Module containing sources, sinks, and sanitizers for shell command constructed from library input.
Import path
import semmle.javascript.security.dataflow.UnsafeShellCommandConstructionCustomizations
Imports
IndirectCommandArgument | Provides predicates for reasoning about indirect command arguments. |
Predicates
executesArrayAsShell | Holds if the arguments array given to |
Classes
ArrayAppendEndingInCommandExecutinSink | An element pushed to an array, where the array is later used to execute a shell command. |
ChainSanitizer | A chain of replace calls that replaces all unsafe chars for shell-commands. |
ExternalInputSource | A parameter of an exported function, seen as a source for shell command constructed from library input. |
FormatedStringInCommandExecutionSink | A formatted string that is later executed as a shell command. |
JoinedPathEndingInCommandExecutionSink | A joined path ( |
NumberGuard | A guard that checks whether |
PathExistsSanitizerGuard | A sanitizer that sanitizers paths that exist in the file-system. For example: |
ReplaceQuotesSanitizer | A sanitizer like: “’”+name.replace(/‘/g,"’\’‘“)+”’" Which sanitizes on Unix. The sanitizer is only safe if sorounded by single-quotes, which is assumed. |
SanitizedChar | A sanitizer for a single character, where the character cannot be an unsafe shell character. |
Sanitizer | A sanitizer for shell command constructed from library input. |
ShellTrueCommandExecutionSink | An argument to a command invocation where the |
Sink | A data flow sink for shell command constructed from library input. |
Source | A data flow source for shell command constructed from library input. |
StringConcatEndingInCommandExecutionSink | A string concatenation that is later executed as a shell command. |
TypeOfSanitizer | A guard of the form |
Aliases
IncompleteBlacklistSanitizer | Provides classes and predicates for working with incomplete blacklist sanitizers. |