mirror of
https://github.com/github/codeql.git
synced 2026-04-30 03:05:15 +02:00
Ruby: Add summaries for ActiveSupport::SafeBuffer
This commit is contained in:
Harry Maclean
@@ -9,6 +9,7 @@ private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.dataflow.FlowSummary
|
||||
private import codeql.ruby.ApiGraphs
|
||||
private import codeql.ruby.frameworks.stdlib.Logger::Logger as StdlibLogger
|
||||
private import codeql.ruby.frameworks.data.ModelsAsData
|
||||
|
||||
/**
|
||||
* Modeling for `ActiveSupport`.
|
||||
@@ -138,4 +139,28 @@ module ActiveSupport {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* `ActiveSupport::SafeBuffer` wraps a string, providing HTML-safe methods
|
||||
* for concatenation.
|
||||
* It is possible to insert tainted data into `SafeBuffer` that won't get
|
||||
* sanitized, and this taint is then propagated via most of the methods.
|
||||
*/
|
||||
private class SafeBufferSummary extends ModelInput::SummaryModelCsv {
|
||||
// TODO: SafeBuffer also reponds to all String methods.
|
||||
// Can we model this without repeating all the existing summaries we have
|
||||
// for String?
|
||||
override predicate row(string row) {
|
||||
row =
|
||||
[
|
||||
// SafeBuffer.new(x) does not sanitize x
|
||||
"activesupport;;Member[ActionView].Member[SafeBuffer].Method[new];Argument[0];ReturnValue;taint",
|
||||
// SafeBuffer#safe_concat(x) does not sanitize x
|
||||
"activesupport;;Member[ActionView].Member[SafeBuffer].Instance.Method[safe_concat];Argument[0];ReturnValue;taint",
|
||||
"activesupport;;Member[ActionView].Member[SafeBuffer].Instance.Method[safe_concat];Argument[0];Argument[self];taint",
|
||||
// These methods preserve taint in self
|
||||
"activesupport;;Member[ActionView].Member[SafeBuffer].Instance.Method[concat,insert,prepend,to_s,to_param];Argument[self];ReturnValue;taint",
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,339 @@
|
||||
failures
|
||||
edges
|
||||
| active_support.rb:9:9:9:18 | call to source : | active_support.rb:10:10:10:10 | x : |
|
||||
| active_support.rb:10:10:10:10 | x : | active_support.rb:10:10:10:19 | call to camelize |
|
||||
| active_support.rb:14:9:14:18 | call to source : | active_support.rb:15:10:15:10 | x : |
|
||||
| active_support.rb:15:10:15:10 | x : | active_support.rb:15:10:15:20 | call to camelcase |
|
||||
| active_support.rb:19:9:19:18 | call to source : | active_support.rb:20:10:20:10 | x : |
|
||||
| active_support.rb:20:10:20:10 | x : | active_support.rb:20:10:20:19 | call to classify |
|
||||
| active_support.rb:24:9:24:18 | call to source : | active_support.rb:25:10:25:10 | x : |
|
||||
| active_support.rb:25:10:25:10 | x : | active_support.rb:25:10:25:20 | call to dasherize |
|
||||
| active_support.rb:29:9:29:18 | call to source : | active_support.rb:30:10:30:10 | x : |
|
||||
| active_support.rb:30:10:30:10 | x : | active_support.rb:30:10:30:24 | call to deconstantize |
|
||||
| active_support.rb:34:9:34:18 | call to source : | active_support.rb:35:10:35:10 | x : |
|
||||
| active_support.rb:35:10:35:10 | x : | active_support.rb:35:10:35:21 | call to demodulize |
|
||||
| active_support.rb:39:9:39:18 | call to source : | active_support.rb:40:10:40:10 | x : |
|
||||
| active_support.rb:40:10:40:10 | x : | active_support.rb:40:10:40:22 | call to foreign_key |
|
||||
| active_support.rb:44:9:44:18 | call to source : | active_support.rb:45:10:45:10 | x : |
|
||||
| active_support.rb:45:10:45:10 | x : | active_support.rb:45:10:45:19 | call to humanize |
|
||||
| active_support.rb:49:9:49:18 | call to source : | active_support.rb:50:10:50:10 | x : |
|
||||
| active_support.rb:50:10:50:10 | x : | active_support.rb:50:10:50:20 | call to indent |
|
||||
| active_support.rb:54:9:54:18 | call to source : | active_support.rb:55:10:55:10 | x : |
|
||||
| active_support.rb:55:10:55:10 | x : | active_support.rb:55:10:55:23 | call to parameterize |
|
||||
| active_support.rb:59:9:59:18 | call to source : | active_support.rb:60:10:60:10 | x : |
|
||||
| active_support.rb:60:10:60:10 | x : | active_support.rb:60:10:60:20 | call to pluralize |
|
||||
| active_support.rb:64:9:64:18 | call to source : | active_support.rb:65:10:65:10 | x : |
|
||||
| active_support.rb:65:10:65:10 | x : | active_support.rb:65:10:65:22 | call to singularize |
|
||||
| active_support.rb:69:9:69:18 | call to source : | active_support.rb:70:10:70:10 | x : |
|
||||
