Provides classes to reason about Cross-site scripting (XSS) vulnerabilities.
Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses.
Provides classes and predicates for working with JavaServer Faces renderer.
Provides classes and predicates for working with the Java Servlet API.
Provides classes for working with Spring classes and interfaces from
Provides classes for performing local (intra-procedural) and global (inter-procedural) taint-tracking analyses.
Provides all default Java QL imports.
A unit class for adding additional taint steps.
A sanitizer that neutralizes dangerous characters that can be used to perform a XSS attack.
A sink that represent a method that outputs data without applying contextual output encoding.
A sink that represent a method that outputs data without applying contextual output encoding, and which should truncate flow paths such that downstream sinks are not flagged as well.
An output stream or writer that writes to a servlet, JSP or JSF response.