Module SpelInjection
Provides classes to reason about SpEL injection attacks.
Import path
import semmle.code.java.security.SpelInjection
Imports
java | Provides all default Java QL imports. |
Classes
SpelExpressionEvaluationSink | A data flow sink for unvalidated user input that is used to construct SpEL expressions. |
SpelExpressionInjectionAdditionalTaintStep | A unit class for adding additional taint steps. |