diff --git a/ruby/ql/lib/codeql/ruby/security/InsecureDownloadCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/InsecureDownloadCustomizations.qll index 59fb2391c7e..336464623b7 100644 --- a/ruby/ql/lib/codeql/ruby/security/InsecureDownloadCustomizations.qll +++ b/ruby/ql/lib/codeql/ruby/security/InsecureDownloadCustomizations.qll @@ -163,7 +163,7 @@ module InsecureDownload { // // ```rb // f = File.open("foo.exe") - // f.write(Excon.get(...).body) # $BAD= + // f.write(Excon.get(...).body) # $ BAD= // ``` // // `f` is the `FileSystemAccess` and the call `f.write` is the `IO::FileWriter`. diff --git a/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb b/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb index 099c2cfa051..8da39bcf3c8 100644 --- a/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb +++ b/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb @@ -4,7 +4,7 @@ class UnicodeNormalizationHtMLSafeController < ActionController::Base def unicodeNormalize unicode_input = params[:unicode_input] unicode_html_safe = ERB::Util.html_escape(unicode_input) - normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkc) # $result=BAD - normalized_nfc = unicode_html_safe.unicode_normalize(:nfc) # $result=BAD + normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkc) # $ result=BAD + normalized_nfc = unicode_html_safe.unicode_normalize(:nfc) # $ result=BAD end end diff --git a/ruby/ql/test/library-tests/dataflow/flow-summaries/semantics.rb b/ruby/ql/test/library-tests/dataflow/flow-summaries/semantics.rb index 710c949e49e..c0961829858 100644 --- a/ruby/ql/test/library-tests/dataflow/flow-summaries/semantics.rb +++ b/ruby/ql/test/library-tests/dataflow/flow-summaries/semantics.rb @@ -45,8 +45,8 @@ end def m8 sink(s8 { source "a" }) # $ hasValueFlow=a sink(s8 do - source "a" - end) # $hasValueFlow=a + source "a" + end) # $ hasValueFlow=a end def m9 @@ -259,7 +259,7 @@ def m31(h, i) h[:bar] = source("b") h[1] = source("c") h[i] = source("d") - + sink s31(h) # $ hasValueFlow=a hasValueFlow=d end @@ -269,7 +269,7 @@ def m32(h, i) h[:bar] = source("c") h[1] = source("d") h[i] = source("e") - + sink s32(h) # $ hasValueFlow=b $ hasValueFlow=e $ SPURIOUS: hasValueFlow=a end @@ -282,7 +282,7 @@ def m33(h, i) h[nil] = source("f") h[true] = source("g") h[false] = source("h") - + sink s33(h) # $ hasValueFlow=e hasValueFlow=f hasValueFlow=g hasValueFlow=h end @@ -312,7 +312,7 @@ end def m38(h, i) h["foo"] = source("a") h[i] = source("b") - + sink s38(h) # $ hasValueFlow=a end @@ -364,7 +364,7 @@ def m44(i, h) h[i] = source("c") s44(h) - + sink h[0] sink h[1] # $ hasValueFlow=b sink h[i] # $ hasValueFlow=b @@ -380,7 +380,7 @@ def m45(i, h) sink h[i] # $ hasValueFlow=a hasValueFlow=b hasValueFlow=c s45(h) - + sink h[0] # $ hasValueFlow=c sink h[1] # $ hasValueFlow=b hasValueFlow=c sink h[i] # $ hasValueFlow=b hasValueFlow=c @@ -396,7 +396,7 @@ def m46(i, h) sink h[i] # $ hasValueFlow=a hasValueFlow=b hasValueFlow=c x = s46(h) - + sink x[0] sink x[1] # $ hasValueFlow=b sink x[i] # $ hasValueFlow=b @@ -406,12 +406,12 @@ def m47(i, h) h[:foo] = source("a") h[:bar] = source("b") h[i] = source("c") - + sink h[:foo] # $ hasValueFlow=a hasValueFlow=c sink h[:bar] # $ hasValueFlow=b hasValueFlow=c - + x = s47(h) - + sink x[:foo] sink x[:bar] # $ hasValueFlow=b end @@ -420,12 +420,12 @@ def m48(i, h) h[:foo] = source("a") h[:bar] = source("b") h[i] = source("c") - + sink h[:foo] # $ hasValueFlow=a hasValueFlow=c sink h[:bar] # $ hasValueFlow=b hasValueFlow=c - + x = s48(h) - + sink x[:foo] sink x[:bar] # $ hasValueFlow=b end @@ -434,12 +434,12 @@ def m49(i, h) h[:foo] = source("a") h[:bar] = source("b") h[i] = source("c") - + sink h[:foo] # $ hasValueFlow=a hasValueFlow=c