hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/main' into maikypedia/ruby-ssti

Browse Source
This commit is contained in:
Alex Ford
2023-05-02 16:18:41 +01:00
parent a571bc64ac 2e5a04854e
commit 82c025020d
1125 changed files with 66565 additions and 36410 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ruby/ql/examples/queries.xml
View File

@@ -1 +0,0 @@
<queries language="ruby"/>

21
ruby/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,24 @@
## 0.6.0
### Deprecated APIs
* The recently introduced new data flow and taint tracking APIs have had a
number of module and predicate renamings. The old APIs remain in place for
now.
### Minor Analysis Improvements
* Control flow graph: the evaluation order of scope expressions and receivers in multiple assignments has been adjusted to match the changes made in Ruby
3.1 and 3.2.
* The clear-text storage (`rb/clear-text-storage-sensitive-data`) and logging (`rb/clear-text-logging-sensitive-data`) queries now use built-in flow through hashes, for improved precision. This may result in both new true positives and less false positives.
* Accesses of `params` in Sinatra applications are now recognized as HTTP input accesses.
* Data flow is tracked from Sinatra route handlers to ERB files.
* Data flow is tracked between basic Sinatra filters (those without URL patterns) and their corresponding route handlers.
### Bug Fixes
* Fixed some accidental predicate visibility in the backwards-compatible wrapper for data flow configurations. In particular `DataFlow::hasFlowPath`, `DataFlow::hasFlow`, `DataFlow::hasFlowTo`, and `DataFlow::hasFlowToExpr` were accidentally exposed in a single version.
## 0.5.6
No user-facing changes.

6
ruby/ql/lib/change-notes/2023-03-13-sinatra.md
View File

@@ -1,6 +0,0 @@
---
category: minorAnalysis
---
* Accesses of `params` in Sinatra applications are now recognised as HTTP input accesses.
* Data flow is tracked from Sinatra route handlers to ERB files.
* Data flow is tracked between basic Sinatra filters (those without URL patterns) and their corresponding route handlers.

4
ruby/ql/lib/change-notes/2023-03-16-cleartext-hash-flow.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The clear-text storage (`rb/clear-text-storage-sensitive-data`) and logging (`rb/clear-text-logging-sensitive-data`) queries now use built-in flow through hashes, for improved precision. This may result in both new true positives and less false positives.

5
ruby/ql/lib/change-notes/2023-03-21-evaluation-order.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
---
* Control flow graph: the evaluation order of scope expressions and receivers in multiple assignments has been adjusted to match the changes made in Ruby
3.1 and 3.2.

6
ruby/ql/lib/change-notes/2023-03-23-dataflow-renaming.md
View File

@@ -1,6 +0,0 @@
---
category: deprecated
---
* The recently introduced new data flow and taint tracking APIs have had a
number of module and predicate renamings. The old APIs remain in place for
now.

4
ruby/ql/lib/change-notes/2023-03-28-dataflow-rm-footgun.md
View File

@@ -1,4 +0,0 @@
---
category: fix
---
* Fixed some accidental predicate visibility in the backwards-compatible wrapper for data flow configurations. In particular `DataFlow::hasFlowPath`, `DataFlow::hasFlow`, `DataFlow::hasFlowTo`, and `DataFlow::hasFlowToExpr` were accidentally exposed in a single version.

20
ruby/ql/lib/change-notes/released/0.6.0.md Normal file
View File

@@ -0,0 +1,20 @@
## 0.6.0
### Deprecated APIs
* The recently introduced new data flow and taint tracking APIs have had a
number of module and predicate renamings. The old APIs remain in place for
now.
### Minor Analysis Improvements
* Control flow graph: the evaluation order of scope expressions and receivers in multiple assignments has been adjusted to match the changes made in Ruby
3.1 and 3.2.
* The clear-text storage (`rb/clear-text-storage-sensitive-data`) and logging (`rb/clear-text-logging-sensitive-data`) queries now use built-in flow through hashes, for improved precision. This may result in both new true positives and less false positives.
* Accesses of `params` in Sinatra applications are now recognized as HTTP input accesses.
* Data flow is tracked from Sinatra route handlers to ERB files.
* Data flow is tracked between basic Sinatra filters (those without URL patterns) and their corresponding route handlers.
### Bug Fixes
* Fixed some accidental predicate visibility in the backwards-compatible wrapper for data flow configurations. In particular `DataFlow::hasFlowPath`, `DataFlow::hasFlow`, `DataFlow::hasFlowTo`, and `DataFlow::hasFlowToExpr` were accidentally exposed in a single version.

2
ruby/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.5.6
lastReleaseVersion: 0.6.0

206
ruby/ql/lib/codeql/ruby/ApiGraphs.qll
View File

@@ -99,9 +99,7 @@ module API {
*/
pragma[inline]
DataFlow::Node getAValueReachableFromSource() {
exists(DataFlow::LocalSourceNode src | Impl::use(this, src) |
Impl::trackUseNode(src).flowsTo(result)
)
result = getAValueReachableFromSourceInline(this)
}
/**
@@ -121,7 +119,10 @@ module API {
* end
* ```
*/
DataFlow::LocalSourceNode asSource() { Impl::use(this, result) }
pragma[inline]
DataFlow::LocalSourceNode asSource() {
result = pragma[only_bind_out](this).(Node::Internal).asSourceInternal()
}
/**
* Gets a data-flow node where this value leaves the current codebase and flows into an
@@ -167,6 +168,7 @@ module API {
/**
* Gets a call to a method on the receiver represented by this API component.
*/
pragma[inline]
DataFlow::CallNode getAMethodCall(string method) { result = this.getReturn(method).asSource() }
/**
@@ -177,15 +179,20 @@ module API {
* - A submodule of a module
* - An attribute of an object
*/
bindingset[m]
bindingset[result]
Node getMember(string m) { result = this.getASuccessor(Label::member(m)) }
pragma[inline]
Node getMember(string m) {
result = pragma[only_bind_out](this).(Node::Internal).getMemberInternal(m)
}
/**
* Gets a node representing a member of this API component where the name of the member may
* or may not be known statically.
*/
Node getAMember() { result = this.getASuccessor(Label::member(_)) }
cached
Node getAMember() {
Impl::forceCachingInSameStage() and
result = this.getASuccessor(Label::member(_))
}
/**
* Gets a node representing an instance of this API component, that is, an object whose
@@ -198,41 +205,54 @@ module API {
* This predicate may have multiple results when there are multiple constructor calls invoking this API component.
* Consider using `getAnInstantiation()` if there is a need to distinguish between individual constructor calls.
*/
pragma[inline]
Node getInstance() { result = this.getASubclass().getReturn("new") }
/**
* Gets a node representing a call to `method` on the receiver represented by this node.
*/
pragma[inline]
MethodAccessNode getMethod(string method) {
result = this.getASubclass().getASuccessor(Label::method(method))
result = pragma[only_bind_out](this).(Node::Internal).getMethodInternal(method)
}
/**
* Gets a node representing the result of this call.
*/
Node getReturn() { result = this.getASuccessor(Label::return()) }
pragma[inline]
Node getReturn() { result = pragma[only_bind_out](this).(Node::Internal).getReturnInternal() }
/**
* Gets a node representing the result of calling a method on the receiver represented by this node.
*/
pragma[inline]
Node getReturn(string method) { result = this.getMethod(method).getReturn() }
/** Gets an API node representing the `n`th positional parameter. */
pragma[nomagic]
Node getParameter(int n) { result = this.getASuccessor(Label::parameter(n)) }
cached
Node getParameter(int n) {
Impl::forceCachingInSameStage() and
result = this.getASuccessor(Label::parameter(n))
}
/** Gets an API node representing the given keyword parameter. */
pragma[nomagic]
cached
Node getKeywordParameter(string name) {
Impl::forceCachingInSameStage() and
result = this.getASuccessor(Label::keywordParameter(name))
}
/** Gets an API node representing the block parameter. */
Node getBlock() { result = this.getASuccessor(Label::blockParameter()) }
cached
Node getBlock() {
Impl::forceCachingInSameStage() and
result = this.getASuccessor(Label::blockParameter())
}
/**
* Gets a `new` call to the function represented by this API component.
*/
pragma[inline]
DataFlow::ExprNode getAnInstantiation() { result = this.getInstance().asSource() }
/**
@@ -255,12 +275,17 @@ module API {
* ```
* In the example above, `getMember("A").getAnImmediateSubclass()` will return uses of `B` only.
*/
Node getAnImmediateSubclass() { result = this.getASuccessor(Label::subclass()) }
cached
Node getAnImmediateSubclass() {
Impl::forceCachingInSameStage() and result = this.getASuccessor(Label::subclass())
}
/**
* Gets a node representing the `content` stored on the base object.
*/
cached
Node getContent(DataFlow::Content content) {
Impl::forceCachingInSameStage() and
result = this.getASuccessor(Label::content(content))
}
@@ -274,10 +299,16 @@ module API {
}
/** Gets a node representing the instance field of the given `name`, which must include the `@` character. */
Node getField(string name) { result = this.getContent(DataFlowPrivate::TFieldContent(name)) }
cached
Node getField(string name) {
Impl::forceCachingInSameStage() and
result = this.getContent(DataFlowPrivate::TFieldContent(name))
}
/** Gets a node representing an element of this collection (known or unknown). */
cached
Node getAnElement() {
Impl::forceCachingInSameStage() and
result = this.getContents(any(DataFlow::ContentSet set | set.isAnyElement()))
}
@@ -328,6 +359,11 @@ module API {
Location getLocation() {
result = this.getInducingNode().getLocation()
or
exists(DataFlow::ModuleNode mod |
this = Impl::MkModuleObject(mod) and
result = mod.getLocation()
)
or
// For nodes that do not have a meaningful location, `path` is the empty string and all other
// parameters are zero.
not exists(this.getInducingNode()) and
@@ -337,7 +373,7 @@ module API {
/**
* Gets a textual representation of this element.
*/
abstract string toString();
string toString() { none() }
/**
* Gets a path of the given `length` from the root to this node.
@@ -363,6 +399,65 @@ module API {
int getDepth() { result = Impl::distanceFromRoot(this) }
}
/** Companion module to the `Node` class. */
module Node {
/**
* INTERNAL USE ONLY.
*
* An API node, with some internal predicates exposed.
*/
class Internal extends Node {
/**
* INTERNAL USE ONLY.
*
* Same as `asSource()` but without join-order hints.
*/
cached
DataFlow::LocalSourceNode asSourceInternal() {
Impl::forceCachingInSameStage() and
Impl::use(this, result)
}
/**
* Same as `getMember` but without join-order hints.
*/
cached
Node getMemberInternal(string m) {
Impl::forceCachingInSameStage() and
result = this.getASuccessor(Label::member(m))
}
/**
* Same as `getMethod` but without join-order hints.
*/
cached
MethodAccessNode getMethodInternal(string method) {
Impl::forceCachingInSameStage() and
result = this.getASubclass().getASuccessor(Label::method(method))
}
/**
* INTERNAL USE ONLY.
*
* Same as `getReturn()` but without join-order hints.
*/
cached
Node getReturnInternal() {
Impl::forceCachingInSameStage() and result = this.getASuccessor(Label::return())
}
}
}
bindingset[node]
pragma[inline_late]
private DataFlow::Node getAValueReachableFromSourceInline(Node node) {
exists(DataFlow::LocalSourceNode src, DataFlow::LocalSourceNode dst |
Impl::use(node, pragma[only_bind_into](src)) and
pragma[only_bind_into](dst) = Impl::trackUseNode(src) and
dst.flowsTo(result)
)
}
/** The root node of an API graph. */
class Root extends Node, Impl::MkRoot {
override string toString() { result = "root" }
@@ -443,7 +538,10 @@ module API {
* you should use `.getMember` on the parent module/class. For example, for nodes corresponding to the class `Gem::Version`,
* use `getTopLevelMember("Gem").getMember("Version")`.
*/
Node getTopLevelMember(string m) { result = root().getMember(m) }
cached
Node getTopLevelMember(string m) {
Impl::forceCachingInSameStage() and result = root().(Node::Internal).getMemberInternal(m)
}
/**
* Provides the actual implementation of API graphs, cached for performance.
@@ -469,6 +567,36 @@ module API {
*/
cached
private module Impl {
cached
predicate forceCachingInSameStage() { any() }
cached
predicate forceCachingBackref() {
1 = 1
or
exists(getTopLevelMember(_))
or
exists(
any(Node n)
.(Node::Internal)
.getMemberInternal("foo")
.getAMember()
.(Node::Internal)
.getMethodInternal("foo")
.(Node::Internal)
.getReturnInternal()
.getParameter(0)
.getKeywordParameter("foo")
.getBlock()
.getAnImmediateSubclass()
.getContent(_)
.getField(_)
.getAnElement()
.(Node::Internal)
.asSourceInternal()
)
}
cached
newtype TApiNode =
/** The root of the API graph. */
@@ -478,7 +606,9 @@ module API {
/** A use of an API member at the node `nd`. */
MkUse(DataFlow::Node nd) { isUse(nd) } or
/** A value that escapes into an external library at the node `nd` */
MkDef(DataFlow::Node nd) { isDef(nd) }
MkDef(DataFlow::Node nd) { isDef(nd) } or
/** A module object seen as a use node. */
MkModuleObject(DataFlow::ModuleNode mod)
private string resolveTopLevel(ConstantReadAccess read) {
result = read.getModule().getQualifiedName() and
@@ -561,7 +691,14 @@ module API {
* Holds if `ref` is a use of node `nd`.
*/
cached
predicate use(TApiNode nd, DataFlow::Node ref) { nd = MkUse(ref) }
predicate use(TApiNode nd, DataFlow::Node ref) {
nd = MkUse(ref)
or
exists(DataFlow::ModuleNode mod |
nd = MkModuleObject(mod) and
ref = mod.getAnImmediateReference()
)
}
/**
* Holds if `rhs` is a RHS of node `nd`.
@@ -679,6 +816,14 @@ module API {
trackUseNode(use).flowsTo(call.getReceiver())
}
/**
* Holds if `superclass` is the superclass of `mod`.
*/
pragma[nomagic]
private predicate superclassNode(DataFlow::ModuleNode mod, DataFlow::Node superclass) {
superclass.asExpr().getExpr() = mod.getADeclaration().(ClassDeclaration).getSuperclassExpr()
}
/**
* Holds if there is an edge from `pred` to `succ` in the API graph that is labeled with `lbl`.
*/
@@ -690,38 +835,35 @@ module API {
useRoot(lbl, ref)
or
exists(DataFlow::Node node, DataFlow::Node src |
pred = MkUse(src) and
use(pred, src) and
trackUseNode(src).flowsTo(node) and
useStep(lbl, node, ref)
)
or
exists(DataFlow::Node callback |
pred = MkDef(callback) and
def(pred, callback) and
parameterStep(lbl, trackDefNode(callback), ref)
)
)
or
exists(DataFlow::Node predNode, DataFlow::Node succNode |
def(pred, predNode) and
def(succ, succNode) and
succ = MkDef(succNode) and
defStep(lbl, trackDefNode(predNode), succNode)
)
or
// `pred` is a use of class A
// `succ` is a use of class B
// there exists a class declaration B < A
exists(ClassDeclaration c, DataFlow::Node a, DataFlow::Node b |
use(pred, a) and
use(succ, b) and
b.asExpr().getExpr().(ConstantReadAccess).getAQualifiedName() = c.getAQualifiedName() and
pragma[only_bind_into](c).getSuperclassExpr() = a.asExpr().getExpr() and
exists(DataFlow::Node predNode, DataFlow::Node superclassNode, DataFlow::ModuleNode mod |
use(pred, predNode) and
trackUseNode(predNode).flowsTo(superclassNode) and
superclassNode(mod, superclassNode) and
succ = MkModuleObject(mod) and
lbl = Label::subclass()
)
or
exists(DataFlow::CallNode call |
// from receiver to method call node
exists(DataFlow::Node receiver |
pred = MkUse(receiver) and
use(pred, receiver) and
useNodeReachesReceiver(receiver, call) and
lbl = Label::method(call.getMethodName()) and
succ = MkMethodAccessNode(call)

36
ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll
View File

@@ -952,6 +952,8 @@ private module DestructuredAssignDesugar {
}
abstract private class LhsWithReceiver extends Expr {
LhsWithReceiver() { this = any(DestructuredAssignExpr dae).getElement(_) }
abstract Expr getReceiver();
abstract SynthKind getSynthKind();
@@ -960,8 +962,14 @@ private module DestructuredAssignDesugar {
private class LhsCall extends LhsWithReceiver instanceof MethodCall {
final override Expr getReceiver() { result = MethodCall.super.getReceiver() }
pragma[nomagic]
private string getMethodName(int args) {
result = super.getMethodName() and
args = super.getNumberOfArguments()
}
final override SynthKind getSynthKind() {
result = MethodCallKind(super.getMethodName(), false, super.getNumberOfArguments())
exists(int args | result = MethodCallKind(this.getMethodName(args), false, args))
}
}
@@ -1154,9 +1162,7 @@ private module DestructuredAssignDesugar {
)
}
final override predicate excludeFromControlFlowTree(AstNode n) {
n = any(DestructuredAssignExpr tae).getElement(_).(LhsWithReceiver)
}
final override predicate excludeFromControlFlowTree(AstNode n) { n instanceof LhsWithReceiver }
}
}
@@ -1169,12 +1175,11 @@ private module ArrayLiteralDesugar {
child = SynthChild(MethodCallKind("[]", false, al.getNumberOfElements()))
or
parent = TMethodCallSynth(al, -1, _, _, _) and
(
i = 0 and
child = SynthChild(ConstantReadAccessKind("::Array"))
or
child = childRef(al.getElement(i - 1))
)
i = 0 and
child = SynthChild(ConstantReadAccessKind("::Array"))
or
parent = TMethodCallSynth(al, -1, _, _, _) and
child = childRef(al.getElement(i - 1))
)
}
@@ -1212,12 +1217,11 @@ private module HashLiteralDesugar {
child = SynthChild(MethodCallKind("[]", false, hl.getNumberOfElements()))
or
parent = TMethodCallSynth(hl, -1, _, _, _) and
(
i = 0 and
child = SynthChild(ConstantReadAccessKind("::Hash"))
or
child = childRef(hl.getElement(i - 1))
)
i = 0 and
child = SynthChild(ConstantReadAccessKind("::Hash"))
or
parent = TMethodCallSynth(hl, -1, _, _, _) and
child = childRef(hl.getElement(i - 1))
)
}

49
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlow.qll
View File

@@ -361,3 +361,52 @@ module MergePathGraph<
}
}
}
/**
* Constructs a `PathGraph` from three `PathGraph`s by disjoint union.
*/
module MergePathGraph3<
PathNodeSig PathNode1, PathNodeSig PathNode2, PathNodeSig PathNode3,
PathGraphSig<PathNode1> Graph1, PathGraphSig<PathNode2> Graph2, PathGraphSig<PathNode3> Graph3>
{
private module MergedInner = MergePathGraph<PathNode1, PathNode2, Graph1, Graph2>;
private module Merged =
MergePathGraph<MergedInner::PathNode, PathNode3, MergedInner::PathGraph, Graph3>;
/** A node in a graph of path explanations that is formed by disjoint union of the three given graphs. */
class PathNode instanceof Merged::PathNode {
/** Gets this as a projection on the first given `PathGraph`. */
PathNode1 asPathNode1() { result = super.asPathNode1().asPathNode1() }
/** Gets this as a projection on the second given `PathGraph`. */
PathNode2 asPathNode2() { result = super.asPathNode1().asPathNode2() }
/** Gets this as a projection on the third given `PathGraph`. */
PathNode3 asPathNode3() { result = super.asPathNode2() }
/** Gets a textual representation of this element. */
string toString() { result = super.toString() }
/**
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
/** Gets the underlying `Node`. */
Node getNode() { result = super.getNode() }
}
/**
* Provides the query predicates needed to include a graph in a path-problem query.
*/
module PathGraph = Merged::PathGraph;
}

22
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
View File

@@ -191,13 +191,7 @@ private predicate moduleFlowsToMethodCallReceiver(RelevantCall call, Module m, s
flowsToMethodCallReceiver(call, trackModuleAccess(m), method)
}
private Block yieldCall(RelevantCall call) {
call.getExpr() instanceof YieldCall and
exists(BlockParameterNode node |
node = trackBlock(result) and
node.getMethod() = call.getExpr().getEnclosingMethod()
)
}
private Block blockCall(RelevantCall call) { lambdaSourceCall(call, _, trackBlock(result)) }
pragma[nomagic]
private predicate superCall(RelevantCall call, Module cls, string method) {
@@ -297,7 +291,7 @@ predicate isUserDefinedNew(SingletonMethod new) {
private Callable viableSourceCallableNonInit(RelevantCall call) {
result = getTarget(call) and
not call.getExpr() instanceof YieldCall // handled by `lambdaCreation`/`lambdaCall`
not result = blockCall(call) // handled by `lambdaCreation`/`lambdaCall`
}
private Callable viableSourceCallableInit(RelevantCall call) { result = getInitializeTarget(call) }
@@ -394,7 +388,7 @@ private module Cached {
result = lookupMethod(cls.getAnImmediateAncestor(), method)
)
or
result = yieldCall(call)
result = blockCall(call)
}
/** Gets a viable run-time target for the call `call`. */
@@ -700,13 +694,19 @@ private DataFlow::LocalSourceNode trackBlock(Block block, TypeTracker t) {
t.start() and result.asExpr().getExpr() = block
or
exists(TypeTracker t2, StepSummary summary |
result = trackBlockRec(block, t2, summary) and t = t2.append(summary)
result = trackBlockRec(block, t2, summary) and
t = t2.append(summary)
)
}
/**
* We exclude steps into `self` parameters, which may happen when the code
* base contains implementations of `call`.
*/
pragma[nomagic]
private DataFlow::LocalSourceNode trackBlockRec(Block block, TypeTracker t, StepSummary summary) {
StepSummary::step(trackBlock(block, t), result, summary)
StepSummary::step(trackBlock(block, t), result, summary) and
not result instanceof SelfParameterNode
}
pragma[nomagic]