| active_support.rb:70:10:70:10 | x : | active_support.rb:70:10:70:17 | call to squish |
|
||||
| active_support.rb:74:9:74:18 | call to source : | active_support.rb:75:10:75:10 | x : |
|
||||
| active_support.rb:75:10:75:10 | x : | active_support.rb:75:10:75:24 | call to strip_heredoc |
|
||||
| active_support.rb:79:9:79:18 | call to source : | active_support.rb:80:10:80:10 | x : |
|
||||
| active_support.rb:80:10:80:10 | x : | active_support.rb:80:10:80:19 | call to tableize |
|
||||
| active_support.rb:84:9:84:18 | call to source : | active_support.rb:85:10:85:10 | x : |
|
||||
| active_support.rb:85:10:85:10 | x : | active_support.rb:85:10:85:20 | call to titlecase |
|
||||
| active_support.rb:89:9:89:18 | call to source : | active_support.rb:90:10:90:10 | x : |
|
||||
| active_support.rb:90:10:90:10 | x : | active_support.rb:90:10:90:19 | call to titleize |
|
||||
| active_support.rb:94:9:94:18 | call to source : | active_support.rb:95:10:95:10 | x : |
|
||||
| active_support.rb:95:10:95:10 | x : | active_support.rb:95:10:95:21 | call to underscore |
|
||||
| active_support.rb:99:9:99:18 | call to source : | active_support.rb:100:10:100:10 | x : |
|
||||
| active_support.rb:100:10:100:10 | x : | active_support.rb:100:10:100:23 | call to upcase_first |
|
||||
| active_support.rb:104:10:104:17 | call to source : | active_support.rb:105:9:105:9 | x [element 0] : |
|
||||
| active_support.rb:104:10:104:17 | call to source : | active_support.rb:105:9:105:9 | x [element 0] : |
|
||||
| active_support.rb:105:9:105:9 | x [element 0] : | active_support.rb:105:9:105:23 | call to compact_blank [element] : |
|
||||
| active_support.rb:105:9:105:9 | x [element 0] : | active_support.rb:105:9:105:23 | call to compact_blank [element] : |
|
||||
| active_support.rb:105:9:105:23 | call to compact_blank [element] : | active_support.rb:106:10:106:10 | y [element] : |
|
||||
| active_support.rb:105:9:105:23 | call to compact_blank [element] : | active_support.rb:106:10:106:10 | y [element] : |
|
||||
| active_support.rb:106:10:106:10 | y [element] : | active_support.rb:106:10:106:13 | ...[...] |
|
||||
| active_support.rb:106:10:106:10 | y [element] : | active_support.rb:106:10:106:13 | ...[...] |
|
||||
| active_support.rb:110:10:110:18 | call to source : | active_support.rb:111:9:111:9 | x [element 0] : |
|
||||
| active_support.rb:110:10:110:18 | call to source : | active_support.rb:111:9:111:9 | x [element 0] : |
|
||||
| active_support.rb:111:9:111:9 | x [element 0] : | active_support.rb:111:9:111:21 | call to excluding [element] : |
|
||||
| active_support.rb:111:9:111:9 | x [element 0] : | active_support.rb:111:9:111:21 | call to excluding [element] : |
|
||||
| active_support.rb:111:9:111:21 | call to excluding [element] : | active_support.rb:112:10:112:10 | y [element] : |
|
||||
| active_support.rb:111:9:111:21 | call to excluding [element] : | active_support.rb:112:10:112:10 | y [element] : |
|
||||
| active_support.rb:112:10:112:10 | y [element] : | active_support.rb:112:10:112:13 | ...[...] |
|
||||
| active_support.rb:112:10:112:10 | y [element] : | active_support.rb:112:10:112:13 | ...[...] |
|
||||
| active_support.rb:116:10:116:18 | call to source : | active_support.rb:117:9:117:9 | x [element 0] : |
|
||||
| active_support.rb:116:10:116:18 | call to source : | active_support.rb:117:9:117:9 | x [element 0] : |
|
||||
| active_support.rb:117:9:117:9 | x [element 0] : | active_support.rb:117:9:117:19 | call to without [element] : |
|
||||
| active_support.rb:117:9:117:9 | x [element 0] : | active_support.rb:117:9:117:19 | call to without [element] : |
|
||||
| active_support.rb:117:9:117:19 | call to without [element] : | active_support.rb:118:10:118:10 | y [element] : |
|
||||
| active_support.rb:117:9:117:19 | call to without [element] : | active_support.rb:118:10:118:10 | y [element] : |
|
||||
| active_support.rb:118:10:118:10 | y [element] : | active_support.rb:118:10:118:13 | ...[...] |
|
||||
| active_support.rb:118:10:118:10 | y [element] : | active_support.rb:118:10:118:13 | ...[...] |
|
||||
| active_support.rb:122:10:122:18 | call to source : | active_support.rb:123:9:123:9 | x [element 0] : |
|
||||
| active_support.rb:122:10:122:18 | call to source : | active_support.rb:123:9:123:9 | x [element 0] : |
|
||||
| active_support.rb:123:9:123:9 | x [element 0] : | active_support.rb:123:9:123:37 | call to in_order_of [element] : |
|
||||
