add summary for the Array method on Kernel

2026-05-05 05:35:13 +02:00 · 2023-03-01 12:53:13 +01:00
parent 36b33765a5
commit 31336b09c4
3 changed files with 53 additions and 4 deletions
--- a/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/impl/unsafeCode.rb
+++ b/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/impl/unsafeCode.rb
@@ -57,10 +57,10 @@ class Foobar
  end

  def join_indirect(x, y) 
-    arr = Array("foo = ", x)
-    eval(arr.join(" ")) # NOT OK - but not currently flagged by the query
+    arr = Array(x)
+    eval(arr.join(" ")) # NOT OK

-    arr2 = [Array("foo = ", y).join(" ")]
-    eval(arr2.join("\n")) # NOT OK - but not currently flagged by the query
+    arr2 = [Array(["foo = ", y]).join(" ")]
+    eval(arr2.join("\n")) # NOT OK
  end
 end