CodeQL library for Java/Kotlin
codeql/java-all 0.10.0 (changelog, source)
Search

Module SensitiveApi

Provides predicates defining methods that consume sensitive data, such as usernames and passwords.

Import path

import semmle.code.java.security.SensitiveApi

Imports

java

Provides all default Java QL imports.

Predicates

javaApiCallableCryptoKeyParam

DEPRECATED: Use the CryptoKeySink class instead. Holds if callable c from a standard Java API expects a cryptographic key parameter at index i.

javaApiCallablePasswordParam

DEPRECATED: Use the PasswordSink class instead. Holds if callable c from a standard Java API expects a password parameter at index i.

javaApiCallableUsernameParam

DEPRECATED: Use the UsernameSink class instead. Holds if callable c from a standard Java API expects a username parameter at index i.

otherApiCallableCredentialParam

DEPRECATED: Use the CredentialsSinkNode class instead. Holds if callable c from a known API expects a credential parameter at index i.

Classes

CredentialsSinkNode

A node that represents the use of a credential.

CryptoKeySink

A node representing a cryptographic key being passed to a method.

PasswordSink

A node representing a password being passed to a method.

UsernameSink

A node representing a username being passed to a method.