Module CommandLineQuery
Provides classes and methods common to queries java/command-line-injection
, java/command-line-concatenation
and their experimental derivatives.
Do not import this from a library file, in order to reduce the risk of unintentionally bringing a TaintTracking::Configuration into scope in an unrelated query.
Import path
import semmle.code.java.security.CommandLineQuery
Imports
CommandArguments | Definitions for reasoning about lists and arrays that are to be used as arguments to an external process. |
ExternalProcess | |
FlowSources | Provides classes representing various flow sources for taint tracking. |
Predicates
execTainted | Implementation of |
Classes
RemoteUserInputToArgumentToExecFlowConfig | A taint-tracking configuration for unvalidated user input that is used to run an external process. |