Module SecurityFlag
Provides utility predicates to spot variable names, parameter names, and string literals that suggest deliberately insecure settings.
Import path
import semmle.code.java.security.SecurityFlag
Imports
| DataFlow |
Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses. |
| FlowSources |
Provides classes representing various flow sources for taint tracking. |
| Guards |
Provides classes and predicates for reasoning about guards and the control flow elements controlled by those guards. |
| java |
Provides all default Java QL imports. |
Predicates
| getASecurityFeatureFlagGuard |
Gets a guard that represents a (likely) security feature-flag check. |
Classes
| FlagKind |
A kind of flag that may indicate security expectations regarding the code it guards. |