mirror of
https://github.com/github/codeql.git
synced 2026-04-25 16:55:19 +02:00
Ruby: Update test
This commit is contained in:
Harry Maclean
@@ -1,75 +1,56 @@
|
||||
edges
|
||||
| unicode_normalization.rb:7:5:7:17 | unicode_input | unicode_normalization.rb:8:23:8:35 | unicode_input |
|
||||
| unicode_normalization.rb:7:5:7:17 | unicode_input | unicode_normalization.rb:9:22:9:34 | unicode_input |
|
||||
| unicode_normalization.rb:7:21:7:26 | call to params | unicode_normalization.rb:7:21:7:42 | ...[...] |
|
||||
| unicode_normalization.rb:7:21:7:42 | ...[...] | unicode_normalization.rb:7:5:7:17 | unicode_input |
|
||||
| unicode_normalization.rb:15:5:15:17 | unicode_input | unicode_normalization.rb:16:27:16:39 | unicode_input |
|
||||
| unicode_normalization.rb:15:5:15:17 | unicode_input | unicode_normalization.rb:16:27:16:39 | unicode_input |
|
||||
| unicode_normalization.rb:15:21:15:26 | call to params | unicode_normalization.rb:15:21:15:42 | ...[...] |
|
||||
| unicode_normalization.rb:15:21:15:26 | call to params | unicode_normalization.rb:15:21:15:42 | ...[...] |
|
||||
| unicode_normalization.rb:15:21:15:42 | ...[...] | unicode_normalization.rb:15:5:15:17 | unicode_input |
|
||||
| unicode_normalization.rb:15:21:15:42 | ...[...] | unicode_normalization.rb:15:5:15:17 | unicode_input |
|
||||
| unicode_normalization.rb:16:5:16:23 | unicode_input_manip | unicode_normalization.rb:17:23:17:41 | unicode_input_manip |
|
||||
| unicode_normalization.rb:16:5:16:23 | unicode_input_manip | unicode_normalization.rb:18:22:18:40 | unicode_input_manip |
|
||||
| unicode_normalization.rb:16:27:16:39 | unicode_input | unicode_normalization.rb:16:27:16:59 | call to sub |
|
||||
| unicode_normalization.rb:16:27:16:39 | unicode_input | unicode_normalization.rb:16:27:16:59 | call to sub |
|
||||
| unicode_normalization.rb:16:27:16:59 | call to sub | unicode_normalization.rb:16:5:16:23 | unicode_input_manip |
|
||||
| unicode_normalization.rb:24:5:24:17 | unicode_input | unicode_normalization.rb:25:37:25:49 | unicode_input |
|
||||
| unicode_normalization.rb:24:21:24:26 | call to params | unicode_normalization.rb:24:21:24:42 | ...[...] |
|
||||
| unicode_normalization.rb:24:21:24:42 | ...[...] | unicode_normalization.rb:24:5:24:17 | unicode_input |
|
||||
| unicode_normalization.rb:25:5:25:21 | unicode_html_safe | unicode_normalization.rb:26:23:26:39 | unicode_html_safe |
|
||||
| unicode_normalization.rb:25:5:25:21 | unicode_html_safe | unicode_normalization.rb:27:22:27:38 | unicode_html_safe |
|
||||
| unicode_normalization.rb:25:25:25:50 | call to html_escape | unicode_normalization.rb:25:5:25:21 | unicode_html_safe |
|
||||
| unicode_normalization.rb:25:37:25:49 | unicode_input | unicode_normalization.rb:25:25:25:50 | call to html_escape |
|
||||
| unicode_normalization.rb:33:5:33:17 | unicode_input | unicode_normalization.rb:34:40:34:52 | unicode_input |
|
||||
| unicode_normalization.rb:33:21:33:26 | call to params | unicode_normalization.rb:33:21:33:42 | ...[...] |
|
||||
| unicode_normalization.rb:33:21:33:42 | ...[...] | unicode_normalization.rb:33:5:33:17 | unicode_input |
|
||||
| unicode_normalization.rb:34:5:34:21 | unicode_html_safe | unicode_normalization.rb:35:23:35:39 | unicode_html_safe |
|
||||
| unicode_normalization.rb:34:5:34:21 | unicode_html_safe | unicode_normalization.rb:36:22:36:38 | unicode_html_safe |
|
||||
| unicode_normalization.rb:34:25:34:53 | call to escapeHTML | unicode_normalization.rb:34:25:34:63 | call to html_safe |
|
||||
| unicode_normalization.rb:34:25:34:63 | call to html_safe | unicode_normalization.rb:34:5:34:21 | unicode_html_safe |
|
||||
| unicode_normalization.rb:34:40:34:52 | unicode_input | unicode_normalization.rb:34:25:34:53 | call to escapeHTML |
