Module Exec

Provides class and predicates to track external data that may represent malicious Python code.

This module is intended to be imported into a taint-tracking query to extend TaintKind and TaintSink.

Import path

semmle.python.security.injection.Exec

Imports

TaintTracking

Python Taint Tracking Library

Untrusted
python

Classes

StringEvaluationNode

A taint sink that represents an argument to exec or eval that is vulnerable to malicious input. The vuln in exec(vuln) or similar.