CodeQL library for Ruby
codeql/ruby-all 5.1.4 (changelog, source)
Index
Search

Module UnsafeShellCommandConstruction

Module containing sources, sinks, and sanitizers for shell command constructed from library input.

Import path

import codeql.ruby.security.UnsafeShellCommandConstructionCustomizations

Predicates

isUsedAsShellCommand

Holds if the string constructed at source is executed at shellExec

Classes

ArrayJoin

A string constructed using a .join(" ") call, where the resulting string ends up being executed as a shell command.

Sink

A sink for shell command constructed from library input vulnerabilities.

Source

A source for shell command constructed from library input vulnerabilities.

StringConcatAsSink

A component of a string-concatenation (e.g. "foo " + sink), where the resulting string ends up being executed as a shell command.

StringInterpolationAsSink

A string constructed from a string-literal (e.g. "foo #{sink}"), where the resulting string ends up being executed as a shell command.

TaintedFormatStringAsSink

A string constructed from a printf-style call, where the resulting string ends up being executed as a shell command.

Aliases

TaintedFormat

Provides Ruby-specific imports and classes needed for TaintedFormatStringQuery and TaintedFormatStringCustomizations.