CodeQL library for C#
codeql/csharp-all 3.0.1-dev (changelog, source)
Search

Module CommandInjectionQuery

Provides a taint-tracking configuration for reasoning about command injection vulnerabilities.

Import path

import semmle.code.csharp.security.dataflow.CommandInjectionQuery

Imports

csharp

The default C# QL library.

Classes

RemoteSource

DEPRECATED: Use ThreatModelSource instead.

Sanitizer

A sanitizer for user input treated as code vulnerabilities.

Sink

A sink for command injection vulnerabilities.

Source

A source specific to command injection vulnerabilities.

SystemProcessCommandInjectionSink

A sink in System.Diagnostic.Process or its related classes.

ThreatModelSource

A source supported by the current threat model.

Modules

CommandInjectionConfig

A taint-tracking configuration for command injection vulnerabilities.

Aliases

CommandInjection

A taint-tracking module for command injection vulnerabilities.