hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: Reimplement flow through captured variables using field flow

Browse Source
This commit is contained in:
Tom Hvitved
2023-08-10 20:16:50 +02:00
parent 5d1c399371
commit 48e2dcfa35
24 changed files with 815 additions and 441 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ruby/ql/test/query-tests/experimental/TemplateInjection/TemplateInjection.expected
View File

@@ -7,15 +7,15 @@ edges
| ErbInjection.rb:8:5:8:12 | bad_text | ErbInjection.rb:19:20:19:27 | bad_text |
| ErbInjection.rb:8:16:11:14 | ... % ... | ErbInjection.rb:8:5:8:12 | bad_text |
| ErbInjection.rb:11:11:11:14 | name | ErbInjection.rb:8:16:11:14 | ... % ... |
| SlimInjection.rb:5:5:5:8 | name | SlimInjection.rb:8:5:8:12 | bad_text |
| SlimInjection.rb:5:5:5:8 | name | SlimInjection.rb:11:11:11:14 | name |
| SlimInjection.rb:5:5:5:8 | name | SlimInjection.rb:17:5:17:13 | bad2_text |
| SlimInjection.rb:5:5:5:8 | name | SlimInjection.rb:14:23:14:34 | { ... } [captured bad_text] |
| SlimInjection.rb:5:5:5:8 | name | SlimInjection.rb:23:23:23:35 | { ... } [captured bad2_text] |
| SlimInjection.rb:5:12:5:17 | call to params | SlimInjection.rb:5:12:5:24 | ...[...] |
| SlimInjection.rb:5:12:5:24 | ...[...] | SlimInjection.rb:5:5:5:8 | name |
| SlimInjection.rb:8:5:8:12 | bad_text | SlimInjection.rb:14:25:14:32 | bad_text |
| SlimInjection.rb:8:16:11:14 | ... % ... | SlimInjection.rb:8:5:8:12 | bad_text |
| SlimInjection.rb:8:16:11:14 | ... % ... | SlimInjection.rb:14:23:14:34 | { ... } [captured bad_text] |
| SlimInjection.rb:11:11:11:14 | name | SlimInjection.rb:8:16:11:14 | ... % ... |
| SlimInjection.rb:17:5:17:13 | bad2_text | SlimInjection.rb:23:25:23:33 | bad2_text |
| SlimInjection.rb:14:23:14:34 | { ... } [captured bad_text] | SlimInjection.rb:14:25:14:32 | bad_text |
| SlimInjection.rb:23:23:23:35 | { ... } [captured bad2_text] | SlimInjection.rb:23:25:23:33 | bad2_text |
nodes
| ErbInjection.rb:5:5:5:8 | name | semmle.label | name |
| ErbInjection.rb:5:12:5:17 | call to params | semmle.label | call to params |
@@ -28,11 +28,11 @@ nodes
| SlimInjection.rb:5:5:5:8 | name | semmle.label | name |
| SlimInjection.rb:5:12:5:17 | call to params | semmle.label | call to params |
| SlimInjection.rb:5:12:5:24 | ...[...] | semmle.label | ...[...] |
| SlimInjection.rb:8:5:8:12 | bad_text | semmle.label | bad_text |
| SlimInjection.rb:8:16:11:14 | ... % ... | semmle.label | ... % ... |
| SlimInjection.rb:11:11:11:14 | name | semmle.label | name |
| SlimInjection.rb:14:23:14:34 | { ... } [captured bad_text] | semmle.label | { ... } [captured bad_text] |
| SlimInjection.rb:14:25:14:32 | bad_text | semmle.label | bad_text |
| SlimInjection.rb:17:5:17:13 | bad2_text | semmle.label | bad2_text |
| SlimInjection.rb:23:23:23:35 | { ... } [captured bad2_text] | semmle.label | { ... } [captured bad2_text] |
| SlimInjection.rb:23:25:23:33 | bad2_text | semmle.label | bad2_text |
subpaths
#select

