hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

update SqlInjection tests

Browse Source
This commit is contained in:
Alex Ford
2021-06-23 19:10:22 +01:00
parent 734fe01867
commit 12e4c9ee90
2 changed files with 41 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ql/test/query-tests/security/cwe-089/ActiveRecordInjection.rb
View File

@@ -4,6 +4,10 @@ end
class User < ApplicationRecord
belongs_to :user_group
def self.authenticate(name, pass)
find(:first, :conditions => "name='#{name}' and pass='#{pass}'")
end
end
class Admin < User
@@ -30,6 +34,8 @@ class FooController < ActionController::Base
SQL
UserGroup.joins(:users).where("user.id = #{params[:id]}")
User.authenticate(params[:name], params[:pass])
end
end

55
ql/test/query-tests/security/cwe-089/SqlInjection.expected
View File

@@ -1,23 +1,38 @@
edges
| ActiveRecordInjection.rb:19:30:19:35 | call to params : | ActiveRecordInjection.rb:19:30:19:44 | ...[...] |
| ActiveRecordInjection.rb:22:29:22:34 | call to params : | ActiveRecordInjection.rb:22:21:22:41 | "id = #{...}" |
| ActiveRecordInjection.rb:29:20:29:25 | call to params : | ActiveRecordInjection.rb:28:16:28:21 | <<-SQL |
| ActiveRecordInjection.rb:32:48:32:53 | call to params : | ActiveRecordInjection.rb:32:35:32:60 | "user.id = #{...}" |
| ActiveRecordInjection.rb:40:10:40:15 | call to params : | ActiveRecordInjection.rb:45:21:45:33 | ... + ... |
| ActiveRecordInjection.rb:8:25:8:28 | name : | ActiveRecordInjection.rb:9:33:9:67 | "name='#{...}' and pass='#{...}'" |
| ActiveRecordInjection.rb:8:31:8:34 | pass : | ActiveRecordInjection.rb:9:33:9:67 | "name='#{...}' and pass='#{...}'" |
| ActiveRecordInjection.rb:23:30:23:35 | call to params : | ActiveRecordInjection.rb:23:30:23:44 | ...[...] |
| ActiveRecordInjection.rb:26:29:26:34 | call to params : | ActiveRecordInjection.rb:26:21:26:41 | "id = #{...}" |
| ActiveRecordInjection.rb:33:20:33:25 | call to params : | ActiveRecordInjection.rb:32:16:32:21 | <<-SQL |
| ActiveRecordInjection.rb:36:48:36:53 | call to params : | ActiveRecordInjection.rb:36:35:36:60 | "user.id = #{...}" |
| ActiveRecordInjection.rb:38:23:38:28 | call to params : | ActiveRecordInjection.rb:38:23:38:35 | ...[...] : |
| ActiveRecordInjection.rb:38:23:38:35 | ...[...] : | ActiveRecordInjection.rb:8:25:8:28 | name : |
| ActiveRecordInjection.rb:38:38:38:43 | call to params : | ActiveRecordInjection.rb:38:38:38:50 | ...[...] : |
| ActiveRecordInjection.rb:38:38:38:50 | ...[...] : | ActiveRecordInjection.rb:8:31:8:34 | pass : |
| ActiveRecordInjection.rb:46:10:46:15 | call to params : | ActiveRecordInjection.rb:51:21:51:33 | ... + ... |
nodes
| ActiveRecordInjection.rb:19:30:19:35 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:19:30:19:44 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:22:21:22:41 | "id = #{...}" | semmle.label | "id = #{...}" |
| ActiveRecordInjection.rb:22:29:22:34 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:28:16:28:21 | <<-SQL | semmle.label | <<-SQL |
| ActiveRecordInjection.rb:29:20:29:25 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:32:35:32:60 | "user.id = #{...}" | semmle.label | "user.id = #{...}" |
| ActiveRecordInjection.rb:32:48:32:53 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:40:10:40:15 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:45:21:45:33 | ... + ... | semmle.label | ... + ... |
| ActiveRecordInjection.rb:8:25:8:28 | name : | semmle.label | name : |
| ActiveRecordInjection.rb:8:31:8:34 | pass : | semmle.label | pass : |
| ActiveRecordInjection.rb:9:33:9:67 | "name='#{...}' and pass='#{...}'" | semmle.label | "name='#{...}' and pass='#{...}'" |
| ActiveRecordInjection.rb:23:30:23:35 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:23:30:23:44 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:26:21:26:41 | "id = #{...}" | semmle.label | "id = #{...}" |
| ActiveRecordInjection.rb:26:29:26:34 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:32:16:32:21 | <<-SQL | semmle.label | <<-SQL |
