Module MvelInjection
Provides classes to reason about MVEL injection attacks.
Import path
import semmle.code.java.security.MvelInjection
Imports
java | Provides all default Java QL imports. |
Classes
MvelEvaluationSink | A data flow sink for unvalidated user input that is used to construct MVEL expressions. |
MvelInjectionAdditionalTaintStep | A unit class for adding additional taint steps. |
MvelInjectionSanitizer | A sanitizer that prevents MVEL injection attacks. |