CodeQL library for Java
codeql/java-all 0.4.4 (changelog, source)
Search

Module SqlUnescapedLib

Import path

import semmle.code.java.security.SqlUnescapedLib

Imports

ControlledString

Controlled strings are the opposite of tainted strings. There is positive evidence that they are fully controlled by the program source code.

TaintTracking

Provides classes for performing local (intra-procedural) and global (inter-procedural) taint-tracking analyses.

Predicates

builtFromUncontrolledConcat

A string concatenation that includes a string not known to be programmer controlled.

uncontrolledStringBuilderQuery

A query built with a StringBuilder, where one of the items appended is uncontrolled.