Module CommandInjectionQuery

Provides a taint tracking configuration for reasoning about command-injection vulnerabilities (CWE-078).

Note, for performance reasons: only import this file if CommandInjectionFlow is needed, otherwise CommandInjectionCustomizations should be imported instead.

Import path

import codeql.ruby.security.CommandInjectionQuery

Imports

AST
BarrierGuards	Provides commonly used barriers to dataflow.
CommandInjection
DataFlow	Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses.
TaintTracking

Classes

Configuration

A taint-tracking configuration for reasoning about command-injection vulnerabilities. DEPRECATED: Use CommandInjectionFlow instead

Aliases

CommandInjectionFlow

Taint-tracking for reasoning about command-injection vulnerabilities.