CodeQL library for JavaScript
codeql/javascript-all 0.7.4 ( changelog , source )
Search

Predicate UnsafeShellCommandConstruction :: executesArrayAsShell

Holds if the arguments array given to sys is joined as a string because shell is set to true.

Import path

import semmle.javascript.security.dataflow.UnsafeShellCommandConstructionCustomizations
predicate executesArrayAsShell ( SystemCommandExecution sys )