1247
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll
View File

File diff suppressed because it is too large Load Diff

191
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll
View File

@@ -815,24 +815,20 @@ private module Cached {
)
}
private predicate store(
Node node1, Content c, Node node2, DataFlowType contentType, DataFlowType containerType
) {
exists(ContentSet cs |
c = cs.getAStoreContent() and storeSet(node1, cs, node2, contentType, containerType)
)
}
/**
* Holds if data can flow from `node1` to `node2` via a direct assignment to
* `f`.
* `c`.
*
* This includes reverse steps through reads when the result of the read has
* been stored into, in order to handle cases like `x.f1.f2 = y`.
*/
cached
predicate store(Node node1, TypedContent tc, Node node2, DataFlowType contentType) {
store(node1, tc.getContent(), node2, contentType, tc.getContainerType())
predicate store(
Node node1, Content c, Node node2, DataFlowType contentType, DataFlowType containerType
) {
exists(ContentSet cs |
c = cs.getAStoreContent() and storeSet(node1, cs, node2, contentType, containerType)
)
}
/**
@@ -932,36 +928,15 @@ private module Cached {
TReturnCtxNoFlowThrough() or
TReturnCtxMaybeFlowThrough(ReturnPosition pos)
cached
newtype TTypedContentApprox =
MkTypedContentApprox(ContentApprox c, DataFlowType t) {
exists(Content cont |
c = getContentApprox(cont) and
store(_, cont, _, _, t)
)
}
cached
newtype TTypedContent = MkTypedContent(Content c, DataFlowType t) { store(_, c, _, _, t) }
cached
TypedContent getATypedContent(TypedContentApprox c) {
exists(ContentApprox cls, DataFlowType t, Content cont |
c = MkTypedContentApprox(cls, pragma[only_bind_into](t)) and
result = MkTypedContent(cont, pragma[only_bind_into](t)) and
cls = getContentApprox(cont)
)
}
cached
newtype TAccessPathFront =
TFrontNil(DataFlowType t) or
TFrontHead(TypedContent tc)
TFrontNil() or
TFrontHead(Content c)
cached
newtype TApproxAccessPathFront =
TApproxFrontNil(DataFlowType t) or
TApproxFrontHead(TypedContentApprox tc)
TApproxFrontNil() or
TApproxFrontHead(ContentApprox c)
cached
newtype TAccessPathFrontOption =
@@ -986,8 +961,16 @@ predicate recordDataFlowCallSite(DataFlowCall call, DataFlowCallable callable) {
/**
* A `Node` at which a cast can occur such that the type should be checked.
*/
class CastingNode extends Node {
class CastingNode instanceof Node {
CastingNode() { castingNode(this) }
string toString() { result = super.toString() }
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
}
private predicate readStepWithTypes(
@@ -1135,9 +1118,17 @@ LocalCallContext getLocalCallContext(CallContext ctx, DataFlowCallable callable)
* The value of a parameter at function entry, viewed as a node in a data
* flow graph.
*/
class ParamNode extends Node {
class ParamNode instanceof Node {
ParamNode() { parameterNode(this, _, _) }
string toString() { result = super.toString() }
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
/**
* Holds if this node is the parameter of callable `c` at the specified
* position.
@@ -1146,9 +1137,17 @@ class ParamNode extends Node {
}
/** A data-flow node that represents a call argument. */
class ArgNode extends Node {
class ArgNode instanceof Node {
ArgNode() { argumentNode(this, _, _) }
string toString() { result = super.toString() }
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
/** Holds if this argument occurs at the given position in the given call. */
final predicate argumentOf(DataFlowCall call, ArgumentPosition pos) {
argumentNode(this, call, pos)
@@ -1159,9 +1158,17 @@ class ArgNode extends Node {
* A node from which flow can return to the caller. This is either a regular
* `ReturnNode` or a `PostUpdateNode` corresponding to the value of a parameter.
*/
class ReturnNodeExt extends Node {
class ReturnNodeExt instanceof Node {
ReturnNodeExt() { returnNodeExt(this, _) }
string toString() { result = super.toString() }
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
/** Gets the kind of this returned value. */
ReturnKindExt getKind() { returnNodeExt(this, result) }
}
@@ -1170,8 +1177,16 @@ class ReturnNodeExt extends Node {
* A node to which data can flow from a call. Either an ordinary out node
* or a post-update node associated with a call argument.
*/
class OutNodeExt extends Node {
class OutNodeExt instanceof Node {
OutNodeExt() { outNodeExt(this) }
string toString() { result = super.toString() }
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
}
/**
@@ -1387,67 +1402,37 @@ class ReturnCtx extends TReturnCtx {
}
}
/** An approximated `Content` tagged with the type of a containing object. */
class TypedContentApprox extends MkTypedContentApprox {
private ContentApprox c;
private DataFlowType t;
TypedContentApprox() { this = MkTypedContentApprox(c, t) }
/** Gets a typed content approximated by this value. */
TypedContent getATypedContent() { result = getATypedContent(this) }
/** Gets the content. */
ContentApprox getContent() { result = c }
/** Gets the container type. */
DataFlowType getContainerType() { result = t }
/** Gets a textual representation of this approximated content. */
string toString() { result = c.toString() }
}
/**
* The front of an approximated access path. This is either a head or a nil.
*/
abstract class ApproxAccessPathFront extends TApproxAccessPathFront {
abstract string toString();
abstract DataFlowType getType();
abstract boolean toBoolNonEmpty();
TypedContentApprox getHead() { this = TApproxFrontHead(result) }
ContentApprox getHead() { this = TApproxFrontHead(result) }
pragma[nomagic]
TypedContent getAHead() {
exists(TypedContentApprox cont |
Content getAHead() {
exists(ContentApprox cont |
this = TApproxFrontHead(cont) and
result = cont.getATypedContent()
cont = getContentApprox(result)
)
}
}
class ApproxAccessPathFrontNil extends ApproxAccessPathFront, TApproxFrontNil {
private DataFlowType t;
ApproxAccessPathFrontNil() { this = TApproxFrontNil(t) }
override string toString() { result = ppReprType(t) }
override DataFlowType getType() { result = t }
override string toString() { result = "nil" }
override boolean toBoolNonEmpty() { result = false }
}
class ApproxAccessPathFrontHead extends ApproxAccessPathFront, TApproxFrontHead {
private TypedContentApprox tc;
private ContentApprox c;
ApproxAccessPathFrontHead() { this = TApproxFrontHead(tc) }
ApproxAccessPathFrontHead() { this = TApproxFrontHead(c) }
override string toString() { result = tc.toString() }
override DataFlowType getType() { result = tc.getContainerType() }
override string toString() { result = c.toString() }
override boolean toBoolNonEmpty() { result = true }
}
@@ -1461,65 +1446,31 @@ class ApproxAccessPathFrontOption extends TApproxAccessPathFrontOption {
}
}
/** A `Content` tagged with the type of a containing object. */
class TypedContent extends MkTypedContent {
private Content c;
private DataFlowType t;
TypedContent() { this = MkTypedContent(c, t) }
/** Gets the content. */
Content getContent() { result = c }
/** Gets the container type. */
DataFlowType getContainerType() { result = t }
/** Gets a textual representation of this content. */
string toString() { result = c.toString() }
/**
* Holds if access paths with this `TypedContent` at their head always should
* be tracked at high precision. This disables adaptive access path precision
* for such access paths.
*/
predicate forceHighPrecision() { forceHighPrecision(c) }
}
/**
* The front of an access path. This is either a head or a nil.
*/
abstract class AccessPathFront extends TAccessPathFront {
abstract string toString();
abstract DataFlowType getType();
abstract ApproxAccessPathFront toApprox();
TypedContent getHead() { this = TFrontHead(result) }
Content getHead() { this = TFrontHead(result) }
}
class AccessPathFrontNil extends AccessPathFront, TFrontNil {
private DataFlowType t;
override string toString() { result = "nil" }
AccessPathFrontNil() { this = TFrontNil(t) }
override string toString() { result = ppReprType(t) }
override DataFlowType getType() { result = t }
override ApproxAccessPathFront toApprox() { result = TApproxFrontNil(t) }
override ApproxAccessPathFront toApprox() { result = TApproxFrontNil() }
}
class AccessPathFrontHead extends AccessPathFront, TFrontHead {
private TypedContent tc;
private Content c;
AccessPathFrontHead() { this = TFrontHead(tc) }
AccessPathFrontHead() { this = TFrontHead(c) }
override string toString() { result = tc.toString() }
override string toString() { result = c.toString() }
override DataFlowType getType() { result = tc.getContainerType() }
override ApproxAccessPathFront toApprox() { result.getAHead() = tc }
override ApproxAccessPathFront toApprox() { result.getAHead() = c }
}
/** An optional access path front. */

22
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll
View File

@@ -1279,7 +1279,7 @@ class DataFlowType extends TDataFlowType {
DataFlowType getNodeType(NodeImpl n) { result = TTodoDataFlowType() and exists(n) }
/** Gets a string representation of a `DataFlowType`. */
string ppReprType(DataFlowType t) { result = t.toString() }
string ppReprType(DataFlowType t) { none() }
/**
* Holds if `t1` and `t2` are compatible, that is, whether data can flow from
@@ -1377,18 +1377,28 @@ predicate lambdaCreation(Node creation, LambdaCallKind kind, DataFlowCallable c)
)
}
/** Holds if `call` is a lambda call of kind `kind` where `receiver` is the lambda expression. */
predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) {
/**
* Holds if `call` is a from-source lambda call of kind `kind` where `receiver`
* is the lambda expression.
*/
predicate lambdaSourceCall(CfgNodes::ExprNodes::CallCfgNode call, LambdaCallKind kind, Node receiver) {
kind = TYieldCallKind() and
receiver.(BlockParameterNode).getMethod() =
call.asCall().getExpr().(YieldCall).getEnclosingMethod()
receiver.(BlockParameterNode).getMethod() = call.getExpr().(YieldCall).getEnclosingMethod()
or
kind = TLambdaCallKind() and
call.asCall() =
call =
any(CfgNodes::ExprNodes::MethodCallCfgNode mc |
receiver.asExpr() = mc.getReceiver() and
mc.getExpr().getMethodName() = "call"
)
}
/**
* Holds if `call` is a (from-source or from-summary) lambda call of kind `kind`
* where `receiver` is the lambda expression.
*/
predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) {
lambdaSourceCall(call.asCall(), kind, receiver)
or
receiver = call.(SummaryCall).getReceiver() and
if receiver.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pos | pos.isBlock()))

3
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll
View File

@@ -890,6 +890,9 @@ class ModuleNode instanceof Module {
/** Gets a constant or `self` variable that refers to this module. */
LocalSourceNode getAnImmediateReference() {
result.asExpr().getExpr() = super.getAnImmediateReference()
or
// Include 'self' parameters; these are not expressions and so not found by the case above
result = this.getAnOwnModuleSelf()
}
/**

32
ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
View File

@@ -511,6 +511,23 @@ ActionControllerClass getAssociatedControllerClass(ErbFile f) {
)
}
pragma[nomagic]
private string getActionControllerClassRelativePath(ActionControllerClass cls) {
result = cls.getLocation().getFile().getRelativePath()
}
pragma[nomagic]
private string getErbFileRelativePath(ErbFile templateFile) {
result = templateFile.getRelativePath() and
result.matches("%app/views/layouts/%")
}
bindingset[result]
pragma[inline_late]
private string getErbFileRelativePathInlineLate(ErbFile templateFile) {
result = getErbFileRelativePath(templateFile)
}
// TODO: improve layout support, e.g. for `layout` method
// https://guides.rubyonrails.org/layouts_and_rendering.html
/**
@@ -522,15 +539,18 @@ ActionControllerClass getAssociatedControllerClass(ErbFile f) {
*/
predicate controllerTemplateFile(ActionControllerClass cls, ErbFile templateFile) {
exists(string sourcePrefix, string subPath, string controllerPath |
controllerPath = cls.getLocation().getFile().getRelativePath() and
controllerPath = getActionControllerClassRelativePath(cls) and
// `sourcePrefix` is either a prefix path ending in a slash, or empty if
// the rails app is at the source root
sourcePrefix = [controllerPath.regexpCapture("^(.*/)app/controllers/(?:.*?)/(?:[^/]*)$", 1), ""] and
controllerPath = sourcePrefix + "app/controllers/" + subPath + "_controller.rb" and
(
sourcePrefix + "app/views/" + subPath = templateFile.getParentContainer().getRelativePath()
or
templateFile.getRelativePath().matches(sourcePrefix + "app/views/layouts/" + subPath + "%")
controllerPath = sourcePrefix + "app/controllers/" + subPath + "_controller.rb"
|
sourcePrefix + "app/views/" + subPath = templateFile.getParentContainer().getRelativePath()
or
exists(string path |
path = getErbFileRelativePath(_) and
path.matches(sourcePrefix + "app/views/layouts/" + subPath + "%") and
path = getErbFileRelativePathInlineLate(templateFile)
)
)
}

4
ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll
View File

@@ -40,7 +40,7 @@ private API::Node activeRecordClassApiNode() {
// In Rails applications `ApplicationRecord` typically extends `ActiveRecord::Base`, but we
// treat it separately in case the `ApplicationRecord` definition is not in the database.
API::getTopLevelMember("ApplicationRecord")
].getASubclass()
]
}
/**
@@ -58,7 +58,7 @@ private API::Node activeRecordClassApiNode() {
class ActiveRecordModelClass extends ClassDeclaration {
ActiveRecordModelClass() {
this.getSuperclassExpr() =
activeRecordClassApiNode().getAValueReachableFromSource().asExpr().getExpr()
activeRecordClassApiNode().getASubclass().getAValueReachableFromSource().asExpr().getExpr()
}
// Gets the class declaration for this class and all of its super classes

3
ruby/ql/lib/codeql/ruby/frameworks/ActiveResource.qll
View File

@@ -17,8 +17,9 @@ module ActiveResource {
/**
* An ActiveResource model class. This is any (transitive) subclass of ActiveResource.
*/
pragma[nomagic]
private API::Node modelApiNode() {
result = API::getTopLevelMember("ActiveResource").getMember("Base").getASubclass+()
result = API::getTopLevelMember("ActiveResource").getMember("Base").getASubclass()
}
/**

1
ruby/ql/lib/codeql/ruby/frameworks/ActiveStorage.qll
View File

@@ -85,7 +85,6 @@ module ActiveStorage {
// Class methods
API::getTopLevelMember("ActiveStorage")
.getMember("Blob")
.getASubclass()
.getAMethodCall(["create_after_unfurling!", "create_and_upload!"]),
// Instance methods
any(BlobInstance i, DataFlow::CallNode c |

2
ruby/ql/lib/codeql/ruby/frameworks/GraphQL.qll
View File

@@ -42,7 +42,7 @@ private class GraphqlRelayClassicMutationClass extends ClassDeclaration {
this.getSuperclassExpr() =
graphQlSchema()
.getMember("RelayClassicMutation")
.getASubclass*()
.getASubclass()
.getAValueReachableFromSource()
.asExpr()
.getExpr()

5
ruby/ql/lib/codeql/ruby/frameworks/Twirp.qll
View File

@@ -18,8 +18,7 @@ module Twirp {
*/
class ServiceInstantiation extends DataFlow::CallNode {
ServiceInstantiation() {
this =
API::getTopLevelMember("Twirp").getMember("Service").getASubclass().getAnInstantiation()
this = API::getTopLevelMember("Twirp").getMember("Service").getAnInstantiation()
}
/**
@@ -62,7 +61,7 @@ module Twirp {
*/
class ClientInstantiation extends DataFlow::CallNode {
ClientInstantiation() {
this = API::getTopLevelMember("Twirp").getMember("Client").getASubclass().getAnInstantiation()
this = API::getTopLevelMember("Twirp").getMember("Client").getAnInstantiation()
}
}

10
ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsSpecific.qll
View File

@@ -113,16 +113,18 @@ API::Node getExtraNodeFromType(string type) {
|
suffix = "!" and
(
result.asSource() = constRef
result.(API::Node::Internal).asSourceInternal() = constRef
or
result.asSource() = constRef.getADescendentModule().getAnOwnModuleSelf()
result.(API::Node::Internal).asSourceInternal() =
constRef.getADescendentModule().getAnOwnModuleSelf()
)
or
suffix = "" and
(
result.asSource() = constRef.getAMethodCall("new")
result.(API::Node::Internal).asSourceInternal() = constRef.getAMethodCall("new")
or
result.asSource() = constRef.getADescendentModule().getAnInstanceSelf()
result.(API::Node::Internal).asSourceInternal() =
constRef.getADescendentModule().getAnInstanceSelf()
)
)
or

2
ruby/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/ruby-all
version: 0.5.7-dev
version: 0.6.1-dev
groups: ruby
extractor: ruby
dbscheme: ruby.dbscheme

6
ruby/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,9 @@
## 0.6.0
### New Queries
* Added a new experimental query, `rb/server-side-template-injection`, to detect cases where user input may be embedded into a template's code in an unsafe manner.
## 0.5.6
### Minor Analysis Improvements

9
ruby/ql/src/change-notes/2023-03-15-ssti-query.md → ruby/ql/src/change-notes/released/0.6.0.md
View File

@@ -1,4 +1,5 @@
---
category: newQuery
---
* Added a new experimental query, `rb/server-side-template-injection`, to detect cases where user input may be embedded into a template's code in an unsafe manner.
## 0.6.0
### New Queries
* Added a new experimental query, `rb/server-side-template-injection`, to detect cases where user input may be embedded into a template's code in an unsafe manner.

2
ruby/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.5.6
lastReleaseVersion: 0.6.0

2
ruby/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/ruby-queries
version: 0.5.7-dev
version: 0.6.1-dev
groups:
- ruby
- queries

1
ruby/ql/src/queries.xml
View File

@@ -1 +0,0 @@
<queries language="ruby"/>

3
ruby/ql/src/queries/meta/internal/TaintMetrics.qll
View File

@@ -8,6 +8,7 @@ private import codeql.ruby.security.PathInjectionCustomizations
private import codeql.ruby.security.ServerSideRequestForgeryCustomizations
private import codeql.ruby.security.UnsafeDeserializationCustomizations
private import codeql.ruby.security.UrlRedirectCustomizations
private import codeql.ruby.security.SqlInjectionCustomizations
class RelevantFile extends File {
RelevantFile() { not getRelativePath().regexpMatch(".*/test(case)?s?/.*") }
@@ -34,6 +35,8 @@ DataFlow::Node relevantTaintSink(string kind) {
kind = "UnsafeDeserialization" and result instanceof UnsafeDeserialization::Sink
or
kind = "UrlRedirect" and result instanceof UrlRedirect::Sink
or
kind = "SqlInjection" and result instanceof SqlInjection::Sink
) and
// the sink is not a string literal
not exists(Ast::StringLiteral str |

28
ruby/ql/src/queries/security/cwe-078/NonConstantKernelOpen.ql
View File

@@ -18,23 +18,41 @@
import codeql.ruby.security.KernelOpenQuery
import codeql.ruby.AST
import codeql.ruby.ApiGraphs
import codeql.ruby.DataFlow
from AmbiguousPathCall call
where
not hasConstantPrefix(call.getPathArgument().getALocalSource().asExpr().getExpr()) and
call.getNumberOfArguments() > 0 and
not hasConstantPrefix(call.getPathArgument()) and
not call.getPathArgument().getALocalSource() =
API::getTopLevelMember("File").getAMethodCall("join")
select call,
"Call to " + call.getName() + " with a non-constant value. Consider replacing it with " +
call.getReplacement() + "."
predicate hasConstantPrefix(Expr e) {
predicate hasConstantPrefix(DataFlow::Node node) {
hasConstantPrefix(node.getALocalSource())
or
// if it's a format string, then the first argument is not a constant string
e.(StringlikeLiteral).getComponent(0) instanceof StringTextComponent
node.asExpr().getExpr().(StringlikeLiteral).getComponent(0) instanceof StringTextComponent
or
// it is not a constant string argument
exists(e.getConstantValue())
exists(node.getConstantValue())
or
// not a concatenation that starts with a constant string
hasConstantPrefix(e.(AddExpr).getLeftOperand())
exists(DataFlow::ExprNode prefix |
node.asExpr().getExpr().(AddExpr).getLeftOperand() = prefix.asExpr().getExpr() and
hasConstantPrefix(prefix)
)
or
// is a .freeze call on a constant string
exists(DataFlow::CallNode call | node = call and call.getMethodName() = "freeze" |
hasConstantPrefix(call.getReceiver())
)
or
// is a constant read of a constant string
exists(DataFlow::Node constant |
constant.asExpr().getExpr() = node.asExpr().getExpr().(ConstantReadAccess).getValue() and
hasConstantPrefix(constant)
)
}

16864
ruby/ql/test/library-tests/dataflow/array-flow/array-flow.expected
View File

