A string constructed using a .join(" ") call, where the resulting string ends up being executed as a shell command.
Import path
import codeql.ruby.security.UnsafeShellCommandConstructionCustomizationsDirect supertypes
Predicates
| describe | Gets a description of how the string in this sink was constructed. |
| getCommandExecution | Gets the dataflow node that executed the string as a shell command. |
| getStringConstruction | Gets the dataflow node where the string is constructed. |
Inherited predicates
| asCallable | Gets the callable corresponding to this block, lambda expression, or call to | from Node |
| asExpr | Gets the expression corresponding to this node, if any. | from Node |
| asParameter | Gets the parameter corresponding to this node, if any. | from Node |
| backtrack | Starts backtracking from this node using API graphs. | from Node |
| getALocalSource | Gets a local source node from which data may flow to this node in zero or more local data-flow steps. | from Node |
| getAPredecessor | Gets a data flow node from which data may flow to this node in one local step. | from Node |
| getASuccessor | Gets a data flow node to which data may flow from this node in one local step. | from Node |
| getConstantValue | Gets the constant value of this expression, if any. | from Node |
| getEnclosingMethod | Gets the enclosing method, if any. | from Node |
| getLocation | Gets the location of this node. | from Node |
| hasLocationInfo | Holds if this element is at the specified location. The location spans column | from Node |
| toString | Gets a textual representation of this node. | from Node |