Module CommandInjectionQuery

Provides a taint tracking configuration for reasoning about command-injection vulnerabilities (CWE-078).

Note, for performance reasons: only import this file if CommandInjection::Configuration is needed, otherwise CommandInjectionCustomizations should be imported instead.

Import path

import semmle.javascript.security.dataflow.CommandInjectionQuery

Imports

CommandInjection
IndirectCommandArgument	Provides predicates for reasoning about indirect command arguments.
javascript	Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Classes

Configuration

A taint-tracking configuration for reasoning about command-injection vulnerabilities.