Query module ExecTaintedLocal

name
Local-user-controlled command line
description
Using externally controlled strings in a command line is vulnerable to malicious changes in the strings.
kind
path-problem
problem.severity
recommendation
precision
medium
id
java/command-line-injection-local
tags
security external/cwe/cwe-078 external/cwe/cwe-088

Imports

Expr

Provides classes for working with Java expressions.

ExternalProcess
FlowSources

Provides classes representing various flow sources for taint tracking.

PathGraph

Provides the query predicates needed to include a graph in a path-problem query.

Classes