CodeQL library for Java/Kotlin
codeql/java-all 4.1.1 (changelog, source)
Search

Module InsecureBeanValidationQuery

Provides classes and a taint tracking configuration to reason about insecure bean validation.

Import path

import semmle.code.java.security.InsecureBeanValidationQuery

Imports

FlowSources

Provides classes representing various flow sources for taint tracking.

TaintTracking

Provides classes for performing local (intra-procedural) and global (inter-procedural) taint-tracking analyses.

java

Provides all default Java QL imports.

Classes

SetMessageInterpolatorCall

A method call that sets the application’s default message interpolator.

Modules

BeanValidationConfig

Taint tracking BeanValidationConfiguration describing the flow of data from user input to the argument of a method that builds constraint error messages.

Aliases

BeanValidationFlow

Tracks flow from user input to the argument of a method that builds constraint error messages.