CodeQL library for Python
codeql/python-all 0.11.12 (changelog, source)
Search

Module UnsafeShellCommandConstructionQuery

Provides a taint tracking configuration for reasoning about shell command constructed from library input vulnerabilities

Note, for performance reasons: only import this file if Configuration is needed, otherwise UnsafeShellCommandConstructionCustomizations should be imported instead.

Import path

import semmle.python.security.dataflow.UnsafeShellCommandConstructionQuery

Imports

DataFlow

Provides a library for local (intra-procedural) and global (inter-procedural) data flow analysis: deciding whether data can flow from a source to a sink.

UnsafeShellCommandConstruction

Module containing sources, sinks, and sanitizers for shell command constructed from library input.

python

Classes

Configuration

DEPRECATED: Use UnsafeShellCommandConstructionFlow module instead.

Modules

UnsafeShellCommandConstructionConfig

A taint-tracking configuration for detecting “shell command constructed from library input” vulnerabilities.

Aliases

UnsafeShellCommandConstructionFlow

Global taint-tracking for detecting “shell command constructed from library input” vulnerabilities.