Module UnsafeShellCommandConstruction

Provides predicates for reasoning about indirect command arguments.

Holds if the arguments array given to sys is joined as a string because shell is set to true.

An element pushed to an array, where the array is later used to execute a shell command.

A chain of replace calls that replaces all unsafe chars for shell-commands.

A parameter of an exported function, seen as a source for shell command constructed from library input.

A formatted string that is later executed as a shell command.

A joined path (path.{resolve/join}(..)) that is later executed as a shell command. Joining a path is similar to string concatenation that automatically inserts slashes.

A guard that checks whether x is a number.

A sanitizer that sanitizers paths that exist in the file-system. For example: x is sanitized in fs.existsSync(x) or fs.existsSync(x + "/suffix/path").

A sanitizer like: “’”+name.replace(/‘/g,"’\’‘“)+”’" Which sanitizes on Unix. The sanitizer is only safe if sorounded by single-quotes, which is assumed.

A sanitizer for a single character, where the character cannot be an unsafe shell character.

A sanitizer for shell command constructed from library input.

An argument to a command invocation where the shell option is set to true.

A data flow sink for shell command constructed from library input.

A data flow source for shell command constructed from library input.

A string concatenation that is later executed as a shell command.

A guard of the form typeof x === "<T>", where <T> is “number”, or “boolean”, which sanitizes x in its “then” branch.

Provides classes and predicates for working with incomplete blacklist sanitizers.