File diff suppressed because it is too large Load Diff

674
ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected
View File

@@ -1,361 +1,361 @@
failures
edges
| call_sensitivity.rb:9:7:9:13 | call to taint : | call_sensitivity.rb:9:6:9:14 | ( ... ) |
| call_sensitivity.rb:9:7:9:13 | call to taint : | call_sensitivity.rb:9:6:9:14 | ( ... ) |
| call_sensitivity.rb:11:13:11:13 | x : | call_sensitivity.rb:12:11:12:11 | x : |
| call_sensitivity.rb:11:13:11:13 | x : | call_sensitivity.rb:12:11:12:11 | x : |
| call_sensitivity.rb:12:11:12:11 | x : | call_sensitivity.rb:19:22:19:22 | x : |
| call_sensitivity.rb:12:11:12:11 | x : | call_sensitivity.rb:19:22:19:22 | x : |
| call_sensitivity.rb:19:9:19:17 | ( ... ) : | call_sensitivity.rb:11:13:11:13 | x : |
| call_sensitivity.rb:19:9:19:17 | ( ... ) : | call_sensitivity.rb:11:13:11:13 | x : |
| call_sensitivity.rb:19:10:19:16 | call to taint : | call_sensitivity.rb:19:9:19:17 | ( ... ) : |
| call_sensitivity.rb:19:10:19:16 | call to taint : | call_sensitivity.rb:19:9:19:17 | ( ... ) : |
| call_sensitivity.rb:19:22:19:22 | x : | call_sensitivity.rb:19:30:19:30 | x |
| call_sensitivity.rb:19:22:19:22 | x : | call_sensitivity.rb:19:30:19:30 | x |
| call_sensitivity.rb:21:27:21:27 | x : | call_sensitivity.rb:22:17:22:17 | x : |
| call_sensitivity.rb:21:27:21:27 | x : | call_sensitivity.rb:22:17:22:17 | x : |
| call_sensitivity.rb:21:27:21:27 | x : | call_sensitivity.rb:22:17:22:17 | x : |
| call_sensitivity.rb:21:27:21:27 | x : | call_sensitivity.rb:22:17:22:17 | x : |
| call_sensitivity.rb:21:27:21:27 | x : | call_sensitivity.rb:22:17:22:17 | x : |
| call_sensitivity.rb:21:27:21:27 | x : | call_sensitivity.rb:22:17:22:17 | x : |
| call_sensitivity.rb:22:17:22:17 | x : | call_sensitivity.rb:31:17:31:17 | x : |
| call_sensitivity.rb:22:17:22:17 | x : | call_sensitivity.rb:31:17:31:17 | x : |
| call_sensitivity.rb:22:17:22:17 | x : | call_sensitivity.rb:40:23:40:23 | x : |
| call_sensitivity.rb:22:17:22:17 | x : | call_sensitivity.rb:40:23:40:23 | x : |
| call_sensitivity.rb:22:17:22:17 | x : | call_sensitivity.rb:43:24:43:24 | x : |
| call_sensitivity.rb:22:17:22:17 | x : | call_sensitivity.rb:43:24:43:24 | x : |
| call_sensitivity.rb:31:17:31:17 | x : | call_sensitivity.rb:31:27:31:27 | x |
| call_sensitivity.rb:31:17:31:17 | x : | call_sensitivity.rb:31:27:31:27 | x |
| call_sensitivity.rb:32:25:32:32 | call to taint : | call_sensitivity.rb:21:27:21:27 | x : |
| call_sensitivity.rb:32:25:32:32 | call to taint : | call_sensitivity.rb:21:27:21:27 | x : |
| call_sensitivity.rb:40:23:40:23 | x : | call_sensitivity.rb:40:31:40:31 | x |
| call_sensitivity.rb:40:23:40:23 | x : | call_sensitivity.rb:40:31:40:31 | x |
| call_sensitivity.rb:41:25:41:32 | call to taint : | call_sensitivity.rb:21:27:21:27 | x : |
| call_sensitivity.rb:41:25:41:32 | call to taint : | call_sensitivity.rb:21:27:21:27 | x : |
| call_sensitivity.rb:43:24:43:24 | x : | call_sensitivity.rb:43:32:43:32 | x |
| call_sensitivity.rb:43:24:43:24 | x : | call_sensitivity.rb:43:32:43:32 | x |
| call_sensitivity.rb:44:26:44:33 | call to taint : | call_sensitivity.rb:21:27:21:27 | x : |
| call_sensitivity.rb:44:26:44:33 | call to taint : | call_sensitivity.rb:21:27:21:27 | x : |
| call_sensitivity.rb:50:15:50:15 | x : | call_sensitivity.rb:51:10:51:10 | x |
| call_sensitivity.rb:50:15:50:15 | x : | call_sensitivity.rb:51:10:51:10 | x |
| call_sensitivity.rb:54:15:54:15 | x : | call_sensitivity.rb:55:13:55:13 | x : |
| call_sensitivity.rb:54:15:54:15 | x : | call_sensitivity.rb:55:13:55:13 | x : |
| call_sensitivity.rb:54:15:54:15 | x : | call_sensitivity.rb:55:13:55:13 | x : |
| call_sensitivity.rb:54:15:54:15 | x : | call_sensitivity.rb:55:13:55:13 | x : |
| call_sensitivity.rb:55:13:55:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:55:13:55:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:55:13:55:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:55:13:55:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:58:20:58:20 | x : | call_sensitivity.rb:59:18:59:18 | x : |
| call_sensitivity.rb:58:20:58:20 | x : | call_sensitivity.rb:59:18:59:18 | x : |
| call_sensitivity.rb:59:18:59:18 | x : | call_sensitivity.rb:54:15:54:15 | x : |
| call_sensitivity.rb:59:18:59:18 | x : | call_sensitivity.rb:54:15:54:15 | x : |
| call_sensitivity.rb:62:18:62:18 | y : | call_sensitivity.rb:63:15:63:15 | y : |
| call_sensitivity.rb:62:18:62:18 | y : | call_sensitivity.rb:63:15:63:15 | y : |
| call_sensitivity.rb:62:18:62:18 | y : | call_sensitivity.rb:63:15:63:15 | y : |
| call_sensitivity.rb:62:18:62:18 | y : | call_sensitivity.rb:63:15:63:15 | y : |
| call_sensitivity.rb:63:15:63:15 | y : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:63:15:63:15 | y : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:63:15:63:15 | y : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:63:15:63:15 | y : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:66:20:66:20 | x : | call_sensitivity.rb:67:24:67:24 | x : |
| call_sensitivity.rb:66:20:66:20 | x : | call_sensitivity.rb:67:24:67:24 | x : |
| call_sensitivity.rb:67:24:67:24 | x : | call_sensitivity.rb:62:18:62:18 | y : |
| call_sensitivity.rb:67:24:67:24 | x : | call_sensitivity.rb:62:18:62:18 | y : |
| call_sensitivity.rb:70:30:70:30 | x : | call_sensitivity.rb:71:10:71:10 | x |
| call_sensitivity.rb:70:30:70:30 | x : | call_sensitivity.rb:71:10:71:10 | x |
| call_sensitivity.rb:74:18:74:18 | y : | call_sensitivity.rb:76:17:76:17 | y : |
| call_sensitivity.rb:74:18:74:18 | y : | call_sensitivity.rb:76:17:76:17 | y : |
| call_sensitivity.rb:76:17:76:17 | y : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:76:17:76:17 | y : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:80:15:80:15 | x : | call_sensitivity.rb:81:18:81:18 | x : |
| call_sensitivity.rb:80:15:80:15 | x : | call_sensitivity.rb:81:18:81:18 | x : |
| call_sensitivity.rb:81:18:81:18 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:81:18:81:18 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:85:18:85:27 | ( ... ) : | call_sensitivity.rb:80:15:80:15 | x : |
| call_sensitivity.rb:85:18:85:27 | ( ... ) : | call_sensitivity.rb:80:15:80:15 | x : |
| call_sensitivity.rb:85:19:85:26 | call to taint : | call_sensitivity.rb:85:18:85:27 | ( ... ) : |
| call_sensitivity.rb:85:19:85:26 | call to taint : | call_sensitivity.rb:85:18:85:27 | ( ... ) : |
| call_sensitivity.rb:88:30:88:30 | x : | call_sensitivity.rb:89:23:89:23 | x : |
| call_sensitivity.rb:88:30:88:30 | x : | call_sensitivity.rb:89:23:89:23 | x : |
| call_sensitivity.rb:88:30:88:30 | x : | call_sensitivity.rb:89:23:89:23 | x : |
| call_sensitivity.rb:88:30:88:30 | x : | call_sensitivity.rb:89:23:89:23 | x : |
| call_sensitivity.rb:89:23:89:23 | x : | call_sensitivity.rb:70:30:70:30 | x : |
| call_sensitivity.rb:89:23:89:23 | x : | call_sensitivity.rb:70:30:70:30 | x : |
| call_sensitivity.rb:89:23:89:23 | x : | call_sensitivity.rb:70:30:70:30 | x : |
| call_sensitivity.rb:89:23:89:23 | x : | call_sensitivity.rb:70:30:70:30 | x : |
| call_sensitivity.rb:92:35:92:35 | x : | call_sensitivity.rb:93:28:93:28 | x : |
| call_sensitivity.rb:92:35:92:35 | x : | call_sensitivity.rb:93:28:93:28 | x : |
| call_sensitivity.rb:93:28:93:28 | x : | call_sensitivity.rb:88:30:88:30 | x : |
| call_sensitivity.rb:93:28:93:28 | x : | call_sensitivity.rb:88:30:88:30 | x : |
| call_sensitivity.rb:96:33:96:33 | y : | call_sensitivity.rb:97:25:97:25 | y : |
| call_sensitivity.rb:96:33:96:33 | y : | call_sensitivity.rb:97:25:97:25 | y : |
| call_sensitivity.rb:96:33:96:33 | y : | call_sensitivity.rb:97:25:97:25 | y : |
| call_sensitivity.rb:96:33:96:33 | y : | call_sensitivity.rb:97:25:97:25 | y : |
| call_sensitivity.rb:97:25:97:25 | y : | call_sensitivity.rb:70:30:70:30 | x : |
| call_sensitivity.rb:97:25:97:25 | y : | call_sensitivity.rb:70:30:70:30 | x : |
| call_sensitivity.rb:97:25:97:25 | y : | call_sensitivity.rb:70:30:70:30 | x : |
| call_sensitivity.rb:97:25:97:25 | y : | call_sensitivity.rb:70:30:70:30 | x : |
| call_sensitivity.rb:100:35:100:35 | x : | call_sensitivity.rb:101:34:101:34 | x : |
| call_sensitivity.rb:100:35:100:35 | x : | call_sensitivity.rb:101:34:101:34 | x : |
| call_sensitivity.rb:101:34:101:34 | x : | call_sensitivity.rb:96:33:96:33 | y : |
| call_sensitivity.rb:101:34:101:34 | x : | call_sensitivity.rb:96:33:96:33 | y : |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:106:13:106:13 | x : |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:106:13:106:13 | x : |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:106:13:106:13 | x : |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:106:13:106:13 | x : |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:106:13:106:13 | x : |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:106:13:106:13 | x : |
| call_sensitivity.rb:106:13:106:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:106:13:106:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:106:13:106:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:106:13:106:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:106:13:106:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:106:13:106:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:109:21:109:21 | x : | call_sensitivity.rb:110:9:110:9 | x : |
| call_sensitivity.rb:109:21:109:21 | x : | call_sensitivity.rb:110:9:110:9 | x : |
| call_sensitivity.rb:110:9:110:9 | x : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:110:9:110:9 | x : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:114:11:114:20 | ( ... ) : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:114:11:114:20 | ( ... ) : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:114:12:114:19 | call to taint : | call_sensitivity.rb:114:11:114:20 | ( ... ) : |
| call_sensitivity.rb:114:12:114:19 | call to taint : | call_sensitivity.rb:114:11:114:20 | ( ... ) : |
| call_sensitivity.rb:115:11:115:18 | call to taint : | call_sensitivity.rb:54:15:54:15 | x : |
| call_sensitivity.rb:115:11:115:18 | call to taint : | call_sensitivity.rb:54:15:54:15 | x : |
| call_sensitivity.rb:116:16:116:23 | call to taint : | call_sensitivity.rb:58:20:58:20 | x : |
| call_sensitivity.rb:116:16:116:23 | call to taint : | call_sensitivity.rb:58:20:58:20 | x : |
| call_sensitivity.rb:117:14:117:22 | call to taint : | call_sensitivity.rb:62:18:62:18 | y : |
| call_sensitivity.rb:117:14:117:22 | call to taint : | call_sensitivity.rb:62:18:62:18 | y : |
| call_sensitivity.rb:118:16:118:24 | call to taint : | call_sensitivity.rb:66:20:66:20 | x : |
| call_sensitivity.rb:118:16:118:24 | call to taint : | call_sensitivity.rb:66:20:66:20 | x : |
| call_sensitivity.rb:119:14:119:22 | call to taint : | call_sensitivity.rb:74:18:74:18 | y : |
| call_sensitivity.rb:119:14:119:22 | call to taint : | call_sensitivity.rb:74:18:74:18 | y : |
| call_sensitivity.rb:121:21:121:28 | call to taint : | call_sensitivity.rb:88:30:88:30 | x : |
| call_sensitivity.rb:121:21:121:28 | call to taint : | call_sensitivity.rb:88:30:88:30 | x : |
| call_sensitivity.rb:122:26:122:33 | call to taint : | call_sensitivity.rb:92:35:92:35 | x : |
| call_sensitivity.rb:122:26:122:33 | call to taint : | call_sensitivity.rb:92:35:92:35 | x : |
| call_sensitivity.rb:123:24:123:32 | call to taint : | call_sensitivity.rb:96:33:96:33 | y : |
| call_sensitivity.rb:123:24:123:32 | call to taint : | call_sensitivity.rb:96:33:96:33 | y : |
| call_sensitivity.rb:124:26:124:33 | call to taint : | call_sensitivity.rb:100:35:100:35 | x : |
| call_sensitivity.rb:124:26:124:33 | call to taint : | call_sensitivity.rb:100:35:100:35 | x : |
| call_sensitivity.rb:125:12:125:19 | call to taint : | call_sensitivity.rb:109:21:109:21 | x : |
| call_sensitivity.rb:125:12:125:19 | call to taint : | call_sensitivity.rb:109:21:109:21 | x : |
| call_sensitivity.rb:166:14:166:22 | call to taint : | call_sensitivity.rb:74:18:74:18 | y : |
| call_sensitivity.rb:166:14:166:22 | call to taint : | call_sensitivity.rb:74:18:74:18 | y : |
| call_sensitivity.rb:174:19:174:19 | x : | call_sensitivity.rb:175:12:175:12 | x : |
| call_sensitivity.rb:174:19:174:19 | x : | call_sensitivity.rb:175:12:175:12 | x : |
| call_sensitivity.rb:175:12:175:12 | x : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:175:12:175:12 | x : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:178:11:178:19 | call to taint : | call_sensitivity.rb:174:19:174:19 | x : |
| call_sensitivity.rb:178:11:178:19 | call to taint : | call_sensitivity.rb:174:19:174:19 | x : |
| call_sensitivity.rb:187:11:187:20 | ( ... ) : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:187:11:187:20 | ( ... ) : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:187:12:187:19 | call to taint : | call_sensitivity.rb:187:11:187:20 | ( ... ) : |
| call_sensitivity.rb:187:12:187:19 | call to taint : | call_sensitivity.rb:187:11:187:20 | ( ... ) : |
| call_sensitivity.rb:9:7:9:13 | call to taint | call_sensitivity.rb:9:6:9:14 | ( ... ) |
| call_sensitivity.rb:9:7:9:13 | call to taint | call_sensitivity.rb:9:6:9:14 | ( ... ) |
| call_sensitivity.rb:11:13:11:13 | x | call_sensitivity.rb:12:11:12:11 | x |
| call_sensitivity.rb:11:13:11:13 | x | call_sensitivity.rb:12:11:12:11 | x |
| call_sensitivity.rb:12:11:12:11 | x | call_sensitivity.rb:19:22:19:22 | x |
| call_sensitivity.rb:12:11:12:11 | x | call_sensitivity.rb:19:22:19:22 | x |
| call_sensitivity.rb:19:9:19:17 | ( ... ) | call_sensitivity.rb:11:13:11:13 | x |
| call_sensitivity.rb:19:9:19:17 | ( ... ) | call_sensitivity.rb:11:13:11:13 | x |
| call_sensitivity.rb:19:10:19:16 | call to taint | call_sensitivity.rb:19:9:19:17 | ( ... ) |
| call_sensitivity.rb:19:10:19:16 | call to taint | call_sensitivity.rb:19:9:19:17 | ( ... ) |
| call_sensitivity.rb:19:22:19:22 | x | call_sensitivity.rb:19:30:19:30 | x |
| call_sensitivity.rb:19:22:19:22 | x | call_sensitivity.rb:19:30:19:30 | x |
| call_sensitivity.rb:21:27:21:27 | x | call_sensitivity.rb:22:17:22:17 | x |
| call_sensitivity.rb:21:27:21:27 | x | call_sensitivity.rb:22:17:22:17 | x |
| call_sensitivity.rb:21:27:21:27 | x | call_sensitivity.rb:22:17:22:17 | x |
| call_sensitivity.rb:21:27:21:27 | x | call_sensitivity.rb:22:17:22:17 | x |
| call_sensitivity.rb:21:27:21:27 | x | call_sensitivity.rb:22:17:22:17 | x |
| call_sensitivity.rb:21:27:21:27 | x | call_sensitivity.rb:22:17:22:17 | x |
| call_sensitivity.rb:22:17:22:17 | x | call_sensitivity.rb:31:17:31:17 | x |
| call_sensitivity.rb:22:17:22:17 | x | call_sensitivity.rb:31:17:31:17 | x |
| call_sensitivity.rb:22:17:22:17 | x | call_sensitivity.rb:40:23:40:23 | x |
| call_sensitivity.rb:22:17:22:17 | x | call_sensitivity.rb:40:23:40:23 | x |
| call_sensitivity.rb:22:17:22:17 | x | call_sensitivity.rb:43:24:43:24 | x |
| call_sensitivity.rb:22:17:22:17 | x | call_sensitivity.rb:43:24:43:24 | x |
| call_sensitivity.rb:31:17:31:17 | x | call_sensitivity.rb:31:27:31:27 | x |
| call_sensitivity.rb:31:17:31:17 | x | call_sensitivity.rb:31:27:31:27 | x |
| call_sensitivity.rb:32:25:32:32 | call to taint | call_sensitivity.rb:21:27:21:27 | x |
| call_sensitivity.rb:32:25:32:32 | call to taint | call_sensitivity.rb:21:27:21:27 | x |
| call_sensitivity.rb:40:23:40:23 | x | call_sensitivity.rb:40:31:40:31 | x |
| call_sensitivity.rb:40:23:40:23 | x | call_sensitivity.rb:40:31:40:31 | x |
| call_sensitivity.rb:41:25:41:32 | call to taint | call_sensitivity.rb:21:27:21:27 | x |
| call_sensitivity.rb:41:25:41:32 | call to taint | call_sensitivity.rb:21:27:21:27 | x |
| call_sensitivity.rb:43:24:43:24 | x | call_sensitivity.rb:43:32:43:32 | x |
| call_sensitivity.rb:43:24:43:24 | x | call_sensitivity.rb:43:32:43:32 | x |
| call_sensitivity.rb:44:26:44:33 | call to taint | call_sensitivity.rb:21:27:21:27 | x |
| call_sensitivity.rb:44:26:44:33 | call to taint | call_sensitivity.rb:21:27:21:27 | x |
| call_sensitivity.rb:50:15:50:15 | x | call_sensitivity.rb:51:10:51:10 | x |
| call_sensitivity.rb:50:15:50:15 | x | call_sensitivity.rb:51:10:51:10 | x |
| call_sensitivity.rb:54:15:54:15 | x | call_sensitivity.rb:55:13:55:13 | x |
| call_sensitivity.rb:54:15:54:15 | x | call_sensitivity.rb:55:13:55:13 | x |
| call_sensitivity.rb:54:15:54:15 | x | call_sensitivity.rb:55:13:55:13 | x |
| call_sensitivity.rb:54:15:54:15 | x | call_sensitivity.rb:55:13:55:13 | x |
| call_sensitivity.rb:55:13:55:13 | x | call_sensitivity.rb:50:15:50:15 | x |
| call_sensitivity.rb:55:13:55:13 | x | call_sensitivity.rb:50:15:50:15 | x |
| call_sensitivity.rb:55:13:55:13 | x | call_sensitivity.rb:50:15:50:15 | x |
| call_sensitivity.rb:55:13:55:13 | x | call_sensitivity.rb:50:15:50:15 | x |
| call_sensitivity.rb:58:20:58:20 | x | call_sensitivity.rb:59:18:59:18 | x |
| call_sensitivity.rb:58:20:58:20 | x | call_sensitivity.rb:59:18:59:18 | x |
| call_sensitivity.rb:59:18:59:18 | x | call_sensitivity.rb:54:15:54:15 | x |
| call_sensitivity.rb:59:18:59:18 | x | call_sensitivity.rb:54:15:54:15 | x |
| call_sensitivity.rb:62:18:62:18 | y | call_sensitivity.rb:63:15:63:15 | y |
| call_sensitivity.rb:62:18:62:18 | y | call_sensitivity.rb:63:15:63:15 | y |
| call_sensitivity.rb:62:18:62:18 | y | call_sensitivity.rb:63:15:63:15 | y |
| call_sensitivity.rb:62:18:62:18 | y | call_sensitivity.rb:63:15:63:15 | y |
| call_sensitivity.rb:63:15:63:15 | y | call_sensitivity.rb:50:15:50:15 | x |
| call_sensitivity.rb:63:15:63:15 | y | call_sensitivity.rb:50:15:50:15 | x |
| call_sensitivity.rb:63:15:63:15 | y | call_sensitivity.rb:50:15:50:15 | x |
| call_sensitivity.rb:63:15:63:15 | y | call_sensitivity.rb:50:15:50:15 | x |
| call_sensitivity.rb:66:20:66:20 | x | call_sensitivity.rb:67:24:67:24 | x |
| call_sensitivity.rb:66:20:66:20 | x | call_sensitivity.rb:67:24:67:24 | x |
| call_sensitivity.rb:67:24:67:24 | x | call_sensitivity.rb:62:18:62:18 | y |
| call_sensitivity.rb:67:24:67:24 | x | call_sensitivity.rb:62:18:62:18 | y |
| call_sensitivity.rb:70:30:70:30 | x | call_sensitivity.rb:71:10:71:10 | x |
| call_sensitivity.rb:70:30:70:30 | x | call_sensitivity.rb:71:10:71:10 | x |
| call_sensitivity.rb:74:18:74:18 | y | call_sensitivity.rb:76:17:76:17 | y |
| call_sensitivity.rb:74:18:74:18 | y | call_sensitivity.rb:76:17:76:17 | y |
| call_sensitivity.rb:76:17:76:17 | y | call_sensitivity.rb:50:15:50:15 | x |
| call_sensitivity.rb:76:17:76:17 | y | call_sensitivity.rb:50:15:50:15 | x |
| call_sensitivity.rb:80:15:80:15 | x | call_sensitivity.rb:81:18:81:18 | x |
| call_sensitivity.rb:80:15:80:15 | x | call_sensitivity.rb:81:18:81:18 | x |
| call_sensitivity.rb:81:18:81:18 | x | call_sensitivity.rb:50:15:50:15 | x |
| call_sensitivity.rb:81:18:81:18 | x | call_sensitivity.rb:50:15:50:15 | x |
| call_sensitivity.rb:85:18:85:27 | ( ... ) | call_sensitivity.rb:80:15:80:15 | x |
| call_sensitivity.rb:85:18:85:27 | ( ... ) | call_sensitivity.rb:80:15:80:15 | x |
| call_sensitivity.rb:85:19:85:26 | call to taint | call_sensitivity.rb:85:18:85:27 | ( ... ) |
| call_sensitivity.rb:85:19:85:26 | call to taint | call_sensitivity.rb:85:18:85:27 | ( ... ) |
| call_sensitivity.rb:88:30:88:30 | x | call_sensitivity.rb:89:23:89:23 | x |
| call_sensitivity.rb:88:30:88:30 | x | call_sensitivity.rb:89:23:89:23 | x |
| call_sensitivity.rb:88:30:88:30 | x | call_sensitivity.rb:89:23:89:23 | x |
| call_sensitivity.rb:88:30:88:30 | x | call_sensitivity.rb:89:23:89:23 | x |
| call_sensitivity.rb:89:23:89:23 | x | call_sensitivity.rb:70:30:70:30 | x |
| call_sensitivity.rb:89:23:89:23 | x | call_sensitivity.rb:70:30:70:30 | x |
| call_sensitivity.rb:89:23:89:23 | x | call_sensitivity.rb:70:30:70:30 | x |
| call_sensitivity.rb:89:23:89:23 | x | call_sensitivity.rb:70:30:70:30 | x |
| call_sensitivity.rb:92:35:92:35 | x | call_sensitivity.rb:93:28:93:28 | x |
| call_sensitivity.rb:92:35:92:35 | x | call_sensitivity.rb:93:28:93:28 | x |
| call_sensitivity.rb:93:28:93:28 | x | call_sensitivity.rb:88:30:88:30 | x |
| call_sensitivity.rb:93:28:93:28 | x | call_sensitivity.rb:88:30:88:30 | x |
| call_sensitivity.rb:96:33:96:33 | y | call_sensitivity.rb:97:25:97:25 | y |
| call_sensitivity.rb:96:33:96:33 | y | call_sensitivity.rb:97:25:97:25 | y |
| call_sensitivity.rb:96:33:96:33 | y | call_sensitivity.rb:97:25:97:25 | y |
| call_sensitivity.rb:96:33:96:33 | y | call_sensitivity.rb:97:25:97:25 | y |
| call_sensitivity.rb:97:25:97:25 | y | call_sensitivity.rb:70:30:70:30 | x |
| call_sensitivity.rb:97:25:97:25 | y | call_sensitivity.rb:70:30:70:30 | x |
| call_sensitivity.rb:97:25:97:25 | y | call_sensitivity.rb:70:30:70:30 | x |
| call_sensitivity.rb:97:25:97:25 | y | call_sensitivity.rb:70:30:70:30 | x |
| call_sensitivity.rb:100:35:100:35 | x | call_sensitivity.rb:101:34:101:34 | x |
| call_sensitivity.rb:100:35:100:35 | x | call_sensitivity.rb:101:34:101:34 | x |
| call_sensitivity.rb:101:34:101:34 | x | call_sensitivity.rb:96:33:96:33 | y |
| call_sensitivity.rb:101:34:101:34 | x | call_sensitivity.rb:96:33:96:33 | y |
| call_sensitivity.rb:104:18:104:18 | x | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x | call_sensitivity.rb:106:13:106:13 | x |
| call_sensitivity.rb:104:18:104:18 | x | call_sensitivity.rb:106:13:106:13 | x |
| call_sensitivity.rb:104:18:104:18 | x | call_sensitivity.rb:106:13:106:13 | x |
| call_sensitivity.rb:104:18:104:18 | x | call_sensitivity.rb:106:13:106:13 | x |
| call_sensitivity.rb:104:18:104:18 | x | call_sensitivity.rb:106:13:106:13 | x |
| call_sensitivity.rb:104:18:104:18 | x | call_sensitivity.rb:106:13:106:13 | x |
| call_sensitivity.rb:106:13:106:13 | x | call_sensitivity.rb:50:15:50:15 | x |
| call_sensitivity.rb:106:13:106:13 | x | call_sensitivity.rb:50:15:50:15 | x |
| call_sensitivity.rb:106:13:106:13 | x | call_sensitivity.rb:50:15:50:15 | x |
| call_sensitivity.rb:106:13:106:13 | x | call_sensitivity.rb:50:15:50:15 | x |
| call_sensitivity.rb:106:13:106:13 | x | call_sensitivity.rb:50:15:50:15 | x |
| call_sensitivity.rb:106:13:106:13 | x | call_sensitivity.rb:50:15:50:15 | x |
| call_sensitivity.rb:109:21:109:21 | x | call_sensitivity.rb:110:9:110:9 | x |
| call_sensitivity.rb:109:21:109:21 | x | call_sensitivity.rb:110:9:110:9 | x |
| call_sensitivity.rb:110:9:110:9 | x | call_sensitivity.rb:104:18:104:18 | x |
| call_sensitivity.rb:110:9:110:9 | x | call_sensitivity.rb:104:18:104:18 | x |
| call_sensitivity.rb:114:11:114:20 | ( ... ) | call_sensitivity.rb:104:18:104:18 | x |
| call_sensitivity.rb:114:11:114:20 | ( ... ) | call_sensitivity.rb:104:18:104:18 | x |
| call_sensitivity.rb:114:12:114:19 | call to taint | call_sensitivity.rb:114:11:114:20 | ( ... ) |
| call_sensitivity.rb:114:12:114:19 | call to taint | call_sensitivity.rb:114:11:114:20 | ( ... ) |
| call_sensitivity.rb:115:11:115:18 | call to taint | call_sensitivity.rb:54:15:54:15 | x |
| call_sensitivity.rb:115:11:115:18 | call to taint | call_sensitivity.rb:54:15:54:15 | x |
| call_sensitivity.rb:116:16:116:23 | call to taint | call_sensitivity.rb:58:20:58:20 | x |
| call_sensitivity.rb:116:16:116:23 | call to taint | call_sensitivity.rb:58:20:58:20 | x |
| call_sensitivity.rb:117:14:117:22 | call to taint | call_sensitivity.rb:62:18:62:18 | y |
| call_sensitivity.rb:117:14:117:22 | call to taint | call_sensitivity.rb:62:18:62:18 | y |
| call_sensitivity.rb:118:16:118:24 | call to taint | call_sensitivity.rb:66:20:66:20 | x |
| call_sensitivity.rb:118:16:118:24 | call to taint | call_sensitivity.rb:66:20:66:20 | x |
| call_sensitivity.rb:119:14:119:22 | call to taint | call_sensitivity.rb:74:18:74:18 | y |
| call_sensitivity.rb:119:14:119:22 | call to taint | call_sensitivity.rb:74:18:74:18 | y |
| call_sensitivity.rb:121:21:121:28 | call to taint | call_sensitivity.rb:88:30:88:30 | x |
| call_sensitivity.rb:121:21:121:28 | call to taint | call_sensitivity.rb:88:30:88:30 | x |
| call_sensitivity.rb:122:26:122:33 | call to taint | call_sensitivity.rb:92:35:92:35 | x |
| call_sensitivity.rb:122:26:122:33 | call to taint | call_sensitivity.rb:92:35:92:35 | x |
| call_sensitivity.rb:123:24:123:32 | call to taint | call_sensitivity.rb:96:33:96:33 | y |
| call_sensitivity.rb:123:24:123:32 | call to taint | call_sensitivity.rb:96:33:96:33 | y |
| call_sensitivity.rb:124:26:124:33 | call to taint | call_sensitivity.rb:100:35:100:35 | x |
| call_sensitivity.rb:124:26:124:33 | call to taint | call_sensitivity.rb:100:35:100:35 | x |
| call_sensitivity.rb:125:12:125:19 | call to taint | call_sensitivity.rb:109:21:109:21 | x |
| call_sensitivity.rb:125:12:125:19 | call to taint | call_sensitivity.rb:109:21:109:21 | x |
| call_sensitivity.rb:166:14:166:22 | call to taint | call_sensitivity.rb:74:18:74:18 | y |
| call_sensitivity.rb:166:14:166:22 | call to taint | call_sensitivity.rb:74:18:74:18 | y |
| call_sensitivity.rb:174:19:174:19 | x | call_sensitivity.rb:175:12:175:12 | x |
| call_sensitivity.rb:174:19:174:19 | x | call_sensitivity.rb:175:12:175:12 | x |
| call_sensitivity.rb:175:12:175:12 | x | call_sensitivity.rb:104:18:104:18 | x |
| call_sensitivity.rb:175:12:175:12 | x | call_sensitivity.rb:104:18:104:18 | x |
| call_sensitivity.rb:178:11:178:19 | call to taint | call_sensitivity.rb:174:19:174:19 | x |
| call_sensitivity.rb:178:11:178:19 | call to taint | call_sensitivity.rb:174:19:174:19 | x |
| call_sensitivity.rb:187:11:187:20 | ( ... ) | call_sensitivity.rb:104:18:104:18 | x |
| call_sensitivity.rb:187:11:187:20 | ( ... ) | call_sensitivity.rb:104:18:104:18 | x |
| call_sensitivity.rb:187:12:187:19 | call to taint | call_sensitivity.rb:187:11:187:20 | ( ... ) |
| call_sensitivity.rb:187:12:187:19 | call to taint | call_sensitivity.rb:187:11:187:20 | ( ... ) |
nodes
| call_sensitivity.rb:9:6:9:14 | ( ... ) | semmle.label | ( ... ) |
| call_sensitivity.rb:9:6:9:14 | ( ... ) | semmle.label | ( ... ) |
| call_sensitivity.rb:9:7:9:13 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:9:7:9:13 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:11:13:11:13 | x : | semmle.label | x : |
| call_sensitivity.rb:11:13:11:13 | x : | semmle.label | x : |
| call_sensitivity.rb:12:11:12:11 | x : | semmle.label | x : |
| call_sensitivity.rb:12:11:12:11 | x : | semmle.label | x : |
| call_sensitivity.rb:19:9:19:17 | ( ... ) : | semmle.label | ( ... ) : |
| call_sensitivity.rb:19:9:19:17 | ( ... ) : | semmle.label | ( ... ) : |
| call_sensitivity.rb:19:10:19:16 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:19:10:19:16 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:19:22:19:22 | x : | semmle.label | x : |
| call_sensitivity.rb:19:22:19:22 | x : | semmle.label | x : |
| call_sensitivity.rb:9:7:9:13 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:9:7:9:13 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:11:13:11:13 | x | semmle.label | x |
| call_sensitivity.rb:11:13:11:13 | x | semmle.label | x |
| call_sensitivity.rb:12:11:12:11 | x | semmle.label | x |
| call_sensitivity.rb:12:11:12:11 | x | semmle.label | x |
| call_sensitivity.rb:19:9:19:17 | ( ... ) | semmle.label | ( ... ) |
| call_sensitivity.rb:19:9:19:17 | ( ... ) | semmle.label | ( ... ) |
| call_sensitivity.rb:19:10:19:16 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:19:10:19:16 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:19:22:19:22 | x | semmle.label | x |
| call_sensitivity.rb:19:22:19:22 | x | semmle.label | x |
| call_sensitivity.rb:19:30:19:30 | x | semmle.label | x |