6
ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected
View File

@@ -5,7 +5,9 @@ edges
| ArchiveApiPathTraversal.rb:10:11:10:23 | ...[...] | ArchiveApiPathTraversal.rb:67:13:67:16 | file |
| ArchiveApiPathTraversal.rb:15:9:15:14 | call to params | ArchiveApiPathTraversal.rb:15:9:15:25 | ...[...] |
| ArchiveApiPathTraversal.rb:15:9:15:25 | ...[...] | ArchiveApiPathTraversal.rb:75:11:75:18 | filename |
| ArchiveApiPathTraversal.rb:49:17:49:27 | destination | ArchiveApiPathTraversal.rb:52:38:52:48 | destination |
| ArchiveApiPathTraversal.rb:49:17:49:27 | destination | ArchiveApiPathTraversal.rb:50:36:64:7 | do ... end [captured destination] |
| ArchiveApiPathTraversal.rb:50:36:64:7 | do ... end [captured destination] | ArchiveApiPathTraversal.rb:51:16:63:9 | do ... end [captured destination] |
| ArchiveApiPathTraversal.rb:51:16:63:9 | do ... end [captured destination] | ArchiveApiPathTraversal.rb:52:38:52:48 | destination |
| ArchiveApiPathTraversal.rb:52:9:52:24 | destination_file | ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file |
| ArchiveApiPathTraversal.rb:52:28:52:67 | call to join | ArchiveApiPathTraversal.rb:52:9:52:24 | destination_file |
| ArchiveApiPathTraversal.rb:52:38:52:48 | destination | ArchiveApiPathTraversal.rb:52:28:52:67 | call to join |
@@ -72,6 +74,8 @@ nodes
| ArchiveApiPathTraversal.rb:15:9:15:14 | call to params | semmle.label | call to params |
| ArchiveApiPathTraversal.rb:15:9:15:25 | ...[...] | semmle.label | ...[...] |
| ArchiveApiPathTraversal.rb:49:17:49:27 | destination | semmle.label | destination |
| ArchiveApiPathTraversal.rb:50:36:64:7 | do ... end [captured destination] | semmle.label | do ... end [captured destination] |
| ArchiveApiPathTraversal.rb:51:16:63:9 | do ... end [captured destination] | semmle.label | do ... end [captured destination] |
| ArchiveApiPathTraversal.rb:52:9:52:24 | destination_file | semmle.label | destination_file |
| ArchiveApiPathTraversal.rb:52:28:52:67 | call to join | semmle.label | call to join |
| ArchiveApiPathTraversal.rb:52:38:52:48 | destination | semmle.label | destination |

