CodeQL library for JavaScript
Search

Module CommandInjection

Import path

import semmle.javascript.security.dataflow.CommandInjectionCustomizations

Classes

RemoteFlowSourceAsSource

A source of remote user input, considered as a flow source for command injection.

Sanitizer

A sanitizer for command-injection vulnerabilities.

ServerResponse

A response from a server, considered as a flow source for command injection.

Sink

A data flow sink for command-injection vulnerabilities.

Source

A data flow source for command-injection vulnerabilities.

SystemCommandExecutionSink

A command argument to a function that initiates an operating system command.