| call_sensitivity.rb:19:30:19:30 | x | semmle.label | x |
| call_sensitivity.rb:21:27:21:27 | x : | semmle.label | x : |
| call_sensitivity.rb:21:27:21:27 | x : | semmle.label | x : |
| call_sensitivity.rb:21:27:21:27 | x : | semmle.label | x : |
| call_sensitivity.rb:21:27:21:27 | x : | semmle.label | x : |
| call_sensitivity.rb:21:27:21:27 | x : | semmle.label | x : |
| call_sensitivity.rb:21:27:21:27 | x : | semmle.label | x : |
| call_sensitivity.rb:22:17:22:17 | x : | semmle.label | x : |
| call_sensitivity.rb:22:17:22:17 | x : | semmle.label | x : |
| call_sensitivity.rb:22:17:22:17 | x : | semmle.label | x : |
| call_sensitivity.rb:22:17:22:17 | x : | semmle.label | x : |
| call_sensitivity.rb:22:17:22:17 | x : | semmle.label | x : |
| call_sensitivity.rb:22:17:22:17 | x : | semmle.label | x : |
| call_sensitivity.rb:31:17:31:17 | x : | semmle.label | x : |
| call_sensitivity.rb:31:17:31:17 | x : | semmle.label | x : |
| call_sensitivity.rb:21:27:21:27 | x | semmle.label | x |
| call_sensitivity.rb:21:27:21:27 | x | semmle.label | x |
| call_sensitivity.rb:21:27:21:27 | x | semmle.label | x |
| call_sensitivity.rb:21:27:21:27 | x | semmle.label | x |
| call_sensitivity.rb:21:27:21:27 | x | semmle.label | x |
| call_sensitivity.rb:21:27:21:27 | x | semmle.label | x |
| call_sensitivity.rb:22:17:22:17 | x | semmle.label | x |
| call_sensitivity.rb:22:17:22:17 | x | semmle.label | x |
| call_sensitivity.rb:22:17:22:17 | x | semmle.label | x |
| call_sensitivity.rb:22:17:22:17 | x | semmle.label | x |
| call_sensitivity.rb:22:17:22:17 | x | semmle.label | x |
| call_sensitivity.rb:22:17:22:17 | x | semmle.label | x |
| call_sensitivity.rb:31:17:31:17 | x | semmle.label | x |
| call_sensitivity.rb:31:17:31:17 | x | semmle.label | x |
| call_sensitivity.rb:31:27:31:27 | x | semmle.label | x |
| call_sensitivity.rb:31:27:31:27 | x | semmle.label | x |
| call_sensitivity.rb:32:25:32:32 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:32:25:32:32 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:40:23:40:23 | x : | semmle.label | x : |
| call_sensitivity.rb:40:23:40:23 | x : | semmle.label | x : |
| call_sensitivity.rb:32:25:32:32 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:32:25:32:32 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:40:23:40:23 | x | semmle.label | x |
| call_sensitivity.rb:40:23:40:23 | x | semmle.label | x |
| call_sensitivity.rb:40:31:40:31 | x | semmle.label | x |
| call_sensitivity.rb:40:31:40:31 | x | semmle.label | x |
| call_sensitivity.rb:41:25:41:32 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:41:25:41:32 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:43:24:43:24 | x : | semmle.label | x : |
| call_sensitivity.rb:43:24:43:24 | x : | semmle.label | x : |
| call_sensitivity.rb:41:25:41:32 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:41:25:41:32 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:43:24:43:24 | x | semmle.label | x |
| call_sensitivity.rb:43:24:43:24 | x | semmle.label | x |
| call_sensitivity.rb:43:32:43:32 | x | semmle.label | x |
| call_sensitivity.rb:43:32:43:32 | x | semmle.label | x |
| call_sensitivity.rb:44:26:44:33 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:44:26:44:33 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:50:15:50:15 | x : | semmle.label | x : |
| call_sensitivity.rb:50:15:50:15 | x : | semmle.label | x : |
| call_sensitivity.rb:44:26:44:33 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:44:26:44:33 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:50:15:50:15 | x | semmle.label | x |
| call_sensitivity.rb:50:15:50:15 | x | semmle.label | x |
| call_sensitivity.rb:51:10:51:10 | x | semmle.label | x |
| call_sensitivity.rb:51:10:51:10 | x | semmle.label | x |
| call_sensitivity.rb:54:15:54:15 | x : | semmle.label | x : |
| call_sensitivity.rb:54:15:54:15 | x : | semmle.label | x : |
| call_sensitivity.rb:54:15:54:15 | x : | semmle.label | x : |
| call_sensitivity.rb:54:15:54:15 | x : | semmle.label | x : |
| call_sensitivity.rb:55:13:55:13 | x : | semmle.label | x : |
| call_sensitivity.rb:55:13:55:13 | x : | semmle.label | x : |
| call_sensitivity.rb:55:13:55:13 | x : | semmle.label | x : |
| call_sensitivity.rb:55:13:55:13 | x : | semmle.label | x : |
| call_sensitivity.rb:58:20:58:20 | x : | semmle.label | x : |
| call_sensitivity.rb:58:20:58:20 | x : | semmle.label | x : |
| call_sensitivity.rb:59:18:59:18 | x : | semmle.label | x : |
| call_sensitivity.rb:59:18:59:18 | x : | semmle.label | x : |
| call_sensitivity.rb:62:18:62:18 | y : | semmle.label | y : |
| call_sensitivity.rb:62:18:62:18 | y : | semmle.label | y : |
| call_sensitivity.rb:62:18:62:18 | y : | semmle.label | y : |
| call_sensitivity.rb:62:18:62:18 | y : | semmle.label | y : |
| call_sensitivity.rb:63:15:63:15 | y : | semmle.label | y : |
| call_sensitivity.rb:63:15:63:15 | y : | semmle.label | y : |
| call_sensitivity.rb:63:15:63:15 | y : | semmle.label | y : |
| call_sensitivity.rb:63:15:63:15 | y : | semmle.label | y : |
| call_sensitivity.rb:66:20:66:20 | x : | semmle.label | x : |
| call_sensitivity.rb:66:20:66:20 | x : | semmle.label | x : |
| call_sensitivity.rb:67:24:67:24 | x : | semmle.label | x : |
| call_sensitivity.rb:67:24:67:24 | x : | semmle.label | x : |
| call_sensitivity.rb:70:30:70:30 | x : | semmle.label | x : |
| call_sensitivity.rb:70:30:70:30 | x : | semmle.label | x : |
| call_sensitivity.rb:54:15:54:15 | x | semmle.label | x |
| call_sensitivity.rb:54:15:54:15 | x | semmle.label | x |
| call_sensitivity.rb:54:15:54:15 | x | semmle.label | x |
| call_sensitivity.rb:54:15:54:15 | x | semmle.label | x |
| call_sensitivity.rb:55:13:55:13 | x | semmle.label | x |
| call_sensitivity.rb:55:13:55:13 | x | semmle.label | x |
| call_sensitivity.rb:55:13:55:13 | x | semmle.label | x |
| call_sensitivity.rb:55:13:55:13 | x | semmle.label | x |
| call_sensitivity.rb:58:20:58:20 | x | semmle.label | x |
| call_sensitivity.rb:58:20:58:20 | x | semmle.label | x |
| call_sensitivity.rb:59:18:59:18 | x | semmle.label | x |
| call_sensitivity.rb:59:18:59:18 | x | semmle.label | x |
| call_sensitivity.rb:62:18:62:18 | y | semmle.label | y |
| call_sensitivity.rb:62:18:62:18 | y | semmle.label | y |
| call_sensitivity.rb:62:18:62:18 | y | semmle.label | y |
| call_sensitivity.rb:62:18:62:18 | y | semmle.label | y |
| call_sensitivity.rb:63:15:63:15 | y | semmle.label | y |
| call_sensitivity.rb:63:15:63:15 | y | semmle.label | y |
| call_sensitivity.rb:63:15:63:15 | y | semmle.label | y |
| call_sensitivity.rb:63:15:63:15 | y | semmle.label | y |
| call_sensitivity.rb:66:20:66:20 | x | semmle.label | x |
| call_sensitivity.rb:66:20:66:20 | x | semmle.label | x |
| call_sensitivity.rb:67:24:67:24 | x | semmle.label | x |
| call_sensitivity.rb:67:24:67:24 | x | semmle.label | x |
| call_sensitivity.rb:70:30:70:30 | x | semmle.label | x |
| call_sensitivity.rb:70:30:70:30 | x | semmle.label | x |
| call_sensitivity.rb:71:10:71:10 | x | semmle.label | x |
| call_sensitivity.rb:71:10:71:10 | x | semmle.label | x |
| call_sensitivity.rb:74:18:74:18 | y : | semmle.label | y : |
| call_sensitivity.rb:74:18:74:18 | y : | semmle.label | y : |
| call_sensitivity.rb:76:17:76:17 | y : | semmle.label | y : |
| call_sensitivity.rb:76:17:76:17 | y : | semmle.label | y : |
| call_sensitivity.rb:80:15:80:15 | x : | semmle.label | x : |
| call_sensitivity.rb:80:15:80:15 | x : | semmle.label | x : |
| call_sensitivity.rb:81:18:81:18 | x : | semmle.label | x : |
| call_sensitivity.rb:81:18:81:18 | x : | semmle.label | x : |
| call_sensitivity.rb:85:18:85:27 | ( ... ) : | semmle.label | ( ... ) : |
| call_sensitivity.rb:85:18:85:27 | ( ... ) : | semmle.label | ( ... ) : |
| call_sensitivity.rb:85:19:85:26 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:85:19:85:26 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:88:30:88:30 | x : | semmle.label | x : |
| call_sensitivity.rb:88:30:88:30 | x : | semmle.label | x : |
| call_sensitivity.rb:88:30:88:30 | x : | semmle.label | x : |
| call_sensitivity.rb:88:30:88:30 | x : | semmle.label | x : |
| call_sensitivity.rb:89:23:89:23 | x : | semmle.label | x : |
| call_sensitivity.rb:89:23:89:23 | x : | semmle.label | x : |
| call_sensitivity.rb:89:23:89:23 | x : | semmle.label | x : |
| call_sensitivity.rb:89:23:89:23 | x : | semmle.label | x : |
| call_sensitivity.rb:92:35:92:35 | x : | semmle.label | x : |
| call_sensitivity.rb:92:35:92:35 | x : | semmle.label | x : |
| call_sensitivity.rb:93:28:93:28 | x : | semmle.label | x : |
| call_sensitivity.rb:93:28:93:28 | x : | semmle.label | x : |
| call_sensitivity.rb:96:33:96:33 | y : | semmle.label | y : |
| call_sensitivity.rb:96:33:96:33 | y : | semmle.label | y : |
| call_sensitivity.rb:96:33:96:33 | y : | semmle.label | y : |
| call_sensitivity.rb:96:33:96:33 | y : | semmle.label | y : |
| call_sensitivity.rb:97:25:97:25 | y : | semmle.label | y : |
| call_sensitivity.rb:97:25:97:25 | y : | semmle.label | y : |
| call_sensitivity.rb:97:25:97:25 | y : | semmle.label | y : |
| call_sensitivity.rb:97:25:97:25 | y : | semmle.label | y : |
| call_sensitivity.rb:100:35:100:35 | x : | semmle.label | x : |
| call_sensitivity.rb:100:35:100:35 | x : | semmle.label | x : |
| call_sensitivity.rb:101:34:101:34 | x : | semmle.label | x : |
| call_sensitivity.rb:101:34:101:34 | x : | semmle.label | x : |
| call_sensitivity.rb:104:18:104:18 | x : | semmle.label | x : |
| call_sensitivity.rb:104:18:104:18 | x : | semmle.label | x : |
| call_sensitivity.rb:104:18:104:18 | x : | semmle.label | x : |
| call_sensitivity.rb:104:18:104:18 | x : | semmle.label | x : |
| call_sensitivity.rb:104:18:104:18 | x : | semmle.label | x : |
| call_sensitivity.rb:104:18:104:18 | x : | semmle.label | x : |
| call_sensitivity.rb:104:18:104:18 | x : | semmle.label | x : |
| call_sensitivity.rb:104:18:104:18 | x : | semmle.label | x : |
| call_sensitivity.rb:74:18:74:18 | y | semmle.label | y |
| call_sensitivity.rb:74:18:74:18 | y | semmle.label | y |
| call_sensitivity.rb:76:17:76:17 | y | semmle.label | y |
| call_sensitivity.rb:76:17:76:17 | y | semmle.label | y |
| call_sensitivity.rb:80:15:80:15 | x | semmle.label | x |
| call_sensitivity.rb:80:15:80:15 | x | semmle.label | x |
| call_sensitivity.rb:81:18:81:18 | x | semmle.label | x |
| call_sensitivity.rb:81:18:81:18 | x | semmle.label | x |
| call_sensitivity.rb:85:18:85:27 | ( ... ) | semmle.label | ( ... ) |
| call_sensitivity.rb:85:18:85:27 | ( ... ) | semmle.label | ( ... ) |
| call_sensitivity.rb:85:19:85:26 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:85:19:85:26 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:88:30:88:30 | x | semmle.label | x |
| call_sensitivity.rb:88:30:88:30 | x | semmle.label | x |
| call_sensitivity.rb:88:30:88:30 | x | semmle.label | x |
| call_sensitivity.rb:88:30:88:30 | x | semmle.label | x |
| call_sensitivity.rb:89:23:89:23 | x | semmle.label | x |
| call_sensitivity.rb:89:23:89:23 | x | semmle.label | x |
| call_sensitivity.rb:89:23:89:23 | x | semmle.label | x |
| call_sensitivity.rb:89:23:89:23 | x | semmle.label | x |
| call_sensitivity.rb:92:35:92:35 | x | semmle.label | x |
| call_sensitivity.rb:92:35:92:35 | x | semmle.label | x |
| call_sensitivity.rb:93:28:93:28 | x | semmle.label | x |
| call_sensitivity.rb:93:28:93:28 | x | semmle.label | x |
| call_sensitivity.rb:96:33:96:33 | y | semmle.label | y |
| call_sensitivity.rb:96:33:96:33 | y | semmle.label | y |
| call_sensitivity.rb:96:33:96:33 | y | semmle.label | y |
| call_sensitivity.rb:96:33:96:33 | y | semmle.label | y |
| call_sensitivity.rb:97:25:97:25 | y | semmle.label | y |
| call_sensitivity.rb:97:25:97:25 | y | semmle.label | y |
| call_sensitivity.rb:97:25:97:25 | y | semmle.label | y |
| call_sensitivity.rb:97:25:97:25 | y | semmle.label | y |
| call_sensitivity.rb:100:35:100:35 | x | semmle.label | x |
| call_sensitivity.rb:100:35:100:35 | x | semmle.label | x |
| call_sensitivity.rb:101:34:101:34 | x | semmle.label | x |
| call_sensitivity.rb:101:34:101:34 | x | semmle.label | x |
| call_sensitivity.rb:104:18:104:18 | x | semmle.label | x |
| call_sensitivity.rb:104:18:104:18 | x | semmle.label | x |
| call_sensitivity.rb:104:18:104:18 | x | semmle.label | x |
| call_sensitivity.rb:104:18:104:18 | x | semmle.label | x |
| call_sensitivity.rb:104:18:104:18 | x | semmle.label | x |
| call_sensitivity.rb:104:18:104:18 | x | semmle.label | x |
| call_sensitivity.rb:104:18:104:18 | x | semmle.label | x |
| call_sensitivity.rb:104:18:104:18 | x | semmle.label | x |
| call_sensitivity.rb:105:10:105:10 | x | semmle.label | x |
| call_sensitivity.rb:105:10:105:10 | x | semmle.label | x |
| call_sensitivity.rb:106:13:106:13 | x : | semmle.label | x : |
| call_sensitivity.rb:106:13:106:13 | x : | semmle.label | x : |
| call_sensitivity.rb:106:13:106:13 | x : | semmle.label | x : |
| call_sensitivity.rb:106:13:106:13 | x : | semmle.label | x : |
| call_sensitivity.rb:106:13:106:13 | x : | semmle.label | x : |
| call_sensitivity.rb:106:13:106:13 | x : | semmle.label | x : |
| call_sensitivity.rb:109:21:109:21 | x : | semmle.label | x : |
| call_sensitivity.rb:109:21:109:21 | x : | semmle.label | x : |
| call_sensitivity.rb:110:9:110:9 | x : | semmle.label | x : |
| call_sensitivity.rb:110:9:110:9 | x : | semmle.label | x : |
| call_sensitivity.rb:114:11:114:20 | ( ... ) : | semmle.label | ( ... ) : |
| call_sensitivity.rb:114:11:114:20 | ( ... ) : | semmle.label | ( ... ) : |
| call_sensitivity.rb:114:12:114:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:114:12:114:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:115:11:115:18 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:115:11:115:18 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:116:16:116:23 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:116:16:116:23 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:117:14:117:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:117:14:117:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:118:16:118:24 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:118:16:118:24 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:119:14:119:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:119:14:119:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:121:21:121:28 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:121:21:121:28 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:122:26:122:33 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:122:26:122:33 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:123:24:123:32 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:123:24:123:32 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:124:26:124:33 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:124:26:124:33 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:125:12:125:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:125:12:125:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:166:14:166:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:166:14:166:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:174:19:174:19 | x : | semmle.label | x : |
| call_sensitivity.rb:174:19:174:19 | x : | semmle.label | x : |
| call_sensitivity.rb:175:12:175:12 | x : | semmle.label | x : |
| call_sensitivity.rb:175:12:175:12 | x : | semmle.label | x : |
| call_sensitivity.rb:178:11:178:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:178:11:178:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:187:11:187:20 | ( ... ) : | semmle.label | ( ... ) : |
| call_sensitivity.rb:187:11:187:20 | ( ... ) : | semmle.label | ( ... ) : |
| call_sensitivity.rb:187:12:187:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:187:12:187:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:106:13:106:13 | x | semmle.label | x |
| call_sensitivity.rb:106:13:106:13 | x | semmle.label | x |
| call_sensitivity.rb:106:13:106:13 | x | semmle.label | x |
| call_sensitivity.rb:106:13:106:13 | x | semmle.label | x |
| call_sensitivity.rb:106:13:106:13 | x | semmle.label | x |
| call_sensitivity.rb:106:13:106:13 | x | semmle.label | x |
| call_sensitivity.rb:109:21:109:21 | x | semmle.label | x |
| call_sensitivity.rb:109:21:109:21 | x | semmle.label | x |
| call_sensitivity.rb:110:9:110:9 | x | semmle.label | x |
| call_sensitivity.rb:110:9:110:9 | x | semmle.label | x |
| call_sensitivity.rb:114:11:114:20 | ( ... ) | semmle.label | ( ... ) |
| call_sensitivity.rb:114:11:114:20 | ( ... ) | semmle.label | ( ... ) |
| call_sensitivity.rb:114:12:114:19 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:114:12:114:19 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:115:11:115:18 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:115:11:115:18 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:116:16:116:23 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:116:16:116:23 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:117:14:117:22 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:117:14:117:22 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:118:16:118:24 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:118:16:118:24 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:119:14:119:22 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:119:14:119:22 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:121:21:121:28 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:121:21:121:28 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:122:26:122:33 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:122:26:122:33 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:123:24:123:32 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:123:24:123:32 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:124:26:124:33 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:124:26:124:33 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:125:12:125:19 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:125:12:125:19 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:166:14:166:22 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:166:14:166:22 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:174:19:174:19 | x | semmle.label | x |
| call_sensitivity.rb:174:19:174:19 | x | semmle.label | x |
| call_sensitivity.rb:175:12:175:12 | x | semmle.label | x |
| call_sensitivity.rb:175:12:175:12 | x | semmle.label | x |
| call_sensitivity.rb:178:11:178:19 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:178:11:178:19 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:187:11:187:20 | ( ... ) | semmle.label | ( ... ) |
| call_sensitivity.rb:187:11:187:20 | ( ... ) | semmle.label | ( ... ) |
| call_sensitivity.rb:187:12:187:19 | call to taint | semmle.label | call to taint |
| call_sensitivity.rb:187:12:187:19 | call to taint | semmle.label | call to taint |
subpaths
#select
| call_sensitivity.rb:9:6:9:14 | ( ... ) | call_sensitivity.rb:9:7:9:13 | call to taint : | call_sensitivity.rb:9:6:9:14 | ( ... ) | $@ | call_sensitivity.rb:9:7:9:13 | call to taint : | call to taint : |
| call_sensitivity.rb:19:30:19:30 | x | call_sensitivity.rb:19:10:19:16 | call to taint : | call_sensitivity.rb:19:30:19:30 | x | $@ | call_sensitivity.rb:19:10:19:16 | call to taint : | call to taint : |
| call_sensitivity.rb:31:27:31:27 | x | call_sensitivity.rb:32:25:32:32 | call to taint : | call_sensitivity.rb:31:27:31:27 | x | $@ | call_sensitivity.rb:32:25:32:32 | call to taint : | call to taint : |
| call_sensitivity.rb:40:31:40:31 | x | call_sensitivity.rb:41:25:41:32 | call to taint : | call_sensitivity.rb:40:31:40:31 | x | $@ | call_sensitivity.rb:41:25:41:32 | call to taint : | call to taint : |
| call_sensitivity.rb:43:32:43:32 | x | call_sensitivity.rb:44:26:44:33 | call to taint : | call_sensitivity.rb:43:32:43:32 | x | $@ | call_sensitivity.rb:44:26:44:33 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:85:19:85:26 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:85:19:85:26 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:114:12:114:19 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:114:12:114:19 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:115:11:115:18 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:115:11:115:18 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:116:16:116:23 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:116:16:116:23 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:117:14:117:22 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:117:14:117:22 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:118:16:118:24 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:118:16:118:24 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:119:14:119:22 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:119:14:119:22 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:125:12:125:19 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:125:12:125:19 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:166:14:166:22 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:166:14:166:22 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:178:11:178:19 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:178:11:178:19 | call to taint : | call to taint : |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:121:21:121:28 | call to taint : | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:121:21:121:28 | call to taint : | call to taint : |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:122:26:122:33 | call to taint : | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:122:26:122:33 | call to taint : | call to taint : |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:123:24:123:32 | call to taint : | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:123:24:123:32 | call to taint : | call to taint : |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:124:26:124:33 | call to taint : | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:124:26:124:33 | call to taint : | call to taint : |
| call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:114:12:114:19 | call to taint : | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:114:12:114:19 | call to taint : | call to taint : |
| call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:125:12:125:19 | call to taint : | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:125:12:125:19 | call to taint : | call to taint : |
| call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:178:11:178:19 | call to taint : | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:178:11:178:19 | call to taint : | call to taint : |
| call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:187:12:187:19 | call to taint : | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:187:12:187:19 | call to taint : | call to taint : |
| call_sensitivity.rb:9:6:9:14 | ( ... ) | call_sensitivity.rb:9:7:9:13 | call to taint | call_sensitivity.rb:9:6:9:14 | ( ... ) | $@ | call_sensitivity.rb:9:7:9:13 | call to taint | call to taint |
| call_sensitivity.rb:19:30:19:30 | x | call_sensitivity.rb:19:10:19:16 | call to taint | call_sensitivity.rb:19:30:19:30 | x | $@ | call_sensitivity.rb:19:10:19:16 | call to taint | call to taint |
| call_sensitivity.rb:31:27:31:27 | x | call_sensitivity.rb:32:25:32:32 | call to taint | call_sensitivity.rb:31:27:31:27 | x | $@ | call_sensitivity.rb:32:25:32:32 | call to taint | call to taint |
| call_sensitivity.rb:40:31:40:31 | x | call_sensitivity.rb:41:25:41:32 | call to taint | call_sensitivity.rb:40:31:40:31 | x | $@ | call_sensitivity.rb:41:25:41:32 | call to taint | call to taint |
| call_sensitivity.rb:43:32:43:32 | x | call_sensitivity.rb:44:26:44:33 | call to taint | call_sensitivity.rb:43:32:43:32 | x | $@ | call_sensitivity.rb:44:26:44:33 | call to taint | call to taint |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:85:19:85:26 | call to taint | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:85:19:85:26 | call to taint | call to taint |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:114:12:114:19 | call to taint | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:114:12:114:19 | call to taint | call to taint |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:115:11:115:18 | call to taint | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:115:11:115:18 | call to taint | call to taint |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:116:16:116:23 | call to taint | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:116:16:116:23 | call to taint | call to taint |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:117:14:117:22 | call to taint | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:117:14:117:22 | call to taint | call to taint |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:118:16:118:24 | call to taint | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:118:16:118:24 | call to taint | call to taint |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:119:14:119:22 | call to taint | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:119:14:119:22 | call to taint | call to taint |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:125:12:125:19 | call to taint | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:125:12:125:19 | call to taint | call to taint |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:166:14:166:22 | call to taint | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:166:14:166:22 | call to taint | call to taint |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:178:11:178:19 | call to taint | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:178:11:178:19 | call to taint | call to taint |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:121:21:121:28 | call to taint | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:121:21:121:28 | call to taint | call to taint |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:122:26:122:33 | call to taint | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:122:26:122:33 | call to taint | call to taint |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:123:24:123:32 | call to taint | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:123:24:123:32 | call to taint | call to taint |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:124:26:124:33 | call to taint | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:124:26:124:33 | call to taint | call to taint |
| call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:114:12:114:19 | call to taint | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:114:12:114:19 | call to taint | call to taint |
| call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:125:12:125:19 | call to taint | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:125:12:125:19 | call to taint | call to taint |
| call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:178:11:178:19 | call to taint | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:178:11:178:19 | call to taint | call to taint |
| call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:187:12:187:19 | call to taint | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:187:12:187:19 | call to taint | call to taint |
mayBenefitFromCallContext
| call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:54:3:56:5 | method2 |