|
||||
| UnsafeYamlDeserialization.rb:10:5:10:13 | yaml_data | UnsafeYamlDeserialization.rb:11:25:11:33 | yaml_data | provenance | |
|
||||
| UnsafeYamlDeserialization.rb:10:17:10:22 | call to params | UnsafeYamlDeserialization.rb:10:17:10:28 | ...[...] | provenance | |
|
||||
| UnsafeYamlDeserialization.rb:10:17:10:28 | ...[...] | UnsafeYamlDeserialization.rb:10:5:10:13 | yaml_data | provenance | |
|
||||
| UnsafeYamlDeserialization.rb:17:5:17:13 | yaml_data | UnsafeYamlDeserialization.rb:18:25:18:33 | yaml_data | provenance | |
|
||||
| UnsafeYamlDeserialization.rb:17:17:17:22 | call to params | UnsafeYamlDeserialization.rb:17:17:17:28 | ...[...] | provenance | |
|
||||
| UnsafeYamlDeserialization.rb:17:17:17:28 | ...[...] | UnsafeYamlDeserialization.rb:17:5:17:13 | yaml_data | provenance | |
|
||||
| UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | UnsafeYamlDeserialization.rb:33:32:33:40 | yaml_data | provenance | |
|
||||
| UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | UnsafeYamlDeserialization.rb:34:37:34:45 | yaml_data | provenance | |
|
||||
| UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | UnsafeYamlDeserialization.rb:35:32:35:40 | yaml_data | provenance | |
|
||||
| UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | UnsafeYamlDeserialization.rb:37:14:37:33 | call to to_ruby | provenance | |
|
||||
| UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | UnsafeYamlDeserialization.rb:38:14:38:43 | call to to_ruby | provenance | |
|
||||
| UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | UnsafeYamlDeserialization.rb:39:14:39:48 | call to to_ruby | provenance | |
|
||||
| UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | UnsafeYamlDeserialization.rb:49:14:49:32 | call to to_ruby | provenance | |
|
||||
| UnsafeYamlDeserialization.rb:32:17:32:22 | call to params | UnsafeYamlDeserialization.rb:32:17:32:28 | ...[...] | provenance | |
|
||||
| UnsafeYamlDeserialization.rb:32:17:32:28 | ...[...] | UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | provenance | |
|
||||
nodes
|
||||
| unicode_normalization.rb:7:5:7:17 | unicode_input | semmle.label | unicode_input |
|
||||
| unicode_normalization.rb:7:21:7:26 | call to params | semmle.label | call to params |
|
||||
| unicode_normalization.rb:7:21:7:42 | ...[...] | semmle.label | ...[...] |
|
||||
| unicode_normalization.rb:8:23:8:35 | unicode_input | semmle.label | unicode_input |
|
||||
| unicode_normalization.rb:9:22:9:34 | unicode_input | semmle.label | unicode_input |
|
||||
| unicode_normalization.rb:15:5:15:17 | unicode_input | semmle.label | unicode_input |
|
||||
| unicode_normalization.rb:15:5:15:17 | unicode_input | semmle.label | unicode_input |
|
||||
| unicode_normalization.rb:15:21:15:26 | call to params | semmle.label | call to params |
|
||||
| unicode_normalization.rb:15:21:15:42 | ...[...] | semmle.label | ...[...] |
|
||||
| unicode_normalization.rb:15:21:15:42 | ...[...] | semmle.label | ...[...] |
|
||||
| unicode_normalization.rb:16:5:16:23 | unicode_input_manip | semmle.label | unicode_input_manip |
|
||||
| unicode_normalization.rb:16:27:16:39 | unicode_input | semmle.label | unicode_input |
|
||||
| unicode_normalization.rb:16:27:16:39 | unicode_input | semmle.label | unicode_input |
|
||||
| unicode_normalization.rb:16:27:16:59 | call to sub | semmle.label | call to sub |
|
||||
| unicode_normalization.rb:17:23:17:41 | unicode_input_manip | semmle.label | unicode_input_manip |
|
||||
| unicode_normalization.rb:18:22:18:40 | unicode_input_manip | semmle.label | unicode_input_manip |
|
||||
| unicode_normalization.rb:24:5:24:17 | unicode_input | semmle.label | unicode_input |
