CodeQL library for Java
Search

Module TaintTracking

Import path

import semmle.code.java.dataflow.TaintTracking

Predicates

defaultAdditionalTaintStep

Holds if the additional step from src to sink should be included in all global taint flow configurations.

defaultImplicitTaintRead

Holds if default TaintTracking::Configurations should allow implicit reads of c at sinks and inputs to additional taint steps.

defaultTaintSanitizer

Holds if node should be a sanitizer in all global taint flow configurations but not in local taint.

forceCachingInSameStage
localAdditionalTaintStep

Holds if taint can flow in one local step from src to sink excluding local data flow steps. That is, src and sink are likely to represent different objects.

localExprTaint

Holds if taint can flow from src to sink in zero or more local (intra-procedural) steps.

localTaint

Holds if taint can flow from src to sink in zero or more local (intra-procedural) steps.

localTaintStep

Holds if taint can flow in one local step from src to sink.

Classes

AdditionalTaintStep

A unit class for adding additional taint steps.

Configuration

A configuration of interprocedural taint tracking analysis. This defines sources, sinks, and any other configurable aspect of the analysis. Each use of the taint tracking library must define its own unique extension of this abstract class.

FluentMethod

A method that returns the exact value of its qualifier (e.g., return this;)

ObjectOutputStreamVar

A local variable that is assigned an ObjectOutputStream. Writing tainted data to such a stream causes the underlying OutputStream to be tainted.

TaintPreservingCallable

A method or constructor that preserves taint.

ValuePreservingMethod

A method that returns the exact value of one of its parameters or the qualifier.

Modules