3842
ruby/ql/test/library-tests/dataflow/flow-summaries/semantics.expected
View File

File diff suppressed because it is too large Load Diff

988
ruby/ql/test/library-tests/dataflow/global/Flow.expected
View File

File diff suppressed because it is too large Load Diff

4118
ruby/ql/test/library-tests/dataflow/hash-flow/hash-flow.expected
View File

File diff suppressed because it is too large Load Diff

17
ruby/ql/test/library-tests/dataflow/helpers/dataflow.expected
View File

@@ -127,11 +127,28 @@ getModuleLevelSelf
getAnImmediateReference
| file://:0:0:0:0 | Array | tst.rb:59:15:59:21 | Array |
| file://:0:0:0:0 | Hash | tst.rb:60:14:60:45 | Hash |
| tst.rb:1:1:6:3 | C1 | tst.rb:1:1:6:3 | self (C1) |
| tst.rb:1:1:6:3 | C1 | tst.rb:8:12:8:13 | C1 |
| tst.rb:8:1:11:3 | C2 | tst.rb:8:1:11:3 | self (C2) |
| tst.rb:8:1:11:3 | C2 | tst.rb:27:12:27:13 | C2 |
| tst.rb:13:1:18:3 | Mixin | tst.rb:13:1:18:3 | self (Mixin) |
| tst.rb:13:1:18:3 | Mixin | tst.rb:16:5:17:7 | self in m1s |
| tst.rb:13:1:18:3 | Mixin | tst.rb:28:13:28:17 | Mixin |
| tst.rb:20:1:25:3 | Mixin2 | tst.rb:20:1:25:3 | self (Mixin2) |
| tst.rb:20:1:25:3 | Mixin2 | tst.rb:23:5:24:7 | self in m2s |
| tst.rb:20:1:25:3 | Mixin2 | tst.rb:29:13:29:18 | Mixin2 |
| tst.rb:27:1:35:3 | C3 | tst.rb:27:1:35:3 | self (C3) |
| tst.rb:27:1:35:3 | C3 | tst.rb:32:9:33:11 | self in c3_self1 |
| tst.rb:27:1:35:3 | C3 | tst.rb:37:1:38:3 | self in c3_self2 |
| tst.rb:27:1:35:3 | C3 | tst.rb:37:5:37:6 | C3 |
| tst.rb:40:1:47:3 | N1 | tst.rb:40:1:47:3 | self (N1) |
| tst.rb:41:5:42:7 | N1::XY1 | tst.rb:41:5:42:7 | self (XY1) |
| tst.rb:43:5:46:7 | N1::N2 | tst.rb:43:5:46:7 | self (N2) |
| tst.rb:44:9:45:11 | N1::N2::XY2 | tst.rb:44:9:45:11 | self (XY2) |
| tst.rb:49:1:51:3 | N2 | tst.rb:49:1:51:3 | self (N2) |
| tst.rb:49:1:51:3 | N2 | tst.rb:52:1:55:3 | self (N2) |
| tst.rb:53:5:54:7 | N2::XY3 | tst.rb:53:5:54:7 | self (XY3) |
| tst.rb:57:1:62:3 | Nodes | tst.rb:57:1:62:3 | self (Nodes) |
getOwnInstanceMethod
| tst.rb:1:1:6:3 | C1 | c1 | tst.rb:2:5:5:7 | c1 |
| tst.rb:8:1:11:3 | C2 | c2 | tst.rb:9:5:10:7 | c2 |