sink h[:bar] # $ hasValueFlow=b hasValueFlow=c - + x = s49(h) - + sink x[:foo] # $ hasValueFlow=c sink x[:bar] # $ hasValueFlow=b hasValueFlow=c end @@ -448,12 +448,12 @@ def m50(i, h) h[:foo] = source("a") h[:bar] = source("b") h[i] = source("c") - + sink h[:foo] # $ hasValueFlow=a hasValueFlow=c sink h[:bar] # $ hasValueFlow=b hasValueFlow=c - + s50(h) - + sink h[:foo] sink h[:bar] # $ hasValueFlow=b end @@ -462,12 +462,12 @@ def m51(i, h) h[:foo] = source("a") h[:bar] = source("b") h[i] = source("c") - + sink h[:foo] # $ hasValueFlow=a hasValueFlow=c sink h[:bar] # $ hasValueFlow=b hasValueFlow=c - + s51(h) - + sink h[:foo] # $ hasValueFlow=c sink h[:bar] # $ hasValueFlow=b hasValueFlow=c end @@ -476,12 +476,12 @@ def m52(i, h) h[:foo] = source("a") h[:bar] = source("b") h[i] = source("c") - + sink h[:foo] # $ hasValueFlow=a hasValueFlow=c sink h[:bar] # $ hasValueFlow=b hasValueFlow=c - + h.s52 - + sink h[:foo] sink h[:bar] # $ hasValueFlow=b end @@ -490,12 +490,12 @@ def m53(i, h) h[:foo] = source("a") h[:bar] = source("b") h[i] = source("c") - + sink h[:foo] # $ hasValueFlow=a hasValueFlow=c sink h[:bar] # $ hasValueFlow=b hasValueFlow=c - + x = h.s53() - + sink x[:foo] sink x[:bar] # $ hasValueFlow=b diff --git a/ruby/ql/test/library-tests/frameworks/action_controller/params_flow.rb b/ruby/ql/test/library-tests/frameworks/action_controller/params_flow.rb index ece3b551556..5e40860ffc9 100644 --- a/ruby/ql/test/library-tests/frameworks/action_controller/params_flow.rb +++ b/ruby/ql/test/library-tests/frameworks/action_controller/params_flow.rb @@ -1,10 +1,10 @@ class MyController < ActionController::Base def m1 - sink params[:a] # $hasTaintFlow + sink params[:a] # $ hasTaintFlow end def m2 - sink params.as_json # $hasTaintFlow + sink params.as_json # $ hasTaintFlow end def m2 @@ -12,186 +12,186 @@ class MyController < ActionController::Base end def m3 - sink params.permit(:some_key) # $hasTaintFlow + sink params.permit(:some_key) # $ hasTaintFlow end def m4 - sink params.require(:some_key) # $hasTaintFlow + sink params.require(:some_key) # $ hasTaintFlow end def m5 - sink params.required(:some_key) # $hasTaintFlow + sink params.required(:some_key) # $ hasTaintFlow end def m6 - sink params.deep_dup # $hasTaintFlow + sink params.deep_dup # $ hasTaintFlow end def m7 - sink params.deep_transform_keys(&:upcase) # $hasTaintFlow + sink params.deep_transform_keys(&:upcase) # $ hasTaintFlow end def m8 - sink params.deep_transform_keys!(&:upcase) # $hasTaintFlow + sink params.deep_transform_keys!(&:upcase) # $ hasTaintFlow end def m9 - sink params.delete_if { |v| v.match? regex } # $hasTaintFlow + sink params.delete_if { |v| v.match? regex } # $ hasTaintFlow end def m10 - sink params.extract!(:a, :b) # $hasTaintFlow + sink params.extract!(:a, :b) # $ hasTaintFlow end def m11 - sink params.keep_if { |v| v.match? regex } # $hasTaintFlow + sink params.keep_if { |v| v.match? regex } # $ hasTaintFlow end def m12 - sink params.select { |v| v.match? regex } # $hasTaintFlow + sink params.select { |v| v.match? regex } # $ hasTaintFlow end def m13 - sink params.select! { |v| v.match? regex } # $hasTaintFlow + sink params.select! { |v| v.match? regex } # $ hasTaintFlow end def m14 - sink params.reject { |v| v.match? regex } # $hasTaintFlow + sink params.reject { |v| v.match? regex } # $ hasTaintFlow end def m15 - sink params.reject! { |v| v.match? regex } # $hasTaintFlow + sink params.reject! { |v| v.match? regex } # $ hasTaintFlow end def m16 - sink params.to_h # $hasTaintFlow + sink params.to_h # $ hasTaintFlow end def m17 - sink params.to_hash # $hasTaintFlow + sink params.to_hash # $ hasTaintFlow end def m18 - sink params.to_query # $hasTaintFlow + sink params.to_query # $ hasTaintFlow end def m19 - sink params.to_param # $hasTaintFlow + sink params.to_param # $ hasTaintFlow end def m20 - sink params.to_unsafe_h # $hasTaintFlow + sink params.to_unsafe_h # $ hasTaintFlow end def m21 - sink params.to_unsafe_hash # $hasTaintFlow + sink params.to_unsafe_hash # $ hasTaintFlow end def m22 - sink params.transform_keys(&:upcase) # $hasTaintFlow + sink params.transform_keys(&:upcase) # $ hasTaintFlow end def m23 - sink params.transform_keys!