|
||||
| unicode_normalization.rb:24:21:24:26 | call to params | semmle.label | call to params |
|
||||
| unicode_normalization.rb:24:21:24:42 | ...[...] | semmle.label | ...[...] |
|
||||
| unicode_normalization.rb:25:5:25:21 | unicode_html_safe | semmle.label | unicode_html_safe |
|
||||
| unicode_normalization.rb:25:25:25:50 | call to html_escape | semmle.label | call to html_escape |
|
||||
| unicode_normalization.rb:25:37:25:49 | unicode_input | semmle.label | unicode_input |
|
||||
| unicode_normalization.rb:26:23:26:39 | unicode_html_safe | semmle.label | unicode_html_safe |
|
||||
| unicode_normalization.rb:27:22:27:38 | unicode_html_safe | semmle.label | unicode_html_safe |
|
||||
| unicode_normalization.rb:33:5:33:17 | unicode_input | semmle.label | unicode_input |
|
||||
| unicode_normalization.rb:33:21:33:26 | call to params | semmle.label | call to params |
|
||||
| unicode_normalization.rb:33:21:33:42 | ...[...] | semmle.label | ...[...] |
|
||||
| unicode_normalization.rb:34:5:34:21 | unicode_html_safe | semmle.label | unicode_html_safe |
|
||||
| unicode_normalization.rb:34:25:34:53 | call to escapeHTML | semmle.label | call to escapeHTML |
|
||||
| unicode_normalization.rb:34:25:34:63 | call to html_safe | semmle.label | call to html_safe |
|
||||
| unicode_normalization.rb:34:40:34:52 | unicode_input | semmle.label | unicode_input |
|
||||
| unicode_normalization.rb:35:23:35:39 | unicode_html_safe | semmle.label | unicode_html_safe |
|
||||
| unicode_normalization.rb:36:22:36:38 | unicode_html_safe | semmle.label | unicode_html_safe |
|
||||
| UnsafeYamlDeserialization.rb:10:5:10:13 | yaml_data | semmle.label | yaml_data |
|
||||
| UnsafeYamlDeserialization.rb:10:17:10:22 | call to params | semmle.label | call to params |
|
||||
| UnsafeYamlDeserialization.rb:10:17:10:28 | ...[...] | semmle.label | ...[...] |
|
||||
| UnsafeYamlDeserialization.rb:11:25:11:33 | yaml_data | semmle.label | yaml_data |
|
||||
| UnsafeYamlDeserialization.rb:17:5:17:13 | yaml_data | semmle.label | yaml_data |
|
||||
| UnsafeYamlDeserialization.rb:17:17:17:22 | call to params | semmle.label | call to params |
|
||||
| UnsafeYamlDeserialization.rb:17:17:17:28 | ...[...] | semmle.label | ...[...] |
|
||||
| UnsafeYamlDeserialization.rb:18:25:18:33 | yaml_data | semmle.label | yaml_data |
|
||||
| UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | semmle.label | yaml_data |
|
||||
| UnsafeYamlDeserialization.rb:32:17:32:22 | call to params | semmle.label | call to params |
|
||||
| UnsafeYamlDeserialization.rb:32:17:32:28 | ...[...] | semmle.label | ...[...] |
|
||||
| UnsafeYamlDeserialization.rb:33:32:33:40 | yaml_data | semmle.label | yaml_data |
|
||||
| UnsafeYamlDeserialization.rb:34:37:34:45 | yaml_data | semmle.label | yaml_data |
|
||||
| UnsafeYamlDeserialization.rb:35:32:35:40 | yaml_data | semmle.label | yaml_data |
|
||||
| UnsafeYamlDeserialization.rb:37:14:37:33 | call to to_ruby | semmle.label | call to to_ruby |
|
||||
| UnsafeYamlDeserialization.rb:38:14:38:43 | call to to_ruby | semmle.label | call to to_ruby |
|
||||
| UnsafeYamlDeserialization.rb:39:14:39:48 | call to to_ruby | semmle.label | call to to_ruby |
|
||||
| UnsafeYamlDeserialization.rb:49:14:49:32 | call to to_ruby | semmle.label | call to to_ruby |
|
||||
| UnsafeYamlDeserialization.rb:61:24:61:34 | call to read | semmle.label | call to read |
|
||||
| UnsafeYamlDeserialization.rb:64:24:64:33 | call to gets | semmle.label | call to gets |
|
||||
| UnsafeYamlDeserialization.rb:67:24:67:32 | call to read | semmle.label | call to read |
|
||||
| UnsafeYamlDeserialization.rb:70:24:70:27 | call to gets | semmle.label | call to gets |
|
||||
