CodeQL library for C/C++
codeql/cpp-all 2.0.3-dev (changelog, source)
Search

Class CommandExecutionFunction

A function, such as exec or popen that starts a new process by interpreting a string as a shell command.

Import path

import semmle.code.cpp.models.interfaces.CommandExecution

Direct supertypes

Indirect supertypes

Known direct subtypes

    Predicates

    hasCommandArgument

    Holds if input is interpreted as a shell command.

    Inherited predicates

    accesses

    Holds if this function accesses a function or variable or enumerator a.

    from Function
    accesses

    Holds if this function accesses a function or variable or enumerator a in the Access expression l.

    from Function
    calls

    Holds if this function calls the function f.

    from Function
    calls

    Holds if this function calls the function f in the FunctionCall expression l.

    from Function
    canAccessClass

    Holds if a base class base of derived is accessible at this (N4140 11.2/4). When this holds, and derived has only one base subobject of type base, code in this can implicitly convert a pointer to derived into a pointer to base. Conversely, if such a conversion is possible then this predicate holds.

    from AccessHolder
    canAccessMember

    Holds if a non-static member member is accessible at this when named in a class derived that is derived from or equal to the declaring class of member (N4140 11.2/5 and 11.4).

    from AccessHolder
    couldAccessMember

    Holds if a hypothetical non-static member of memberClass with access specifier memberAccess is accessible at this when named in a class derived that is derived from or equal to memberClass (N4140 11.2/5 and 11.4).

    from AccessHolder
    findRootCause

    Gets the source of this element: either itself or a macro that expanded to this element.

    from Element
    fromSource

    Holds if this element may be from source. This predicate holds for all elements, except for those in the dummy file, whose name is the empty string. The dummy file contains declarations that are built directly into the compiler.

    from Element
    getACallToThisFunction

    Gets a call to this function.

    from Function
    getADeclaration

    Gets a child declaration of this function.

    from Function
    getADeclarationEntry

    Gets a declaration entry corresponding to this declaration. The relationship between Declaration and DeclarationEntry is explained in Declaration.qll.

    from Function
    getADeclarationLocation

    Gets the location of a FunctionDeclarationEntry corresponding to this declaration.

    from Function
    getAFalseSuccessor

    Gets a node such that the control-flow edge (this, result) may be taken when this expression is false.

    from ControlFlowNode
    getAFile

    Gets a file where this element occurs.

    from Declaration
    getALinkTarget

    Gets a link target which compiled or referenced this function.

    from Function
    getAParameter

    Gets a parameter of this function. There is no result for the implicit this parameter, and there is no ... varargs pseudo-parameter.

    from Function
    getAPredecessor

    Gets a direct predecessor of this control-flow node, if any.

    from ControlFlowNode
    getAPrimaryQlClass

    Gets the name of a primary CodeQL class to which this element belongs.

    from ElementBase
    getASpecifier

    Gets a specifier of this function.

    from Function
    getASuccessor

    Gets a direct successor of this control-flow node, if any.

    from ControlFlowNode
    getATemplateArgument

    Gets a template argument used to instantiate this declaration from a template. When called on a template, this will return a template parameter type for both typed and non-typed parameters.

    from Declaration
    getATemplateArgumentKind

    Gets a template argument used to instantiate this declaration from a template. When called on a template, this will return a non-typed template parameter value.

    from Declaration
    getAThrownType

    Gets a type that is specified to be thrown by the function.

    from Function
    getATrueSuccessor

    Gets a node such that the control-flow edge (this, result) may be taken when this expression is true.

    from ControlFlowNode
    getAWrittenVariable

    Gets a variable that is written-to in this function.

    from Function
    getAnAccess

    Gets an access of this function.

    from Function
    getAnAttribute

    Gets an attribute of this function.

    from Function
    getAnExplicitDeclarationEntry

    Gets a non-implicit function declaration entry.

    from Function
    getAnOverload

    Gets a function that overloads this one.

    from Function
    getBasicBlock

    Gets the BasicBlock containing this control-flow node.

    from ControlFlowNode
    getBlock

    Gets the block that is the function body.

    from Function
    getClassAndName

    Gets the class of which this function, called memberName, is a member.

