CodeQL library for Python
codeql/python-all 0.6.4 (changelog, source)
Search

Module Command

Provides class and predicates to track external data that may represent malicious OS commands.

This module is intended to be imported into a taint-tracking query to extend TaintKind and TaintSink.

Import path

import semmle.python.security.injection.Command

Imports

Classes

CommandSink

Abstract taint sink that is potentially vulnerable to malicious shell commands.

FabricExecuteExtension

An extension that propagates taint from the arguments of fabric.api.execute(func, arg0, arg1, ...) to the parameters of func, since this will call func(arg0, arg1, ...).

FabricGroupRun

A taint sink that is potentially vulnerable to malicious shell commands. The vuln in fabric.Group().run(vuln, ...) and similar calls.

FabricV1Commands
FirstElementFlow
FirstElementKind

Special case for first element in sequence.

InvokeContextRun

A taint sink that is potentially vulnerable to malicious shell commands. The vuln in invoke.Context().run(vuln, ...) and similar calls.

InvokeRun

A taint sink that is potentially vulnerable to malicious shell commands. The vuln in invoke.run(vuln, ...) and similar calls.

OsCommandFirstArgument

A taint sink that is potentially vulnerable to malicious shell commands. The vuln in subprocess.call(vuln, ...) and similar calls.

ShellCommand

A taint sink that is potentially vulnerable to malicious shell commands. The vuln in subprocess.call(shell=vuln) and similar calls.