| active_support.rb:123:9:123:9 | x [element 0] : | active_support.rb:123:9:123:37 | call to in_order_of [element] : |
|
||||
| active_support.rb:123:9:123:37 | call to in_order_of [element] : | active_support.rb:124:10:124:10 | y [element] : |
|
||||
| active_support.rb:123:9:123:37 | call to in_order_of [element] : | active_support.rb:124:10:124:10 | y [element] : |
|
||||
| active_support.rb:124:10:124:10 | y [element] : | active_support.rb:124:10:124:13 | ...[...] |
|
||||
| active_support.rb:124:10:124:10 | y [element] : | active_support.rb:124:10:124:13 | ...[...] |
|
||||
| active_support.rb:128:10:128:18 | call to source : | active_support.rb:129:9:129:9 | a [element 0] : |
|
||||
| active_support.rb:128:10:128:18 | call to source : | active_support.rb:129:9:129:9 | a [element 0] : |
|
||||
| active_support.rb:128:10:128:18 | call to source : | active_support.rb:130:10:130:10 | a [element 0] : |
|
||||
| active_support.rb:128:10:128:18 | call to source : | active_support.rb:130:10:130:10 | a [element 0] : |
|
||||
| active_support.rb:129:9:129:9 | a [element 0] : | active_support.rb:129:9:129:41 | call to including [element 0] : |
|
||||
| active_support.rb:129:9:129:9 | a [element 0] : | active_support.rb:129:9:129:41 | call to including [element 0] : |
|
||||
| active_support.rb:129:9:129:41 | call to including [element 0] : | active_support.rb:132:10:132:10 | b [element 0] : |
|
||||
| active_support.rb:129:9:129:41 | call to including [element 0] : | active_support.rb:132:10:132:10 | b [element 0] : |
|
||||
| active_support.rb:129:9:129:41 | call to including [element] : | active_support.rb:132:10:132:10 | b [element] : |
|
||||
| active_support.rb:129:9:129:41 | call to including [element] : | active_support.rb:132:10:132:10 | b [element] : |
|
||||
| active_support.rb:129:9:129:41 | call to including [element] : | active_support.rb:133:10:133:10 | b [element] : |
|
||||
| active_support.rb:129:9:129:41 | call to including [element] : | active_support.rb:133:10:133:10 | b [element] : |
|
||||
| active_support.rb:129:9:129:41 | call to including [element] : | active_support.rb:134:10:134:10 | b [element] : |
|
||||
| active_support.rb:129:9:129:41 | call to including [element] : | active_support.rb:134:10:134:10 | b [element] : |
|
||||
| active_support.rb:129:9:129:41 | call to including [element] : | active_support.rb:135:10:135:10 | b [element] : |
|
||||
| active_support.rb:129:9:129:41 | call to including [element] : | active_support.rb:135:10:135:10 | b [element] : |
|
||||
| active_support.rb:129:21:129:29 | call to source : | active_support.rb:129:9:129:41 | call to including [element] : |
|
||||
| active_support.rb:129:21:129:29 | call to source : | active_support.rb:129:9:129:41 | call to including [element] : |
|
||||
| active_support.rb:129:32:129:40 | call to source : | active_support.rb:129:9:129:41 | call to including [element] : |
|
||||
| active_support.rb:129:32:129:40 | call to source : | active_support.rb:129:9:129:41 | call to including [element] : |
|
||||
| active_support.rb:130:10:130:10 | a [element 0] : | active_support.rb:130:10:130:13 | ...[...] |
|
||||
| active_support.rb:130:10:130:10 | a [element 0] : | active_support.rb:130:10:130:13 | ...[...] |
|
||||
| active_support.rb:132:10:132:10 | b [element 0] : | active_support.rb:132:10:132:13 | ...[...] |
|
||||
| active_support.rb:132:10:132:10 | b [element 0] : | active_support.rb:132:10:132:13 | ...[...] |
|
||||
| active_support.rb:132:10:132:10 | b [element] : | active_support.rb:132:10:132:13 | ...[...] |
|
||||
| active_support.rb:132:10:132:10 | b [element] : | active_support.rb:132:10:132:13 | ...[...] |
|
||||
| active_support.rb:133:10:133:10 | b [element] : | active_support.rb:133:10:133:13 | ...[...] |
|
||||
| active_support.rb:133:10:133:10 | b [element] : | active_support.rb:133:10:133:13 | ...[...] |
|
||||
| active_support.rb:134:10:134:10 | b [element] : | active_support.rb:134:10:134:13 | ...[...] |
|
||||
| active_support.rb:134:10:134:10 | b [element] : | active_support.rb:134:10:134:13 | ...[...] |
|
||||
| active_support.rb:135:10:135:10 | b [element] : | active_support.rb:135:10:135:13 | ...[...] |
|
||||
| active_support.rb:135:10:135:10 | b [element] : | active_support.rb:135:10:135:13 | ...[...] |
|
||||
| flow.rb:2:7:2:16 | call to source : | flow.rb:3:34:3:34 | x : |
|
||||
| flow.rb:3:7:3:35 | call to new : | flow.rb:4:8:4:8 | y |
|
||||
