CodeQL library for Java/Kotlin
codeql/java-all 4.1.2-dev (changelog, source)
Search

Class SpelExpressionEvaluationSink

A data flow sink for unvalidated user input that is used to construct SpEL expressions.

Import path

import semmle.code.java.security.SpelInjection

Direct supertypes

Indirect supertypes

Known direct subtypes

    Inherited fields

    Inherited predicates

    asExpr

    Gets the expression corresponding to this node, if any.

    from Node
    asParameter

    Gets the parameter corresponding to this node, if any.

    from Node
    getEnclosingCallable

    Gets the callable in which this node occurs.

    from Node
    getExpr

    Gets the expression corresponding to this node.

    from ExprNode
    getLocation

    Gets the source location for this element.

    from ExprNode
    getType

    Gets the type of this node.

    from Node
    getTypeBound

    Gets an upper bound on the type of this node.

    from Node
    hasLocationInfo

    Holds if this element is at the specified location. The location spans column startcolumn of line startline to column endcolumn of line endline in file filepath. For more information, see Locations.

    from Node
    toString

    Gets a textual representation of this element.

    from ExprNode