(&:upcase) # $hasTaintFlow + sink params.transform_keys!(&:upcase) # $ hasTaintFlow end def m24 - sink params.transform_values(&:upcase) # $hasTaintFlow + sink params.transform_values(&:upcase) # $ hasTaintFlow end def m25 - sink params.transform_values!(&:upcase) # $hasTaintFlow + sink params.transform_values!(&:upcase) # $ hasTaintFlow end def m26 - sink params.values_at(:a, :b) # $hasTaintFlow + sink params.values_at(:a, :b) # $ hasTaintFlow end def m27 - sink params.merge({a: 1}) # $hasTaintFlow - sink {a: 1}.merge(params) # $hasTaintFlow + sink params.merge({a: 1}) # $ hasTaintFlow + sink {a: 1}.merge(params) # $ hasTaintFlow end def m28 - sink params.reverse_merge({a: 1}) # $hasTaintFlow - sink {a: 1}.reverse_merge(params) # $hasTaintFlow + sink params.reverse_merge({a: 1}) # $ hasTaintFlow + sink {a: 1}.reverse_merge(params) # $ hasTaintFlow end def m29 - sink params.with_defaults({a: 1, b: 2}) # $hasTaintFlow - sink {a: 1}.with_defaults(params) # $hasTaintFlow + sink params.with_defaults({a: 1, b: 2}) # $ hasTaintFlow + sink {a: 1}.with_defaults(params) # $ hasTaintFlow end def m30 - sink params.merge!({a: 1}) # $hasTaintFlow - sink {a: 1}.merge!(params) # $hasTaintFlow + sink params.merge!({a: 1}) # $ hasTaintFlow + sink {a: 1}.merge!(params) # $ hasTaintFlow p = {a: 1} p.merge!(params) - sink p # $hasTaintFlow + sink p # $ hasTaintFlow end def m31 - sink params.reverse_merge!({a: 1}) # $hasTaintFlow - sink {a: 1}.reverse_merge!(params) # $hasTaintFlow + sink params.reverse_merge!({a: 1}) # $ hasTaintFlow + sink {a: 1}.reverse_merge!(params) # $ hasTaintFlow p = {a: 1} p.reverse_merge!(params) - sink p # $hasTaintFlow + sink p # $ hasTaintFlow end def m32 - sink params.with_defaults!({a: 1, b: 2}) # $hasTaintFlow - sink {a: 1}.with_defaults!(params) # $hasTaintFlow + sink params.with_defaults!({a: 1, b: 2}) # $ hasTaintFlow + sink {a: 1}.with_defaults!(params) # $ hasTaintFlow p = {a: 1} p.with_defaults!(params) - sink p # $hasTaintFlow + sink p # $ hasTaintFlow end def m33 - sink params.reverse_update({a: 1, b: 2}) # $hasTaintFlow - sink {a: 1}.reverse_update(params) # $hasTaintFlow + sink params.reverse_update({a: 1, b: 2}) # $ hasTaintFlow + sink {a: 1}.reverse_update(params) # $ hasTaintFlow p = {a: 1} p.reverse_update(params) - sink p # $hasTaintFlow + sink p # $ hasTaintFlow end - + include Mixin end module Mixin def m34 - sink params[:x] # $hasTaintFlow + sink params[:x] # $ hasTaintFlow end end class Subclass < MyController def m35 - sink params[:x] # $hasTaintFlow + sink params[:x] # $ hasTaintFlow end rescue_from 'Foo::Bar' do |err| - sink params[:x] # $hasTaintFlow + sink params[:x] # $ hasTaintFlow end end class UploadedFileTests < MyController def m36 - sink params[:file].original_filename # $hasTaintFlow + sink params[:file].original_filename # $ hasTaintFlow end def m37 - sink params.require(:file).content_type # $hasTaintFlow + sink params.require(:file).content_type # $ hasTaintFlow end def m38 - sink params.permit(:file)[:file].headers # $hasTaintFlow + sink params.permit(:file)[:file].headers # $ hasTaintFlow end def m39 - sink params[:a].to_unsafe_h[:b][:file].read # $hasTaintFlow + sink params[:a].to_unsafe_h[:b][:file].read # $ hasTaintFlow end def