Module containing sources, sinks, and sanitizers for shell command constructed from library input.
Provides predicates for reasoning about indirect command arguments.
Holds if the arguments array given to
An element pushed to an array, where the array is later used to execute a shell command.
A chain of replace calls that replaces all unsafe chars for shell-commands.
A parameter of an exported function, seen as a source for shell command constructed from library input.
A formatted string that is later executed as a shell command.
A joined path (
A guard that checks whether
A sanitizer that sanitizers paths that exist in the file-system. For example:
A sanitizer like: “’”+name.replace(/‘/g,"’\’‘“)+”’" Which sanitizes on Unix. The sanitizer is only safe if sorounded by single-quotes, which is assumed.
A sanitizer for a single character, where the character cannot be an unsafe shell character.
A sanitizer for shell command constructed from library input.
An argument to a command invocation where the
A data flow sink for shell command constructed from library input.
A data flow source for shell command constructed from library input.
A string concatenation that is later executed as a shell command.
A guard of the form
Provides classes and predicates for working with incomplete blacklist sanitizers.