hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

remove Zip::Entry.extract from query

Browse Source
This commit is contained in:
thiggy1342
2022-06-16 00:03:55 +00:00
committed by GitHub
parent 540c51022d
commit 0281dbd532
3 changed files with 25 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ruby/ql/test/query-tests/security/decompression-api/DecompressionApi.expected
View File

@@ -1,12 +1,12 @@
edges
| decompression_api.rb:3:31:3:36 | call to params : | decompression_api.rb:3:31:3:44 | ...[...] |
| decompression_api.rb:13:44:13:49 | call to params : | decompression_api.rb:13:44:13:57 | ...[...] |
| decompression_api.rb:3:31:3:36 | call to params : | decompression_api.rb:3:31:3:43 | ...[...] |
| decompression_api.rb:13:44:13:49 | call to params : | decompression_api.rb:13:44:13:56 | ...[...] |
nodes
| decompression_api.rb:3:31:3:36 | call to params : | semmle.label | call to params : |
| decompression_api.rb:3:31:3:44 | ...[...] | semmle.label | ...[...] |
| decompression_api.rb:3:31:3:43 | ...[...] | semmle.label | ...[...] |
| decompression_api.rb:13:44:13:49 | call to params : | semmle.label | call to params : |
| decompression_api.rb:13:44:13:57 | ...[...] | semmle.label | ...[...] |
| decompression_api.rb:13:44:13:56 | ...[...] | semmle.label | ...[...] |
subpaths
#select
| decompression_api.rb:3:31:3:44 | ...[...] | decompression_api.rb:3:31:3:36 | call to params : | decompression_api.rb:3:31:3:44 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | call to inflate | call to inflate |
| decompression_api.rb:13:44:13:57 | ...[...] | decompression_api.rb:13:44:13:49 | call to params : | decompression_api.rb:13:44:13:57 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | call to inflate | call to inflate |
| decompression_api.rb:3:31:3:43 | ...[...] | decompression_api.rb:3:31:3:36 | call to params : | decompression_api.rb:3:31:3:43 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | decompression_api.rb:3:9:3:44 | call to inflate | call to inflate |
| decompression_api.rb:13:44:13:56 | ...[...] | decompression_api.rb:13:44:13:49 | call to params : | decompression_api.rb:13:44:13:56 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | decompression_api.rb:13:9:13:57 | call to inflate | call to inflate |

33
ruby/ql/test/query-tests/security/decompression-api/decompression_api.rb
View File

@@ -1,42 +1,15 @@
class TestController < ActionController::Base
def unsafe_zlib_unzip
Zlib::Inflate.inflate(params[:fname])
Zlib::Inflate.inflate(params[:file])
end
def safe_zlib_unzip
Zlib::Inflate.inflate("testfile.gz")
Zlib::Inflate.inflate(file)
end
DECOMPRESSION_LIB = Zlib
def unsafe_zlib_unzip_const
DECOMPRESSION_LIB::Inflate.inflate(params[:fname])
DECOMPRESSION_LIB::Inflate.inflate(params[:file])
end
def unsafe_zlib_unzip
Zip::File.open(params[:fname]) do |zip_file|
zip_file.each do |entry|
entry.extract(entry.name)
end
end
end
def safe_zlib_unzip
Zip::Entry.extract("testfile.gz")
end
def sanitized_zlib_unzip
fname = params[:fname]
if fname == "safe_file.gz"
Zlib::Inflate.inflate(fname)
end
end
def sanitized_array_zlib_unzip
fname = params[:fname]
if ["safe_file1.gz", "safe_file2.gz"].include? fname
Zlib::Inflate.inflate(fname)
end
end
end