hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10708 from erik-krogh/kernelSink

Browse Source 
RB: add a query flagging uses of `Kernel.open()` that are not with a constant string
This commit is contained in:
Erik Krogh Kristensen
2022-10-14 09:13:26 +02:00
committed by GitHub
parent a327802e43 9fe18e5d73
commit 332bc35ff1
16 changed files with 161 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
ruby/ql/test/query-tests/security/cwe-078/CommandInjection.expected → ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected
View File

0
ruby/ql/test/query-tests/security/cwe-078/CommandInjection.qlref → ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.qlref
View File

0
ruby/ql/test/query-tests/security/cwe-078/CommandInjection.rb → ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.rb
View File

4
ruby/ql/test/query-tests/security/cwe-078/KernelOpen.expected → ruby/ql/test/query-tests/security/cwe-078/KernelOpen/KernelOpen.expected
View File

@@ -9,5 +9,5 @@ nodes
| KernelOpen.rb:5:13:5:16 | file | semmle.label | file |
subpaths
#select
| KernelOpen.rb:4:10:4:13 | file | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:4:10:4:13 | file | This call to Kernel.open depends on a $@. Replace it with File.open. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:5:13:5:16 | file | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:5:13:5:16 | file | This call to IO.read depends on a $@. Replace it with File.read. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:4:10:4:13 | file | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:4:10:4:13 | file | This call to Kernel.open depends on a $@. Consider replacing it with File.open. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:5:13:5:16 | file | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:5:13:5:16 | file | This call to IO.read depends on a $@. Consider replacing it with File.read. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |

0
ruby/ql/test/query-tests/security/cwe-078/KernelOpen.qlref → ruby/ql/test/query-tests/security/cwe-078/KernelOpen/KernelOpen.qlref
View File

0
ruby/ql/test/query-tests/security/cwe-078/KernelOpen.rb → ruby/ql/test/query-tests/security/cwe-078/KernelOpen/KernelOpen.rb
View File

4
ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.expected Normal file
View File

@@ -0,0 +1,4 @@
| NonConstantKernelOpen.rb:4:5:4:14 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. |
| NonConstantKernelOpen.rb:5:5:5:17 | call to read | Call to IO.read with a non-constant value. Consider replacing it with File.read. |
| NonConstantKernelOpen.rb:9:5:9:21 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. |
| NonConstantKernelOpen.rb:19:5:19:33 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. |

1
ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.qlref Normal file
View File

@@ -0,0 +1 @@
queries/security/cwe-078/NonConstantKernelOpen.ql

23
ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.rb Normal file
View File

@@ -0,0 +1,23 @@
class UsersController < ActionController::Base
def create
file = params[:file]
open(file) # BAD
IO.read(file) # BAD
File.open(file).read # GOOD
Kernel.open(file) # BAD
File.open(file, "r") # GOOD
Kernel.open("constant") # GOOD
IO.read("constant") # GOOD
Kernel.open("this is #{fine}") # GOOD
Kernel.open("#{this_is} bad") # BAD
open("| #{this_is_an_explicit_command} foo bar") # GOOD
end
end