| UnsafeYamlDeserialization.rb:73:24:73:32 | call to readlines | semmle.label | call to readlines |
|
||||
subpaths
|
||||
#select
|
||||
| unicode_normalization.rb:8:23:8:35 | unicode_input | unicode_normalization.rb:7:21:7:26 | call to params | unicode_normalization.rb:8:23:8:35 | unicode_input | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:8:23:8:35 | unicode_input | Unicode transformation (Unicode normalization) | unicode_normalization.rb:7:21:7:26 | call to params | remote user-controlled data |
|
||||
| unicode_normalization.rb:9:22:9:34 | unicode_input | unicode_normalization.rb:7:21:7:26 | call to params | unicode_normalization.rb:9:22:9:34 | unicode_input | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:9:22:9:34 | unicode_input | Unicode transformation (Unicode normalization) | unicode_normalization.rb:7:21:7:26 | call to params | remote user-controlled data |
|
||||
| unicode_normalization.rb:17:23:17:41 | unicode_input_manip | unicode_normalization.rb:15:21:15:26 | call to params | unicode_normalization.rb:17:23:17:41 | unicode_input_manip | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:17:23:17:41 | unicode_input_manip | Unicode transformation (Unicode normalization) | unicode_normalization.rb:15:21:15:26 | call to params | remote user-controlled data |
|
||||
| unicode_normalization.rb:18:22:18:40 | unicode_input_manip | unicode_normalization.rb:15:21:15:26 | call to params | unicode_normalization.rb:18:22:18:40 | unicode_input_manip | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:18:22:18:40 | unicode_input_manip | Unicode transformation (Unicode normalization) | unicode_normalization.rb:15:21:15:26 | call to params | remote user-controlled data |
|
||||
| unicode_normalization.rb:26:23:26:39 | unicode_html_safe | unicode_normalization.rb:24:21:24:26 | call to params | unicode_normalization.rb:26:23:26:39 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:26:23:26:39 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:24:21:24:26 | call to params | remote user-controlled data |
|
||||
| unicode_normalization.rb:27:22:27:38 | unicode_html_safe | unicode_normalization.rb:24:21:24:26 | call to params | unicode_normalization.rb:27:22:27:38 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:27:22:27:38 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:24:21:24:26 | call to params | remote user-controlled data |
|
||||
| unicode_normalization.rb:35:23:35:39 | unicode_html_safe | unicode_normalization.rb:33:21:33:26 | call to params | unicode_normalization.rb:35:23:35:39 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:35:23:35:39 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:33:21:33:26 | call to params | remote user-controlled data |
|
||||
| unicode_normalization.rb:36:22:36:38 | unicode_html_safe | unicode_normalization.rb:33:21:33:26 | call to params | unicode_normalization.rb:36:22:36:38 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:36:22:36:38 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:33:21:33:26 | call to params | remote user-controlled data |
|
||||
| UnsafeYamlDeserialization.rb:11:25:11:33 | yaml_data | UnsafeYamlDeserialization.rb:10:17:10:22 | call to params | UnsafeYamlDeserialization.rb:11:25:11:33 | yaml_data | Unsafe deserialization depends on a $@. | UnsafeYamlDeserialization.rb:10:17:10:22 | call to params | user-provided value |
|
||||
| UnsafeYamlDeserialization.rb:18:25:18:33 | yaml_data | UnsafeYamlDeserialization.rb:17:17:17:22 | call to params | UnsafeYamlDeserialization.rb:18:25:18:33 | yaml_data | Unsafe deserialization depends on a $@. | UnsafeYamlDeserialization.rb:17:17:17:22 | call to params | user-provided value |
|
||||
