CodeQL library for Python
codeql/python-all 0.12.1 (changelog, source)
Search

Module UnsafeShellCommandConstructionConfig

A taint-tracking configuration for detecting “shell command constructed from library input” vulnerabilities.

Import path

import semmle.python.security.dataflow.UnsafeShellCommandConstructionQuery

Predicates

getAFeature

Gets a data flow configuration feature to add restrictions to the set of valid flow paths.

isBarrier

Holds if data flow through node is prohibited. This completely removes node from the data flow graph.

isSink

Holds if sink is a relevant data flow sink.

isSource

Holds if source is a relevant data flow source.