CodeQL library for Java/Kotlin
codeql/java-all 7.1.1-dev (changelog, source)
Index
Search

Module RequestForgery

Provides classes to reason about server-side request forgery (SSRF) attacks.

Import path

import semmle.code.java.security.RequestForgery

Imports

ApacheHttp

Provides classes and predicates related to org.apache.http.* and org.apache.hc.*.

DataFlow

Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses.

Http

Provides classes and predicates related to java.net.http.*.

JaxWS

Definitions relating to JAX-WS (Java/Jakarta API for XML Web Services) and JAX-RS (Java/Jakarta API for RESTful Web Services).

Networking

Definitions related to java.net.*.

Properties

Definitions related to java.util.Properties.

Spring
java

Provides all default Java QL imports.

Classes

HostnameSanitizingPrefix

A string constant that contains a prefix which looks like when it is prepended to untrusted input, it will restrict the host or entity addressed.

RequestForgeryAdditionalTaintStep

A unit class for adding additional taint steps that are specific to server-side request forgery (SSRF) attacks.

RequestForgerySanitizer

A sanitizer for request forgery vulnerabilities.

RequestForgerySink

A data flow sink for server-side request forgery (SSRF) vulnerabilities.