    from Function
    getControlFlowScope

    Implements ControlFlowNode.getControlFlowScope. The Function is used to represent the exit node of the control flow graph, so it is its own scope.

    from Function
    getDeclaringType

    Gets the class where this member is declared, if it is a member. For templates, both the template itself and all instantiations of the template are considered to have the same declaring class.

    from Declaration
    getDefinition

    Gets the declaration entry corresponding to this declaration that is a definition, if any.

    from Function
    getDefinitionLocation

    Gets the location of the definition, if any.

    from Function
    getDescription

    Gets a description of this Declaration for display purposes.

    from Declaration
    getEffectiveNumberOfParameters

    Gets the number of parameters of this function, including any implicit this parameter but not including any ... varargs pseudo-parameter.

    from Function
    getEnclosingAccessHolder

    Gets the nearest enclosing AccessHolder.

    from Function
    getEnclosingElement

    Gets the closest Element enclosing this one.

    from Element
    getEnclosingStmt

    Implements ControlFlowNode.getEnclosingStmt. The Function is used to represent the exit node of the control flow graph, so it has no enclosing statement.

    from Function
    getEntryPoint

    Gets the first node in this function’s control flow graph.

    from Function
    getExplicitExpr

    Gets the constant expression that determines whether the function is explicit.

    from Function
    getFile

    Gets the primary file where this element occurs.

    from Element
    getLocation

    Gets the preferred location of this declaration. (The location of the definition, if possible.)

    from Function
    getMetrics

    Gets the metric class. MetricFunction has methods for computing various metrics, such as “number of lines of code” and “number of function calls”.

    from Function
    getName

    Gets the name of this declaration.

    from Function
    getNamespace

    Gets the innermost namespace which contains this declaration.

    from Declaration
    getNumberOfParameters

    Gets the number of parameters of this function, not including any implicit this parameter or any ... varargs pseudo-parameter.

    from Function
    getNumberOfTemplateArguments

    Gets the number of template arguments for this declaration.

    from Declaration
    getParameter

    Gets the nth parameter of this function. There is no result for the implicit this parameter, and there is no ... varargs pseudo-parameter.

    from Function
    getParameterString

    Gets a string representing the parameters of this function.

    from Function
    getParentScope

    Gets the parent scope of this Element, if any. A scope is a Type (Class / Enum), a Namespace, a BlockStmt, a Function, or certain kinds of Statement.

    from Element
    getPrimaryQlClasses

    Gets a comma-separated list of the names of the primary CodeQL classes to which this element belongs.

    from ElementBase
    getQualifiedName

    Gets the name of the declaration, fully qualified with its namespace and declaring type.

    from Declaration
    getTemplateArgument

    Gets the ith template argument used to instantiate this declaration from a template.

    from Declaration
    getTemplateArgumentKind

    Gets the ith template argument value used to instantiate this declaration from a template. When called on a template, this will return the ith template parameter value if it exists.

    from Declaration
    getThrownType

    Gets the ith type specified to be thrown by the function.

    from Function
    getType

    Gets the return type of this function.

    from Function
    getUnspecifiedType

    Gets the return type of this function after specifiers have been deeply stripped and typedefs have been resolved.

    from Function
    hasCLinkage

    Holds if this function has C linkage, as specified by one of its declaration entries. For example: extern "C" void foo();.

    from Function
    hasDeclaringType

    Holds if this declaration is a member of a class/struct/union.

    from Declaration
    hasDefinition

    Holds if the declaration has a definition.

    from Declaration
    hasEntryPoint

    Holds if this function has an entry point.

    from Function
    hasErrors

    Holds if this function has extraction errors that create an ErrorExpr.

    from Function
    hasExceptionSpecification

    Holds if the function has an exception specification.

    from Function
    hasGlobalName

    Holds if this declaration has the given name in the global namespace.

    from Declaration
    hasGlobalOrStdName

    Holds if this declaration has the given name in the global namespace or the std namespace.

    from Declaration
    hasGlobalOrStdOrBslName

    Holds if this declaration has the given name in the global namespace, the std namespace or the bsl namespace. We treat std and bsl as the same in some of our models.

    from Declaration
    hasName

    Holds if this declaration has the given name.

