CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.6.6 (changelog, source)
Search

Module CommandInjectionQuery

Provides a taint tracking configuration for reasoning about command-injection vulnerabilities (CWE-078).

Note, for performance reasons: only import this file if CommandInjection::Configuration is needed, otherwise CommandInjectionCustomizations should be imported instead.

Import path

import semmle.javascript.security.dataflow.CommandInjectionQuery

Imports

CommandInjection
IndirectCommandArgument

Provides predicates for reasoning about indirect command arguments.

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Predicates

isSinkWithHighlight

Holds if sink is a data flow sink for command-injection vulnerabilities, and the alert should be placed at the node highlight.

Classes

Configuration

DEPRECATED. Use the CommandInjectionFlow module instead.

Modules

CommandInjectionConfig

A taint-tracking configuration for reasoning about command-injection vulnerabilities.

Aliases

CommandInjectionFlow

Taint-tracking for reasoning about command-injection vulnerabilities.