Module XsltInjectionQuery
Provides taint tracking configurations to be used in XSLT injection queries.
Import path
import semmle.code.java.security.XsltInjectionQuery
Imports
| FlowSources |
Provides classes representing various flow sources for taint tracking. |
| TaintTracking |
Provides classes for performing local (intra-procedural) and global (inter-procedural) taint-tracking analyses. |
| XmlParsers |
Provides classes and predicates for modeling XML parsers in Java. |
| XsltInjection |
Provides classes to reason about XSLT injection vulnerabilities. |
| java |
Provides all default Java QL imports. |
Classes
| XsltInjectionFlowConfig |
DEPRECATED: Use |
Modules
| XsltInjectionFlowConfig |
A taint-tracking configuration for unvalidated user input that is used in XSLT transformation. |
Aliases
| XsltInjectionFlow |
Tracks flow from unvalidated user input to XSLT transformation. |