CodeQL library for Java/Kotlin
codeql/java-all 2.0.1-dev (changelog, source)
Index
Search

Module MvelInjection

Provides classes to reason about MVEL injection attacks.

Import path

import semmle.code.java.security.MvelInjection

Imports

java

Provides all default Java QL imports.

Classes

MvelEvaluationSink

A data flow sink for unvalidated user input that is used to construct MVEL expressions.

MvelInjectionAdditionalTaintStep

A unit class for adding additional taint steps.

MvelInjectionSanitizer

A sanitizer that prevents MVEL injection attacks.