mate.poi.analysis.CommandInjection module

class mate.poi.analysis.CommandInjection.CommandInjection

Bases: mate.poi.poi_types.Analysis

This analysis looks for potential command injection sites.

This analysis looks for constants which contain SQL keywords, and functions in the printf family which take those constant strings as arguments.

run(session: Session, graph: db.Graph, _inputs: Dict[str, Any]) Iterable[POIGraphsPair]
Return type


class mate.poi.analysis.CommandInjection.CommandInjectionPOI(*, insight: str, source: str = None, sink: str = None, salient_functions: List[mate_common.models.analyses.SalientFunction] = [], keyword_string: str, keyword_string_id: str, suspicious_callsite_ids: List[str])

Bases: mate_common.models.analyses.POI

This POI represents a possible command injection site.

It consists of a string which uses a known SQL keyword, and the uuid of a callsite to a printf- like function which uses that string. The uuids are relative to the graph which was provided when the analysis ran.

  • insight (str) –

  • source (Optional[str]) –

  • sink (Optional[str]) –

  • salient_functions (List[mate_common.models.analyses.SalientFunction]) –

  • keyword_string (str) –

  • keyword_string_id (str) –

  • suspicious_callsite_ids (List[str]) –

Return type


keyword_string: str
keyword_string_id: str
suspicious_callsite_ids: List[str]
mate.poi.analysis.CommandInjection.find_command_injection_sites(session: Session, cpg: db.Graph) Iterable[POIGraphsPair]
Return type