m40(a) @@ -204,4 +204,4 @@ class UploadedFileTests < MyController params[:file].read(nil,a) sink a # $ hasTaintFlow end -end \ No newline at end of file +end diff --git a/ruby/ql/test/library-tests/frameworks/action_mailer/mailer.rb b/ruby/ql/test/library-tests/frameworks/action_mailer/mailer.rb index 09243fbb7fe..e93ddf8515f 100644 --- a/ruby/ql/test/library-tests/frameworks/action_mailer/mailer.rb +++ b/ruby/ql/test/library-tests/frameworks/action_mailer/mailer.rb @@ -1,5 +1,5 @@ class MyMailer < ActionMailer::Base def foo - sink params[:foo] # $hasTaintFlow + sink params[:foo] # $ hasTaintFlow end end diff --git a/ruby/ql/test/library-tests/frameworks/active_support/active_support.rb b/ruby/ql/test/library-tests/frameworks/active_support/active_support.rb index a614a27eaf4..c94752ec446 100644 --- a/ruby/ql/test/library-tests/frameworks/active_support/active_support.rb +++ b/ruby/ql/test/library-tests/frameworks/active_support/active_support.rb @@ -8,196 +8,196 @@ ActiveSupport::TaggedLogging.new(STDOUT) def m_at x = source "a" - sink x.at(1..3) # $hasTaintFlow=a + sink x.at(1..3) # $ hasTaintFlow=a end def m_camelize x = source "a" - sink x.camelize # $hasTaintFlow=a + sink x.camelize # $ hasTaintFlow=a end def m_camelcase x = source "a" - sink x.camelcase # $hasTaintFlow=a + sink x.camelcase # $ hasTaintFlow=a end def m_classify x = source "a" - sink x.classify # $hasTaintFlow=a + sink x.classify # $ hasTaintFlow=a end def m_dasherize x = source "a" - sink x.dasherize # $hasTaintFlow=a + sink x.dasherize # $ hasTaintFlow=a end def m_deconstantize x = source "a" - sink x.deconstantize # $hasTaintFlow=a + sink x.deconstantize # $ hasTaintFlow=a end def m_demodulize x = source "a" - sink x.demodulize # $hasTaintFlow=a + sink x.demodulize # $ hasTaintFlow=a end def first x = source "a" - sink x.first(3) # $hasTaintFlow=a + sink x.first(3) # $ hasTaintFlow=a end def m_foreign_key x = source "a" - sink x.foreign_key # $hasTaintFlow=a + sink x.foreign_key # $ hasTaintFlow=a end def m_from x = source "a" - sink x.from(3) # $hasTaintFlow=a + sink x.from(3) # $ hasTaintFlow=a end def m_html_safe x = source "a" - sink x.html_safe # $hasTaintFlow=a + sink x.html_safe # $ hasTaintFlow=a end def m_humanize x = source "a" - sink x.humanize # $hasTaintFlow=a + sink x.humanize # $ hasTaintFlow=a end def m_indent x = source "a" - sink x.indent(1) # $hasTaintFlow=a + sink x.indent(1) # $ hasTaintFlow=a end def m_indent! x = source "a" - sink x.indent!(1) # $hasTaintFlow=a + sink x.indent!(1) # $ hasTaintFlow=a end def m_inquiry x = source "a" - sink x.inquiry # $hasTaintFlow=a + sink x.inquiry # $ hasTaintFlow=a end def m_last x = source "a" - sink x.last(1) # $hasTaintFlow=a + sink x.last(1) # $ hasTaintFlow=a end def m_mb_chars x = source "a" - sink x.mb_chars # $hasTaintFlow=a + sink x.mb_chars # $ hasTaintFlow=a end def m_parameterize x = source "a" - sink x.parameterize # $hasTaintFlow=a + sink x.parameterize # $ hasTaintFlow=a end def m_pluralize x = source "a" - sink x.pluralize # $hasTaintFlow=a + sink x.pluralize # $ hasTaintFlow=a end def m_remove x = source "a" - sink x.remove("foo") # $hasTaintFlow=a + sink x.remove("foo") # $ hasTaintFlow=a end def m_remove! x = source "a" - sink x.remove!("foo") # $hasTaintFlow=a + sink x.remove!