CodeQL library for Java
codeql/java-all 0.4.4 (changelog, source)
Search

Module MvelInjectionQuery

Provides taint tracking configurations to be used in MVEL injection related queries.

Import path

import semmle.code.java.security.MvelInjectionQuery

Imports

FlowSources

Provides classes representing various flow sources for taint tracking.

MvelInjection

Provides classes to reason about MVEL injection attacks.

TaintTracking

Provides classes for performing local (intra-procedural) and global (inter-procedural) taint-tracking analyses.

java

Provides all default Java QL imports.

Classes

MvelInjectionFlowConfig

A taint-tracking configuration for unsafe user input that is used to construct and evaluate a MVEL expression.