Module containing sources, sinks, and sanitizers for shell command constructed from library input.
Import path
import semmle.javascript.security.dataflow.UnsafeShellCommandConstructionCustomizations
Imports
IndirectCommandArgument |
Provides predicates for reasoning about indirect command arguments. |
Predicates
executesArrayAsShell |
Holds if the arguments array given to |
Classes
ArrayAppendEndingInCommandExecutinSink |
An element pushed to an array, where the array is later used to execute a shell command. |
ChainSanitizer |
A chain of replace calls that replaces all unsafe chars for shell-commands. |
ExternalInputSource |
A parameter of an exported function, seen as a source for shell command constructed from library input. |
FormatedStringInCommandExecutionSink |
A formatted string that is later executed as a shell command. |
JoinedPathEndingInCommandExecutionSink |
A joined path ( |
NumberGuard |
A guard that checks whether |
PathExistsSanitizerGuard |
A sanitizer that sanitizers paths that exist in the file-system. For example: |
ReplaceQuotesSanitizer |
A sanitizer like: “’”+name.replace(/‘/g,"’\’‘“)+”’" Which sanitizes on Unix. The sanitizer is only safe if sorounded by single-quotes, which is assumed. |
SanitizedChar |
A sanitizer for a single character, where the character cannot be an unsafe shell character. |
Sanitizer |
A sanitizer for shell command constructed from library input. |
ShellTrueCommandExecutionSink |
An argument to a command invocation where the |
Sink |
A data flow sink for shell command constructed from library input. |
Source |
A data flow source for shell command constructed from library input. |
StringConcatEndingInCommandExecutionSink |
A string concatenation that is later executed as a shell command. |
TypeOfSanitizer |
A guard of the form |
Aliases
IncompleteBlacklistSanitizer |
Provides classes and predicates for working with incomplete blacklist sanitizers. |