CodeQL library for Python
codeql/python-all 2.2.0 (changelog, source)
Search

Module CommandInjection

Provides default sources, sinks and sanitizers for detecting “command injection” vulnerabilities, as well as extension points for adding your own.

Import path

import semmle.python.security.dataflow.CommandInjectionCustomizations

Classes

CommandExecutionAsSink

A command execution, considered as a flow sink.

ConstCompareAsSanitizerGuard

A comparison with a constant, considered as a sanitizer-guard.

RemoteFlowSourceAsSource

DEPRECATED: Use ActiveThreatModelSource from Concepts instead!

Sanitizer

A sanitizer for “command injection” vulnerabilities.

Sink

A data flow sink for “command injection” vulnerabilities.

Source

A data flow source for “command injection” vulnerabilities.

Aliases

StringConstCompareAsSanitizerGuard

DEPRECATED: Use ConstCompareAsSanitizerGuard instead.