CodeQL library for Java
codeql/java-all 0.3.2 (changelog, source)
Search

Module LogInjection

Provides classes and predicates related to Log Injection vulnerabilities.

Import path

import semmle.code.java.security.LogInjection

Imports

DataFlow

Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses.

java

Provides all default Java QL imports.

Classes

LogInjectionAdditionalTaintStep

A unit class for adding additional taint steps.

LogInjectionSanitizer

A node that sanitizes a message before logging to avoid log injection.

LogInjectionSink

A data flow sink for unvalidated user input that is used to log messages.