CodeQL library for Java/Kotlin
codeql/java-all 4.2.1 (changelog, source)
Search

Module TaintTracking

Import path

import semmle.code.java.dataflow.TaintTracking

Imports

Predicates

defaultAdditionalTaintStep

Holds if the additional step from src to sink should be included in all global taint flow configurations.

defaultImplicitTaintRead

Holds if default TaintTracking::Configurations should allow implicit reads of c at sinks and inputs to additional taint steps.

defaultTaintSanitizer

Holds if node should be a sanitizer in all global taint flow configurations but not in local taint.

forceCachingInSameStage
localAdditionalTaintStep

Holds if taint can flow in one local step from src to sink excluding local data flow steps. That is, src and sink are likely to represent different objects.

localExprTaint

Holds if taint can flow from src to sink in zero or more local (intra-procedural) steps.

localTaint

Holds if taint can flow from src to sink in zero or more local (intra-procedural) steps.

localTaintStep

Holds if taint can flow in one local step from src to sink.

speculativeTaintStep

Holds if the additional step from src to sink should be considered in speculative taint flow exploration.

Classes

AdditionalDataFlowNode

A unit class for adding additional data flow nodes.

AdditionalReadStep

A unit class for adding additional read steps.

AdditionalStoreStep

A unit class for adding additional store steps.

AdditionalTaintStep

A unit class for adding additional taint steps.

AdditionalValueStep

A unit class for adding additional value steps.

Configuration

DEPRECATED: Use Global and GlobalWithState instead.

FluentMethod

A method that returns the exact value of its qualifier (e.g., return this;)

ObjectOutputStreamVar

A local variable that is assigned an ObjectOutputStream. Writing tainted data to such a stream causes the underlying OutputStream to be tainted.

TaintInheritingContent

A Content that should be implicitly regarded as tainted whenever an object with such Content is itself tainted.

TaintPreservingCallable

A method or constructor that preserves taint.

ValuePreservingMethod

A method that returns the exact value of one of its parameters or the qualifier.

Modules

LocalTaintFlow

Provides local taint flow restricted to a given set of sources and sinks.

StringBuilderVarModule

Predicate signatures

nodeSig

Holds if node is an endpoint for local taint flow.