("foo") # $ hasTaintFlow=a end def m_singularize x = source "a" - sink x.singularize # $hasTaintFlow=a + sink x.singularize # $ hasTaintFlow=a end def m_squish x = source "a" - sink x.squish # $hasTaintFlow=a + sink x.squish # $ hasTaintFlow=a end def m_squish! x = source "a" - sink x.squish! # $hasTaintFlow=a + sink x.squish! # $ hasTaintFlow=a end def m_strip_heredoc x = source "a" - sink x.strip_heredoc # $hasTaintFlow=a + sink x.strip_heredoc # $ hasTaintFlow=a end def m_tableize x = source "a" - sink x.tableize # $hasTaintFlow=a + sink x.tableize # $ hasTaintFlow=a end def m_titlecase x = source "a" - sink x.titlecase # $hasTaintFlow=a + sink x.titlecase # $ hasTaintFlow=a end def m_titleize x = source "a" - sink x.titleize # $hasTaintFlow=a + sink x.titleize # $ hasTaintFlow=a end def m_to x = source "a" - sink x.to(3) # $hasTaintFlow=a + sink x.to(3) # $ hasTaintFlow=a end def m_truncate x = source "a" - sink x.truncate(3) # $hasTaintFlow=a + sink x.truncate(3) # $ hasTaintFlow=a end def m_truncate_bytes x = source "a" - sink x.truncate_bytes(3) # $hasTaintFlow=a + sink x.truncate_bytes(3) # $ hasTaintFlow=a end def m_truncate_words x = source "a" - sink x.truncate_words(3) # $hasTaintFlow=a + sink x.truncate_words(3) # $ hasTaintFlow=a end def m_underscore x = source "a" - sink x.underscore # $hasTaintFlow=a + sink x.underscore # $ hasTaintFlow=a end def m_upcase_first x = source "a" - sink x.upcase_first # $hasTaintFlow=a + sink x.upcase_first # $ hasTaintFlow=a end def m_compact_blank x = [source 1] y = x.compact_blank - sink y[0] # $hasValueFlow=1 + sink y[0] # $ hasValueFlow=1 end def m_excluding x = [source(1), 2] y = x.excluding 2 - sink y[0] # $hasValueFlow=1 + sink y[0] # $ hasValueFlow=1 end def m_without x = [source(1), 2] y = x.without 2 - sink y[0] # $hasValueFlow=1 + sink y[0] # $ hasValueFlow=1 end def m_in_order_of x = [source(1), 2] y = x.in_order_of(:itself, [2,1]) - sink y[0] # $hasValueFlow=1 + sink y[0] # $ hasValueFlow=1 end def m_including @@ -214,21 +214,21 @@ end def m_safe_buffer_new x = source "a" y = ActionView::SafeBuffer.new(x) - sink y # $hasTaintFlow=a + sink y # $ hasTaintFlow=a end def m_safe_buffer_safe_concat_retval x = ActionView::SafeBuffer.new("a") b = source "b" y = x.safe_concat(b) - sink y # $hasTaintFlow=b + sink y # $ hasTaintFlow=b end def m_safe_buffer_safe_concat_self x = ActionView::SafeBuffer.new("a") b = source "b" x.safe_concat(b) - sink x # $hasTaintFlow=b + sink x # $ hasTaintFlow=b end def m_safe_buffer_concat @@ -236,7 +236,7 @@ def m_safe_buffer_concat b = source "b" x = ActionView::SafeBuffer.new(a) y = x.concat(b) - sink y # $hasTaintFlow=a + sink y # $ hasTaintFlow=a end def m_safe_buffer_insert @@ -244,7 +244,7 @@ def m_safe_buffer_insert b = source "b" x = ActionView::SafeBuffer.new(a) y = x.insert(i, b) - sink y # $hasTaintFlow=a $hasTaintFlow=b + sink y # $ hasTaintFlow=a $hasTaintFlow=b end def m_safe_buffer_prepend @@ -252,43 +252,43 @@ def m_safe_buffer_prepend b = source "b" x = ActionView::SafeBuffer.new(a) y = x.prepend(b) - sink y # $hasTaintFlow=a + sink y # $ hasTaintFlow=a end def m_safe_buffer_to_s a = source "a" x = ActionView::SafeBuffer.new(a) y = x.to_s - sink y # $hasTaintFlow=a + sink y # $ hasTaintFlow=a end def m_safe_buffer_to_param a = source "a" x = ActionView::SafeBuffer.new(a) y = x.to_param - sink y # $hasTaintFlow=a + sink y # $ hasTaintFlow=a end def m_pathname_existence a = source "a" x = Pathname.new(a) y = x.existence - sink y # $hasTaintFlow=a + sink y # $ hasTaintFlow=a z = y.existence - sink z # $hasTaintFlow=a + sink z # $ hasTaintFlow=a end def m_presence x = source "a" - sink x.presence # $hasValueFlow=a + sink x.presence # $ hasValueFlow=a y = source 123 - sink y.presence # $hasValueFlow=123 + sink y.presence # $ hasValueFlow=123 end def m_deep_dup x = source "a" - sink x.deep_dup # $hasValueFlow=a + sink x.deep_dup # $ hasValueFlow=a end def m_try(method) @@ -302,32 +302,32 @@ end def m_json_escape a = source "a" b = json_escape a - sink b # $hasTaintFlow=a + sink b # $ hasTaintFlow=a end def m_json_encode x = source "a" - sink ActiveSupport::JSON.encode(x) # $hasTaintFlow=a + sink