hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

tweaks and add Zip::File.open_buffer to query

Browse Source
This commit is contained in:
thiggy1342
2022-06-17 02:43:54 +00:00
committed by GitHub
parent 01cb408393
commit 7c2b19baad
3 changed files with 32 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
ruby/ql/test/query-tests/security/decompression-api/DecompressionApi.expected
View File

@@ -1,12 +1,12 @@
edges
| decompression_api.rb:3:31:3:36 | call to params : | decompression_api.rb:3:31:3:43 | ...[...] |
| decompression_api.rb:13:44:13:49 | call to params : | decompression_api.rb:13:44:13:56 | ...[...] |
| decompression_api.rb:4:31:4:36 | call to params : | decompression_api.rb:4:31:4:43 | ...[...] |
| decompression_api.rb:14:31:14:36 | call to params : | decompression_api.rb:14:31:14:43 | ...[...] |
nodes
| decompression_api.rb:3:31:3:36 | call to params : | semmle.label | call to params : |
| decompression_api.rb:3:31:3:43 | ...[...] | semmle.label | ...[...] |
| decompression_api.rb:13:44:13:49 | call to params : | semmle.label | call to params : |
| decompression_api.rb:13:44:13:56 | ...[...] | semmle.label | ...[...] |
| decompression_api.rb:4:31:4:36 | call to params : | semmle.label | call to params : |
| decompression_api.rb:4:31:4:43 | ...[...] | semmle.label | ...[...] |
| decompression_api.rb:14:31:14:36 | call to params : | semmle.label | call to params : |
| decompression_api.rb:14:31:14:43 | ...[...] | semmle.label | ...[...] |
subpaths
#select
| decompression_api.rb:3:31:3:43 | ...[...] | decompression_api.rb:3:31:3:36 | call to params : | decompression_api.rb:3:31:3:43 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | decompression_api.rb:3:9:3:44 | call to inflate | call to inflate |
| decompression_api.rb:13:44:13:56 | ...[...] | decompression_api.rb:13:44:13:49 | call to params : | decompression_api.rb:13:44:13:56 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | decompression_api.rb:13:9:13:57 | call to inflate | call to inflate |
| decompression_api.rb:4:31:4:43 | ...[...] | decompression_api.rb:4:31:4:36 | call to params : | decompression_api.rb:4:31:4:43 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | decompression_api.rb:4:9:4:44 | call to inflate | inflate |
| decompression_api.rb:14:31:14:43 | ...[...] | decompression_api.rb:14:31:14:36 | call to params : | decompression_api.rb:14:31:14:43 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | decompression_api.rb:14:9:14:44 | call to open_buffer | open_buffer |

12
ruby/ql/test/query-tests/security/decompression-api/decompression_api.rb
View File

@@ -1,15 +1,21 @@
class TestController < ActionController::Base
# this should get picked up
def unsafe_zlib_unzip
Zlib::Inflate.inflate(params[:file])
end
# this should not get picked up
def safe_zlib_unzip
Zlib::Inflate.inflate(file)
end
# this should get picked up
def unsafe_zlib_unzip
Zip::File.open_buffer(params[:file])
end
DECOMPRESSION_LIB = Zlib
def unsafe_zlib_unzip_const
DECOMPRESSION_LIB::Inflate.inflate(params[:file])
# this should not get picked up
def safe_zlib_unzip
Zip::File.open_buffer(file)
end
end