For other CodeQL resources, including tutorials and examples, see the CodeQL documentation

isIndirectCommandArgument

Import path

Module IndirectCommandArgument

Imports

javascript

Predicates

isIndirectCommandArgument

Predicate isIndirectCommandArgument

Holds if source contributes to the arguments of an indirect command execution sys.

An indirect command execution is a system execution command that starts with sh -c, cmd.exe /c, or similar.

For example, getCommand() is source, and the call to childProcess.spawn is sys in the following example:

let cmd = getCommand();
let sh = "sh";
let args = ["-c", cmd];
childProcess.spawn(sh, args, cb);

let cmd = getCommand();
childProcess.spawn("cmd.exe", ["/c"].concat(cmd), cb);

Import path


                                import semmle.javascript.security.dataflow.IndirectCommandArgument


                            
                                
                                    predicate
                                
                                 
                            
                            
                                isIndirectCommandArgument
                            
                            
                                (
                                
                                    
                                        Node
                                    
                                     
                                    source
                                
                                , 
                                
                                    
                                        SystemCommandExecution
                                    
                                     
                                    sys
                                
                                )