CodeQL library for C/C++
codeql/cpp-all 2.0.1-dev (changelog, source)
Search

Module CommandExecution

Provides definitions related to execution of commands

Import path

import semmle.code.cpp.security.CommandExecution

Imports

Alias

Provides an abstract class for accurate alias modeling of library functions when source code is not available. To use this QL library, create a QL class extending AliasFunction with a characteristic predicate that selects the function or set of functions you are modeling. Within that class, override the predicates provided by AliasFunction to match the flow within that function.

CommandExecution

Provides classes for modeling functions that execute new programs by interpreting string data as shell commands. To use this QL library, create a QL class extending CommandExecutionFunction with a characteristic predicate that selects the function or set of functions you are modeling. Within that class, override the hasCommandArgument predicate to indicate which parameters are interpreted as shell commands.

FunctionWithWrappers

Provides predicates for identifying functions that wrap other functions, passing the same arguments from the outer call into the inner call. In the following example MyMalloc wraps a call to malloc, passing in the size parameter:

SideEffect

Provides an abstract class for accurate dataflow modeling of library functions when source code is not available. To use this QL library, create a QL class extending SideEffectFunction with a characteristic predicate that selects the function or set of functions you are modeling. Within that class, override the predicates provided by SideEffectFunction to match the flow within that function.

cpp

Provides classes and predicates for working with C/C++ code.

Predicates

shellCommand

A command that is used as a command, or component of a command, that will be executed by a general-purpose command interpreter such as sh or cmd.exe.

shellCommandPreface

The name of a shell and the flag used to preface a command that should be parsed. Public for testing purposes.

Classes

ArrayExecFunctionCall

A function for running a command using an array of arguments. Note that FunctionWithWrappers does not support tracking multiple interesting arguments all the way to the call site.

SystemFunction

A function for running a command using a command interpreter.

VarargsExecFunctionCall

A function for running a command via varargs. Note that, at the time of writing, FunctionWithWrappers doesn’t really support varargs arguments, because it requires a finite version of interestingArg().