| flow.rb:3:34:3:34 | x : | flow.rb:3:7:3:35 | call to new : |
|
||||
| flow.rb:9:7:9:16 | call to source : | flow.rb:10:21:10:21 | b : |
|
||||
| flow.rb:10:7:10:22 | call to safe_concat : | flow.rb:11:8:11:8 | y |
|
||||
| flow.rb:10:21:10:21 | b : | flow.rb:10:7:10:22 | call to safe_concat : |
|
||||
| flow.rb:16:7:16:16 | call to source : | flow.rb:17:17:17:17 | b : |
|
||||
| flow.rb:17:3:17:3 | [post] x : | flow.rb:18:8:18:8 | x |
|
||||
| flow.rb:17:17:17:17 | b : | flow.rb:17:3:17:3 | [post] x : |
|
||||
| flow.rb:22:7:22:16 | call to source : | flow.rb:24:34:24:34 | a : |
|
||||
| flow.rb:24:7:24:35 | call to new : | flow.rb:25:7:25:7 | x : |
|
||||
| flow.rb:24:34:24:34 | a : | flow.rb:24:7:24:35 | call to new : |
|
||||
| flow.rb:25:7:25:7 | x : | flow.rb:25:7:25:17 | call to concat : |
|
||||
| flow.rb:25:7:25:17 | call to concat : | flow.rb:26:8:26:8 | y |
|
||||
| flow.rb:30:7:30:16 | call to source : | flow.rb:32:34:32:34 | a : |
|
||||
| flow.rb:32:7:32:35 | call to new : | flow.rb:33:7:33:7 | x : |
|
||||
| flow.rb:32:34:32:34 | a : | flow.rb:32:7:32:35 | call to new : |
|
||||
| flow.rb:33:7:33:7 | x : | flow.rb:33:7:33:20 | call to insert : |
|
||||
| flow.rb:33:7:33:20 | call to insert : | flow.rb:34:8:34:8 | y |
|
||||
| flow.rb:38:7:38:16 | call to source : | flow.rb:40:34:40:34 | a : |
|
||||
| flow.rb:40:7:40:35 | call to new : | flow.rb:41:7:41:7 | x : |
|
||||
| flow.rb:40:34:40:34 | a : | flow.rb:40:7:40:35 | call to new : |
|
||||
| flow.rb:41:7:41:7 | x : | flow.rb:41:7:41:18 | call to prepend : |
|
||||
| flow.rb:41:7:41:18 | call to prepend : | flow.rb:42:8:42:8 | y |
|
||||
| flow.rb:46:7:46:16 | call to source : | flow.rb:48:34:48:34 | a : |
|
||||
| flow.rb:48:7:48:35 | call to new : | flow.rb:49:7:49:7 | x : |
|
||||
| flow.rb:48:34:48:34 | a : | flow.rb:48:7:48:35 | call to new : |
|
||||
| flow.rb:49:7:49:7 | x : | flow.rb:49:7:49:18 | call to prepend : |
|
||||
| flow.rb:49:7:49:18 | call to prepend : | flow.rb:50:8:50:8 | y |
|
||||
| flow.rb:54:7:54:16 | call to source : | flow.rb:55:34:55:34 | a : |
|
||||
| flow.rb:55:7:55:35 | call to new : | flow.rb:56:7:56:7 | x : |
|
||||
| flow.rb:55:34:55:34 | a : | flow.rb:55:7:55:35 | call to new : |
|
||||
| flow.rb:56:7:56:7 | x : | flow.rb:56:7:56:12 | call to to_s : |
|
||||
| flow.rb:56:7:56:12 | call to to_s : | flow.rb:57:8:57:8 | y |
|
||||
| flow.rb:61:7:61:16 | call to source : | flow.rb:62:34:62:34 | a : |
|
||||
| flow.rb:62:7:62:35 | call to new : | flow.rb:63:7:63:7 | x : |
|
||||
| flow.rb:62:34:62:34 | a : | flow.rb:62:7:62:35 | call to new : |
|
||||
| flow.rb:63:7:63:7 | x : | flow.rb:63:7:63:16 | call to to_param : |
|
||||
| flow.rb:63:7:63:16 | call to to_param : | flow.rb:64:8:64:8 | y |
|
||||
nodes
|
||||
| active_support.rb:9:9:9:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:10:10:10:10 | x : | semmle.label | x : |
|
||||
| active_support.rb:10:10:10:19 | call to camelize | semmle.label | call to camelize |
|
||||
| active_support.rb:14:9:14:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:15:10:15:10 | x : | semmle.label | x : |
|
||||
| active_support.rb:15:10:15:20 | call to camelcase | semmle.label | call to camelcase |
|
||||
| active_support.rb:19:9:19:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:20:10:20:10 | x : | semmle.label | x : |
|
||||
| active_support.rb:20:10:20:19 | call to classify | semmle.label | call to classify |
|
||||
| active_support.rb:24:9:24:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:25:10:25:10 | x : | semmle.label | x : |
|
||||
| active_support.rb:25:10:25:20 | call to dasherize | semmle.label | call to dasherize |
|
||||
| active_support.rb:29:9:29:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:30:10:30:10 | x : | semmle.label | x : |
|
||||
| active_support.rb:30:10:30:24 | call to deconstantize | semmle.label | call to deconstantize |
|
||||
| active_support.rb:34:9:34:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:35:10:35:10 | x : | semmle.label | x : |
|
||||
| active_support.rb:35:10:35:21 | call to demodulize | semmle.label | call to demodulize |
|
||||
| active_support.rb:39:9:39:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:40:10:40:10 | x : | semmle.label | x : |
|
||||
| active_support.rb:40:10:40:22 | call to foreign_key | semmle.label | call to foreign_key |
|
||||
| active_support.rb:44:9:44:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:45:10:45:10 | x : | semmle.label | x : |
