Module CommandInjection

Provides a taint tracking configuration for reasoning about command-injection vulnerabilities (CWE-078).

Import path

semmle.javascript.security.dataflow.CommandInjection

Imports

RemoteFlowSources

Provides a class for modelling sources of remote user input.

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Modules

Aliases

CommandInjectionSanitizer

DEPRECATED: Use CommandInjection::Sanitizer instead.

CommandInjectionSink

DEPRECATED: Use CommandInjection::Sink instead.

CommandInjectionSource

DEPRECATED: Use CommandInjection::Source instead.

CommandInjectionTrackingConfig

DEPRECATED: Use CommandInjection::Configuration instead.