ActiveSupport::JSON.encode(x) # $ hasTaintFlow=a end def m_json_decode x = source "a" - sink ActiveSupport::JSON.decode(x) # $hasTaintFlow=a + sink ActiveSupport::JSON.decode(x) # $ hasTaintFlow=a end def m_json_dump x = source "a" - sink ActiveSupport::JSON.dump(x) # $hasTaintFlow=a + sink ActiveSupport::JSON.dump(x) # $ hasTaintFlow=a end def m_json_load x = source "a" - sink ActiveSupport::JSON.load(x) # $hasTaintFlow=a + sink ActiveSupport::JSON.load(x) # $ hasTaintFlow=a end def m_to_json x = source "a" y = [x] - sink x.to_json # $hasTaintFlow=a - sink y.to_json # $hasTaintFlow=a + sink x.to_json # $ hasTaintFlow=a + sink y.to_json # $ hasTaintFlow=a end diff --git a/ruby/ql/test/library-tests/frameworks/active_support/hash_extensions.rb b/ruby/ql/test/library-tests/frameworks/active_support/hash_extensions.rb index 9222620fef4..f386eba7022 100644 --- a/ruby/ql/test/library-tests/frameworks/active_support/hash_extensions.rb +++ b/ruby/ql/test/library-tests/frameworks/active_support/hash_extensions.rb @@ -1,7 +1,7 @@ def m_stringify_keys h = { a: source("a") } x = h.stringify_keys - sink x["a"] # $hasValueFlow=a + sink x["a"] # $ hasValueFlow=a end m_stringify_keys() @@ -9,7 +9,7 @@ m_stringify_keys() def m_to_options h = { "a" => source("a") } x = h.to_options - sink x[:a] # $hasValueFlow=a + sink x[:a] # $ hasValueFlow=a end m_to_options() @@ -17,7 +17,7 @@ m_to_options() def m_symbolize_keys h = { "a" => source("a") } x = h.symbolize_keys - sink x[:a] # $hasValueFlow=a + sink x[:a] # $ hasValueFlow=a end m_symbolize_keys() @@ -25,7 +25,7 @@ m_symbolize_keys() def m_deep_stringify_keys h = { a: source("a") } x = h.deep_stringify_keys - sink x["a"] # $hasValueFlow=a + sink x["a"] # $ hasValueFlow=a end m_deep_stringify_keys() @@ -33,7 +33,7 @@ m_deep_stringify_keys() def m_deep_symbolize_keys h = { "a" => source("a") } x = h.deep_symbolize_keys - sink x[:a] # $hasValueFlow=a + sink x[:a] # $ hasValueFlow=a end m_deep_symbolize_keys() @@ -41,7 +41,7 @@ m_deep_symbolize_keys() def m_with_indifferent_access h = { a: source("a") } x = h.with_indifferent_access - sink x["a"] # $hasValueFlow=a + sink x["a"] # $ hasValueFlow=a end m_with_indifferent_access() diff --git a/ruby/ql/test/library-tests/frameworks/arel/arel.rb b/ruby/ql/test/library-tests/frameworks/arel/arel.rb index 7e7bc51f9a8..1bfddd898ec 100644 --- a/ruby/ql/test/library-tests/frameworks/arel/arel.rb +++ b/ruby/ql/test/library-tests/frameworks/arel/arel.rb @@ -1,6 +1,6 @@ def m1 x = source 1 - sink(Arel.sql(x)) # $hasTaintFlow=1 + sink(Arel.sql(x)) # $ hasTaintFlow=1 end def m2 diff --git a/ruby/ql/test/library-tests/frameworks/json/json.rb b/ruby/ql/test/library-tests/frameworks/json/json.rb index a48fe9bf5e0..7c2c5f0c653 100644 --- a/ruby/ql/test/library-tests/frameworks/json/json.rb +++ b/ruby/ql/test/library-tests/frameworks/json/json.rb @@ -1,11 +1,11 @@ -sink JSON.parse(source "a") # $hasTaintFlow=a -sink JSON.parse!(source "a") # $hasTaintFlow=a -sink JSON.load(source "a") # $hasTaintFlow=a -sink JSON.restore(source "a") # $hasTaintFlow=a +sink JSON.parse(source "a") # $ hasTaintFlow=a +sink JSON.parse!(source "a") # $ hasTaintFlow=a +sink JSON.load(source "a") # $ hasTaintFlow=a +sink JSON.restore(source "a") # $ hasTaintFlow=a -sink JSON.generate(source "a") # $hasTaintFlow=a -sink JSON.fast_generate(source "a") # $hasTaintFlow=a -sink JSON.pretty_generate(source "a") # $hasTaintFlow=a -sink JSON.dump(source "a") # $hasTaintFlow=a -sink JSON.unparse(source "a") # $hasTaintFlow=a -sink JSON.fast_unparse(source "a") # $hasTaintFlow=a +sink JSON.generate(source "a") # $ hasTaintFlow=a +sink JSON.fast_generate(source "a") # $ hasTaintFlow=a +sink JSON.pretty_generate(source "a") # $ hasTaintFlow=a +sink JSON.dump(source "a") # $ hasTaintFlow=a +sink JSON.unparse(source "a") # $ hasTaintFlow=a +sink JSON.fast_unparse(source "a") # $ hasTaintFlow=a diff --git a/ruby/ql/test/query-tests/experimental/cwe-176/unicode_normalization.rb b/ruby/ql/test/query-tests/experimental/cwe-176/unicode_normalization.rb index 848be4b081c..a7b77cc3a66 100644 --- a/ruby/ql/test/query-tests/experimental/cwe-176/unicode_normalization.rb +++ b/ruby/ql/test/query-tests/experimental/cwe-176/unicode_normalization.rb @@ -5,8 +5,8 @@ require 'cgi' class UnicodeNormalizationOKController < ActionController::Base def unicodeNormalize unicode_input = params[:unicode_input] - normalized_nfkc = unicode_input.unicode_normalize(:nfkc) # $MISSING:result=OK - normalized_nfc = unicode_input.unicode_normalize(:nfc) # $MISSING:result=OK + normalized_nfkc = unicode_input.unicode_normalize(:nfkc) # $ MISSING:result=OK + normalized_nfc = unicode_input.unicode_normalize(:nfc) # $ MISSING:result=OK end end @@ -14,8 +14,8 @@ class UnicodeNormalizationStrManipulationController < ActionController::Base def unicodeNormalize unicode_input = params[:unicode_input] unicode_input_manip = unicode_input.sub(/[aeiou]/, "*") - normalized_nfkc = unicode_input_manip.unicode_normalize(:nfkc) # $result=BAD - normalized_nfc = unicode_input_manip.unicode_normalize(:nfc) # $result=BAD + normalized_nfkc = unicode_input_manip.unicode_normalize(:nfkc) # $ result=BAD + normalized_nfc = unicode_input_manip.unicode_normalize(:nfc) # $ result=BAD end end @@ -23,8 +23,8 @@ class UnicodeNormalizationHtMLEscapeController < ActionController::Base def unicodeNormalize unicode_input = params[:unicode_input] unicode_html_safe = html_escape(unicode_input) - normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkc) # $result=BAD - normalized_nfc = unicode_html_safe.unicode_normalize(:nfc) # $result=BAD + normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkc) # $ result=BAD + normalized_nfc = unicode_html_safe.unicode_normalize(:nfc) # $ result=BAD end end @@ -32,7 +32,7 @@ class UnicodeNormalizationCGIHtMLEscapeController < ActionController::Base def unicodeNormalize unicode_input = params[:unicode_input] unicode_html_safe = CGI.escapeHTML(unicode_input).html_safe - normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkd) # $result=BAD - normalized_nfc = unicode_html_safe.unicode_normalize(:nfd) # $result=BAD + normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkd) # $ result=BAD + normalized_nfc = unicode_html_safe.unicode_normalize(:nfd) # $ result=BAD end end diff --git a/ruby/ql/test/query-tests/experimental/improper-memoization/improper_memoization.rb b/ruby/ql/test/query-tests/experimental/improper-memoization/improper_memoization.rb index e1e60209c79..0b12fe2ad59 100644 --- a/ruby/ql/test/query-tests/experimental/improper-memoization/improper_memoization.rb +++ b/ruby/ql/test/query-tests/experimental/improper-memoization/improper_memoization.rb @@ -52,7 +52,7 @@ def m7(arg) arg += 3 end @m7 -end # $result=BAD +end # $ result=BAD # Bad: method has parameter but only one result is memoized. def m8(arg) @@ -60,23 +60,23 @@ def m8(arg) long_running_method(arg) end @m8 -end # $result=BAD +end # $ result=BAD # Bad: method has parameter but only one result is memoized. def m9(arg) @m9 ||= long_running_method(arg) -end # $result=BAD +end # $ result=BAD # Bad: method has parameter but only one result is memoized. def m10(arg1, arg2) @m10 ||= long_running_method(arg1, arg2) -end # $result=BAD +end # $ result=BAD # Bad: `arg2` not used in key. def m11(arg1, arg2) @m11 ||= {} @m11[arg1] ||= long_running_method(arg1, arg2) -end # $result=BAD +end # $ result=BAD # Bad: `arg2` not used in key. def