|
||||
| active_support.rb:45:10:45:19 | call to humanize | semmle.label | call to humanize |
|
||||
| active_support.rb:49:9:49:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:50:10:50:10 | x : | semmle.label | x : |
|
||||
| active_support.rb:50:10:50:20 | call to indent | semmle.label | call to indent |
|
||||
| active_support.rb:54:9:54:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:55:10:55:10 | x : | semmle.label | x : |
|
||||
| active_support.rb:55:10:55:23 | call to parameterize | semmle.label | call to parameterize |
|
||||
| active_support.rb:59:9:59:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:60:10:60:10 | x : | semmle.label | x : |
|
||||
| active_support.rb:60:10:60:20 | call to pluralize | semmle.label | call to pluralize |
|
||||
| active_support.rb:64:9:64:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:65:10:65:10 | x : | semmle.label | x : |
|
||||
| active_support.rb:65:10:65:22 | call to singularize | semmle.label | call to singularize |
|
||||
| active_support.rb:69:9:69:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:70:10:70:10 | x : | semmle.label | x : |
|
||||
| active_support.rb:70:10:70:17 | call to squish | semmle.label | call to squish |
|
||||
| active_support.rb:74:9:74:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:75:10:75:10 | x : | semmle.label | x : |
|
||||
| active_support.rb:75:10:75:24 | call to strip_heredoc | semmle.label | call to strip_heredoc |
|
||||
| active_support.rb:79:9:79:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:80:10:80:10 | x : | semmle.label | x : |
|
||||
| active_support.rb:80:10:80:19 | call to tableize | semmle.label | call to tableize |
|
||||
| active_support.rb:84:9:84:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:85:10:85:10 | x : | semmle.label | x : |
|
||||
| active_support.rb:85:10:85:20 | call to titlecase | semmle.label | call to titlecase |
|
||||
| active_support.rb:89:9:89:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:90:10:90:10 | x : | semmle.label | x : |
|
||||
| active_support.rb:90:10:90:19 | call to titleize | semmle.label | call to titleize |
|
||||
| active_support.rb:94:9:94:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:95:10:95:10 | x : | semmle.label | x : |
|
||||
| active_support.rb:95:10:95:21 | call to underscore | semmle.label | call to underscore |
|
||||
| active_support.rb:99:9:99:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:100:10:100:10 | x : | semmle.label | x : |
|
||||
| active_support.rb:100:10:100:23 | call to upcase_first | semmle.label | call to upcase_first |
|
||||
| active_support.rb:104:10:104:17 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:104:10:104:17 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:105:9:105:9 | x [element 0] : | semmle.label | x [element 0] : |
|
||||
| active_support.rb:105:9:105:9 | x [element 0] : | semmle.label | x [element 0] : |
|
||||
| active_support.rb:105:9:105:23 | call to compact_blank [element] : | semmle.label | call to compact_blank [element] : |
|
||||
| active_support.rb:105:9:105:23 | call to compact_blank [element] : | semmle.label | call to compact_blank [element] : |
|
||||
| active_support.rb:106:10:106:10 | y [element] : | semmle.label | y [element] : |
|
||||
| active_support.rb:106:10:106:10 | y [element] : | semmle.label | y [element] : |
|
||||
| active_support.rb:106:10:106:13 | ...[...] | semmle.label | ...[...] |
|
||||
| active_support.rb:106:10:106:13 | ...[...] | semmle.label | ...[...] |
|
||||
| active_support.rb:110:10:110:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:110:10:110:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:111:9:111:9 | x [element 0] : | semmle.label | x [element 0] : |
|
||||
| active_support.rb:111:9:111:9 | x [element 0] : | semmle.label | x [element 0] : |
|
||||
| active_support.rb:111:9:111:21 | call to excluding [element] : | semmle.label | call to excluding [element] : |
|
||||
| active_support.rb:111:9:111:21 | call to excluding [element] : | semmle.label | call to excluding [element] : |
|
||||
| active_support.rb:112:10:112:10 | y [element] : | semmle.label | y [element] : |
|
||||
| active_support.rb:112:10:112:10 | y [element] : | semmle.label | y [element] : |
|
||||
| active_support.rb:112:10:112:13 | ...[...] | semmle.label | ...[...] |
|
||||
| active_support.rb:112:10:112:13 | ...[...] | semmle.label | ...[...] |
|
||||
