CodeQL library for Java/Kotlin
codeql/java-all 4.2.1 (changelog, source)
Search

Module SpelInjection

Provides classes to reason about SpEL injection attacks.

Import path

import semmle.code.java.security.SpelInjection

Imports

java

Provides all default Java QL imports.

Classes

SpelExpressionEvaluationSink

A data flow sink for unvalidated user input that is used to construct SpEL expressions.

SpelExpressionInjectionAdditionalTaintStep

A unit class for adding additional taint steps.