CodeQL library for Java
codeql/java-all 0.3.2 (changelog, source)
Search

Module MvelInjection

Provides classes to reason about MVEL injection attacks.

Import path

import semmle.code.java.security.MvelInjection

Imports

java

Provides all default Java QL imports.

Classes

MvelEvaluationSink

A data flow sink for unvalidated user input that is used to construct MVEL expressions.

MvelInjectionAdditionalTaintStep

A unit class for adding additional taint steps.

MvelInjectionSanitizer

A sanitizer that prevents MVEL injection attacks.