Module UnsafeShellCommandConstructionConfig

A taint-tracking configuration for detecting “shell command constructed from library input” vulnerabilities.

Import path

import semmle.python.security.dataflow.UnsafeShellCommandConstructionQuery

getAFeature	Gets a data flow configuration feature to add restrictions to the set of valid flow paths.
getASelectedSinkLocation	Gets a location that will be associated with the given `sink` in a diff-informed query that uses this configuration (see `observeDiffInformedIncrementalMode`). By default, this is the location of the sink itself, but this predicate should include any locations that are reported as the primary-location of the query or as an additional location (“$@” interpolation). For a query that doesn’t report the sink at all, this predicate can be `none()`.
isBarrier	Holds if data flow through `node` is prohibited. This completely removes `node` from the data flow graph.
isSink	Holds if `sink` is a relevant data flow sink.
isSource	Holds if `source` is a relevant data flow source.
observeDiffInformedIncrementalMode	Holds if sources and sinks should be filtered to only include those that may lead to a flow path with either a source or a sink in the location range given by `AlertFiltering`. This only has an effect when running in diff-informed incremental mode.