CodeQL library for Java/Kotlin
codeql/java-all 5.0.1-dev (changelog, source)
Search

Module XsltInjectionQuery

Provides taint tracking configurations to be used in XSLT injection queries.

Import path

import semmle.code.java.security.XsltInjectionQuery

Imports

FlowSources

Provides classes representing various flow sources for taint tracking.

TaintTracking

Provides classes for performing local (intra-procedural) and global (inter-procedural) taint-tracking analyses.

XmlParsers

Provides classes and predicates for modeling XML parsers in Java.

XsltInjection

Provides classes to reason about XSLT injection vulnerabilities.

java

Provides all default Java QL imports.

Modules

XsltInjectionFlowConfig

A taint-tracking configuration for unvalidated user input that is used in XSLT transformation.

Aliases

XsltInjectionFlow

Tracks flow from unvalidated user input to XSLT transformation.