| active_support.rb:116:10:116:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:116:10:116:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:117:9:117:9 | x [element 0] : | semmle.label | x [element 0] : |
|
||||
| active_support.rb:117:9:117:9 | x [element 0] : | semmle.label | x [element 0] : |
|
||||
| active_support.rb:117:9:117:19 | call to without [element] : | semmle.label | call to without [element] : |
|
||||
| active_support.rb:117:9:117:19 | call to without [element] : | semmle.label | call to without [element] : |
|
||||
| active_support.rb:118:10:118:10 | y [element] : | semmle.label | y [element] : |
|
||||
| active_support.rb:118:10:118:10 | y [element] : | semmle.label | y [element] : |
|
||||
| active_support.rb:118:10:118:13 | ...[...] | semmle.label | ...[...] |
|
||||
| active_support.rb:118:10:118:13 | ...[...] | semmle.label | ...[...] |
|
||||
| active_support.rb:122:10:122:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:122:10:122:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:123:9:123:9 | x [element 0] : | semmle.label | x [element 0] : |
|
||||
| active_support.rb:123:9:123:9 | x [element 0] : | semmle.label | x [element 0] : |
|
||||
| active_support.rb:123:9:123:37 | call to in_order_of [element] : | semmle.label | call to in_order_of [element] : |
|
||||
| active_support.rb:123:9:123:37 | call to in_order_of [element] : | semmle.label | call to in_order_of [element] : |
|
||||
| active_support.rb:124:10:124:10 | y [element] : | semmle.label | y [element] : |
|
||||
| active_support.rb:124:10:124:10 | y [element] : | semmle.label | y [element] : |
|
||||
| active_support.rb:124:10:124:13 | ...[...] | semmle.label | ...[...] |
|
||||
| active_support.rb:124:10:124:13 | ...[...] | semmle.label | ...[...] |
|
||||
| active_support.rb:128:10:128:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:128:10:128:18 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:129:9:129:9 | a [element 0] : | semmle.label | a [element 0] : |
|
||||
| active_support.rb:129:9:129:9 | a [element 0] : | semmle.label | a [element 0] : |
|
||||
| active_support.rb:129:9:129:41 | call to including [element 0] : | semmle.label | call to including [element 0] : |
|
||||
| active_support.rb:129:9:129:41 | call to including [element 0] : | semmle.label | call to including [element 0] : |
|
||||
| active_support.rb:129:9:129:41 | call to including [element] : | semmle.label | call to including [element] : |
|
||||
| active_support.rb:129:9:129:41 | call to including [element] : | semmle.label | call to including [element] : |
|
||||
| active_support.rb:129:21:129:29 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:129:21:129:29 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:129:32:129:40 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:129:32:129:40 | call to source : | semmle.label | call to source : |
|
||||
| active_support.rb:130:10:130:10 | a [element 0] : | semmle.label | a [element 0] : |
|
||||
| active_support.rb:130:10:130:10 | a [element 0] : | semmle.label | a [element 0] : |
|
||||
| active_support.rb:130:10:130:13 | ...[...] | semmle.label | ...[...] |
|
||||
| active_support.rb:130:10:130:13 | ...[...] | semmle.label | ...[...] |
|
||||
| active_support.rb:132:10:132:10 | b [element 0] : | semmle.label | b [element 0] : |
|
||||
| active_support.rb:132:10:132:10 | b [element 0] : | semmle.label | b [element 0] : |
|
||||
| active_support.rb:132:10:132:10 | b [element] : | semmle.label | b [element] : |
|
||||
| active_support.rb:132:10:132:10 | b [element] : | semmle.label | b [element] : |
|
||||
| active_support.rb:132:10:132:13 | ...[...] | semmle.label | ...[...] |
|
||||
| active_support.rb:132:10:132:13 | ...[...] | semmle.label | ...[...] |
|
||||
| active_support.rb:133:10:133:10 | b [element] : | semmle.label | b [element] : |
|
||||
| active_support.rb:133:10:133:10 | b [element] : | semmle.label | b [element] : |
|
||||
| active_support.rb:133:10:133:13 | ...[...] | semmle.label | ...[...] |
|
||||
| active_support.rb:133:10:133:13 | ...[...] | semmle.label | ...[...] |
|
||||
| active_support.rb:134:10:134:10 | b [element] : | semmle.label | b [element] : |
|
||||
| active_support.rb:134:10:134:10 | b [element] : | semmle.label | b [element] : |
|
||||
| active_support.rb:134:10:134:13 | ...[...] | semmle.label | ...[...] |
|
||||
| active_support.rb:134:10:134:13 | ...[...] | semmle.label | ...[...] |
