sast_command_injection
Scan source code for command injection vulnerabilities in child_process calls with user-controlled input. Reports file location and dangerous expression.
Instructions
AST-scan for command injection: child_process.exec(), execSync(), spawn() with shell:true — where arguments include user-controlled input. Reports file, line, column, and the exact dangerous expression.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| path | Yes | Directory path containing source files to analyze |