Module JexlInjectionConfig

A taint-tracking configuration for unsafe user input that is used to construct and evaluate a JEXL expression. It supports both JEXL 2 and 3.

Import path

import semmle.code.java.security.JexlInjectionQuery

isAdditionalFlowStep	Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
isSink	Holds if `sink` is a relevant data flow sink.
isSource	Holds if `source` is a relevant data flow source.
observeDiffInformedIncrementalMode	Holds if sources and sinks should be filtered to only include those that may lead to a flow path with either a source or a sink in the location range given by `AlertFiltering`. This only has an effect when running in diff-informed incremental mode.