System\.Diagnostics\.Process\.Start\(.*
new[[:space:]]+(System\.Diagnostic\.)?Process(StartInfo)?[[:space:]]*\(.*
\.Start[[:space:]]\(.*
# via CliWrap
new[[:space:]]+Cli[[:space:]]*\(.*
# via Microsoft.VisualBasic
\.Shell[[:space:]]*\(.*
\.Invoke[[:space:]]*\([^\)]+\)
exec\.Command[[:space:]]*\(
syscall\.Exec[[:space:]]*\(
os\.StartProcess[[:space:]]*\(
session\.Run[[:space:]]*\(
# Perl exec signatures
exec(\s*\(|\s+).*\$.*\)?
fork(\s*\(|\s+).*\)?
`.*\$.*`
system(\s*\(?|\s+)*\$.*\)?
open(\s*\(?|\s+)*\$.*\)?
# PHP - Execution
assert([[:space:]]*\(|[[:space:]]+[\"\'])[^\)]+\)?
exec([[:space:]]*\(|[[:space:]]+[\"\'])[^\)]+\)?
`[^`]*\$[^`]+`
passthru([[:space:]]*\(|[[:space:]]+[\"\'])[^\)]+\)?
popen([[:space:]]*\(|[[:space:]]+[\"\'])[^\)]+\)?
proc_close([[:space:]]*\(|[[:space:]]+[\"\'])[^\)]+\)?
proc_open([[:space:]]*\(|[[:space:]]+).*\)?
proc_get_status([[:space:]]*\(|[[:space:]]+).*\)?
proc_nice([[:space:]]*\(|[[:space:]]+).*\)?
proc_terminate([[:space:]]*\(|[[:space:]]+).*\)?
shell_exec([[:space:]]*\(|[[:space:]]+).*\)?
system([[:space:]]*\(|[[:space:]]+[\"\']).*\)?
exec([vl][pe]*)?[[:space:]]*\(
\.system[[:space:]]*\([^\)]+\)
[Pp]open[234]?[[:space:]]*\(
openpty[[:space:]]*\(
[Pp][Ii][Pp][Ee][[:space:]]*\(
pipes
exec[[:space:]]*\(
spawn([vl][pe]*)?[[:space:]]\(
shell[[:space:]]\(
subprocess[[:space:]]\(
\.getoutput[[:space:]]*\(
execfile
eval[[:space:]]*\(
fork[[:space:]]*\(
\.trycmd[[:space:]]*\(
run_as_root[[:space:]]*=[[:space:]]*True
,[[:space:]]*shell[[:space:]]*=[[:space:]]*True
(class|module|instance)_eval([[:space:]]+.*|[[:space:]]*\()
eval([[:space:]]*\(|[[:space:]]+[^\(])
spawn([[:space:]]*\(|[[:space:]]+[^\(])
system([[:space:]]*\(|[[:space:]]+").*\#\{[^\}]+\}
system[[:space:]]*\(
exec[[:space:]]*\(
\.open[[:space:]]*\(
\.(public_)?send[[:space:]]*\(
`.*#\{[^`]+`
.*\=.*\!\!
[a-z0-9A-Z]\.\!
\.execSync[[:space:]]*\(
require[[:space:]]*\([[:space:]]*.(child_process|execa).
(spawn|execFile)(Sync)?[[:space:]]\(