Module CommandLineQuery

Provides classes and methods common to queries java/command-line-injection, java/command-line-concatenation and their experimental derivatives.

Do not import this from a library file, in order to reduce the risk of unintentionally bringing a TaintTracking::Configuration into scope in an unrelated query.

Import path

import semmle.code.java.security.CommandLineQuery

Imports

java	Provides all default Java QL imports.

Predicates

execIsTainted

Implementation of ExecTainted.ql. It is extracted to a QLL so that it can be excluded from ExecUnescaped.ql to avoid reporting overlapping results.

Classes

CommandInjectionAdditionalTaintStep	A unit class for adding additional taint steps.
CommandInjectionSanitizer	A sanitizer for command injection vulnerabilities.
CommandInjectionSink	A sink for command injection vulnerabilities.

Modules

InputToArgumentToExecFlowConfig	A taint-tracking configuration for unvalidated user input that is used to run an external process.
LocalUserInputToArgumentToExecFlowConfig	A taint-tracking configuration for unvalidated local user input that is used to run an external process.

Aliases

InputToArgumentToExecFlow	Taint-tracking flow for unvalidated input that is used to run an external process.
LocalUserInputToArgumentToExecFlow	DEPRECATED: Use `InputToArgumentToExecFlow` instead and configure threat model sources to include `local`.
RemoteUserInputToArgumentToExecFlow	DEPRECATED: Use `InputToArgumentToExecFlow` instead.
RemoteUserInputToArgumentToExecFlowConfig	DEPRECATED: Use `InputToArgumentToExecFlowConfig` instead.