CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.6.5 (changelog, source)
Search

Module ShellCommandInjectionFromEnvironmentQuery

Provides a taint tracking configuration for reasoning about command-injection vulnerabilities (CWE-078).

Note, for performance reasons: only import this file if ShellCommandInjectionFromEnvironment::Configuration is needed, otherwise ShellCommandInjectionFromEnvironmentCustomizations should be imported instead.

Import path

import semmle.javascript.security.dataflow.ShellCommandInjectionFromEnvironmentQuery

Imports

IndirectCommandArgument

Provides predicates for reasoning about indirect command arguments.

ShellCommandInjectionFromEnvironment
javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Classes

Configuration

DEPRECATED. Use the ShellCommandInjectionFromEnvironmentFlow module instead.

Modules

ShellCommandInjectionFromEnvironmentConfig

A taint-tracking configuration for reasoning about command-injection vulnerabilities.

Aliases

ShellCommandInjectionFromEnvironmentFlow

Taint-tracking for reasoning about command-injection vulnerabilities.