File tree Expand file tree Collapse file tree 1 file changed +1
-0
lines changed
docs/codeql/codeql-language-guides Expand file tree Collapse file tree 1 file changed +1
-0
lines changed Original file line number Diff line number Diff line change @@ -349,6 +349,7 @@ The following sink kinds are supported:
349349- **response-splitting **: A sink that can be used for HTTP response splitting, such as in calls to **HttpServletResponse.setHeader **.
350350- **sql-injection **: A sink that can be used for SQL injection, such as in a **Statement.executeQuery ** call.
351351- **template-injection **: A sink that can be used for server side template injection, such as in a **Velocity.evaluate ** call.
352+ - **trust-boundary-violation **: A sink that can be used to cross a trust boundary, such as a server's HTTP Session.
352353- **url-redirection **: A sink that can be used to redirect the user to a malicious URL, such as in a **Response.temporaryRedirect ** call.
353354- **xpath-injection **: A sink that can be used for XPath injection, such as in a **XPath.evaluate ** call.
354355- **xslt-injection **: A sink that can be used for XSLT injection, such as in a **Transformer.transform ** call.
You can’t perform that action at this time.
0 commit comments