CodeQL library for JavaScript/TypeScript
codeql/javascript-all 0.8.12 (changelog, source)
Search

Class ShellCommandInjectionFromEnvironment::QuotingConcatSanitizer

A string-concatenation leaf that is surrounded by quotes, seen as a sanitizer for command-injection.

Import path

import semmle.javascript.security.dataflow.ShellCommandInjectionFromEnvironmentCustomizations

Direct supertypes

Indirect supertypes

Inherited predicates

accessesGlobal

Holds if this data flow node accesses the global variable g, either directly or through the window object.

from Node
analyze

Gets type inference results for this data flow node.

from Node
asExpr

Gets the expression corresponding to this data flow node, if any.

from Node
getABoundFunctionValue

Gets a function value that may reach this node, possibly derived from a partial function invocation.

from Node
getAFunctionValue

Gets a function value that may reach this node.

from Node
getAFunctionValue

Gets a function value that may reach this node with the given imprecision level.

from Node
getALocalSource

Gets a source node from which data may flow to this node in zero or more local steps.

from Node
getAPredecessor

Gets a data flow node from which data may flow to this node in one local step.

from Node
getASuccessor

Gets a data flow node to which data may flow from this node in one local step.

from Node
getAnOperand

Gets an operand of this string concatenation.

from ConcatenationNode
getAstNode

Gets the AST node corresponding to this data flow node, if any.

from Node
getBasicBlock

Gets the basic block to which this node belongs.

from Node
getContainer

Gets the container in which this node occurs.

from Node
getEnclosingExpr

Gets the expression enclosing this data flow node. In most cases the result is the same as asExpr(), however this method additionally includes the InvokeExpr corresponding to reflective calls.

from Node
getEndColumn

Gets the end column of this data flow node.

from Node
getEndLine

Gets the end line of this data flow node.

from Node
getFile

Gets the file this data flow node comes from.

from Node
getFirstLeaf

Gets the first leaf in this concatenation tree.

from ConcatenationNode
getFirstOperand

Gets the first operand of this string concatenation.

from ConcatenationNode
getImmediatePredecessor

Gets the immediate predecessor of this node, if any.

from Node
getIntValue

Gets the integer value of this node, if it is an integer constant.

from Node
getLastLeaf

Gets the last leaf in this concatenation tree.

from ConcatenationNode
getLastOperand

Gets the last operand of this string concatenation

from ConcatenationNode
getNextLeaf

Gets the leaf that is occurs immediately after this leaf in the concatenation tree, if any.

from ConcatenationNode
getNumOperand

Gets the number of operands of this string concatenation.

from ConcatenationNode
getOperand

Gets the nth operand of this string concatenation.

from ConcatenationNode
getParentConcatenation

Gets the enclosing concatenation in which this is an operand, if any.

from ConcatenationNode
getPreviousLeaf

Gets the leaf that is occurs immediately before this leaf in the concatenation tree, if any.

from ConcatenationNode
getRoot

Gets the root of the concatenation tree in which this is an operator.

from ConcatenationNode
getStartColumn

Gets the start column of this data flow node.

from Node
getStartLine

Gets the start line of this data flow node.

from Node
getStringValue

Gets the string value of this node, if it is a string literal or constant string concatenation.

from Node
getTopLevel

Gets the toplevel in which this node occurs.

from Node
hasLocationInfo

Holds if this element is at the specified location. The location spans column startcolumn of line startline to column endcolumn of line endline in file filepath. For more information, see Locations.

from Node
hasUnderlyingType

Holds if this node is annotated with the given named type, or is declared as a subtype thereof, or is a union or intersection containing such a type.

from Node
hasUnderlyingType

Holds if this node is annotated with the given named type, or is declared as a subtype thereof, or is a union or intersection containing such a type.

from Node
isCoercion

Holds if this only acts as a string coercion, such as "" + x.

from ConcatenationNode
isIncomplete

Holds if the flow information for this node is incomplete.

from Node
isLeaf

Holds if this is a leaf in the concatenation tree, that is, it is not itself a concatenation.

from ConcatenationNode
isRoot

Holds if this is the root of a concatenation tree, that is, it is a concatenation operator that is not itself the immediate operand to another concatenation operator.

from ConcatenationNode
mayHaveBooleanValue

Holds if this node may evaluate to the Boolean value b.

from Node
mayHaveStringValue

Holds if this node may evaluate to the string s, possibly through local data flow.

from Node
toString

Gets a textual representation of this element.

from Node

Charpred