    from Declaration
    hasQualifiedName

    Holds if this declaration has a fully-qualified name with a name-space component of namespaceQualifier, no declaring type, and a base name of baseName.

    from Declaration
    hasQualifiedName

    Holds if this declaration has a fully-qualified name with a name-space component of namespaceQualifier, a declaring type of typeQualifier, and a base name of baseName. Template parameters and arguments are stripped from all components. Missing components are "".

    from Declaration
    hasSpecifier

    Holds if this declaration has a specifier with the given name.

    from Declaration
    hasTrailingReturnType

    Holds if this function has a trailing return type.

    from Function
    inMemberOrFriendOf

    Holds if this can access private members of class c.

    from AccessHolder
    isAffectedByMacro

    Holds if this element is affected in any way by a macro. All elements that are totally or partially generated by a macro are included, so this is a super-set of isInMacroExpansion.

    from Element
    isCompilerGenerated

    Holds if this function is generated by the compiler.

    from Function
    isCondition

    Holds if this node is the top-level expression of a conditional statement, meaning that this.getATrueSuccessor() or this.getAFalseSuccessor() will have a result.

    from ControlFlowNode
    isConsteval

    Holds if this function is declared to be consteval.

    from Function
    isConstexpr

    Holds if this function is constexpr. Normally, this holds if and only if isDeclaredConstexpr() holds, but in some circumstances they differ. For example, with int f(int i) { return 6; } template <typename T> constexpr int g(T x) { return f(x); } g<int> is declared constexpr, but is not constexpr.

    from Function
    isConstructedFrom

    Holds if this function is constructed from f as a result of template instantiation. If so, it originates either from a template function or from a function nested in a template class.

    from Function
    isDeclaredConstexpr

    Holds if this function is declared to be constexpr.

    from Function
    isDeclaredVirtual

    Holds if this function is declared with the virtual specifier.

    from Function
    isDefaulted

    Holds if this function is explicitly defaulted with the = default specifier.

    from Function
    isDeleted

    Holds if this function is deleted. This may be because it was explicitly deleted with an = delete definition, or because the compiler was unable to auto-generate a definition for it.

    from Function
    isExplicit

    Holds if this function is declared to be explicit.

    from Function
    isFinal

    Holds if this function is declared with the final specifier.

    from Function
    isFromTemplateInstantiation

    Holds if this Element is a part of a template instantiation (but not the template itself).

    from Element
    isFromUninstantiatedTemplate

    Holds if this Element is part of a template template (not if it is part of an instantiation of template). This means it is represented in the database purely as syntax and without guarantees on the presence or correctness of type-based operations such as implicit conversions.

    from Element
    isInMacroExpansion

    Holds if this element comes from a macro expansion. Only elements that are entirely generated by a macro are included - for elements that partially come from a macro, see isAffectedByMacro.

    from Element
    isInline

    Holds if this function is inline.

    from Function
    isMember

    Holds if this declaration is a member of a class/struct/union.

    from Declaration
    isMultiplyDefined

    Holds if this function is defined in several files. This is illegal in C (though possible in some C++ compilers), and likely indicates that several functions that are not linked together have been compiled. An example would be a project with many ‘main’ functions.

    from Function
    isNaked

    Holds if this function is declared with __attribute__((naked)) or __declspec(naked).

    from Function
    isNoExcept

    Holds if this function has a noexcept exception specification.

    from Function
    isNoThrow

    Holds if this function has a throw() exception specification.

    from Function
    isOverride

    Holds if this function is declared with the override specifier.

    from Function
    isPrototyped

    Holds if this function has a prototyped interface.

    from Function
    isSideEffectFree

    Holds if this function is side-effect free (conservative approximation).

    from Function
    isSpecialization

    Holds if this Function is a Template specialization.

    from Function
    isStatic

    Holds if this declaration is static.

    from Declaration
    isTopLevel

    Holds if this declaration is a top-level declaration.

    from Declaration
    isVarargs

    Holds if this function is a varargs function.

    from Function
    isVirtual

    Holds if this function is virtual.

    from Function
    mayHaveSideEffects

    Holds if this function may have side-effects; if in doubt, we assume it may.

    from Function
    toString

    Gets a textual representation of this element.

    from Declaration