CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.6.21-dev (changelog, source)
Index
Search

Module SecondOrderCommandInjection

Classes and predicates for reasoning about second order command injection.

Import path

import semmle.javascript.security.dataflow.SecondOrderCommandInjectionCustomizations

Imports

CommonFlowState

Contains a class with flow states that are used by multiple queries.

Classes

ArgSink

An argument to an invocation of git/hg that can cause second order command injection.

ArgsArraySink

An arguments array given to an invocation of git or hg that can cause second order command injection.

BarrierGuard

A barrier guard for second order command-injection vulnerabilities.

DoubleDashSanitizer

A sanitizer that blocks flow when a string does not start with “–”

ExternalInputSource

A parameter of an exported function, seen as a source for second order command injection.

PathRelativeSanitizer

A call to path.relative which sanitizes the taint.

PrefixStringSanitizer

A sanitizer that blocks flow when a string is tested to start with a certain prefix.

RemoteFlowAsSource

A source of remote flow, seen as a source for second order command injection.

Sanitizer

A sanitizer for second order command injection.

Sink

A sink for second order command injection.

Source

A source for second order command injection.

VulnerableCommandSink

A sink that invokes a command described by the VulnerableCommand class.