358
ruby/ql/test/library-tests/dataflow/local/InlineFlowTest.expected
View File

@@ -1,217 +1,217 @@
failures
edges
| local_dataflow.rb:78:3:78:3 | z : | local_dataflow.rb:89:8:89:8 | z |
| local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:79:13:79:13 | b : |
| local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:80:8:80:8 | a : |
| local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:81:9:81:9 | c : |
| local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:81:13:81:13 | d : |
| local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:81:16:81:16 | e : |
| local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:85:13:85:13 | f : |
| local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:86:18:86:18 | g : |
| local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:87:10:87:10 | x : |
| local_dataflow.rb:79:13:79:13 | b : | local_dataflow.rb:79:25:79:25 | b |
| local_dataflow.rb:80:8:80:8 | a : | local_dataflow.rb:80:29:80:29 | a |
| local_dataflow.rb:81:9:81:9 | c : | local_dataflow.rb:82:12:82:12 | c |
| local_dataflow.rb:81:13:81:13 | d : | local_dataflow.rb:83:12:83:12 | d |
| local_dataflow.rb:81:16:81:16 | e : | local_dataflow.rb:84:12:84:12 | e |
| local_dataflow.rb:85:13:85:13 | f : | local_dataflow.rb:85:27:85:27 | f |
| local_dataflow.rb:86:18:86:18 | g : | local_dataflow.rb:86:33:86:33 | g |
| local_dataflow.rb:87:10:87:10 | x : | local_dataflow.rb:78:3:78:3 | z : |
| local_dataflow.rb:87:10:87:10 | x : | local_dataflow.rb:87:25:87:25 | x |
| local_dataflow.rb:93:3:93:3 | a : | local_dataflow.rb:94:8:94:8 | a |
| local_dataflow.rb:93:3:93:3 | a : | local_dataflow.rb:94:8:94:8 | a |
| local_dataflow.rb:93:7:93:15 | call to source : | local_dataflow.rb:93:3:93:3 | a : |
| local_dataflow.rb:93:7:93:15 | call to source : | local_dataflow.rb:93:3:93:3 | a : |
| local_dataflow.rb:93:20:93:28 | call to source : | local_dataflow.rb:93:3:93:3 | a : |
| local_dataflow.rb:93:20:93:28 | call to source : | local_dataflow.rb:93:3:93:3 | a : |
| local_dataflow.rb:95:3:95:3 | b : | local_dataflow.rb:96:8:96:8 | b |
| local_dataflow.rb:95:3:95:3 | b : | local_dataflow.rb:96:8:96:8 | b |
| local_dataflow.rb:95:8:95:16 | call to source : | local_dataflow.rb:95:3:95:3 | b : |
| local_dataflow.rb:95:8:95:16 | call to source : | local_dataflow.rb:95:3:95:3 | b : |
| local_dataflow.rb:95:21:95:29 | call to source : | local_dataflow.rb:95:3:95:3 | b : |
| local_dataflow.rb:95:21:95:29 | call to source : | local_dataflow.rb:95:3:95:3 | b : |
| local_dataflow.rb:98:3:98:3 | a : | local_dataflow.rb:99:8:99:8 | a |
| local_dataflow.rb:98:3:98:3 | a : | local_dataflow.rb:99:8:99:8 | a |
| local_dataflow.rb:98:7:98:15 | call to source : | local_dataflow.rb:98:3:98:3 | a : |
| local_dataflow.rb:98:7:98:15 | call to source : | local_dataflow.rb:98:3:98:3 | a : |
| local_dataflow.rb:98:20:98:28 | call to source : | local_dataflow.rb:98:3:98:3 | a : |
| local_dataflow.rb:98:20:98:28 | call to source : | local_dataflow.rb:98:3:98:3 | a : |
| local_dataflow.rb:100:3:100:3 | b : | local_dataflow.rb:101:8:101:8 | b |
| local_dataflow.rb:100:3:100:3 | b : | local_dataflow.rb:101:8:101:8 | b |
| local_dataflow.rb:100:8:100:16 | call to source : | local_dataflow.rb:100:3:100:3 | b : |
| local_dataflow.rb:100:8:100:16 | call to source : | local_dataflow.rb:100:3:100:3 | b : |
| local_dataflow.rb:100:22:100:30 | call to source : | local_dataflow.rb:100:3:100:3 | b : |
| local_dataflow.rb:100:22:100:30 | call to source : | local_dataflow.rb:100:3:100:3 | b : |
| local_dataflow.rb:103:3:103:3 | a : | local_dataflow.rb:104:3:104:3 | a : |
| local_dataflow.rb:103:3:103:3 | a : | local_dataflow.rb:104:3:104:3 | a : |
| local_dataflow.rb:103:7:103:15 | call to source : | local_dataflow.rb:103:3:103:3 | a : |
| local_dataflow.rb:103:7:103:15 | call to source : | local_dataflow.rb:103:3:103:3 | a : |
| local_dataflow.rb:104:3:104:3 | a : | local_dataflow.rb:105:8:105:8 | a |
| local_dataflow.rb:104:3:104:3 | a : | local_dataflow.rb:105:8:105:8 | a |
| local_dataflow.rb:104:9:104:17 | call to source : | local_dataflow.rb:104:3:104:3 | a : |
| local_dataflow.rb:104:9:104:17 | call to source : | local_dataflow.rb:104:3:104:3 | a : |
| local_dataflow.rb:106:3:106:3 | b : | local_dataflow.rb:107:3:107:3 | b : |
| local_dataflow.rb:106:3:106:3 | b : | local_dataflow.rb:107:3:107:3 | b : |
| local_dataflow.rb:106:7:106:15 | call to source : | local_dataflow.rb:106:3:106:3 | b : |
| local_dataflow.rb:106:7:106:15 | call to source : | local_dataflow.rb:106:3:106:3 | b : |
| local_dataflow.rb:107:3:107:3 | b : | local_dataflow.rb:108:8:108:8 | b |
| local_dataflow.rb:107:3:107:3 | b : | local_dataflow.rb:108:8:108:8 | b |
| local_dataflow.rb:107:9:107:17 | call to source : | local_dataflow.rb:107:3:107:3 | b : |
| local_dataflow.rb:107:9:107:17 | call to source : | local_dataflow.rb:107:3:107:3 | b : |
| local_dataflow.rb:112:8:112:16 | call to source : | local_dataflow.rb:112:8:112:20 | call to dup |
| local_dataflow.rb:112:8:112:16 | call to source : | local_dataflow.rb:112:8:112:20 | call to dup |
| local_dataflow.rb:113:8:113:16 | call to source : | local_dataflow.rb:113:8:113:20 | call to dup : |
| local_dataflow.rb:113:8:113:16 | call to source : | local_dataflow.rb:113:8:113:20 | call to dup : |
| local_dataflow.rb:113:8:113:20 | call to dup : | local_dataflow.rb:113:8:113:24 | call to dup |
| local_dataflow.rb:113:8:113:20 | call to dup : | local_dataflow.rb:113:8:113:24 | call to dup |
| local_dataflow.rb:117:8:117:16 | call to source : | local_dataflow.rb:117:8:117:23 | call to tap |
| local_dataflow.rb:117:8:117:16 | call to source : | local_dataflow.rb:117:8:117:23 | call to tap |
| local_dataflow.rb:118:3:118:11 | call to source : | local_dataflow.rb:118:20:118:20 | x : |
| local_dataflow.rb:118:3:118:11 | call to source : | local_dataflow.rb:118:20:118:20 | x : |
| local_dataflow.rb:118:20:118:20 | x : | local_dataflow.rb:118:28:118:28 | x |
| local_dataflow.rb:118:20:118:20 | x : | local_dataflow.rb:118:28:118:28 | x |
| local_dataflow.rb:119:8:119:16 | call to source : | local_dataflow.rb:119:8:119:23 | call to tap : |
| local_dataflow.rb:119:8:119:16 | call to source : | local_dataflow.rb:119:8:119:23 | call to tap : |
| local_dataflow.rb:119:8:119:23 | call to tap : | local_dataflow.rb:119:8:119:30 | call to tap |
| local_dataflow.rb:119:8:119:23 | call to tap : | local_dataflow.rb:119:8:119:30 | call to tap |
| local_dataflow.rb:123:8:123:16 | call to source : | local_dataflow.rb:123:8:123:20 | call to dup : |
| local_dataflow.rb:123:8:123:16 | call to source : | local_dataflow.rb:123:8:123:20 | call to dup : |
| local_dataflow.rb:123:8:123:20 | call to dup : | local_dataflow.rb:123:8:123:45 | call to tap : |
| local_dataflow.rb:123:8:123:20 | call to dup : | local_dataflow.rb:123:8:123:45 | call to tap : |
| local_dataflow.rb:123:8:123:45 | call to tap : | local_dataflow.rb:123:8:123:49 | call to dup |
| local_dataflow.rb:123:8:123:45 | call to tap : | local_dataflow.rb:123:8:123:49 | call to dup |
| local_dataflow.rb:78:3:78:3 | z | local_dataflow.rb:89:8:89:8 | z |
| local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:79:13:79:13 | b |
| local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:80:8:80:8 | a |
| local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:81:9:81:9 | c |
| local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:81:13:81:13 | d |
| local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:81:16:81:16 | e |
| local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:85:13:85:13 | f |
| local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:86:18:86:18 | g |
| local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:87:10:87:10 | x |
| local_dataflow.rb:79:13:79:13 | b | local_dataflow.rb:79:25:79:25 | b |
| local_dataflow.rb:80:8:80:8 | a | local_dataflow.rb:80:29:80:29 | a |
| local_dataflow.rb:81:9:81:9 | c | local_dataflow.rb:82:12:82:12 | c |
| local_dataflow.rb:81:13:81:13 | d | local_dataflow.rb:83:12:83:12 | d |
| local_dataflow.rb:81:16:81:16 | e | local_dataflow.rb:84:12:84:12 | e |
| local_dataflow.rb:85:13:85:13 | f | local_dataflow.rb:85:27:85:27 | f |
| local_dataflow.rb:86:18:86:18 | g | local_dataflow.rb:86:33:86:33 | g |
| local_dataflow.rb:87:10:87:10 | x | local_dataflow.rb:78:3:78:3 | z |
| local_dataflow.rb:87:10:87:10 | x | local_dataflow.rb:87:25:87:25 | x |
| local_dataflow.rb:93:3:93:3 | a | local_dataflow.rb:94:8:94:8 | a |
| local_dataflow.rb:93:3:93:3 | a | local_dataflow.rb:94:8:94:8 | a |
| local_dataflow.rb:93:7:93:15 | call to source | local_dataflow.rb:93:3:93:3 | a |
| local_dataflow.rb:93:7:93:15 | call to source | local_dataflow.rb:93:3:93:3 | a |
| local_dataflow.rb:93:20:93:28 | call to source | local_dataflow.rb:93:3:93:3 | a |
| local_dataflow.rb:93:20:93:28 | call to source | local_dataflow.rb:93:3:93:3 | a |
| local_dataflow.rb:95:3:95:3 | b | local_dataflow.rb:96:8:96:8 | b |
| local_dataflow.rb:95:3:95:3 | b | local_dataflow.rb:96:8:96:8 | b |
| local_dataflow.rb:95:8:95:16 | call to source | local_dataflow.rb:95:3:95:3 | b |
| local_dataflow.rb:95:8:95:16 | call to source | local_dataflow.rb:95:3:95:3 | b |
| local_dataflow.rb:95:21:95:29 | call to source | local_dataflow.rb:95:3:95:3 | b |
| local_dataflow.rb:95:21:95:29 | call to source | local_dataflow.rb:95:3:95:3 | b |
| local_dataflow.rb:98:3:98:3 | a | local_dataflow.rb:99:8:99:8 | a |
| local_dataflow.rb:98:3:98:3 | a | local_dataflow.rb:99:8:99:8 | a |
| local_dataflow.rb:98:7:98:15 | call to source | local_dataflow.rb:98:3:98:3 | a |
| local_dataflow.rb:98:7:98:15 | call to source | local_dataflow.rb:98:3:98:3 | a |
| local_dataflow.rb:98:20:98:28 | call to source | local_dataflow.rb:98:3:98:3 | a |
| local_dataflow.rb:98:20:98:28 | call to source | local_dataflow.rb:98:3:98:3 | a |
| local_dataflow.rb:100:3:100:3 | b | local_dataflow.rb:101:8:101:8 | b |
| local_dataflow.rb:100:3:100:3 | b | local_dataflow.rb:101:8:101:8 | b |
| local_dataflow.rb:100:8:100:16 | call to source | local_dataflow.rb:100:3:100:3 | b |
| local_dataflow.rb:100:8:100:16 | call to source | local_dataflow.rb:100:3:100:3 | b |
| local_dataflow.rb:100:22:100:30 | call to source | local_dataflow.rb:100:3:100:3 | b |
| local_dataflow.rb:100:22:100:30 | call to source | local_dataflow.rb:100:3:100:3 | b |
| local_dataflow.rb:103:3:103:3 | a | local_dataflow.rb:104:3:104:3 | a |
| local_dataflow.rb:103:3:103:3 | a | local_dataflow.rb:104:3:104:3 | a |
| local_dataflow.rb:103:7:103:15 | call to source | local_dataflow.rb:103:3:103:3 | a |
| local_dataflow.rb:103:7:103:15 | call to source | local_dataflow.rb:103:3:103:3 | a |
| local_dataflow.rb:104:3:104:3 | a | local_dataflow.rb:105:8:105:8 | a |
| local_dataflow.rb:104:3:104:3 | a | local_dataflow.rb:105:8:105:8 | a |
| local_dataflow.rb:104:9:104:17 | call to source | local_dataflow.rb:104:3:104:3 | a |
| local_dataflow.rb:104:9:104:17 | call to source | local_dataflow.rb:104:3:104:3 | a |
| local_dataflow.rb:106:3:106:3 | b | local_dataflow.rb:107:3:107:3 | b |
| local_dataflow.rb:106:3:106:3 | b | local_dataflow.rb:107:3:107:3 | b |
| local_dataflow.rb:106:7:106:15 | call to source | local_dataflow.rb:106:3:106:3 | b |
| local_dataflow.rb:106:7:106:15 | call to source | local_dataflow.rb:106:3:106:3 | b |
| local_dataflow.rb:107:3:107:3 | b | local_dataflow.rb:108:8:108:8 | b |
| local_dataflow.rb:107:3:107:3 | b | local_dataflow.rb:108:8:108:8 | b |
| local_dataflow.rb:107:9:107:17 | call to source | local_dataflow.rb:107:3:107:3 | b |
| local_dataflow.rb:107:9:107:17 | call to source | local_dataflow.rb:107:3:107:3 | b |
| local_dataflow.rb:112:8:112:16 | call to source | local_dataflow.rb:112:8:112:20 | call to dup |
| local_dataflow.rb:112:8:112:16 | call to source | local_dataflow.rb:112:8:112:20 | call to dup |
| local_dataflow.rb:113:8:113:16 | call to source | local_dataflow.rb:113:8:113:20 | call to dup |
| local_dataflow.rb:113:8:113:16 | call to source | local_dataflow.rb:113:8:113:20 | call to dup |
| local_dataflow.rb:113:8:113:20 | call to dup | local_dataflow.rb:113:8:113:24 | call to dup |
| local_dataflow.rb:113:8:113:20 | call to dup | local_dataflow.rb:113:8:113:24 | call to dup |
| local_dataflow.rb:117:8:117:16 | call to source | local_dataflow.rb:117:8:117:23 | call to tap |
| local_dataflow.rb:117:8:117:16 | call to source | local_dataflow.rb:117:8:117:23 | call to tap |
| local_dataflow.rb:118:3:118:11 | call to source | local_dataflow.rb:118:20:118:20 | x |
| local_dataflow.rb:118:3:118:11 | call to source | local_dataflow.rb:118:20:118:20 | x |
| local_dataflow.rb:118:20:118:20 | x | local_dataflow.rb:118:28:118:28 | x |
| local_dataflow.rb:118:20:118:20 | x | local_dataflow.rb:118:28:118:28 | x |
| local_dataflow.rb:119:8:119:16 | call to source | local_dataflow.rb:119:8:119:23 | call to tap |
| local_dataflow.rb:119:8:119:16 | call to source | local_dataflow.rb:119:8:119:23 | call to tap |
| local_dataflow.rb:119:8:119:23 | call to tap | local_dataflow.rb:119:8:119:30 | call to tap |
| local_dataflow.rb:119:8:119:23 | call to tap | local_dataflow.rb:119:8:119:30 | call to tap |
| local_dataflow.rb:123:8:123:16 | call to source | local_dataflow.rb:123:8:123:20 | call to dup |
| local_dataflow.rb:123:8:123:16 | call to source | local_dataflow.rb:123:8:123:20 | call to dup |
| local_dataflow.rb:123:8:123:20 | call to dup | local_dataflow.rb:123:8:123:45 | call to tap |
| local_dataflow.rb:123:8:123:20 | call to dup | local_dataflow.rb:123:8:123:45 | call to tap |
| local_dataflow.rb:123:8:123:45 | call to tap | local_dataflow.rb:123:8:123:49 | call to dup |
| local_dataflow.rb:123:8:123:45 | call to tap | local_dataflow.rb:123:8:123:49 | call to dup |
nodes
| local_dataflow.rb:78:3:78:3 | z : | semmle.label | z : |
| local_dataflow.rb:78:12:78:20 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:79:13:79:13 | b : | semmle.label | b : |
| local_dataflow.rb:78:3:78:3 | z | semmle.label | z |
| local_dataflow.rb:78:12:78:20 | call to source | semmle.label | call to source |
| local_dataflow.rb:79:13:79:13 | b | semmle.label | b |
| local_dataflow.rb:79:25:79:25 | b | semmle.label | b |
| local_dataflow.rb:80:8:80:8 | a : | semmle.label | a : |
| local_dataflow.rb:80:8:80:8 | a | semmle.label | a |
| local_dataflow.rb:80:29:80:29 | a | semmle.label | a |
| local_dataflow.rb:81:9:81:9 | c : | semmle.label | c : |
| local_dataflow.rb:81:13:81:13 | d : | semmle.label | d : |
| local_dataflow.rb:81:16:81:16 | e : | semmle.label | e : |
| local_dataflow.rb:81:9:81:9 | c | semmle.label | c |
| local_dataflow.rb:81:13:81:13 | d | semmle.label | d |
| local_dataflow.rb:81:16:81:16 | e | semmle.label | e |
| local_dataflow.rb:82:12:82:12 | c | semmle.label | c |
| local_dataflow.rb:83:12:83:12 | d | semmle.label | d |
| local_dataflow.rb:84:12:84:12 | e | semmle.label | e |
| local_dataflow.rb:85:13:85:13 | f : | semmle.label | f : |
| local_dataflow.rb:85:13:85:13 | f | semmle.label | f |
| local_dataflow.rb:85:27:85:27 | f | semmle.label | f |
| local_dataflow.rb:86:18:86:18 | g : | semmle.label | g : |
| local_dataflow.rb:86:18:86:18 | g | semmle.label | g |
| local_dataflow.rb:86:33:86:33 | g | semmle.label | g |
| local_dataflow.rb:87:10:87:10 | x : | semmle.label | x : |
| local_dataflow.rb:87:10:87:10 | x | semmle.label | x |
| local_dataflow.rb:87:25:87:25 | x | semmle.label | x |
| local_dataflow.rb:89:8:89:8 | z | semmle.label | z |
| local_dataflow.rb:93:3:93:3 | a : | semmle.label | a : |
| local_dataflow.rb:93:3:93:3 | a : | semmle.label | a : |
| local_dataflow.rb:93:7:93:15 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:93:7:93:15 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:93:20:93:28 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:93:20:93:28 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:93:3:93:3 | a | semmle.label | a |
| local_dataflow.rb:93:3:93:3 | a | semmle.label | a |
| local_dataflow.rb:93:7:93:15 | call to source | semmle.label | call to source |
| local_dataflow.rb:93:7:93:15 | call to source | semmle.label | call to source |
| local_dataflow.rb:93:20:93:28 | call to source | semmle.label | call to source |
| local_dataflow.rb:93:20:93:28 | call to source | semmle.label | call to source |
| local_dataflow.rb:94:8:94:8 | a | semmle.label | a |
| local_dataflow.rb:94:8:94:8 | a | semmle.label | a |
| local_dataflow.rb:95:3:95:3 | b : | semmle.label | b : |
| local_dataflow.rb:95:3:95:3 | b : | semmle.label | b : |
| local_dataflow.rb:95:8:95:16 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:95:8:95:16 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:95:21:95:29 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:95:21:95:29 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:95:3:95:3 | b | semmle.label | b |
| local_dataflow.rb:95:3:95:3 | b | semmle.label | b |
| local_dataflow.rb:95:8:95:16 | call to source | semmle.label | call to source |
| local_dataflow.rb:95:8:95:16 | call to source | semmle.label | call to source |
| local_dataflow.rb:95:21:95:29 | call to source | semmle.label | call to source |
| local_dataflow.rb:95:21:95:29 | call to source | semmle.label | call to source |
| local_dataflow.rb:96:8:96:8 | b | semmle.label | b |
| local_dataflow.rb:96:8:96:8 | b | semmle.label | b |
| local_dataflow.rb:98:3:98:3 | a : | semmle.label | a : |
| local_dataflow.rb:98:3:98:3 | a : | semmle.label | a : |
| local_dataflow.rb:98:7:98:15 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:98:7:98:15 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:98:20:98:28 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:98:20:98:28 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:98:3:98:3 | a | semmle.label | a |
| local_dataflow.rb:98:3:98:3 | a | semmle.label | a |
| local_dataflow.rb:98:7:98:15 | call to source | semmle.label | call to source |
| local_dataflow.rb:98:7:98:15 | call to source | semmle.label | call to source |
| local_dataflow.rb:98:20:98:28 | call to source | semmle.label | call to source |
| local_dataflow.rb:98:20:98:28 | call to source | semmle.label | call to source |
| local_dataflow.rb:99:8:99:8 | a | semmle.label | a |
| local_dataflow.rb:99:8:99:8 | a | semmle.label | a |
| local_dataflow.rb:100:3:100:3 | b : | semmle.label | b : |
