Module CommandInjection::CommandInjection

Classes

ArgumentListTracking

Auxiliary data flow configuration for tracking string literals that look like they may refer to an operating system shell, and array literals that may end up being interpreted as argument lists for system commands.

Configuration

A taint-tracking configuration for reasoning about command-injection vulnerabilities.

RemoteFlowSourceAsSource

A source of remote user input, considered as a flow source for command injection.

Sanitizer

A sanitizer for command-injection vulnerabilities.

Sink

A data flow sink for command-injection vulnerabilities.

Source

A data flow source for command-injection vulnerabilities.

SystemCommandExecutionSink

A command argument to a function that initiates an operating system command.