hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10888 from erik-krogh/glob

Browse Source 
Ruby: add model for Dir.glob and other Dir methods
This commit is contained in:
Erik Krogh Kristensen
2022-10-24 14:17:37 +02:00
committed by GitHub
parent bcfe4ece6f 07d90b34df
commit 5ff98cd80e
3 changed files with 54 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected
View File

@@ -39,6 +39,10 @@ edges
| tainted_path.rb:71:12:71:53 | call to new : | tainted_path.rb:72:15:72:18 | path |
| tainted_path.rb:71:40:71:45 | call to params : | tainted_path.rb:71:40:71:52 | ...[...] : |
| tainted_path.rb:71:40:71:52 | ...[...] : | tainted_path.rb:71:12:71:53 | call to new : |
| tainted_path.rb:77:12:77:53 | call to new : | tainted_path.rb:78:19:78:22 | path |
| tainted_path.rb:77:12:77:53 | call to new : | tainted_path.rb:79:14:79:17 | path |
| tainted_path.rb:77:40:77:45 | call to params : | tainted_path.rb:77:40:77:52 | ...[...] : |
| tainted_path.rb:77:40:77:52 | ...[...] : | tainted_path.rb:77:12:77:53 | call to new : |
nodes
| ArchiveApiPathTraversal.rb:5:26:5:31 | call to params : | semmle.label | call to params : |
| ArchiveApiPathTraversal.rb:5:26:5:42 | ...[...] : | semmle.label | ...[...] : |
@@ -93,6 +97,11 @@ nodes
| tainted_path.rb:71:40:71:45 | call to params : | semmle.label | call to params : |
| tainted_path.rb:71:40:71:52 | ...[...] : | semmle.label | ...[...] : |
| tainted_path.rb:72:15:72:18 | path | semmle.label | path |
| tainted_path.rb:77:12:77:53 | call to new : | semmle.label | call to new : |
| tainted_path.rb:77:40:77:45 | call to params : | semmle.label | call to params : |
| tainted_path.rb:77:40:77:52 | ...[...] : | semmle.label | ...[...] : |
| tainted_path.rb:78:19:78:22 | path | semmle.label | path |
| tainted_path.rb:79:14:79:17 | path | semmle.label | path |
subpaths
#select
| ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file | ArchiveApiPathTraversal.rb:5:26:5:31 | call to params : | ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file | This path depends on a $@. | ArchiveApiPathTraversal.rb:5:26:5:31 | call to params | user-provided value |
@@ -108,3 +117,5 @@ subpaths
| tainted_path.rb:48:26:48:29 | path | tainted_path.rb:47:43:47:48 | call to params : | tainted_path.rb:48:26:48:29 | path | This path depends on a $@. | tainted_path.rb:47:43:47:48 | call to params | user-provided value |
| tainted_path.rb:60:26:60:29 | path | tainted_path.rb:59:40:59:45 | call to params : | tainted_path.rb:60:26:60:29 | path | This path depends on a $@. | tainted_path.rb:59:40:59:45 | call to params | user-provided value |
| tainted_path.rb:72:15:72:18 | path | tainted_path.rb:71:40:71:45 | call to params : | tainted_path.rb:72:15:72:18 | path | This path depends on a $@. | tainted_path.rb:71:40:71:45 | call to params | user-provided value |
| tainted_path.rb:78:19:78:22 | path | tainted_path.rb:77:40:77:45 | call to params : | tainted_path.rb:78:19:78:22 | path | This path depends on a $@. | tainted_path.rb:77:40:77:45 | call to params | user-provided value |
| tainted_path.rb:79:14:79:17 | path | tainted_path.rb:77:40:77:45 | call to params : | tainted_path.rb:79:14:79:17 | path | This path depends on a $@. | tainted_path.rb:77:40:77:45 | call to params | user-provided value |

7
ruby/ql/test/query-tests/security/cwe-022/tainted_path.rb
View File

@@ -71,4 +71,11 @@ class FooController < ActionController::Base
path = ActiveStorage::Filename.new(params[:path])
send_file path
end
# BAD
def route12
path = ActiveStorage::Filename.new(params[:path])
bla (Dir.glob path)
bla (Dir[path])
end
end