m12(arg1, arg2) @@ -84,7 +84,7 @@ def m12(arg1, arg2) h1[arg1] = result(arg1, arg2) end @m12[arg1] -end # $result=BAD +end # $ result=BAD # Bad: arg not used in key. def m13(id:) @@ -94,11 +94,11 @@ def m13(id:) end end @m13 -end # $result=BAD +end # $ result=BAD # Good (FP): arg is used in key via string interpolation. def m14(arg) @m14 ||= {} key = "foo/#{arg}" @m14[key] ||= long_running_method(arg) -end \ No newline at end of file +end diff --git a/ruby/ql/test/query-tests/security/cwe-300/Gemfile b/ruby/ql/test/query-tests/security/cwe-300/Gemfile index f97c050d2e3..7d495697b1a 100644 --- a/ruby/ql/test/query-tests/security/cwe-300/Gemfile +++ b/ruby/ql/test/query-tests/security/cwe-300/Gemfile @@ -1,18 +1,18 @@ source "https://rubygems.org" # GOOD -source "http://rubygems.org" # $result=BAD -source "ftp://rubygems.org" # $result=BAD +source "http://rubygems.org" # $ result=BAD +source "ftp://rubygems.org" # $ result=BAD source "ftps://rubygems.org" # GOOD source "unknown://rubygems.org" # GOOD git_source(:a) { "https://github.com" } # GOOD -git_source(:b) { "http://github.com" } # $result=BAD -git_source(:c) { "ftp://github.com" } # $result=BAD +git_source(:b) { "http://github.com" } # $ result=BAD +git_source(:c) { "ftp://github.com" } # $ result=BAD git_source(:d) { "ftps://github.com" } # GOOD git_source(:e) { "unknown://github.com" } # GOOD git_source(:f) { |name| "https://github.com/#{name}" } # GOOD -git_source(:g) { |name| "http://github.com/#{name}" } # $result=BAD -git_source(:h) { |name| "ftp://github.com/#{name}" } # $result=BAD +git_source(:g) { |name| "http://github.com/#{name}" } # $ result=BAD +git_source(:h) { |name| "ftp://github.com/#{name}" } # $ result=BAD git_source(:i) { |name| "ftps://github.com/#{name}" } # GOOD git_source(:j) { |name| "unknown://github.com/#{name}" } # GOOD @@ -22,11 +22,11 @@ git_source(:k) do |name| end git_source(:l) do |name| foo - "http://github.com/#{name}" # $result=BAD + "http://github.com/#{name}" # $ result=BAD end git_source(:m) do |name| foo - "ftp://github.com/#{name}" # $result=BAD + "ftp://github.com/#{name}" # $ result=BAD end git_source(:n) do |name| foo @@ -38,19 +38,19 @@ git_source(:o) do |name| end gem "jwt", "1.2.3", git: "https://github.com/jwt/ruby-jwt" # GOOD -gem "jwt", "1.2.3", git: "http://github.com/jwt/ruby-jwt" # $result=BAD -gem "jwt", "1.2.3", git: "ftp://github.com/jwt/ruby-jwt" # $result=BAD +gem "jwt", "1.2.3", git: "http://github.com/jwt/ruby-jwt" # $ result=BAD +gem "jwt", "1.2.3", git: "ftp://github.com/jwt/ruby-jwt" # $ result=BAD gem "jwt", "1.2.3", git: "ftps://github.com/jwt/ruby-jwt" # GOOD gem "jwt", "1.2.3", git: "unknown://github.com/jwt/ruby-jwt" # GOOD gem "jwt", "1.2.3", :git => "https://github.com/jwt/ruby-jwt" # GOOD -gem "jwt", "1.2.3", :git => "http://github.com/jwt/ruby-jwt" # $result=BAD -gem "jwt", "1.2.3", :git => "ftp://github.com/jwt/ruby-jwt" # $result=BAD +gem "jwt", "1.2.3", :git => "http://github.com/jwt/ruby-jwt" # $ result=BAD +gem "jwt", "1.2.3", :git => "ftp://github.com/jwt/ruby-jwt" # $ result=BAD gem "jwt", "1.2.3", :git => "ftps://github.com/jwt/ruby-jwt" # GOOD gem "jwt", "1.2.3", :git => "unknown://github.com/jwt/ruby-jwt" # GOOD gem "jwt", "1.2.3", source: "https://rubygems.org" # GOOD -gem "jwt", "1.2.3", source: "http://rubygems.org" # $result=BAD -gem "jwt", "1.2.3", source: "ftp://rubygems.org" # $result=BAD +gem "jwt", "1.2.3", source: "http://rubygems.org" # $ result=BAD +gem "jwt", "1.2.3", source: "ftp://rubygems.org" # $ result=BAD gem "jwt", "1.2.3", source: "ftps://rubygems.org" # GOOD -gem "jwt", "1.2.3", source: "unknown://rubygems.org" # GOOD \ No newline at end of file +gem "jwt", "1.2.3", source: "unknown://rubygems.org" # GOOD