| local_dataflow.rb:100:3:100:3 | b : | semmle.label | b : |
| local_dataflow.rb:100:8:100:16 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:100:8:100:16 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:100:22:100:30 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:100:22:100:30 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:100:3:100:3 | b | semmle.label | b |
| local_dataflow.rb:100:3:100:3 | b | semmle.label | b |
| local_dataflow.rb:100:8:100:16 | call to source | semmle.label | call to source |
| local_dataflow.rb:100:8:100:16 | call to source | semmle.label | call to source |
| local_dataflow.rb:100:22:100:30 | call to source | semmle.label | call to source |
| local_dataflow.rb:100:22:100:30 | call to source | semmle.label | call to source |
| local_dataflow.rb:101:8:101:8 | b | semmle.label | b |
| local_dataflow.rb:101:8:101:8 | b | semmle.label | b |
| local_dataflow.rb:103:3:103:3 | a : | semmle.label | a : |
| local_dataflow.rb:103:3:103:3 | a : | semmle.label | a : |
| local_dataflow.rb:103:7:103:15 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:103:7:103:15 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:104:3:104:3 | a : | semmle.label | a : |
| local_dataflow.rb:104:3:104:3 | a : | semmle.label | a : |
| local_dataflow.rb:104:9:104:17 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:104:9:104:17 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:103:3:103:3 | a | semmle.label | a |
| local_dataflow.rb:103:3:103:3 | a | semmle.label | a |
| local_dataflow.rb:103:7:103:15 | call to source | semmle.label | call to source |
| local_dataflow.rb:103:7:103:15 | call to source | semmle.label | call to source |
| local_dataflow.rb:104:3:104:3 | a | semmle.label | a |
| local_dataflow.rb:104:3:104:3 | a | semmle.label | a |
| local_dataflow.rb:104:9:104:17 | call to source | semmle.label | call to source |
| local_dataflow.rb:104:9:104:17 | call to source | semmle.label | call to source |
| local_dataflow.rb:105:8:105:8 | a | semmle.label | a |
| local_dataflow.rb:105:8:105:8 | a | semmle.label | a |
| local_dataflow.rb:106:3:106:3 | b : | semmle.label | b : |
| local_dataflow.rb:106:3:106:3 | b : | semmle.label | b : |
| local_dataflow.rb:106:7:106:15 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:106:7:106:15 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:107:3:107:3 | b : | semmle.label | b : |
| local_dataflow.rb:107:3:107:3 | b : | semmle.label | b : |
| local_dataflow.rb:107:9:107:17 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:107:9:107:17 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:106:3:106:3 | b | semmle.label | b |
| local_dataflow.rb:106:3:106:3 | b | semmle.label | b |
| local_dataflow.rb:106:7:106:15 | call to source | semmle.label | call to source |
| local_dataflow.rb:106:7:106:15 | call to source | semmle.label | call to source |
| local_dataflow.rb:107:3:107:3 | b | semmle.label | b |
| local_dataflow.rb:107:3:107:3 | b | semmle.label | b |
| local_dataflow.rb:107:9:107:17 | call to source | semmle.label | call to source |
| local_dataflow.rb:107:9:107:17 | call to source | semmle.label | call to source |
| local_dataflow.rb:108:8:108:8 | b | semmle.label | b |
| local_dataflow.rb:108:8:108:8 | b | semmle.label | b |
| local_dataflow.rb:112:8:112:16 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:112:8:112:16 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:112:8:112:16 | call to source | semmle.label | call to source |
| local_dataflow.rb:112:8:112:16 | call to source | semmle.label | call to source |
| local_dataflow.rb:112:8:112:20 | call to dup | semmle.label | call to dup |
| local_dataflow.rb:112:8:112:20 | call to dup | semmle.label | call to dup |
| local_dataflow.rb:113:8:113:16 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:113:8:113:16 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:113:8:113:20 | call to dup : | semmle.label | call to dup : |
| local_dataflow.rb:113:8:113:20 | call to dup : | semmle.label | call to dup : |
| local_dataflow.rb:113:8:113:16 | call to source | semmle.label | call to source |
| local_dataflow.rb:113:8:113:16 | call to source | semmle.label | call to source |
| local_dataflow.rb:113:8:113:20 | call to dup | semmle.label | call to dup |
| local_dataflow.rb:113:8:113:20 | call to dup | semmle.label | call to dup |
| local_dataflow.rb:113:8:113:24 | call to dup | semmle.label | call to dup |
| local_dataflow.rb:113:8:113:24 | call to dup | semmle.label | call to dup |
| local_dataflow.rb:117:8:117:16 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:117:8:117:16 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:117:8:117:16 | call to source | semmle.label | call to source |
| local_dataflow.rb:117:8:117:16 | call to source | semmle.label | call to source |
| local_dataflow.rb:117:8:117:23 | call to tap | semmle.label | call to tap |
| local_dataflow.rb:117:8:117:23 | call to tap | semmle.label | call to tap |
| local_dataflow.rb:118:3:118:11 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:118:3:118:11 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:118:20:118:20 | x : | semmle.label | x : |
| local_dataflow.rb:118:20:118:20 | x : | semmle.label | x : |
| local_dataflow.rb:118:3:118:11 | call to source | semmle.label | call to source |
| local_dataflow.rb:118:3:118:11 | call to source | semmle.label | call to source |
| local_dataflow.rb:118:20:118:20 | x | semmle.label | x |
| local_dataflow.rb:118:20:118:20 | x | semmle.label | x |
| local_dataflow.rb:118:28:118:28 | x | semmle.label | x |
| local_dataflow.rb:118:28:118:28 | x | semmle.label | x |
| local_dataflow.rb:119:8:119:16 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:119:8:119:16 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:119:8:119:23 | call to tap : | semmle.label | call to tap : |
| local_dataflow.rb:119:8:119:23 | call to tap : | semmle.label | call to tap : |
| local_dataflow.rb:119:8:119:16 | call to source | semmle.label | call to source |
| local_dataflow.rb:119:8:119:16 | call to source | semmle.label | call to source |
| local_dataflow.rb:119:8:119:23 | call to tap | semmle.label | call to tap |
| local_dataflow.rb:119:8:119:23 | call to tap | semmle.label | call to tap |
| local_dataflow.rb:119:8:119:30 | call to tap | semmle.label | call to tap |
| local_dataflow.rb:119:8:119:30 | call to tap | semmle.label | call to tap |
| local_dataflow.rb:123:8:123:16 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:123:8:123:16 | call to source : | semmle.label | call to source : |
| local_dataflow.rb:123:8:123:20 | call to dup : | semmle.label | call to dup : |
| local_dataflow.rb:123:8:123:20 | call to dup : | semmle.label | call to dup : |
| local_dataflow.rb:123:8:123:45 | call to tap : | semmle.label | call to tap : |
| local_dataflow.rb:123:8:123:45 | call to tap : | semmle.label | call to tap : |
| local_dataflow.rb:123:8:123:16 | call to source | semmle.label | call to source |
| local_dataflow.rb:123:8:123:16 | call to source | semmle.label | call to source |
| local_dataflow.rb:123:8:123:20 | call to dup | semmle.label | call to dup |
| local_dataflow.rb:123:8:123:20 | call to dup | semmle.label | call to dup |
| local_dataflow.rb:123:8:123:45 | call to tap | semmle.label | call to tap |
| local_dataflow.rb:123:8:123:45 | call to tap | semmle.label | call to tap |
| local_dataflow.rb:123:8:123:49 | call to dup | semmle.label | call to dup |
| local_dataflow.rb:123:8:123:49 | call to dup | semmle.label | call to dup |
subpaths
#select
| local_dataflow.rb:79:25:79:25 | b | local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:79:25:79:25 | b | $@ | local_dataflow.rb:78:12:78:20 | call to source : | call to source : |
| local_dataflow.rb:80:29:80:29 | a | local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:80:29:80:29 | a | $@ | local_dataflow.rb:78:12:78:20 | call to source : | call to source : |
| local_dataflow.rb:82:12:82:12 | c | local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:82:12:82:12 | c | $@ | local_dataflow.rb:78:12:78:20 | call to source : | call to source : |
| local_dataflow.rb:83:12:83:12 | d | local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:83:12:83:12 | d | $@ | local_dataflow.rb:78:12:78:20 | call to source : | call to source : |
| local_dataflow.rb:84:12:84:12 | e | local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:84:12:84:12 | e | $@ | local_dataflow.rb:78:12:78:20 | call to source : | call to source : |
| local_dataflow.rb:85:27:85:27 | f | local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:85:27:85:27 | f | $@ | local_dataflow.rb:78:12:78:20 | call to source : | call to source : |
| local_dataflow.rb:86:33:86:33 | g | local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:86:33:86:33 | g | $@ | local_dataflow.rb:78:12:78:20 | call to source : | call to source : |
| local_dataflow.rb:87:25:87:25 | x | local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:87:25:87:25 | x | $@ | local_dataflow.rb:78:12:78:20 | call to source : | call to source : |
| local_dataflow.rb:89:8:89:8 | z | local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:89:8:89:8 | z | $@ | local_dataflow.rb:78:12:78:20 | call to source : | call to source : |
| local_dataflow.rb:94:8:94:8 | a | local_dataflow.rb:93:7:93:15 | call to source : | local_dataflow.rb:94:8:94:8 | a | $@ | local_dataflow.rb:93:7:93:15 | call to source : | call to source : |
| local_dataflow.rb:94:8:94:8 | a | local_dataflow.rb:93:20:93:28 | call to source : | local_dataflow.rb:94:8:94:8 | a | $@ | local_dataflow.rb:93:20:93:28 | call to source : | call to source : |
| local_dataflow.rb:96:8:96:8 | b | local_dataflow.rb:95:8:95:16 | call to source : | local_dataflow.rb:96:8:96:8 | b | $@ | local_dataflow.rb:95:8:95:16 | call to source : | call to source : |
| local_dataflow.rb:96:8:96:8 | b | local_dataflow.rb:95:21:95:29 | call to source : | local_dataflow.rb:96:8:96:8 | b | $@ | local_dataflow.rb:95:21:95:29 | call to source : | call to source : |
| local_dataflow.rb:99:8:99:8 | a | local_dataflow.rb:98:7:98:15 | call to source : | local_dataflow.rb:99:8:99:8 | a | $@ | local_dataflow.rb:98:7:98:15 | call to source : | call to source : |
| local_dataflow.rb:99:8:99:8 | a | local_dataflow.rb:98:20:98:28 | call to source : | local_dataflow.rb:99:8:99:8 | a | $@ | local_dataflow.rb:98:20:98:28 | call to source : | call to source : |
| local_dataflow.rb:101:8:101:8 | b | local_dataflow.rb:100:8:100:16 | call to source : | local_dataflow.rb:101:8:101:8 | b | $@ | local_dataflow.rb:100:8:100:16 | call to source : | call to source : |
| local_dataflow.rb:101:8:101:8 | b | local_dataflow.rb:100:22:100:30 | call to source : | local_dataflow.rb:101:8:101:8 | b | $@ | local_dataflow.rb:100:22:100:30 | call to source : | call to source : |
| local_dataflow.rb:105:8:105:8 | a | local_dataflow.rb:103:7:103:15 | call to source : | local_dataflow.rb:105:8:105:8 | a | $@ | local_dataflow.rb:103:7:103:15 | call to source : | call to source : |
| local_dataflow.rb:105:8:105:8 | a | local_dataflow.rb:104:9:104:17 | call to source : | local_dataflow.rb:105:8:105:8 | a | $@ | local_dataflow.rb:104:9:104:17 | call to source : | call to source : |
| local_dataflow.rb:108:8:108:8 | b | local_dataflow.rb:106:7:106:15 | call to source : | local_dataflow.rb:108:8:108:8 | b | $@ | local_dataflow.rb:106:7:106:15 | call to source : | call to source : |
| local_dataflow.rb:108:8:108:8 | b | local_dataflow.rb:107:9:107:17 | call to source : | local_dataflow.rb:108:8:108:8 | b | $@ | local_dataflow.rb:107:9:107:17 | call to source : | call to source : |
| local_dataflow.rb:112:8:112:20 | call to dup | local_dataflow.rb:112:8:112:16 | call to source : | local_dataflow.rb:112:8:112:20 | call to dup | $@ | local_dataflow.rb:112:8:112:16 | call to source : | call to source : |
| local_dataflow.rb:113:8:113:24 | call to dup | local_dataflow.rb:113:8:113:16 | call to source : | local_dataflow.rb:113:8:113:24 | call to dup | $@ | local_dataflow.rb:113:8:113:16 | call to source : | call to source : |
| local_dataflow.rb:117:8:117:23 | call to tap | local_dataflow.rb:117:8:117:16 | call to source : | local_dataflow.rb:117:8:117:23 | call to tap | $@ | local_dataflow.rb:117:8:117:16 | call to source : | call to source : |
| local_dataflow.rb:118:28:118:28 | x | local_dataflow.rb:118:3:118:11 | call to source : | local_dataflow.rb:118:28:118:28 | x | $@ | local_dataflow.rb:118:3:118:11 | call to source : | call to source : |
| local_dataflow.rb:119:8:119:30 | call to tap | local_dataflow.rb:119:8:119:16 | call to source : | local_dataflow.rb:119:8:119:30 | call to tap | $@ | local_dataflow.rb:119:8:119:16 | call to source : | call to source : |
| local_dataflow.rb:123:8:123:49 | call to dup | local_dataflow.rb:123:8:123:16 | call to source : | local_dataflow.rb:123:8:123:49 | call to dup | $@ | local_dataflow.rb:123:8:123:16 | call to source : | call to source : |
| local_dataflow.rb:79:25:79:25 | b | local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:79:25:79:25 | b | $@ | local_dataflow.rb:78:12:78:20 | call to source | call to source |
| local_dataflow.rb:80:29:80:29 | a | local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:80:29:80:29 | a | $@ | local_dataflow.rb:78:12:78:20 | call to source | call to source |
| local_dataflow.rb:82:12:82:12 | c | local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:82:12:82:12 | c | $@ | local_dataflow.rb:78:12:78:20 | call to source | call to source |
| local_dataflow.rb:83:12:83:12 | d | local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:83:12:83:12 | d | $@ | local_dataflow.rb:78:12:78:20 | call to source | call to source |
| local_dataflow.rb:84:12:84:12 | e | local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:84:12:84:12 | e | $@ | local_dataflow.rb:78:12:78:20 | call to source | call to source |
| local_dataflow.rb:85:27:85:27 | f | local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:85:27:85:27 | f | $@ | local_dataflow.rb:78:12:78:20 | call to source | call to source |
| local_dataflow.rb:86:33:86:33 | g | local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:86:33:86:33 | g | $@ | local_dataflow.rb:78:12:78:20 | call to source | call to source |
| local_dataflow.rb:87:25:87:25 | x | local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:87:25:87:25 | x | $@ | local_dataflow.rb:78:12:78:20 | call to source | call to source |
| local_dataflow.rb:89:8:89:8 | z | local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:89:8:89:8 | z | $@ | local_dataflow.rb:78:12:78:20 | call to source | call to source |
| local_dataflow.rb:94:8:94:8 | a | local_dataflow.rb:93:7:93:15 | call to source | local_dataflow.rb:94:8:94:8 | a | $@ | local_dataflow.rb:93:7:93:15 | call to source | call to source |
| local_dataflow.rb:94:8:94:8 | a | local_dataflow.rb:93:20:93:28 | call to source | local_dataflow.rb:94:8:94:8 | a | $@ | local_dataflow.rb:93:20:93:28 | call to source | call to source |
| local_dataflow.rb:96:8:96:8 | b | local_dataflow.rb:95:8:95:16 | call to source | local_dataflow.rb:96:8:96:8 | b | $@ | local_dataflow.rb:95:8:95:16 | call to source | call to source |
| local_dataflow.rb:96:8:96:8 | b | local_dataflow.rb:95:21:95:29 | call to source | local_dataflow.rb:96:8:96:8 | b | $@ | local_dataflow.rb:95:21:95:29 | call to source | call to source |
| local_dataflow.rb:99:8:99:8 | a | local_dataflow.rb:98:7:98:15 | call to source | local_dataflow.rb:99:8:99:8 | a | $@ | local_dataflow.rb:98:7:98:15 | call to source | call to source |
| local_dataflow.rb:99:8:99:8 | a | local_dataflow.rb:98:20:98:28 | call to source | local_dataflow.rb:99:8:99:8 | a | $@ | local_dataflow.rb:98:20:98:28 | call to source | call to source |
| local_dataflow.rb:101:8:101:8 | b | local_dataflow.rb:100:8:100:16 | call to source | local_dataflow.rb:101:8:101:8 | b | $@ | local_dataflow.rb:100:8:100:16 | call to source | call to source |
| local_dataflow.rb:101:8:101:8 | b | local_dataflow.rb:100:22:100:30 | call to source | local_dataflow.rb:101:8:101:8 | b | $@ | local_dataflow.rb:100:22:100:30 | call to source | call to source |
| local_dataflow.rb:105:8:105:8 | a | local_dataflow.rb:103:7:103:15 | call to source | local_dataflow.rb:105:8:105:8 | a | $@ | local_dataflow.rb:103:7:103:15 | call to source | call to source |
| local_dataflow.rb:105:8:105:8 | a | local_dataflow.rb:104:9:104:17 | call to source | local_dataflow.rb:105:8:105:8 | a | $@ | local_dataflow.rb:104:9:104:17 | call to source | call to source |
| local_dataflow.rb:108:8:108:8 | b | local_dataflow.rb:106:7:106:15 | call to source | local_dataflow.rb:108:8:108:8 | b | $@ | local_dataflow.rb:106:7:106:15 | call to source | call to source |
| local_dataflow.rb:108:8:108:8 | b | local_dataflow.rb:107:9:107:17 | call to source | local_dataflow.rb:108:8:108:8 | b | $@ | local_dataflow.rb:107:9:107:17 | call to source | call to source |
| local_dataflow.rb:112:8:112:20 | call to dup | local_dataflow.rb:112:8:112:16 | call to source | local_dataflow.rb:112:8:112:20 | call to dup | $@ | local_dataflow.rb:112:8:112:16 | call to source | call to source |
| local_dataflow.rb:113:8:113:24 | call to dup | local_dataflow.rb:113:8:113:16 | call to source | local_dataflow.rb:113:8:113:24 | call to dup | $@ | local_dataflow.rb:113:8:113:16 | call to source | call to source |
| local_dataflow.rb:117:8:117:23 | call to tap | local_dataflow.rb:117:8:117:16 | call to source | local_dataflow.rb:117:8:117:23 | call to tap | $@ | local_dataflow.rb:117:8:117:16 | call to source | call to source |
| local_dataflow.rb:118:28:118:28 | x | local_dataflow.rb:118:3:118:11 | call to source | local_dataflow.rb:118:28:118:28 | x | $@ | local_dataflow.rb:118:3:118:11 | call to source | call to source |
| local_dataflow.rb:119:8:119:30 | call to tap | local_dataflow.rb:119:8:119:16 | call to source | local_dataflow.rb:119:8:119:30 | call to tap | $@ | local_dataflow.rb:119:8:119:16 | call to source | call to source |
| local_dataflow.rb:123:8:123:49 | call to dup | local_dataflow.rb:123:8:123:16 | call to source | local_dataflow.rb:123:8:123:49 | call to dup | $@ | local_dataflow.rb:123:8:123:16 | call to source | call to source |

