Predicate UnsafeShellCommandConstructionConfig::getAFeature
Gets a data flow configuration feature to add restrictions to the set of valid flow paths.
FeatureHasSourceCallContext
: Assume that sources have some existing call context to disallow conflicting return-flow directly following the source.FeatureHasSinkCallContext
: Assume that sinks have some existing call context to disallow conflicting argument-to-parameter flow directly preceding the sink.FeatureEqualSourceSinkCallContext
: Implies both of the above and additionally ensures that the entire flow path preserves the call context.
These features are generally not relevant for typical end-to-end data flow queries, but should only be used for constructing paths that need to somehow be pluggable in another path context.
Import path
import semmle.python.security.dataflow.UnsafeShellCommandConstructionQuery