Module JexlInjectionQuery
Provides classes to reason about Expression Language (JEXL) injection vulnerabilities.
Import path
import semmle.code.java.security.JexlInjectionQuery
Imports
FlowSources | Provides classes representing various flow sources for taint tracking. |
TaintTracking | Provides classes for performing local (intra-procedural) and global (inter-procedural) taint-tracking analyses. |
java | Provides all default Java QL imports. |
Classes
JexlEvaluationSink | A sink for Expresssion Language injection vulnerabilities via Jexl, that is, method calls that run evaluation of a JEXL expression. |
JexlInjectionAdditionalTaintStep | A unit class for adding additional taint steps. |
JexlInjectionConfig | DEPRECATED: Use |
Modules
JexlInjectionConfig | A taint-tracking configuration for unsafe user input that is used to construct and evaluate a JEXL expression. It supports both JEXL 2 and 3. |
Aliases
JexlInjectionFlow | Tracks unsafe user input that is used to construct and evaluate a JEXL expression. It supports both JEXL 2 and 3. |