|
||||
| active_support.rb:135:10:135:10 | b [element] : | semmle.label | b [element] : |
|
||||
| active_support.rb:135:10:135:10 | b [element] : | semmle.label | b [element] : |
|
||||
| active_support.rb:135:10:135:13 | ...[...] | semmle.label | ...[...] |
|
||||
| active_support.rb:135:10:135:13 | ...[...] | semmle.label | ...[...] |
|
||||
| flow.rb:2:7:2:16 | call to source : | semmle.label | call to source : |
|
||||
| flow.rb:3:7:3:35 | call to new : | semmle.label | call to new : |
|
||||
| flow.rb:3:34:3:34 | x : | semmle.label | x : |
|
||||
| flow.rb:4:8:4:8 | y | semmle.label | y |
|
||||
| flow.rb:9:7:9:16 | call to source : | semmle.label | call to source : |
|
||||
| flow.rb:10:7:10:22 | call to safe_concat : | semmle.label | call to safe_concat : |
|
||||
| flow.rb:10:21:10:21 | b : | semmle.label | b : |
|
||||
| flow.rb:11:8:11:8 | y | semmle.label | y |
|
||||
| flow.rb:16:7:16:16 | call to source : | semmle.label | call to source : |
|
||||
| flow.rb:17:3:17:3 | [post] x : | semmle.label | [post] x : |
|
||||
| flow.rb:17:17:17:17 | b : | semmle.label | b : |
|
||||
| flow.rb:18:8:18:8 | x | semmle.label | x |
|
||||
| flow.rb:22:7:22:16 | call to source : | semmle.label | call to source : |
|
||||
| flow.rb:24:7:24:35 | call to new : | semmle.label | call to new : |
|
||||
| flow.rb:24:34:24:34 | a : | semmle.label | a : |
|
||||
| flow.rb:25:7:25:7 | x : | semmle.label | x : |
|
||||
| flow.rb:25:7:25:17 | call to concat : | semmle.label | call to concat : |
|
||||
| flow.rb:26:8:26:8 | y | semmle.label | y |
|
||||
| flow.rb:30:7:30:16 | call to source : | semmle.label | call to source : |
|
||||
| flow.rb:32:7:32:35 | call to new : | semmle.label | call to new : |
|
||||
| flow.rb:32:34:32:34 | a : | semmle.label | a : |
|
||||
| flow.rb:33:7:33:7 | x : | semmle.label | x : |
|
||||
| flow.rb:33:7:33:20 | call to insert : | semmle.label | call to insert : |
|
||||
| flow.rb:34:8:34:8 | y | semmle.label | y |
|
||||
| flow.rb:38:7:38:16 | call to source : | semmle.label | call to source : |
|
||||
| flow.rb:40:7:40:35 | call to new : | semmle.label | call to new : |
|
||||
| flow.rb:40:34:40:34 | a : | semmle.label | a : |
|
||||
| flow.rb:41:7:41:7 | x : | semmle.label | x : |
|
||||
| flow.rb:41:7:41:18 | call to prepend : | semmle.label | call to prepend : |
|
||||
| flow.rb:42:8:42:8 | y | semmle.label | y |
|
||||
| flow.rb:46:7:46:16 | call to source : | semmle.label | call to source : |
|
||||
| flow.rb:48:7:48:35 | call to new : | semmle.label | call to new : |
|
||||
| flow.rb:48:34:48:34 | a : | semmle.label | a : |
|
||||
| flow.rb:49:7:49:7 | x : | semmle.label | x : |
|
||||
| flow.rb:49:7:49:18 | call to prepend : | semmle.label | call to prepend : |
|
||||
| flow.rb:50:8:50:8 | y | semmle.label | y |
|
||||
| flow.rb:54:7:54:16 | call to source : | semmle.label | call to source : |
|
||||
| flow.rb:55:7:55:35 | call to new : | semmle.label | call to new : |
|
||||
| flow.rb:55:34:55:34 | a : | semmle.label | a : |
|
||||
| flow.rb:56:7:56:7 | x : | semmle.label | x : |
|
||||
| flow.rb:56:7:56:12 | call to to_s : | semmle.label | call to to_s : |
|
||||
| flow.rb:57:8:57:8 | y | semmle.label | y |
|
||||
| flow.rb:61:7:61:16 | call to source : | semmle.label | call to source : |
|
||||
| flow.rb:62:7:62:35 | call to new : | semmle.label | call to new : |
|
||||
| flow.rb:62:34:62:34 | a : | semmle.label | a : |
|
||||
| flow.rb:63:7:63:7 | x : | semmle.label | x : |
|
||||
| flow.rb:63:7:63:16 | call to to_param : | semmle.label | call to to_param : |
|
||||
| flow.rb:64:8:64:8 | y | semmle.label | y |
|
||||
subpaths
|
||||
#select
|
||||
| active_support.rb:106:10:106:13 | ...[...] | active_support.rb:104:10:104:17 | call to source : | active_support.rb:106:10:106:13 | ...[...] | $@ | active_support.rb:104:10:104:17 | call to source : | call to source : |
|
||||
| active_support.rb:112:10:112:13 | ...[...] | active_support.rb:110:10:110:18 | call to source : | active_support.rb:112:10:112:13 | ...[...] | $@ | active_support.rb:110:10:110:18 | call to source : | call to source : |
|
||||
| active_support.rb:118:10:118:13 | ...[...] | active_support.rb:116:10:116:18 | call to source : | active_support.rb:118:10:118:13 | ...[...] | $@ | active_support.rb:116:10:116:18 | call to source : | call to source : |
|
||||
