A sanitizer like: “’”+name.replace(/‘/g,"’\’‘“)+”’" Which sanitizes on Unix. The sanitizer is only safe if sorounded by single-quotes, which is assumed.
Import path
import semmle.javascript.security.dataflow.UnsafeShellCommandConstructionCustomizations
Direct supertypes
Indirect supertypes
Inherited predicates
accessesGlobal | Holds if this data flow node accesses the global variable | from Node |
analyze | Gets type inference results for this data flow node. | from Node |
asExpr | Gets the expression corresponding to this data flow node, if any. | from Node |
backtrack | Gets a node that may flow into this one using one heap and/or interprocedural step. | from SourceNode |
calls | Holds if this data flow node calls method | from MethodCallNode |
flowsTo | Holds if this node flows into | from SourceNode |
flowsToExpr | Holds if this node flows into | from SourceNode |
getABoundCallbackParameter | Gets a parameter of a callback passed into this call. | from InvokeNode |
getABoundFunctionValue | Gets a function value that may reach this node, possibly derived from a partial function invocation. | from Node |
getACall | Gets a function call to this node. | from SourceNode |
getACallee | Gets a potential callee of this call site. | from InvokeNode |
getACallee | Gets a callee of this call site where | from InvokeNode |
getACalleeValue | Gets an abstract value representing possible callees of this call site. | from InvokeNode |
getAChainedMethodCall | Gets a chained method call that invokes | from SourceNode |
getAConstructorInvocation | Gets a | from SourceNode |
getAFunctionValue | Gets a function value that may reach this node. | from Node |
getAFunctionValue | Gets a function value that may reach this node with the given | from Node |
getALocalSource | Gets a source node from which data may flow to this node in zero or more local steps. | from Node |
getALocalUse | Gets a node into which data may flow from this node in zero or more local steps. | from SourceNode |
getAMemberCall | Gets a function call that invokes method | from SourceNode |
getAMemberInvocation | Gets an invocation of the method or constructor named | from SourceNode |
getAMethodCall | Gets a method call that invokes a method on this node. | from SourceNode |
getAMethodCall | Gets a method call that invokes method | from SourceNode |
getAPredecessor | Gets a data flow node from which data may flow to this node in one local step. | from Node |
getAPropertyRead | Gets a read of any property on this node. | from SourceNode |
getAPropertyRead | Gets a read of property | from SourceNode |
getAPropertyReference | Gets a reference (read or write) of any property on this node. | from SourceNode |
getAPropertyReference | Gets a reference (read or write) of property | from SourceNode |
getAPropertySource | Gets a source node whose value is stored in a property of this node. | from SourceNode |
getAPropertySource | Gets a source node whose value is stored in property | from SourceNode |
getAPropertyWrite | Gets a write of any property on this node. | from SourceNode |
getAPropertyWrite | Gets a write of property | from SourceNode |
getAReplacedString | Gets a string that is being replaced by this call. | from StringReplaceCall |
getASpreadArgument | Gets a data flow node corresponding to an array of values being passed as individual arguments to this invocation. | from InvokeNode |
getASuccessor | Gets a data flow node to which data may flow from this node in one local step. | from Node |
getAnArgument | Gets the data flow node corresponding to an argument of this invocation. | from InvokeNode |
getAnInstantiation | Gets a | from SourceNode |
getAnInvocation | Gets an invocation (with our without | from SourceNode |
getArgument | Gets the data flow node corresponding to the | from InvokeNode |
getAstNode | Gets the AST node corresponding to this data flow node, if any. | from Node |
getBasicBlock | Gets the basic block to which this node belongs. | from Node |
getCallback | Gets a function passed as the | from InvokeNode |
getCalleeName | Gets the name of the function or method being invoked, if it can be determined. | from InvokeNode |
getCalleeNode | Gets the data flow node specifying the function to be called. | from InvokeNode |
getContainer | Gets the container in which this node occurs. | from Node |
getEnclosingExpr | Gets the expression enclosing this data flow node. In most cases the result is the same as | from Node |
getEnclosingFunction | from InvokeNode | |
getEndColumn | Gets the end column of this data flow node. | from Node |
getEndLine | Gets the end line of this data flow node. | from Node |
getExceptionalReturn | Gets the data flow node representing an exception thrown from this invocation. | from InvokeNode |
getFile | Gets the file this data flow node comes from. | from Node |
getImmediatePredecessor | Gets the immediate predecessor of this node, if any. | from Node |
getIntValue | Gets the integer value of this node, if it is an integer constant. | from Node |
getInvokeExpr | Gets the syntactic invoke expression underlying this function invocation. | from InvokeNode |
getLastArgument | Gets the data flow node corresponding to the last argument of this invocation. | from InvokeNode |
getLocation | Gets the location of this node. | from Node |
getMethodName | Gets the name of the invoked method, if it can be determined. | from MethodCallNode |
getNumArgument | Gets the number of arguments of this invocation, if it can be determined. | from InvokeNode |
getOptionArgument | Holds if the | from InvokeNode |
getRawReplacement | Gets the second argument of this call to | from StringReplaceCall |
getReceiver | Gets the data flow node corresponding to the receiver expression of this method call. | from CallNode |
getRegExp | Gets the regular expression passed as the first argument to | from StringReplaceCall |
getReplacementCallback | Gets a function flowing into the second argument of this call to | from StringReplaceCall |
getStartColumn | Gets the start column of this data flow node. | from Node |
getStartLine | Gets the start line of this data flow node. | from Node |
getStringValue | Gets the string value of this node, if it is a string literal or constant string concatenation. | from Node |
getTopLevel | Gets the toplevel in which this node occurs. | from Node |
hasLocationInfo | Holds if this element is at the specified location. The location spans column | from Node |
hasPropertyWrite | Holds if there is an assignment to property | from SourceNode |
hasUnderlyingType | Holds if this node is annotated with the given named type, or is declared as a subtype thereof, or is a union or intersection containing such a type. | from Node |
hasUnderlyingType | Holds if this node is annotated with the given named type, or is declared as a subtype thereof, or is a union or intersection containing such a type. | from Node |
isGlobal | Holds if this is a global replacement, that is, the first argument is a regular expression with the | from StringReplaceCall |
isImprecise | Holds if our approximation of possible callees for this call site is likely to be imprecise. | from InvokeNode |
isIncomplete | Holds if the flow information for this node is incomplete. | from Node |
isIncomplete | Holds if our approximation of possible callees for this call site is likely to be incomplete. | from InvokeNode |
isIndefinite | Holds if the approximation of possible callees for this call site is affected by the given analysis incompleteness | from InvokeNode |
isUncertain | Holds if our approximation of possible callees for this call site is likely to be imprecise or incomplete. | from InvokeNode |
mayHaveBooleanValue | Holds if this node may evaluate to the Boolean value | from Node |
mayHaveStringValue | Holds if this node may evaluate to the string | from Node |
replaces | Holds if this call to | from StringReplaceCall |
toString | Gets a textual representation of this element. | from Node |
track | Gets a node that this node may flow to using one heap and/or interprocedural step. | from SourceNode |