Module SecurityFlag
Provides utility predicates to spot variable names, parameter names, and string literals that suggest deliberately insecure settings.
Import path
import semmle.code.java.security.SecurityFlag
Imports
DataFlow | Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses. |
FlowSources | Provides classes representing various flow sources for taint tracking. |
Guards | Provides classes and predicates for reasoning about guards and the control flow elements controlled by those guards. |
java | Provides all default Java QL imports. |
Predicates
getASecurityFeatureFlagGuard | Gets a guard that represents a (likely) security feature-flag check. |
Classes
FlagKind | A kind of flag that may indicate security expectations regarding the code it guards. |