| active_support.rb:124:10:124:13 | ...[...] | active_support.rb:122:10:122:18 | call to source : | active_support.rb:124:10:124:13 | ...[...] | $@ | active_support.rb:122:10:122:18 | call to source : | call to source : |
|
||||
| active_support.rb:130:10:130:13 | ...[...] | active_support.rb:128:10:128:18 | call to source : | active_support.rb:130:10:130:13 | ...[...] | $@ | active_support.rb:128:10:128:18 | call to source : | call to source : |
|
||||
| active_support.rb:132:10:132:13 | ...[...] | active_support.rb:128:10:128:18 | call to source : | active_support.rb:132:10:132:13 | ...[...] | $@ | active_support.rb:128:10:128:18 | call to source : | call to source : |
|
||||
| active_support.rb:132:10:132:13 | ...[...] | active_support.rb:129:21:129:29 | call to source : | active_support.rb:132:10:132:13 | ...[...] | $@ | active_support.rb:129:21:129:29 | call to source : | call to source : |
|
||||
| active_support.rb:132:10:132:13 | ...[...] | active_support.rb:129:32:129:40 | call to source : | active_support.rb:132:10:132:13 | ...[...] | $@ | active_support.rb:129:32:129:40 | call to source : | call to source : |
|
||||
| active_support.rb:133:10:133:13 | ...[...] | active_support.rb:129:21:129:29 | call to source : | active_support.rb:133:10:133:13 | ...[...] | $@ | active_support.rb:129:21:129:29 | call to source : | call to source : |
|
||||
| active_support.rb:133:10:133:13 | ...[...] | active_support.rb:129:32:129:40 | call to source : | active_support.rb:133:10:133:13 | ...[...] | $@ | active_support.rb:129:32:129:40 | call to source : | call to source : |
|
||||
| active_support.rb:134:10:134:13 | ...[...] | active_support.rb:129:21:129:29 | call to source : | active_support.rb:134:10:134:13 | ...[...] | $@ | active_support.rb:129:21:129:29 | call to source : | call to source : |
|
||||
| active_support.rb:134:10:134:13 | ...[...] | active_support.rb:129:32:129:40 | call to source : | active_support.rb:134:10:134:13 | ...[...] | $@ | active_support.rb:129:32:129:40 | call to source : | call to source : |
|
||||
| active_support.rb:135:10:135:13 | ...[...] | active_support.rb:129:21:129:29 | call to source : | active_support.rb:135:10:135:13 | ...[...] | $@ | active_support.rb:129:21:129:29 | call to source : | call to source : |
|
||||
| active_support.rb:135:10:135:13 | ...[...] | active_support.rb:129:32:129:40 | call to source : | active_support.rb:135:10:135:13 | ...[...] | $@ | active_support.rb:129:32:129:40 | call to source : | call to source : |
|
||||
@@ -0,0 +1,11 @@
|
||||
/**
|
||||
* @kind path-problem
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import TestUtilities.InlineFlowTest
|
||||
import PathGraph
|
||||
|
||||
from DataFlow::PathNode source, DataFlow::PathNode sink, DefaultValueFlowConf conf
|
||||
where conf.hasFlowPath(source, sink)
|
||||
select sink, source, sink, "$@", source, source.toString()
|
||||
65
ruby/ql/test/library-tests/frameworks/active_support/flow.rb
Normal file
65
ruby/ql/test/library-tests/frameworks/active_support/flow.rb
Normal file
@@ -0,0 +1,65 @@
|
||||
def m1
|
||||
x = source "a"
|
||||
y = ActionView::SafeBuffer.new(x)
|
||||
sink y # $hasTaintFlow=a
|
||||
end
|
||||
|
||||
def m2
|
||||
x = ActionView::SafeBuffer.new("a")
|
||||
b = source "b"
|
||||
y = x.safe_concat(b)
|
||||
sink y # $hasTaintFlow=b
|
||||
end
|
||||
|
||||
def m3
|
||||
x = ActionView::SafeBuffer.new("a")
|
||||
b = source "b"
|
||||
x.safe_concat(b)
|
||||
sink x # $hasTaintFlow=b
|
||||
end
|
||||
|
||||
def m4
|
||||
a = source "a"
|
||||
b = source "b"
|
||||
x = ActionView::SafeBuffer.new(a)
|
||||
y = x.concat(b)
|
||||
sink y # $hasTaintFlow=a
|
||||
end
|
||||
|
||||
def m5
|
||||
a = source "a"
|
||||
b = source "b"
|
||||
x = ActionView::SafeBuffer.new(a)
|
||||
y = x.insert(i, b)
|
||||
sink y # $hasTaintFlow=a
|
||||
end
|
||||
|
||||
def m6
|
||||
a = source "a"
|
||||
b = source "b"
|
||||
x = ActionView::SafeBuffer.new(a)
|
||||
y = x.prepend(b)
|
||||
sink y # $hasTaintFlow=a
|
||||
end
|
||||
|
||||
def m7
|
||||
a = source "a"
|
||||
b = source "b"
|
||||
x = ActionView::SafeBuffer.new(a)
|
||||
y = x.prepend(b)
|
||||
sink y # $hasTaintFlow=a
|
||||
end
|
||||
|
||||
def m7
|
||||
a = source "a"
|
||||
x = ActionView::SafeBuffer.new(a)
|
||||
y = x.to_s
|
||||
sink y # $hasTaintFlow=a
|
||||
end
|
||||
|
||||
def m8
|
||||
a = source "a"
|
||||
x = ActionView::SafeBuffer.new(a)
|
||||
y = x.to_param
|
||||
sink y # $hasTaintFlow=a
|
||||
end
|
||||
Reference in New Issue
Block a user