CodeQL library for Java
codeql/java-all 0.4.4 (changelog, source)

Member predicate TemplateInjectionAdditionalTaintStep::isAdditionalTaintStep

Holds if the step from node1 to node2 should be considered a taint step for flows related toserver-side template injection (SST) vulnerabilities. This step is only applicable in state1 and updates the flow state to state2.

predicate isAdditionalTaintStep(Node node1, FlowState state1, Node node2, FlowState state2)