CodeQL library for Java/Kotlin
codeql/java-all 0.8.12 (changelog, source)
Search

Module ControlledString

Controlled strings are the opposite of tainted strings. There is positive evidence that they are fully controlled by the program source code.

Import path

import semmle.code.java.security.ControlledString

Imports

Expr

Provides classes for working with Java expressions.

Validation

Predicates

controlledString

Strings that are known to not include any special characters, due to being fully controlled by the programmer.

endsInQuote

A static analysis of strings that end in a single quote. When such strings are concatenated with another string, it suggests the programmer believes that code needed quoting. However, it is better to use a prepared query than to just put single quotes around the string.