CodeQL library for Java/Kotlin
codeql/java-all 1.1.0 (changelog, source)
Search

Module SqlConcatenatedLib

Definitions used by SqlConcatenated.ql.

Import path

import semmle.code.java.security.SqlConcatenatedLib

Imports

ControlledString

Controlled strings are the opposite of tainted strings. There is positive evidence that they are fully controlled by the program source code.

TaintTracking

Provides classes for performing local (intra-procedural) and global (inter-procedural) taint-tracking analyses.

Predicates

builtFromUncontrolledConcat

A string concatenation that includes a string not known to be programmer controlled.

uncontrolledStringBuilderQuery

A query built with a StringBuilder, where one of the items appended is uncontrolled.