Module JexlInjectionQuery
Provides classes to reason about Expression Language (JEXL) injection vulnerabilities.
Import path
import semmle.code.java.security.JexlInjectionQueryImports
| FlowSources | Provides classes representing various flow sources for taint tracking. |
| TaintTracking | Provides classes for performing local (intra-procedural) and global (inter-procedural) taint-tracking analyses. |
| java | Provides all default Java QL imports. |
Classes
| JexlEvaluationSink | A sink for Expresssion Language injection vulnerabilities via Jexl, that is, method calls that run evaluation of a JEXL expression. |
| JexlInjectionAdditionalTaintStep | A unit class for adding additional taint steps. |
| JexlInjectionConfig | DEPRECATED: Use |
Modules
| JexlInjectionConfig | A taint-tracking configuration for unsafe user input that is used to construct and evaluate a JEXL expression. It supports both JEXL 2 and 3. |
Aliases
| JexlInjectionFlow | Tracks unsafe user input that is used to construct and evaluate a JEXL expression. It supports both JEXL 2 and 3. |