Module SpelInjection

Provides classes to reason about SpEL injection attacks.

Import path

import semmle.code.java.security.SpelInjection

java	Provides all default Java QL imports.

SpelExpressionEvaluationSink	A data flow sink for unvalidated user input that is used to construct SpEL expressions.
SpelExpressionInjectionAdditionalTaintStep	A unit class for adding additional taint steps.