Module ControlledString
Controlled strings are the opposite of tainted strings. There is positive evidence that they are fully controlled by the program source code.
Import path
import semmle.code.java.security.ControlledString
Imports
Expr | Provides classes for working with Java expressions. |
Validation |
Predicates
controlledString | Strings that are known to not include any special characters, due to being fully controlled by the programmer. |
endsInQuote | A static analysis of strings that end in a single quote. When such strings are concatenated with another string, it suggests the programmer believes that code needed quoting. However, it is better to use a prepared query than to just put single quotes around the string. |