Module containing sources, sinks, and sanitizers for shell command constructed from library input.
Import path
import semmle.python.security.dataflow.UnsafeShellCommandConstructionCustomizations
Predicates
isUsedAsShellCommand | Holds if the string constructed at |
Classes
ArrayJoin | A string constructed using a |
Sanitizer | A sanitizer for shell command constructed from library input vulnerabilities. |
ShlexQuoteAsSanitizer | A call to |
Sink | A sink for shell command constructed from library input vulnerabilities. |
Source | A source for shell command constructed from library input vulnerabilities. |
StringConcatAsSink | A component of a string-concatenation (e.g. |
StringInterpolationAsSink | A string constructed from a string-literal (e.g. |
TaintedFormatStringAsSink | A string constructed from a format call, where the resulting string ends up being executed as a shell command. Either a call to |
Aliases
TypeTracker | Provides classes and predicates for simple data-flow reachability suitable for tracking types. |