CodeQL library for Java/Kotlin
codeql/java-all 7.1.3-dev (changelog, source)
Index
Search

Module SqlInjectionQuery

Provides taint tracking and dataflow configurations to be used in Sql injection queries.

Do not import this from a library file, in order to reduce the risk of unintentionally bringing a TaintTracking::Configuration into scope in an unrelated query.

Import path

import semmle.code.java.security.SqlInjectionQuery

Imports

FlowSources

Provides classes representing various flow sources for taint tracking.

QueryInjection

Provides classes to reason about database query language injection vulnerabilities.

java

Provides all default Java QL imports.

Predicates

queryIsTaintedBy

Implementation of SqlTainted.ql. This is extracted to a QLL so that it can be excluded from SqlConcatenated.ql to avoid overlapping results.

Modules

QueryInjectionFlowConfig

A taint-tracking configuration for unvalidated user input that is used in SQL queries.

Aliases

QueryInjectionFlow

Tracks flow of unvalidated user input that is used in SQL queries.