CodeQL library for Java/Kotlin
codeql/java-all 0.9.0 (changelog, source)
Search

Module AndroidCertificatePinningQuery

Definitions for the Android Missing Certificate Pinning query.

Import path

import semmle.code.java.security.AndroidCertificatePinningQuery

Imports

AndroidManifest

Provides classes and predicates for working with Android manifest files.

Encryption

Provides predicates and classes relating to encryption in Java.

HttpsUrls

Provides classes and predicates to reason about plaintext HTTP vulnerabilities.

Networking

Definitions related to java.net.*.

TaintTracking

Provides classes for performing local (intra-procedural) and global (inter-procedural) taint-tracking analyses.

java

Provides all default Java QL imports.

Predicates

isAndroid

Holds if this database is of an Android application.

missingPinning

Holds if node is a network communication call for which certificate pinning is not implemented.

trustedDomain

Holds if the given domain name is trusted by some certificate pinning implementation.

Classes

AndroidNetworkSecurityConfigFile

An Android Network Security Configuration XML file.