CodeQL library for Java/Kotlin
codeql/java-all 4.2.2-dev (changelog, source)
Search

Module TempDirUtils

Provides classes and predicates for reasoning about temporary file/directory creations.

Import path

import semmle.code.java.security.TempDirUtils

Imports

FlowSources

Provides classes representing various flow sources for taint tracking.

java

Provides all default Java QL imports.

Predicates

isFileConstructorArgument

Holds if expDest is some constructor call new java.io.File(expSource), where the specific File constructor being used has paramCount parameters.

isPermissionsProtectedTempDirUse

Hold’s if temporary directory’s use is protected if there is an explicit call to setReadable(false, false), then setRedabale(true, true).

Classes

ExprSystemGetPropertyTempDirTainted

A method or field access that returns a String or File that has been tainted by System.getProperty("java.io.tmpdir").

MethodFileCreateTempFile

A java.io.File::createTempFile method.