| ActiveRecordInjection.rb:33:20:33:25 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:36:35:36:60 | "user.id = #{...}" | semmle.label | "user.id = #{...}" |
| ActiveRecordInjection.rb:36:48:36:53 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:38:23:38:28 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:38:23:38:35 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:38:38:38:43 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:38:38:38:50 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:46:10:46:15 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:51:21:51:33 | ... + ... | semmle.label | ... + ... |
#select
| ActiveRecordInjection.rb:19:30:19:44 | ...[...] | ActiveRecordInjection.rb:19:30:19:35 | call to params : | ActiveRecordInjection.rb:19:30:19:44 | ...[...] | This SQL query depends on $@. | ActiveRecordInjection.rb:19:30:19:35 | call to params | a user-provided value |
| ActiveRecordInjection.rb:22:21:22:41 | "id = #{...}" | ActiveRecordInjection.rb:22:29:22:34 | call to params : | ActiveRecordInjection.rb:22:21:22:41 | "id = #{...}" | This SQL query depends on $@. | ActiveRecordInjection.rb:22:29:22:34 | call to params | a user-provided value |
| ActiveRecordInjection.rb:28:16:28:21 | <<-SQL | ActiveRecordInjection.rb:29:20:29:25 | call to params : | ActiveRecordInjection.rb:28:16:28:21 | <<-SQL | This SQL query depends on $@. | ActiveRecordInjection.rb:29:20:29:25 | call to params | a user-provided value |
| ActiveRecordInjection.rb:32:35:32:60 | "user.id = #{...}" | ActiveRecordInjection.rb:32:48:32:53 | call to params : | ActiveRecordInjection.rb:32:35:32:60 | "user.id = #{...}" | This SQL query depends on $@. | ActiveRecordInjection.rb:32:48:32:53 | call to params | a user-provided value |
| ActiveRecordInjection.rb:45:21:45:33 | ... + ... | ActiveRecordInjection.rb:40:10:40:15 | call to params : | ActiveRecordInjection.rb:45:21:45:33 | ... + ... | This SQL query depends on $@. | ActiveRecordInjection.rb:40:10:40:15 | call to params | a user-provided value |
| ActiveRecordInjection.rb:9:33:9:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:38:23:38:28 | call to params : | ActiveRecordInjection.rb:9:33:9:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on $@. | ActiveRecordInjection.rb:38:23:38:28 | call to params | a user-provided value |
| ActiveRecordInjection.rb:9:33:9:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:38:38:38:43 | call to params : | ActiveRecordInjection.rb:9:33:9:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on $@. | ActiveRecordInjection.rb:38:38:38:43 | call to params | a user-provided value |
| ActiveRecordInjection.rb:23:30:23:44 | ...[...] | ActiveRecordInjection.rb:23:30:23:35 | call to params : | ActiveRecordInjection.rb:23:30:23:44 | ...[...] | This SQL query depends on $@. | ActiveRecordInjection.rb:23:30:23:35 | call to params | a user-provided value |
| ActiveRecordInjection.rb:26:21:26:41 | "id = #{...}" | ActiveRecordInjection.rb:26:29:26:34 | call to params : | ActiveRecordInjection.rb:26:21:26:41 | "id = #{...}" | This SQL query depends on $@. | ActiveRecordInjection.rb:26:29:26:34 | call to params | a user-provided value |
| ActiveRecordInjection.rb:32:16:32:21 | <<-SQL | ActiveRecordInjection.rb:33:20:33:25 | call to params : | ActiveRecordInjection.rb:32:16:32:21 | <<-SQL | This SQL query depends on $@. | ActiveRecordInjection.rb:33:20:33:25 | call to params | a user-provided value |
| ActiveRecordInjection.rb:36:35:36:60 | "user.id = #{...}" | ActiveRecordInjection.rb:36:48:36:53 | call to params : | ActiveRecordInjection.rb:36:35:36:60 | "user.id = #{...}" | This SQL query depends on $@. | ActiveRecordInjection.rb:36:48:36:53 | call to params | a user-provided value |
| ActiveRecordInjection.rb:51:21:51:33 | ... + ... | ActiveRecordInjection.rb:46:10:46:15 | call to params : | ActiveRecordInjection.rb:51:21:51:33 | ... + ... | This SQL query depends on $@. | ActiveRecordInjection.rb:46:10:46:15 | call to params | a user-provided value |