hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-03 06:14:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
a4aa397ea009b2fc97cd7bef36f14535b5eed971
codeql/java/ql/lib/semmle/code/java/security/Xxe.qll
Kasper Svendsen c207cfdeb7 Overlay: Add overlay annotations to Java & shared libraries
2025-06-24 10:25:06 +02:00

27 lines
847 B
Plaintext
Raw Blame History

/** Provides classes to reason about XML eXternal Entity (XXE) vulnerabilities. */
overlay[local?]
module;
import java
private import semmle.code.java.dataflow.DataFlow
/** A node where insecure XML parsing takes place. */
abstract class XxeSink extends DataFlow::Node { }
/** A node that acts as a sanitizer in configurations realted to XXE vulnerabilities. */
abstract class XxeSanitizer extends DataFlow::Node { }
/**
* A unit class for adding additional taint steps.
*
* Extend this class to add additional taint steps that should apply to flows related to
* XXE vulnerabilities.
*/
class XxeAdditionalTaintStep extends Unit {
/**
* Holds if the step from `node1` to `node2` should be considered a taint
* step for flows related to XXE vulnerabilities.
*/
abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);
}
Reference in New Issue View Git Blame Copy Permalink