CodeQL library for Java/Kotlin
codeql/java-all 1.1.0 (changelog, source)
Search

Module PartialPathTraversalQuery

Provides taint tracking configurations to be used in partial path traversal queries.

Import path

import semmle.code.java.security.PartialPathTraversalQuery

Imports

DataFlow

Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses.

FlowSources

Provides classes representing various flow sources for taint tracking.

PartialPathTraversal

Provides classes to reason about partial path traversal vulnerabilities.

TaintTracking

Provides classes for performing local (intra-procedural) and global (inter-procedural) taint-tracking analyses.

java

Provides all default Java QL imports.

Classes

PartialPathTraversalFromRemoteConfig

DEPRECATED: Use PartialPathTraversalFromRemoteFlow instead.

Modules

PartialPathTraversalFromRemoteConfig

A taint-tracking configuration for unsafe user input that is used to validate against path traversal, but is insufficient and remains vulnerable to Partial Path Traversal.

Aliases

PartialPathTraversalFromRemoteFlow

Tracks flow of unsafe user input that is used to validate against path traversal, but is insufficient and remains vulnerable to Partial Path Traversal.