Module CommandInjection

Provides extension points for customizing the taint tracking configuration for reasoning about command injection vulnerabilities.

Import path

import semmle.go.security.CommandInjectionCustomizations

CommandNameAsSink	A command name, considered as a taint sink for command injection.
NoDoubleDashPrefixSanitizer	A call that confirms that the string does not start with `--`, considered as a barrier guard for command injection.
RegexpCheckBarrierAsSanitizer	A call to a regexp match function, considered as a barrier guard for command injection.
Sanitizer	A sanitizer for command-injection vulnerabilities.
Sink	A data flow sink for command-injection vulnerabilities.
Source	A data flow source for command-injection vulnerabilities.
UntrustedFlowAsSource	DEPRECATED: Use `ActiveThreatModelSource` or `Source` instead.