Module CommandLineQuery
Provides classes and methods common to queries java/command-line-injection
, java/command-line-concatenation
and their experimental derivatives.
Do not import this from a library file, in order to reduce the risk of unintentionally bringing a TaintTracking::Configuration into scope in an unrelated query.
Import path
import semmle.code.java.security.CommandLineQuery
Imports
CommandArguments |
Definitions for reasoning about lists and arrays that are to be used as arguments to an external process. |
ExternalProcess |
Definitions related to external processes. |
FlowSources |
Provides classes representing various flow sources for taint tracking. |
Predicates
execTainted |
Implementation of |
Classes
RemoteUserInputToArgumentToExecFlowConfig |
A taint-tracking configuration for unvalidated user input that is used to run an external process. |