CodeQL library for Python
codeql/python-all 0.6.4 (changelog, source)
Search

Class OsCommandFirstArgument

A taint sink that is potentially vulnerable to malicious shell commands. The vuln in subprocess.call(vuln, ...) and similar calls.

Import path

import semmle.python.security.injection.Command

Direct supertypes

Indirect supertypes

Predicates

sinks

Holds if this “sinks” taint kind kind Typically this means that this is vulnerable to taint kind kind.

toString

Gets a textual representation of this element.

Inherited predicates

getLocationfrom TaintSink
hasLocationInfo

Holds if this element is at the specified location. The location spans column startcolumn of line startline to column endcolumn of line endline in file filepath. For more information, see Locations.

from TaintSink

Charpred