CodeQL library for Python
codeql/python-all 0.10.5 ( changelog , source )
Search

Module UnsafeShellCommandConstruction

Module containing sources, sinks, and sanitizers for shell command constructed from library input.

Import path

import semmle.python.security.dataflow.UnsafeShellCommandConstructionCustomizations

Predicates

isUsedAsShellCommand

Holds if the string constructed at source is executed at shellExec

Classes

ArrayJoin

A string constructed using a " ".join(...) call, where the resulting string ends up being executed as a shell command.

Sanitizer

A sanitizer for shell command constructed from library input vulnerabilities.

ShlexQuoteAsSanitizer

A call to shlex.quote, considered as a sanitizer.

Sink

A sink for shell command constructed from library input vulnerabilities.

Source

A source for shell command constructed from library input vulnerabilities.

StringConcatAsSink

A component of a string-concatenation (e.g. "foo " + sink), where the resulting string ends up being executed as a shell command.

StringInterpolationAsSink

A string constructed from a string-literal (e.g. f'foo {sink}'), where the resulting string ends up being executed as a shell command.

TaintedFormatStringAsSink

A string constructed from a format call, where the resulting string ends up being executed as a shell command. Either a call to .format(..) or a string-interpolation with a % operator.

Aliases

TypeTracker

This file acts as a wrapper for internal.TypeTracker, exposing some of the functionality with names that are more appropriate for Python.