For other CodeQL resources, including tutorials and examples, see the CodeQL documentation

ExternalAPIs

Module ExternalAPIs

Definitions for reasoning about untrusted data used in APIs defined outside the database.


                                import semmle.code.java.security.ExternalAPIs

FlowSources	Provides classes representing various flow sources for taint tracking.
TaintTracking	Provides classes for performing local (intra-procedural) and global (inter-procedural) taint-tracking analyses.
java	Provides all default Java QL imports.

ExternalApiDataNode	A node representing data being passed to an external API.
ExternalApiUsedWithUntrustedData	An external API which is used with untrusted data.
SafeExternalApiMethod	A `Method` that is considered a “safe” external API from a security perspective.
UntrustedDataToExternalApiConfig	A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s.
UntrustedExternalApiDataNode	A node representing untrusted data being passed to an external API.

ExternalAPIDataNode	DEPRECATED: Alias for ExternalApiDataNode
ExternalAPIUsedWithUntrustedData	DEPRECATED: Alias for ExternalApiUsedWithUntrustedData
SafeExternalAPIMethod	DEPRECATED: Alias for SafeExternalApiMethod
UntrustedDataToExternalAPIConfig	DEPRECATED: Alias for UntrustedDataToExternalApiConfig
UntrustedExternalAPIDataNode	DEPRECATED: Alias for UntrustedExternalApiDataNode