Module CommandExecution

Import path

semmle.code.cpp.security.CommandExecution

Imports

FunctionWithWrappers
cpp

Provides classes and predicates for working with C/C++/ObjC/ObjC++ code.

Predicates

shellCommand

A command that is used as a command, or component of a command, that will be executed by a general-purpose command interpreter such as sh or cmd.exe.

shellCommandPreface

The name of a shell and the flag used to preface a command that should be parsed. Public for testing purposes.

Classes

ArrayExecFunctionCall

A function for running a command using an array of arguments. Note that FunctionWithWrappers does not support tracking multiple interesting arguments all the way to the call site.

SystemFunction

A function for running a command using a command interpreter.

VarargsExecFunctionCall

A function for running a command via varargs. Note that, at the time of writing, FunctionWithWrappers doesn’t really support varargs arguments, because it requires a finite version of interestingArg().