CodeQL library for Java/Kotlin
codeql/java-all 0.10.0 (changelog, source)
Search

Module LogInjection

Provides classes and predicates related to Log Injection vulnerabilities.

Import path

import semmle.code.java.security.LogInjection

Imports

java

Provides all default Java QL imports.

Classes

LogInjectionAdditionalTaintStep

A unit class for adding additional taint steps.

LogInjectionSanitizer

A node that sanitizes a message before logging to avoid log injection.

LogInjectionSink

A data flow sink for unvalidated user input that is used to log messages.