CodeQL library for JavaScript/TypeScript
codeql/javascript-all 0.9.1 (changelog, source)
Search

Predicate isIndirectCommandArgument

Holds if source contributes to the arguments of an indirect command execution sys.

An indirect command execution is a system execution command that starts with sh -c, cmd.exe /c, or similar.

For example, getCommand() is source, and the call to childProcess.spawn is sys in the following example:

let cmd = getCommand();
let sh = "sh";
let args = ["-c", cmd];
childProcess.spawn(sh, args, cb);

or

let cmd = getCommand();
childProcess.spawn("cmd.exe", ["/c"].concat(cmd), cb);

Import path

import semmle.javascript.security.dataflow.IndirectCommandArgument
predicate isIndirectCommandArgument(Node source, SystemCommandExecution sys)