CodeQL library for Java/Kotlin
codeql/java-all 4.2.1-dev (changelog, source)
Index
Search

Module XPathInjectionConfig

A taint-tracking configuration for reasoning about XPath injection vulnerabilities.

Import path

import semmle.code.java.security.XPathInjectionQuery

Predicates

isSink

Holds if sink is a relevant data flow sink.

isSource

Holds if source is a relevant data flow source.

observeDiffInformedIncrementalMode

Holds if sources and sinks should be filtered to only include those that may lead to a flow path with either a source or a sink in the location range given by AlertFiltering. This only has an effect when running in diff-informed incremental mode.