Module Command

Provides class and predicates to track external data that may represent malicious OS commands.

This module is intended to be imported into a taint-tracking query to extend TaintKind and TaintSink.

Import path

semmle.python.security.injection.Command

Imports

TaintTracking

Python Taint Tracking Library

Untrusted
python

Classes

FirstElementFlow
FirstElementKind

Special case for first element in sequence.

OsCommandFirstArgument

A taint sink that is potentially vulnerable to malicious shell commands. The vuln in subprocess.call(vuln, ...) and similar calls.

ShellCommand

A taint sink that is potentially vulnerable to malicious shell commands. The vuln in subprocess.call(shell=vuln) and similar calls.