Module UnsafeShellCommandConstruction

Module containing sources, sinks, and sanitizers for shell command constructed from library input.

Import path

import semmle.python.security.dataflow.UnsafeShellCommandConstructionCustomizations

Holds if the string constructed at source is executed at shellExec

ArrayJoin	A string constructed using a `" ".join(...)` call, where the resulting string ends up being executed as a shell command.
Sanitizer	A sanitizer for shell command constructed from library input vulnerabilities.
ShlexQuoteAsSanitizer	A call to `shlex.quote`, considered as a sanitizer.
Sink	A sink for shell command constructed from library input vulnerabilities.
Source	A source for shell command constructed from library input vulnerabilities.
StringConcatAsSink	A component of a string-concatenation (e.g. `"foo " + sink`), where the resulting string ends up being executed as a shell command.
StringInterpolationAsSink	A string constructed from a string-literal (e.g. `f'foo {sink}'`), where the resulting string ends up being executed as a shell command.
TaintedFormatStringAsSink	A string constructed from a format call, where the resulting string ends up being executed as a shell command. Either a call to `.format(..)` or a string-interpolation with a `%` operator.

Provides classes and predicates for simple data-flow reachability suitable for tracking types.