CodeQL library for Java
codeql/java-all 0.4.0-dev (changelog, source)
Search

Class TaintTracking::TaintInheritingContent

A Content that should be implicitly regarded as tainted whenever an object with such Content is itself tainted.

For example, if we had a type class Container { Contained field; }, then by default a tainted Container and a Container with a tainted Contained stored in its field are distinct.

If any(DataFlow::FieldContent fc | fc.getField().hasQualifiedName("Container", "field")) was included in this type however, then a tainted Container would imply that its field is also tainted (but not vice versa).

Note that TaintTracking::Configuration applies this behavior by default to array, collection, map-key and map-value content, so that e.g. a tainted Map is assumed to have tainted keys and values.

Import path

import semmle.code.java.dataflow.TaintTracking

Direct supertypes

Indirect supertypes

Known direct subtypes

    Inherited predicates

    getType

    Gets the type of the contained data for the purpose of type pruning.

    from Content
    hasLocationInfo

    Holds if this element is at the specified location. The location spans column startcolumn of line startline to column endcolumn of line endline in file filepath. For more information, see Locations.

    from Content
    toString

    Gets a textual representation of this element.

    from Content