20
ruby/ql/test/query-tests/security/cwe-117/LogInjection.expected
View File

@@ -4,14 +4,16 @@ edges
| app/controllers/users_controller.rb:15:5:15:15 | unsanitized | app/controllers/users_controller.rb:23:20:23:30 | unsanitized |
| app/controllers/users_controller.rb:15:19:15:24 | call to params | app/controllers/users_controller.rb:15:19:15:30 | ...[...] |
| app/controllers/users_controller.rb:15:19:15:30 | ...[...] | app/controllers/users_controller.rb:15:5:15:15 | unsanitized |
| app/controllers/users_controller.rb:23:5:23:16 | unsanitized2 | app/controllers/users_controller.rb:25:7:25:18 | unsanitized2 |
| app/controllers/users_controller.rb:23:5:23:16 | unsanitized2 | app/controllers/users_controller.rb:27:16:27:39 | ... + ... |
| app/controllers/users_controller.rb:23:20:23:30 | unsanitized | app/controllers/users_controller.rb:23:20:23:44 | call to sub |
| app/controllers/users_controller.rb:23:20:23:44 | call to sub | app/controllers/users_controller.rb:23:5:23:16 | unsanitized2 |
| app/controllers/users_controller.rb:33:5:33:15 | unsanitized | app/controllers/users_controller.rb:34:33:34:43 | unsanitized |
| app/controllers/users_controller.rb:33:5:33:15 | unsanitized | app/controllers/users_controller.rb:35:33:35:55 | ... + ... |
| app/controllers/users_controller.rb:23:20:23:44 | call to sub | app/controllers/users_controller.rb:24:18:26:7 | do ... end [captured unsanitized2] |
| app/controllers/users_controller.rb:23:20:23:44 | call to sub | app/controllers/users_controller.rb:27:16:27:39 | ... + ... |
| app/controllers/users_controller.rb:24:18:26:7 | do ... end [captured unsanitized2] | app/controllers/users_controller.rb:25:7:25:18 | unsanitized2 |
| app/controllers/users_controller.rb:33:19:33:25 | call to cookies | app/controllers/users_controller.rb:33:19:33:31 | ...[...] |
| app/controllers/users_controller.rb:33:19:33:31 | ...[...] | app/controllers/users_controller.rb:33:5:33:15 | unsanitized |
| app/controllers/users_controller.rb:33:19:33:31 | ...[...] | app/controllers/users_controller.rb:34:31:34:45 | { ... } [captured unsanitized] |
| app/controllers/users_controller.rb:33:19:33:31 | ...[...] | app/controllers/users_controller.rb:35:31:35:57 | { ... } [captured unsanitized] |
| app/controllers/users_controller.rb:34:31:34:45 | { ... } [captured unsanitized] | app/controllers/users_controller.rb:34:33:34:43 | unsanitized |
| app/controllers/users_controller.rb:35:31:35:57 | { ... } [captured unsanitized] | app/controllers/users_controller.rb:35:45:35:55 | unsanitized |
| app/controllers/users_controller.rb:35:45:35:55 | unsanitized | app/controllers/users_controller.rb:35:33:35:55 | ... + ... |
| app/controllers/users_controller.rb:49:19:49:24 | call to params | app/controllers/users_controller.rb:49:19:49:30 | ...[...] |
nodes
| app/controllers/users_controller.rb:15:5:15:15 | unsanitized | semmle.label | unsanitized |
@@ -19,16 +21,18 @@ nodes
| app/controllers/users_controller.rb:15:19:15:30 | ...[...] | semmle.label | ...[...] |
| app/controllers/users_controller.rb:16:19:16:29 | unsanitized | semmle.label | unsanitized |
| app/controllers/users_controller.rb:17:19:17:41 | ... + ... | semmle.label | ... + ... |
| app/controllers/users_controller.rb:23:5:23:16 | unsanitized2 | semmle.label | unsanitized2 |
| app/controllers/users_controller.rb:23:20:23:30 | unsanitized | semmle.label | unsanitized |
| app/controllers/users_controller.rb:23:20:23:44 | call to sub | semmle.label | call to sub |
| app/controllers/users_controller.rb:24:18:26:7 | do ... end [captured unsanitized2] | semmle.label | do ... end [captured unsanitized2] |
| app/controllers/users_controller.rb:25:7:25:18 | unsanitized2 | semmle.label | unsanitized2 |
| app/controllers/users_controller.rb:27:16:27:39 | ... + ... | semmle.label | ... + ... |
| app/controllers/users_controller.rb:33:5:33:15 | unsanitized | semmle.label | unsanitized |
| app/controllers/users_controller.rb:33:19:33:25 | call to cookies | semmle.label | call to cookies |
| app/controllers/users_controller.rb:33:19:33:31 | ...[...] | semmle.label | ...[...] |
| app/controllers/users_controller.rb:34:31:34:45 | { ... } [captured unsanitized] | semmle.label | { ... } [captured unsanitized] |
| app/controllers/users_controller.rb:34:33:34:43 | unsanitized | semmle.label | unsanitized |
| app/controllers/users_controller.rb:35:31:35:57 | { ... } [captured unsanitized] | semmle.label | { ... } [captured unsanitized] |
| app/controllers/users_controller.rb:35:33:35:55 | ... + ... | semmle.label | ... + ... |
| app/controllers/users_controller.rb:35:45:35:55 | unsanitized | semmle.label | unsanitized |
| app/controllers/users_controller.rb:49:19:49:24 | call to params | semmle.label | call to params |
| app/controllers/users_controller.rb:49:19:49:30 | ...[...] | semmle.label | ...[...] |
subpaths