Add Command Injection support

Author: GeekMasher

csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll

@@ -6,6 +6,7 @@ import csharp
 private import semmle.code.csharp.security.dataflow.flowsources.Remote
 private import semmle.code.csharp.frameworks.system.Diagnostics
 private import semmle.code.csharp.security.Sanitizers
+private import semmle.code.csharp.dataflow.ExternalFlow
 
 /**
  * A source specific to command injection vulnerabilities.
@@ -66,6 +67,11 @@ module CommandInjection = TaintTracking::Global<CommandInjectionConfig>;
 /** A source of remote user input. */
 class RemoteSource extends Source instanceof RemoteFlowSource { }
 
+/** Command Injection sinks defined through CSV models. */
+private class ExternalCommandInjectionExprSink extends Sink {
+  ExternalCommandInjectionExprSink() { sinkNode(this, "command-injection") }
+}
+
 /**
  * A sink in `System.Diagnostic.Process` or its related classes.
  */