CodeQL library for Java/Kotlin
codeql/java-all 7.8.0 (changelog, source)
Index
Search

Module TaintedPathQuery

Provides dataflow configurations for tainted path queries.

Import path

import semmle.code.java.security.TaintedPathQuery

Imports

DataFlow

Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses.

FlowSources

Provides classes representing various flow sources for taint tracking.

Networking

Definitions related to java.net.*.

PathSanitizer

Provides classes and predicates to reason about sanitization of path injection vulnerabilities.

java

Provides all default Java QL imports.

Classes

TaintedPathAdditionalTaintStep

A unit class for adding additional taint steps.

TaintedPathSink

A sink for tainted path flow configurations.

Modules

TaintedPathConfig

A taint-tracking configuration for tracking flow from remote sources to the creation of a path.

TaintedPathLocalConfig

A taint-tracking configuration for tracking flow from local user input to the creation of a path.

Aliases

TaintedPathFlow

Tracks flow from remote sources to the creation of a path.

TaintedPathLocalFlow

DEPRECATED: Use TaintedPathFlow instead and configure threat model sources to include local.