CodeQL library for Java/Kotlin

codeql/java-all 7.1.3-dev (changelog, source)

Module TaintTracking

Import path

import semmle.code.java.dataflow.TaintTracking

Imports

TaintFlowMake<Location::Location, DataFlowImplSpecific::JavaDataFlow, TaintTrackingImplSpecific::JavaTaintTracking>

Construct the modules for taint-tracking analyses.

Predicates

defaultAdditionalTaintStep	Holds if the additional step from `src` to `sink` should be included in all global taint flow configurations.
defaultImplicitTaintRead	Holds if default `TaintTracking::Configuration`s should allow implicit reads of `c` at sinks and inputs to additional taint steps.
defaultTaintSanitizer	Holds if `node` should be a sanitizer in all global taint flow configurations but not in local taint.
forceCachingInSameStage
localAdditionalTaintStep	Holds if taint can flow in one local step from `src` to `sink` excluding local data flow steps. That is, `src` and `sink` are likely to represent different objects.
localExprTaint	Holds if taint can flow from `src` to `sink` in zero or more local (intra-procedural) steps.
localTaint	Holds if taint can flow from `src` to `sink` in zero or more local (intra-procedural) steps.
localTaintStep	Holds if taint can flow in one local step from `src` to `sink`.
speculativeTaintStep	Holds if the additional step from `src` to `sink` should be considered in speculative taint flow exploration.

Classes

AdditionalDataFlowNode	A unit class for adding additional data flow nodes.
AdditionalReadStep	A unit class for adding additional read steps.
AdditionalStoreStep	A unit class for adding additional store steps.
AdditionalTaintStep	A unit class for adding additional taint steps.
AdditionalValueStep	A unit class for adding additional value steps.
DefaultTaintSanitizer	A sanitizer in all global taint flow configurations but not in local taint.
FluentMethod	A method that returns the exact value of its qualifier (e.g., `return this;`)
ObjectOutputStreamVar	A local variable that is assigned an `ObjectOutputStream`. Writing tainted data to such a stream causes the underlying `OutputStream` to be tainted.
TaintInheritingContent	A `Content` that should be implicitly regarded as tainted whenever an object with such `Content` is itself tainted.
TaintPreservingCallable	A method or constructor that preserves taint.
ValuePreservingMethod	A method that returns the exact value of one of its parameters or the qualifier.

Modules

LocalTaintFlow	Provides local taint flow restricted to a given set of sources and sinks.
StringBuilderVarModule

Predicate signatures

Holds if node is an endpoint for local taint flow.