| UnsafeYamlDeserialization.rb:33:32:33:40 | yaml_data | UnsafeYamlDeserialization.rb:32:17:32:22 | call to params | UnsafeYamlDeserialization.rb:33:32:33:40 | yaml_data | Unsafe deserialization depends on a $@. | UnsafeYamlDeserialization.rb:32:17:32:22 | call to params | user-provided value |
|
||||
| UnsafeYamlDeserialization.rb:34:37:34:45 | yaml_data | UnsafeYamlDeserialization.rb:32:17:32:22 | call to params | UnsafeYamlDeserialization.rb:34:37:34:45 | yaml_data | Unsafe deserialization depends on a $@. | UnsafeYamlDeserialization.rb:32:17:32:22 | call to params | user-provided value |
|
||||
| UnsafeYamlDeserialization.rb:35:32:35:40 | yaml_data | UnsafeYamlDeserialization.rb:32:17:32:22 | call to params | UnsafeYamlDeserialization.rb:35:32:35:40 | yaml_data | Unsafe deserialization depends on a $@. | UnsafeYamlDeserialization.rb:32:17:32:22 | call to params | user-provided value |
|
||||
| UnsafeYamlDeserialization.rb:37:14:37:33 | call to to_ruby | UnsafeYamlDeserialization.rb:32:17:32:22 | call to params | UnsafeYamlDeserialization.rb:37:14:37:33 | call to to_ruby | Unsafe deserialization depends on a $@. | UnsafeYamlDeserialization.rb:32:17:32:22 | call to params | user-provided value |
|
||||
| UnsafeYamlDeserialization.rb:38:14:38:43 | call to to_ruby | UnsafeYamlDeserialization.rb:32:17:32:22 | call to params | UnsafeYamlDeserialization.rb:38:14:38:43 | call to to_ruby | Unsafe deserialization depends on a $@. | UnsafeYamlDeserialization.rb:32:17:32:22 | call to params | user-provided value |
|
||||
| UnsafeYamlDeserialization.rb:39:14:39:48 | call to to_ruby | UnsafeYamlDeserialization.rb:32:17:32:22 | call to params | UnsafeYamlDeserialization.rb:39:14:39:48 | call to to_ruby | Unsafe deserialization depends on a $@. | UnsafeYamlDeserialization.rb:32:17:32:22 | call to params | user-provided value |
|
||||
| UnsafeYamlDeserialization.rb:49:14:49:32 | call to to_ruby | UnsafeYamlDeserialization.rb:32:17:32:22 | call to params | UnsafeYamlDeserialization.rb:49:14:49:32 | call to to_ruby | Unsafe deserialization depends on a $@. | UnsafeYamlDeserialization.rb:32:17:32:22 | call to params | user-provided value |
|
||||
| UnsafeYamlDeserialization.rb:61:24:61:34 | call to read | UnsafeYamlDeserialization.rb:61:24:61:34 | call to read | UnsafeYamlDeserialization.rb:61:24:61:34 | call to read | Unsafe deserialization depends on a $@. | UnsafeYamlDeserialization.rb:61:24:61:34 | call to read | value from stdin |
|
||||
| UnsafeYamlDeserialization.rb:64:24:64:33 | call to gets | UnsafeYamlDeserialization.rb:64:24:64:33 | call to gets | UnsafeYamlDeserialization.rb:64:24:64:33 | call to gets | Unsafe deserialization depends on a $@. | UnsafeYamlDeserialization.rb:64:24:64:33 | call to gets | value from stdin |
|
||||
| UnsafeYamlDeserialization.rb:67:24:67:32 | call to read | UnsafeYamlDeserialization.rb:67:24:67:32 | call to read | UnsafeYamlDeserialization.rb:67:24:67:32 | call to read | Unsafe deserialization depends on a $@. | UnsafeYamlDeserialization.rb:67:24:67:32 | call to read | value from stdin |
|
||||
| UnsafeYamlDeserialization.rb:70:24:70:27 | call to gets | UnsafeYamlDeserialization.rb:70:24:70:27 | call to gets | UnsafeYamlDeserialization.rb:70:24:70:27 | call to gets | Unsafe deserialization depends on a $@. | UnsafeYamlDeserialization.rb:70:24:70:27 | call to gets | value from stdin |
|
||||
| UnsafeYamlDeserialization.rb:73:24:73:32 | call to readlines | UnsafeYamlDeserialization.rb:73:24:73:32 | call to readlines | UnsafeYamlDeserialization.rb:73:24:73:32 | call to readlines | Unsafe deserialization depends on a $@. | UnsafeYamlDeserialization.rb:73:24:73:32 | call to readlines | value from stdin |
|
||||
|
||||
Reference in New Issue
Block a user