CodeQL library for Java
codeql/java-all 0.4.4 (changelog, source)
Search

Module RequestForgery

Provides classes to reason about server-side request forgery (SSRF) attacks.

Import path

import semmle.code.java.security.RequestForgery

Imports

ApacheHttp

Provides classes and predicates related to org.apache.http.* and org.apache.hc.*.

DataFlow

Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses.

Http

Provides classes and predicates related to java.net.http.*.

JaxWS

Definitions relating to JAX-WS (Java/Jakarta API for XML Web Services) and JAX-RS (Java/Jakarta API for RESTful Web Services).

Networking

Definitions related to java.net.*.

Properties
Spring
java

Provides all default Java QL imports.

Classes

RequestForgeryAdditionalTaintStep

A unit class for adding additional taint steps that are specific to server-side request forgery (SSRF) attacks.

RequestForgerySanitizer

A sanitizer for request forgery vulnerabilities.

RequestForgerySink

A data flow sink for server-side request forgery (SSRF) vulnerabilities.