CodeQL library for Java
codeql/java-all 0.3.3 (changelog, source)
Search

Module OgnlInjection

Provides classes to reason about OGNL injection vulnerabilities.

Import path

import semmle.code.java.security.OgnlInjection

Imports

java

Provides all default Java QL imports.

Classes

OgnlInjectionAdditionalTaintStep

A unit class for adding additional taint steps.

OgnlInjectionSink

A data flow sink for unvalidated user input that is used in OGNL EL evaluation.