CodeQL library for JavaScript
Search

Module UnsafeShellCommandConstructionQuery

Provides a taint tracking configuration for reasoning about shell command constructed from library input vulnerabilities (CWE-078).

Note, for performance reasons: only import this file if UnsafeShellCommandConstruction::Configuration is needed, otherwise UnsafeShellCommandConstructionCustomizations should be imported instead.

Import path

import semmle.javascript.security.dataflow.UnsafeShellCommandConstructionQuery

Imports

UnsafeShellCommandConstruction

Module containing sources, sinks, and sanitizers for shell command constructed from library input.

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Classes

Configuration

A taint-tracking configuration for reasoning about shell command constructed from library input vulnerabilities.