CodeQL library for Python
codeql/python-all 2.2.0 (changelog, source)
Search

Class UnsafeShellCommandConstruction::TaintedFormatStringAsSink

A string constructed from a format call, where the resulting string ends up being executed as a shell command. Either a call to .format(..) or a string-interpolation with a % operator.

Import path

import semmle.python.security.dataflow.UnsafeShellCommandConstructionCustomizations

Direct supertypes

Indirect supertypes

Fields

Predicates

describe

Gets a description of how the string in this sink was constructed.

getCommandExecution

Gets the dataflow node that executed the string as a shell command.

getStringConstruction

Gets the dataflow node where the string is constructed.

Inherited predicates

asCfgNode

Gets the control-flow node corresponding to this node, if any.

from Node
asExpr

Gets the expression corresponding to this node, if any.

from Node
getALocalSource

Gets a local source node from which data may flow to this node in zero or more local data-flow steps.

from Node
getEnclosingCallable

Gets the enclosing callable of this node.

from Node
getLocation

Gets the location of this node

from Node
getScope

Gets the scope of this node.

from Node
hasLocationInfo

Holds if this element is at the specified location. The location spans column startcolumn of line startline to column endcolumn of line endline in file filepath. For more information, see Locations.

from Node
toString

Gets a textual representation of this element.

from Node

Charpred