CodeQL library for Java/Kotlin
codeql/java-all 4.1.1-dev (changelog, source)
Search

Module XmlParsers

Provides classes and predicates for modeling XML parsers in Java.

Import path

import semmle.code.java.security.XmlParsers

Imports

DataFlow

Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses.

DataFlow3

Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses.

java

Provides all default Java QL imports.

Predicates

configAccessExternalDtd

A configuration specific for transformers and schema.

configAccessExternalSchema

A configuration specific for schema.

configAccessExternalStyleSheet

A configuration specific for transformers.

configOptionIsSupportingExternalEntities

An XmlInputFactory specific expression that indicates whether parsing external entities is supported.

configOptionSupportDtd

An XmlInputFactory specific expression that indicates whether DTD is supported.

configSecureProcessing

A configuration for secure processing.

singleSafeConfig

A general configuration that is safe when enabled.

Classes

ConstructedSaxSource

A call to the constructor of SAXSource with XmlReader and InputSource.

CreatedSafeXmlReader

An XmlReader that is obtained from a safe source.

DocumentBuilder

The class javax.xml.parsers.DocumentBuilder.

DocumentBuilderFactory

The class javax.xml.parsers.DocumentBuilderFactory.

DocumentBuilderFactoryConfig

A ParserConfig specific to DocumentBuilderFactory.

DocumentBuilderParse

A call to DocumentBuilder.parse.

ExplicitlySafeXmlReader

An XmlReader that is explicitly configured to be safe.

InputSource

The class org.xml.sax.InputSource.

ParserConfig

An access to a method use for configuring the parser.

SafeDocumentBuilder

A DocumentBuilder created from a safely configured DocumentBuilderFactory.

SafeDocumentBuilderFactory

A safely configured DocumentBuilderFactory that is safe for creating DocumentBuilder.

SafeSaxBuilder

A safely configured SaxBuilder.

SafeSaxParser

A SaxParser created from a safely configured SaxParserFactory.

SafeSaxParserFactory

A safely configured SAXParserFactory.

SafeSaxReader

A safely configured SaxReader.

SafeSaxSource

A SaxSource that is safe to use.

SafeSchemaFactory

A safely configured SchemaFactory.

SafeTransformer

A Transformer created from a safely configured TransformerFactory.

SafeTransformerFactory

A safely configured TransformerFactory.

SafeXmlInputFactory

A safely configured XmlInputFactory.

SafeXmlReaderFlowSink

An argument to a safe XML reader.

SaxBuilder

The class org.jdom.input.SAXBuilder.

SaxBuilderConfig

A ParserConfig specific to SAXBuilder.

SaxBuilderParse

A call to SAXBuilder.build.

SaxParser

The class javax.xml.parsers.SAXParser.

SaxParserFactory

The class javax.xml.parsers.SAXParserFactory.

SaxParserFactoryConfig

A ParserConfig that is specific to SaxParserFactory.

SaxParserParse

A call to SAXParser.parse.

SaxReader

The class org.dom4j.io.SAXReader.

SaxReaderConfig

A ParserConfig specific to SaxReader.

SaxReaderRead

A call to SAXReader.read.

SaxSource

The class javax.xml.transform.sax.SAXSource

SaxSourceSetReader

A call to the SAXSource.setXMLReader method.

SaxTransformerFactoryNewXmlFilter

A call to SAXTransformerFactory.newFilter.

SchemaFactory

The class javax.xml.validation.SchemaFactory.

SchemaFactoryConfig

A ParserConfig specific to SchemaFactory.

SchemaFactoryNewSchema

A call to SchemaFactory.newSchema.

SimpleXmlFormatterCall

A call to the format method of the Formatter.

SimpleXmlNodeBuilderCall

A call to read in NodeBuilder.

SimpleXmlPersisterCall

A call to read or validate in Persister.

SimpleXmlProviderCall

A call to provide in Provider.

Transformer

The class javax.xml.transform.Transformer.

TransformerConfig

An access to a method use for configuring a transformer or schema.

TransformerFactory

The class javax.xml.transform.TransformerFactory or javax.xml.transform.sax.SAXTransformerFactory.

TransformerFactoryConfig

A ParserConfig specific to TransformerFactory.

TransformerFactorySource

A call to Transformer.newTransformer with source.

TransformerTransform

A call to Transformer.transform.

XPath

The interface java.xml.xpath.XPath.

XPathEvaluate

A call to the method evaluate of the classes XPathExpression or XPath.

XPathExpression

The interface javax.xml.xpath.XPathExpression.

XmlConstants

The class javax.xml.XMLConstants.

XmlInputFactory

The class javax.xml.stream.XMLInputFactory.

XmlInputFactoryConfig

A ParserConfig specific to XMLInputFactory.

XmlInputFactoryEventReader

A call to XMLInputFactory.createEventReader.

XmlInputFactoryStreamReader

A call to XMLInputFactory.createXMLStreamReader.

XmlParserCall

An abstract type representing a call to parse XML files.

XmlReader

The class org.xml.sax.XMLReader.

XmlReaderConfig

A ParserConfig specific to the XmlReader.

XmlReaderParse

A call to XMLReader.read.

XmlUnmarshal

A call to Unmarshaller.unmarshal.

XmlUnmarshaller

The class javax.xml.bind.Unmarshaller.

Modules

Aliases