definitions related to `java.util.Properties`.
Rmi	Remote Method Invocation.
Servlets	Provides classes and predicates for working with the Java Servlet API.
SpringController
SpringWeb	Provides classes for working with Spring web requests.
SpringWebClient	Provides classes for working with Spring web clients.
StrutsActions
TaintTracking	Provides classes for performing local (intra-procedural) and global (inter-procedural) taint-tracking analyses.
Thrift	Provides classes and predicates for working with the Apache Thrift framework.
WebSocket	Provides classes for identifying methods called by the Java SE WebSocket package.
WebView
XmlParsing
java	Provides all default Java QL imports.

Classes

AndroidContentProviderInput	A parameter of an entry-point method declared in a `ContentProvider` class.
AndroidIntentInput	Android `Intent` that may have come from a hostile application.
AndroidJavascriptInterfaceMethodParameter	A parameter of a method annotated with the `android.webkit.JavascriptInterface` annotation.
DatabaseInput	DEPRECATED: Use the threat models feature. That is, use `ThreatModelFlowSource` as the class of nodes for sources and set up the threat model configuration to filter source nodes. Alternatively, use `getThreatModel` to filter nodes to create the class of nodes you need.
EnvInput	DEPRECATED: Use the threat models feature. That is, use `ThreatModelFlowSource` as the class of nodes for sources and set up the threat model configuration to filter source nodes. Alternatively, use `getThreatModel` to filter nodes to create the class of nodes you need.
EnvReadMethod	A method that reads from the environment, such as `System.getProperty` or `System.getenv`.
ExportedAndroidContentProviderInput	A parameter of an entry-point method declared in an exported `ContentProvider` class.
ExportedAndroidIntentInput	Exported Android `Intent` that may have come from a hostile application.
LocalUserInput	A node with input that may be controlled by a local user.
OnActivityResultIntentSource	The data Intent parameter in the `onActivityResult` method in an Activity or Fragment that calls `startActivityForResult` with an implicit Intent.
RemoteFlowSource	A data flow source of remote user input.
ReverseDnsMethod	A reverse DNS method.
SourceNode	A data flow source.
ThreatModelFlowSource	A class of data flow sources that respects the current threat model configuration.
TypeInetAddr	The type `java.net.InetAddress`.
UserInput	Class for `tainted` user input.