CodeQL library for Java
codeql/java-all 0.4.0-dev (changelog, source)
Search

Module XsltInjection

Provides classes to reason about XSLT injection vulnerabilities.

Import path

import semmle.code.java.security.XsltInjection

Imports

DataFlow

Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses.

java

Provides all default Java QL imports.

Classes

XsltInjectionAdditionalTaintStep

A unit class for adding additional taint steps.

XsltInjectionSink

A data flow sink for unvalidated user input that is used in XSLT transformation. Extend this class to add your own XSLT Injection sinks.