242
ruby/ql/test/library-tests/dataflow/params/params-flow.expected
View File

@@ -1,135 +1,135 @@
failures
edges
| params_flow.rb:9:16:9:17 | p1 : | params_flow.rb:10:10:10:11 | p1 |
| params_flow.rb:9:20:9:21 | p2 : | params_flow.rb:11:10:11:11 | p2 |
| params_flow.rb:14:12:14:19 | call to taint : | params_flow.rb:9:16:9:17 | p1 : |
| params_flow.rb:14:22:14:29 | call to taint : | params_flow.rb:9:20:9:21 | p2 : |
| params_flow.rb:16:13:16:14 | p1 : | params_flow.rb:17:10:17:11 | p1 |
| params_flow.rb:16:18:16:19 | p2 : | params_flow.rb:18:10:18:11 | p2 |
| params_flow.rb:21:13:21:20 | call to taint : | params_flow.rb:16:13:16:14 | p1 : |
| params_flow.rb:21:27:21:34 | call to taint : | params_flow.rb:16:18:16:19 | p2 : |
| params_flow.rb:22:13:22:20 | call to taint : | params_flow.rb:16:18:16:19 | p2 : |
| params_flow.rb:22:27:22:34 | call to taint : | params_flow.rb:16:13:16:14 | p1 : |
| params_flow.rb:23:16:23:23 | call to taint : | params_flow.rb:16:18:16:19 | p2 : |
| params_flow.rb:23:33:23:40 | call to taint : | params_flow.rb:16:13:16:14 | p1 : |
| params_flow.rb:25:12:25:13 | p1 : | params_flow.rb:26:10:26:11 | p1 |
| params_flow.rb:25:17:25:24 | **kwargs [element :p2] : | params_flow.rb:28:11:28:16 | kwargs [element :p2] : |
| params_flow.rb:25:17:25:24 | **kwargs [element :p3] : | params_flow.rb:29:11:29:16 | kwargs [element :p3] : |
| params_flow.rb:28:11:28:16 | kwargs [element :p2] : | params_flow.rb:28:11:28:21 | ...[...] : |
| params_flow.rb:28:11:28:21 | ...[...] : | params_flow.rb:28:10:28:22 | ( ... ) |
| params_flow.rb:29:11:29:16 | kwargs [element :p3] : | params_flow.rb:29:11:29:21 | ...[...] : |
| params_flow.rb:29:11:29:21 | ...[...] : | params_flow.rb:29:10:29:22 | ( ... ) |
| params_flow.rb:33:12:33:19 | call to taint : | params_flow.rb:25:12:25:13 | p1 : |
| params_flow.rb:33:26:33:34 | call to taint : | params_flow.rb:25:17:25:24 | **kwargs [element :p2] : |
| params_flow.rb:33:41:33:49 | call to taint : | params_flow.rb:25:17:25:24 | **kwargs [element :p3] : |
| params_flow.rb:34:1:34:4 | args [element :p3] : | params_flow.rb:35:25:35:28 | args [element :p3] : |
| params_flow.rb:34:14:34:22 | call to taint : | params_flow.rb:34:1:34:4 | args [element :p3] : |
| params_flow.rb:35:12:35:20 | call to taint : | params_flow.rb:25:12:25:13 | p1 : |
| params_flow.rb:35:23:35:28 | ** ... [element :p3] : | params_flow.rb:25:17:25:24 | **kwargs [element :p3] : |
| params_flow.rb:35:25:35:28 | args [element :p3] : | params_flow.rb:35:23:35:28 | ** ... [element :p3] : |
| params_flow.rb:37:1:37:4 | args [element :p1] : | params_flow.rb:38:10:38:13 | args [element :p1] : |
| params_flow.rb:37:1:37:4 | args [element :p2] : | params_flow.rb:38:10:38:13 | args [element :p2] : |
| params_flow.rb:37:16:37:24 | call to taint : | params_flow.rb:37:1:37:4 | args [element :p1] : |
| params_flow.rb:37:34:37:42 | call to taint : | params_flow.rb:37:1:37:4 | args [element :p2] : |
| params_flow.rb:38:8:38:13 | ** ... [element :p1] : | params_flow.rb:25:12:25:13 | p1 : |
| params_flow.rb:38:8:38:13 | ** ... [element :p2] : | params_flow.rb:25:17:25:24 | **kwargs [element :p2] : |
| params_flow.rb:38:10:38:13 | args [element :p1] : | params_flow.rb:38:8:38:13 | ** ... [element :p1] : |
| params_flow.rb:38:10:38:13 | args [element :p2] : | params_flow.rb:38:8:38:13 | ** ... [element :p2] : |
| params_flow.rb:40:1:40:4 | args [element :p1] : | params_flow.rb:41:26:41:29 | args [element :p1] : |
| params_flow.rb:40:16:40:24 | call to taint : | params_flow.rb:40:1:40:4 | args [element :p1] : |
| params_flow.rb:41:13:41:21 | call to taint : | params_flow.rb:16:18:16:19 | p2 : |
| params_flow.rb:41:24:41:29 | ** ... [element :p1] : | params_flow.rb:16:13:16:14 | p1 : |
| params_flow.rb:41:26:41:29 | args [element :p1] : | params_flow.rb:41:24:41:29 | ** ... [element :p1] : |
| params_flow.rb:44:12:44:20 | call to taint : | params_flow.rb:9:16:9:17 | p1 : |
| params_flow.rb:49:13:49:14 | p1 : | params_flow.rb:50:10:50:11 | p1 |
| params_flow.rb:54:9:54:17 | call to taint : | params_flow.rb:49:13:49:14 | p1 : |
| params_flow.rb:57:9:57:17 | call to taint : | params_flow.rb:49:13:49:14 | p1 : |
| params_flow.rb:62:1:62:4 | args : | params_flow.rb:66:13:66:16 | args : |
| params_flow.rb:62:8:62:16 | call to taint : | params_flow.rb:62:1:62:4 | args : |
| params_flow.rb:63:16:63:17 | *x [element 0] : | params_flow.rb:64:10:64:10 | x [element 0] : |
| params_flow.rb:64:10:64:10 | x [element 0] : | params_flow.rb:64:10:64:13 | ...[...] |
| params_flow.rb:66:12:66:16 | * ... [element 0] : | params_flow.rb:63:16:63:17 | *x [element 0] : |
| params_flow.rb:66:13:66:16 | args : | params_flow.rb:66:12:66:16 | * ... [element 0] : |
| params_flow.rb:9:16:9:17 | p1 | params_flow.rb:10:10:10:11 | p1 |
| params_flow.rb:9:20:9:21 | p2 | params_flow.rb:11:10:11:11 | p2 |
| params_flow.rb:14:12:14:19 | call to taint | params_flow.rb:9:16:9:17 | p1 |
| params_flow.rb:14:22:14:29 | call to taint | params_flow.rb:9:20:9:21 | p2 |
| params_flow.rb:16:13:16:14 | p1 | params_flow.rb:17:10:17:11 | p1 |
| params_flow.rb:16:18:16:19 | p2 | params_flow.rb:18:10:18:11 | p2 |
| params_flow.rb:21:13:21:20 | call to taint | params_flow.rb:16:13:16:14 | p1 |
| params_flow.rb:21:27:21:34 | call to taint | params_flow.rb:16:18:16:19 | p2 |
| params_flow.rb:22:13:22:20 | call to taint | params_flow.rb:16:18:16:19 | p2 |
| params_flow.rb:22:27:22:34 | call to taint | params_flow.rb:16:13:16:14 | p1 |
| params_flow.rb:23:16:23:23 | call to taint | params_flow.rb:16:18:16:19 | p2 |
| params_flow.rb:23:33:23:40 | call to taint | params_flow.rb:16:13:16:14 | p1 |
| params_flow.rb:25:12:25:13 | p1 | params_flow.rb:26:10:26:11 | p1 |
| params_flow.rb:25:17:25:24 | **kwargs [element :p2] | params_flow.rb:28:11:28:16 | kwargs [element :p2] |
| params_flow.rb:25:17:25:24 | **kwargs [element :p3] | params_flow.rb:29:11:29:16 | kwargs [element :p3] |
| params_flow.rb:28:11:28:16 | kwargs [element :p2] | params_flow.rb:28:11:28:21 | ...[...] |
| params_flow.rb:28:11:28:21 | ...[...] | params_flow.rb:28:10:28:22 | ( ... ) |
| params_flow.rb:29:11:29:16 | kwargs [element :p3] | params_flow.rb:29:11:29:21 | ...[...] |
| params_flow.rb:29:11:29:21 | ...[...] | params_flow.rb:29:10:29:22 | ( ... ) |
| params_flow.rb:33:12:33:19 | call to taint | params_flow.rb:25:12:25:13 | p1 |
| params_flow.rb:33:26:33:34 | call to taint | params_flow.rb:25:17:25:24 | **kwargs [element :p2] |
| params_flow.rb:33:41:33:49 | call to taint | params_flow.rb:25:17:25:24 | **kwargs [element :p3] |
| params_flow.rb:34:1:34:4 | args [element :p3] | params_flow.rb:35:25:35:28 | args [element :p3] |
| params_flow.rb:34:14:34:22 | call to taint | params_flow.rb:34:1:34:4 | args [element :p3] |
| params_flow.rb:35:12:35:20 | call to taint | params_flow.rb:25:12:25:13 | p1 |
| params_flow.rb:35:23:35:28 | ** ... [element :p3] | params_flow.rb:25:17:25:24 | **kwargs [element :p3] |
| params_flow.rb:35:25:35:28 | args [element :p3] | params_flow.rb:35:23:35:28 | ** ... [element :p3] |
| params_flow.rb:37:1:37:4 | args [element :p1] | params_flow.rb:38:10:38:13 | args [element :p1] |
| params_flow.rb:37:1:37:4 | args [element :p2] | params_flow.rb:38:10:38:13 | args [element :p2] |
| params_flow.rb:37:16:37:24 | call to taint | params_flow.rb:37:1:37:4 | args [element :p1] |
| params_flow.rb:37:34:37:42 | call to taint | params_flow.rb:37:1:37:4 | args [element :p2] |
| params_flow.rb:38:8:38:13 | ** ... [element :p1] | params_flow.rb:25:12:25:13 | p1 |
| params_flow.rb:38:8:38:13 | ** ... [element :p2] | params_flow.rb:25:17:25:24 | **kwargs [element :p2] |
| params_flow.rb:38:10:38:13 | args [element :p1] | params_flow.rb:38:8:38:13 | ** ... [element :p1] |
| params_flow.rb:38:10:38:13 | args [element :p2] | params_flow.rb:38:8:38:13 | ** ... [element :p2] |
| params_flow.rb:40:1:40:4 | args [element :p1] | params_flow.rb:41:26:41:29 | args [element :p1] |
| params_flow.rb:40:16:40:24 | call to taint | params_flow.rb:40:1:40:4 | args [element :p1] |
| params_flow.rb:41:13:41:21 | call to taint | params_flow.rb:16:18:16:19 | p2 |
| params_flow.rb:41:24:41:29 | ** ... [element :p1] | params_flow.rb:16:13:16:14 | p1 |
| params_flow.rb:41:26:41:29 | args [element :p1] | params_flow.rb:41:24:41:29 | ** ... [element :p1] |
| params_flow.rb:44:12:44:20 | call to taint | params_flow.rb:9:16:9:17 | p1 |
| params_flow.rb:49:13:49:14 | p1 | params_flow.rb:50:10:50:11 | p1 |
| params_flow.rb:54:9:54:17 | call to taint | params_flow.rb:49:13:49:14 | p1 |
| params_flow.rb:57:9:57:17 | call to taint | params_flow.rb:49:13:49:14 | p1 |
| params_flow.rb:62:1:62:4 | args | params_flow.rb:66:13:66:16 | args |
| params_flow.rb:62:8:62:16 | call to taint | params_flow.rb:62:1:62:4 | args |
| params_flow.rb:63:16:63:17 | *x [element 0] | params_flow.rb:64:10:64:10 | x [element 0] |
| params_flow.rb:64:10:64:10 | x [element 0] | params_flow.rb:64:10:64:13 | ...[...] |
| params_flow.rb:66:12:66:16 | * ... [element 0] | params_flow.rb:63:16:63:17 | *x [element 0] |
| params_flow.rb:66:13:66:16 | args | params_flow.rb:66:12:66:16 | * ... [element 0] |
nodes
| params_flow.rb:9:16:9:17 | p1 : | semmle.label | p1 : |
| params_flow.rb:9:20:9:21 | p2 : | semmle.label | p2 : |
| params_flow.rb:9:16:9:17 | p1 | semmle.label | p1 |
| params_flow.rb:9:20:9:21 | p2 | semmle.label | p2 |
| params_flow.rb:10:10:10:11 | p1 | semmle.label | p1 |
| params_flow.rb:11:10:11:11 | p2 | semmle.label | p2 |
| params_flow.rb:14:12:14:19 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:14:22:14:29 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:16:13:16:14 | p1 : | semmle.label | p1 : |
| params_flow.rb:16:18:16:19 | p2 : | semmle.label | p2 : |
| params_flow.rb:14:12:14:19 | call to taint | semmle.label | call to taint |
| params_flow.rb:14:22:14:29 | call to taint | semmle.label | call to taint |
| params_flow.rb:16:13:16:14 | p1 | semmle.label | p1 |
| params_flow.rb:16:18:16:19 | p2 | semmle.label | p2 |
| params_flow.rb:17:10:17:11 | p1 | semmle.label | p1 |
| params_flow.rb:18:10:18:11 | p2 | semmle.label | p2 |
| params_flow.rb:21:13:21:20 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:21:27:21:34 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:22:13:22:20 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:22:27:22:34 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:23:16:23:23 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:23:33:23:40 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:25:12:25:13 | p1 : | semmle.label | p1 : |
| params_flow.rb:25:17:25:24 | **kwargs [element :p2] : | semmle.label | **kwargs [element :p2] : |
| params_flow.rb:25:17:25:24 | **kwargs [element :p3] : | semmle.label | **kwargs [element :p3] : |
| params_flow.rb:21:13:21:20 | call to taint | semmle.label | call to taint |
| params_flow.rb:21:27:21:34 | call to taint | semmle.label | call to taint |
| params_flow.rb:22:13:22:20 | call to taint | semmle.label | call to taint |
| params_flow.rb:22:27:22:34 | call to taint | semmle.label | call to taint |
| params_flow.rb:23:16:23:23 | call to taint | semmle.label | call to taint |
| params_flow.rb:23:33:23:40 | call to taint | semmle.label | call to taint |
| params_flow.rb:25:12:25:13 | p1 | semmle.label | p1 |
| params_flow.rb:25:17:25:24 | **kwargs [element :p2] | semmle.label | **kwargs [element :p2] |
| params_flow.rb:25:17:25:24 | **kwargs [element :p3] | semmle.label | **kwargs [element :p3] |
| params_flow.rb:26:10:26:11 | p1 | semmle.label | p1 |
| params_flow.rb:28:10:28:22 | ( ... ) | semmle.label | ( ... ) |
| params_flow.rb:28:11:28:16 | kwargs [element :p2] : | semmle.label | kwargs [element :p2] : |
| params_flow.rb:28:11:28:21 | ...[...] : | semmle.label | ...[...] : |
| params_flow.rb:28:11:28:16 | kwargs [element :p2] | semmle.label | kwargs [element :p2] |
| params_flow.rb:28:11:28:21 | ...[...] | semmle.label | ...[...] |
| params_flow.rb:29:10:29:22 | ( ... ) | semmle.label | ( ... ) |
| params_flow.rb:29:11:29:16 | kwargs [element :p3] : | semmle.label | kwargs [element :p3] : |
| params_flow.rb:29:11:29:21 | ...[...] : | semmle.label | ...[...] : |
| params_flow.rb:33:12:33:19 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:33:26:33:34 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:33:41:33:49 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:34:1:34:4 | args [element :p3] : | semmle.label | args [element :p3] : |
| params_flow.rb:34:14:34:22 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:35:12:35:20 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:35:23:35:28 | ** ... [element :p3] : | semmle.label | ** ... [element :p3] : |
| params_flow.rb:35:25:35:28 | args [element :p3] : | semmle.label | args [element :p3] : |
| params_flow.rb:37:1:37:4 | args [element :p1] : | semmle.label | args [element :p1] : |
| params_flow.rb:37:1:37:4 | args [element :p2] : | semmle.label | args [element :p2] : |
| params_flow.rb:37:16:37:24 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:37:34:37:42 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:38:8:38:13 | ** ... [element :p1] : | semmle.label | ** ... [element :p1] : |
| params_flow.rb:38:8:38:13 | ** ... [element :p2] : | semmle.label | ** ... [element :p2] : |
| params_flow.rb:38:10:38:13 | args [element :p1] : | semmle.label | args [element :p1] : |
| params_flow.rb:38:10:38:13 | args [element :p2] : | semmle.label | args [element :p2] : |
| params_flow.rb:40:1:40:4 | args [element :p1] : | semmle.label | args [element :p1] : |
| params_flow.rb:40:16:40:24 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:41:13:41:21 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:41:24:41:29 | ** ... [element :p1] : | semmle.label | ** ... [element :p1] : |
| params_flow.rb:41:26:41:29 | args [element :p1] : | semmle.label | args [element :p1] : |
| params_flow.rb:44:12:44:20 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:49:13:49:14 | p1 : | semmle.label | p1 : |
| params_flow.rb:29:11:29:16 | kwargs [element :p3] | semmle.label | kwargs [element :p3] |
| params_flow.rb:29:11:29:21 | ...[...] | semmle.label | ...[...] |
| params_flow.rb:33:12:33:19 | call to taint | semmle.label | call to taint |
| params_flow.rb:33:26:33:34 | call to taint | semmle.label | call to taint |
| params_flow.rb:33:41:33:49 | call to taint | semmle.label | call to taint |
| params_flow.rb:34:1:34:4 | args [element :p3] | semmle.label | args [element :p3] |
| params_flow.rb:34:14:34:22 | call to taint | semmle.label | call to taint |
| params_flow.rb:35:12:35:20 | call to taint | semmle.label | call to taint |
| params_flow.rb:35:23:35:28 | ** ... [element :p3] | semmle.label | ** ... [element :p3] |
| params_flow.rb:35:25:35:28 | args [element :p3] | semmle.label | args [element :p3] |
| params_flow.rb:37:1:37:4 | args [element :p1] | semmle.label | args [element :p1] |
| params_flow.rb:37:1:37:4 | args [element :p2] | semmle.label | args [element :p2] |
| params_flow.rb:37:16:37:24 | call to taint | semmle.label | call to taint |
| params_flow.rb:37:34:37:42 | call to taint | semmle.label | call to taint |
| params_flow.rb:38:8:38:13 | ** ... [element :p1] | semmle.label | ** ... [element :p1] |
| params_flow.rb:38:8:38:13 | ** ... [element :p2] | semmle.label | ** ... [element :p2] |
| params_flow.rb:38:10:38:13 | args [element :p1] | semmle.label | args [element :p1] |
| params_flow.rb:38:10:38:13 | args [element :p2] | semmle.label | args [element :p2] |
| params_flow.rb:40:1:40:4 | args [element :p1] | semmle.label | args [element :p1] |
| params_flow.rb:40:16:40:24 | call to taint | semmle.label | call to taint |
| params_flow.rb:41:13:41:21 | call to taint | semmle.label | call to taint |
| params_flow.rb:41:24:41:29 | ** ... [element :p1] | semmle.label | ** ... [element :p1] |
| params_flow.rb:41:26:41:29 | args [element :p1] | semmle.label | args [element :p1] |
| params_flow.rb:44:12:44:20 | call to taint | semmle.label | call to taint |
| params_flow.rb:49:13:49:14 | p1 | semmle.label | p1 |
| params_flow.rb:50:10:50:11 | p1 | semmle.label | p1 |
| params_flow.rb:54:9:54:17 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:57:9:57:17 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:62:1:62:4 | args : | semmle.label | args : |
| params_flow.rb:62:8:62:16 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:63:16:63:17 | *x [element 0] : | semmle.label | *x [element 0] : |
| params_flow.rb:64:10:64:10 | x [element 0] : | semmle.label | x [element 0] : |
| params_flow.rb:54:9:54:17 | call to taint | semmle.label | call to taint |
| params_flow.rb:57:9:57:17 | call to taint | semmle.label | call to taint |
| params_flow.rb:62:1:62:4 | args | semmle.label | args |
| params_flow.rb:62:8:62:16 | call to taint | semmle.label | call to taint |
| params_flow.rb:63:16:63:17 | *x [element 0] | semmle.label | *x [element 0] |
| params_flow.rb:64:10:64:10 | x [element 0] | semmle.label | x [element 0] |
| params_flow.rb:64:10:64:13 | ...[...] | semmle.label | ...[...] |
| params_flow.rb:66:12:66:16 | * ... [element 0] : | semmle.label | * ... [element 0] : |
| params_flow.rb:66:13:66:16 | args : | semmle.label | args : |
| params_flow.rb:66:12:66:16 | * ... [element 0] | semmle.label | * ... [element 0] |
| params_flow.rb:66:13:66:16 | args | semmle.label | args |
subpaths
#select
| params_flow.rb:10:10:10:11 | p1 | params_flow.rb:14:12:14:19 | call to taint : | params_flow.rb:10:10:10:11 | p1 | $@ | params_flow.rb:14:12:14:19 | call to taint : | call to taint : |
| params_flow.rb:10:10:10:11 | p1 | params_flow.rb:44:12:44:20 | call to taint : | params_flow.rb:10:10:10:11 | p1 | $@ | params_flow.rb:44:12:44:20 | call to taint : | call to taint : |
| params_flow.rb:11:10:11:11 | p2 | params_flow.rb:14:22:14:29 | call to taint : | params_flow.rb:11:10:11:11 | p2 | $@ | params_flow.rb:14:22:14:29 | call to taint : | call to taint : |
| params_flow.rb:17:10:17:11 | p1 | params_flow.rb:21:13:21:20 | call to taint : | params_flow.rb:17:10:17:11 | p1 | $@ | params_flow.rb:21:13:21:20 | call to taint : | call to taint : |
| params_flow.rb:17:10:17:11 | p1 | params_flow.rb:22:27:22:34 | call to taint : | params_flow.rb:17:10:17:11 | p1 | $@ | params_flow.rb:22:27:22:34 | call to taint : | call to taint : |
| params_flow.rb:17:10:17:11 | p1 | params_flow.rb:23:33:23:40 | call to taint : | params_flow.rb:17:10:17:11 | p1 | $@ | params_flow.rb:23:33:23:40 | call to taint : | call to taint : |
| params_flow.rb:17:10:17:11 | p1 | params_flow.rb:40:16:40:24 | call to taint : | params_flow.rb:17:10:17:11 | p1 | $@ | params_flow.rb:40:16:40:24 | call to taint : | call to taint : |
| params_flow.rb:18:10:18:11 | p2 | params_flow.rb:21:27:21:34 | call to taint : | params_flow.rb:18:10:18:11 | p2 | $@ | params_flow.rb:21:27:21:34 | call to taint : | call to taint : |
| params_flow.rb:18:10:18:11 | p2 | params_flow.rb:22:13:22:20 | call to taint : | params_flow.rb:18:10:18:11 | p2 | $@ | params_flow.rb:22:13:22:20 | call to taint : | call to taint : |
| params_flow.rb:18:10:18:11 | p2 | params_flow.rb:23:16:23:23 | call to taint : | params_flow.rb:18:10:18:11 | p2 | $@ | params_flow.rb:23:16:23:23 | call to taint : | call to taint : |
| params_flow.rb:18:10:18:11 | p2 | params_flow.rb:41:13:41:21 | call to taint : | params_flow.rb:18:10:18:11 | p2 | $@ | params_flow.rb:41:13:41:21 | call to taint : | call to taint : |
| params_flow.rb:26:10:26:11 | p1 | params_flow.rb:33:12:33:19 | call to taint : | params_flow.rb:26:10:26:11 | p1 | $@ | params_flow.rb:33:12:33:19 | call to taint : | call to taint : |
| params_flow.rb:26:10:26:11 | p1 | params_flow.rb:35:12:35:20 | call to taint : | params_flow.rb:26:10:26:11 | p1 | $@ | params_flow.rb:35:12:35:20 | call to taint : | call to taint : |
| params_flow.rb:26:10:26:11 | p1 | params_flow.rb:37:16:37:24 | call to taint : | params_flow.rb:26:10:26:11 | p1 | $@ | params_flow.rb:37:16:37:24 | call to taint : | call to taint : |
| params_flow.rb:28:10:28:22 | ( ... ) | params_flow.rb:33:26:33:34 | call to taint : | params_flow.rb:28:10:28:22 | ( ... ) | $@ | params_flow.rb:33:26:33:34 | call to taint : | call to taint : |
| params_flow.rb:28:10:28:22 | ( ... ) | params_flow.rb:37:34:37:42 | call to taint : | params_flow.rb:28:10:28:22 | ( ... ) | $@ | params_flow.rb:37:34:37:42 | call to taint : | call to taint : |
| params_flow.rb:29:10:29:22 | ( ... ) | params_flow.rb:33:41:33:49 | call to taint : | params_flow.rb:29:10:29:22 | ( ... ) | $@ | params_flow.rb:33:41:33:49 | call to taint : | call to taint : |
| params_flow.rb:29:10:29:22 | ( ... ) | params_flow.rb:34:14:34:22 | call to taint : | params_flow.rb:29:10:29:22 | ( ... ) | $@ | params_flow.rb:34:14:34:22 | call to taint : | call to taint : |
| params_flow.rb:50:10:50:11 | p1 | params_flow.rb:54:9:54:17 | call to taint : | params_flow.rb:50:10:50:11 | p1 | $@ | params_flow.rb:54:9:54:17 | call to taint : | call to taint : |
| params_flow.rb:50:10:50:11 | p1 | params_flow.rb:57:9:57:17 | call to taint : | params_flow.rb:50:10:50:11 | p1 | $@ | params_flow.rb:57:9:57:17 | call to taint : | call to taint : |
| params_flow.rb:64:10:64:13 | ...[...] | params_flow.rb:62:8:62:16 | call to taint : | params_flow.rb:64:10:64:13 | ...[...] | $@ | params_flow.rb:62:8:62:16 | call to taint : | call to taint : |
| params_flow.rb:10:10:10:11 | p1 | params_flow.rb:14:12:14:19 | call to taint | params_flow.rb:10:10:10:11 | p1 | $@ | params_flow.rb:14:12:14:19 | call to taint | call to taint |
| params_flow.rb:10:10:10:11 | p1 | params_flow.rb:44:12:44:20 | call to taint | params_flow.rb:10:10:10:11 | p1 | $@ | params_flow.rb:44:12:44:20 | call to taint | call to taint |
| params_flow.rb:11:10:11:11 | p2 | params_flow.rb:14:22:14:29 | call to taint | params_flow.rb:11:10:11:11 | p2 | $@ | params_flow.rb:14:22:14:29 | call to taint | call to taint |
| params_flow.rb:17:10:17:11 | p1 | params_flow.rb:21:13:21:20 | call to taint | params_flow.rb:17:10:17:11 | p1 | $@ | params_flow.rb:21:13:21:20 | call to taint | call to taint |
| params_flow.rb:17:10:17:11 | p1 | params_flow.rb:22:27:22:34 | call to taint | params_flow.rb:17:10:17:11 | p1 | $@ | params_flow.rb:22:27:22:34 | call to taint | call to taint |
| params_flow.rb:17:10:17:11 | p1 | params_flow.rb:23:33:23:40 | call to taint | params_flow.rb:17:10:17:11 | p1 | $@ | params_flow.rb:23:33:23:40 | call to taint | call to taint |
| params_flow.rb:17:10:17:11 | p1 | params_flow.rb:40:16:40:24 | call to taint | params_flow.rb:17:10:17:11 | p1 | $@ | params_flow.rb:40:16:40:24 | call to taint | call to taint |
| params_flow.rb:18:10:18:11 | p2 | params_flow.rb:21:27:21:34 | call to taint | params_flow.rb:18:10:18:11 | p2 | $@ | params_flow.rb:21:27:21:34 | call to taint | call to taint |
| params_flow.rb:18:10:18:11 | p2 | params_flow.rb:22:13:22:20 | call to taint | params_flow.rb:18:10:18:11 | p2 | $@ | params_flow.rb:22:13:22:20 | call to taint | call to taint |
| params_flow.rb:18:10:18:11 | p2 | params_flow.rb:23:16:23:23 | call to taint | params_flow.rb:18:10:18:11 | p2 | $@ | params_flow.rb:23:16:23:23 | call to taint | call to taint |
| params_flow.rb:18:10:18:11 | p2 | params_flow.rb:41:13:41:21 | call to taint | params_flow.rb:18:10:18:11 | p2 | $@ | params_flow.rb:41:13:41:21 | call to taint | call to taint |
| params_flow.rb:26:10:26:11 | p1 | params_flow.rb:33:12:33:19 | call to taint | params_flow.rb:26:10:26:11 | p1 | $@ | params_flow.rb:33:12:33:19 | call to taint | call to taint |
| params_flow.rb:26:10:26:11 | p1 | params_flow.rb:35:12:35:20 | call to taint | params_flow.rb:26:10:26:11 | p1 | $@ | params_flow.rb:35:12:35:20 | call to taint | call to taint |
| params_flow.rb:26:10:26:11 | p1 | params_flow.rb:37:16:37:24 | call to taint | params_flow.rb:26:10:26:11 | p1 | $@ | params_flow.rb:37:16:37:24 | call to taint | call to taint |
| params_flow.rb:28:10:28:22 | ( ... ) | params_flow.rb:33:26:33:34 | call to taint | params_flow.rb:28:10:28:22 | ( ... ) | $@ | params_flow.rb:33:26:33:34 | call to taint | call to taint |
| params_flow.rb:28:10:28:22 | ( ... ) | params_flow.rb:37:34:37:42 | call to taint | params_flow.rb:28:10:28:22 | ( ... ) | $@ | params_flow.rb:37:34:37:42 | call to taint | call to taint |
| params_flow.rb:29:10:29:22 | ( ... ) | params_flow.rb:33:41:33:49 | call to taint | params_flow.rb:29:10:29:22 | ( ... ) | $@ | params_flow.rb:33:41:33:49 | call to taint | call to taint |
| params_flow.rb:29:10:29:22 | ( ... ) | params_flow.rb:34:14:34:22 | call to taint | params_flow.rb:29:10:29:22 | ( ... ) | $@ | params_flow.rb:34:14:34:22 | call to taint | call to taint |
| params_flow.rb:50:10:50:11 | p1 | params_flow.rb:54:9:54:17 | call to taint | params_flow.rb:50:10:50:11 | p1 | $@ | params_flow.rb:54:9:54:17 | call to taint | call to taint |
| params_flow.rb:50:10:50:11 | p1 | params_flow.rb:57:9:57:17 | call to taint | params_flow.rb:50:10:50:11 | p1 | $@ | params_flow.rb:57:9:57:17 | call to taint | call to taint |
| params_flow.rb:64:10:64:13 | ...[...] | params_flow.rb:62:8:62:16 | call to taint | params_flow.rb:64:10:64:13 | ...[...] | $@ | params_flow.rb:62:8:62:16 | call to taint | call to taint |

520
ruby/ql/test/library-tests/dataflow/pathname-flow/pathame-flow.expected
View File

@@ -1,293 +1,293 @@
failures
edges
| pathname_flow.rb:4:5:4:6 | pn : | pathname_flow.rb:5:10:5:11 | pn |
| pathname_flow.rb:4:10:4:33 | call to new : | pathname_flow.rb:4:5:4:6 | pn : |
| pathname_flow.rb:4:23:4:32 | call to source : | pathname_flow.rb:4:10:4:33 | call to new : |
| pathname_flow.rb:9:3:9:3 | a : | pathname_flow.rb:11:8:11:12 | ... + ... |
| pathname_flow.rb:9:7:9:30 | call to new : | pathname_flow.rb:9:3:9:3 | a : |
| pathname_flow.rb:9:20:9:29 | call to source : | pathname_flow.rb:9:7:9:30 | call to new : |
| pathname_flow.rb:10:3:10:3 | b : | pathname_flow.rb:11:8:11:12 | ... + ... |
| pathname_flow.rb:10:7:10:30 | call to new : | pathname_flow.rb:10:3:10:3 | b : |
| pathname_flow.rb:10:20:10:29 | call to source : | pathname_flow.rb:10:7:10:30 | call to new : |
| pathname_flow.rb:15:3:15:4 | pn : | pathname_flow.rb:16:8:16:9 | pn : |
| pathname_flow.rb:15:8:15:31 | call to new : | pathname_flow.rb:15:3:15:4 | pn : |
| pathname_flow.rb:15:21:15:30 | call to source : | pathname_flow.rb:15:8:15:31 | call to new : |
| pathname_flow.rb:16:8:16:9 | pn : | pathname_flow.rb:16:8:16:17 | call to dirname |
| pathname_flow.rb:20:3:20:3 | a : | pathname_flow.rb:21:3:21:3 | a : |
| pathname_flow.rb:20:7:20:30 | call to new : | pathname_flow.rb:20:3:20:3 | a : |
| pathname_flow.rb:20:20:20:29 | call to source : | pathname_flow.rb:20:7:20:30 | call to new : |
| pathname_flow.rb:21:3:21:3 | a : | pathname_flow.rb:21:23:21:23 | x : |
| pathname_flow.rb:21:23:21:23 | x : | pathname_flow.rb:22:10:22:10 | x |
| pathname_flow.rb:27:3:27:3 | a : | pathname_flow.rb:28:8:28:8 | a : |
| pathname_flow.rb:27:7:27:30 | call to new : | pathname_flow.rb:27:3:27:3 | a : |
| pathname_flow.rb:27:20:27:29 | call to source : | pathname_flow.rb:27:7:27:30 | call to new : |
| pathname_flow.rb:28:8:28:8 | a : | pathname_flow.rb:28:8:28:22 | call to expand_path |
| pathname_flow.rb:32:3:32:3 | a : | pathname_flow.rb:35:8:35:8 | a : |
| pathname_flow.rb:32:7:32:30 | call to new : | pathname_flow.rb:32:3:32:3 | a : |
| pathname_flow.rb:32:20:32:29 | call to source : | pathname_flow.rb:32:7:32:30 | call to new : |
| pathname_flow.rb:34:3:34:3 | c : | pathname_flow.rb:35:18:35:18 | c : |
| pathname_flow.rb:34:7:34:30 | call to new : | pathname_flow.rb:34:3:34:3 | c : |
| pathname_flow.rb:34:20:34:29 | call to source : | pathname_flow.rb:34:7:34:30 | call to new : |
| pathname_flow.rb:35:8:35:8 | a : | pathname_flow.rb:35:8:35:19 | call to join |
| pathname_flow.rb:35:18:35:18 | c : | pathname_flow.rb:35:8:35:19 | call to join |
| pathname_flow.rb:39:3:39:3 | a : | pathname_flow.rb:40:8:40:8 | a : |
| pathname_flow.rb:39:7:39:30 | call to new : | pathname_flow.rb:39:3:39:3 | a : |
| pathname_flow.rb:39:20:39:29 | call to source : | pathname_flow.rb:39:7:39:30 | call to new : |
| pathname_flow.rb:40:8:40:8 | a : | pathname_flow.rb:40:8:40:17 | call to parent |
| pathname_flow.rb:44:3:44:3 | a : | pathname_flow.rb:45:8:45:8 | a : |
| pathname_flow.rb:44:7:44:30 | call to new : | pathname_flow.rb:44:3:44:3 | a : |
| pathname_flow.rb:44:20:44:29 | call to source : | pathname_flow.rb:44:7:44:30 | call to new : |
| pathname_flow.rb:45:8:45:8 | a : | pathname_flow.rb:45:8:45:19 | call to realpath |
| pathname_flow.rb:49:3:49:3 | a : | pathname_flow.rb:50:8:50:8 | a : |
| pathname_flow.rb:49:7:49:30 | call to new : | pathname_flow.rb:49:3:49:3 | a : |
| pathname_flow.rb:49:20:49:29 | call to source : | pathname_flow.rb:49:7:49:30 | call to new : |
| pathname_flow.rb:50:8:50:8 | a : | pathname_flow.rb:50:8:50:39 | call to relative_path_from |
| pathname_flow.rb:54:3:54:3 | a : | pathname_flow.rb:55:8:55:8 | a : |
| pathname_flow.rb:54:7:54:30 | call to new : | pathname_flow.rb:54:3:54:3 | a : |
| pathname_flow.rb:54:20:54:29 | call to source : | pathname_flow.rb:54:7:54:30 | call to new : |
| pathname_flow.rb:55:8:55:8 | a : | pathname_flow.rb:55:8:55:16 | call to to_path |
| pathname_flow.rb:59:3:59:3 | a : | pathname_flow.rb:60:8:60:8 | a : |
| pathname_flow.rb:59:7:59:30 | call to new : | pathname_flow.rb:59:3:59:3 | a : |
| pathname_flow.rb:59:20:59:29 | call to source : | pathname_flow.rb:59:7:59:30 | call to new : |
| pathname_flow.rb:60:8:60:8 | a : | pathname_flow.rb:60:8:60:13 | call to to_s |
| pathname_flow.rb:64:3:64:3 | a : | pathname_flow.rb:65:3:65:3 | b : |
| pathname_flow.rb:64:7:64:30 | call to new : | pathname_flow.rb:64:3:64:3 | a : |
| pathname_flow.rb:64:20:64:29 | call to source : | pathname_flow.rb:64:7:64:30 | call to new : |
| pathname_flow.rb:65:3:65:3 | b : | pathname_flow.rb:66:8:66:8 | b |
| pathname_flow.rb:70:3:70:3 | a : | pathname_flow.rb:71:3:71:3 | b : |
| pathname_flow.rb:70:7:70:30 | call to new : | pathname_flow.rb:70:3:70:3 | a : |
| pathname_flow.rb:70:20:70:29 | call to source : | pathname_flow.rb:70:7:70:30 | call to new : |
| pathname_flow.rb:71:3:71:3 | b : | pathname_flow.rb:72:8:72:8 | b |
| pathname_flow.rb:76:3:76:3 | a : | pathname_flow.rb:77:7:77:7 | a : |
| pathname_flow.rb:76:7:76:30 | call to new : | pathname_flow.rb:76:3:76:3 | a : |
| pathname_flow.rb:76:20:76:29 | call to source : | pathname_flow.rb:76:7:76:30 | call to new : |
| pathname_flow.rb:77:3:77:3 | b : | pathname_flow.rb:78:8:78:8 | b |
| pathname_flow.rb:77:7:77:7 | a : | pathname_flow.rb:77:7:77:16 | call to basename : |
| pathname_flow.rb:77:7:77:16 | call to basename : | pathname_flow.rb:77:3:77:3 | b : |
| pathname_flow.rb:82:3:82:3 | a : | pathname_flow.rb:83:7:83:7 | a : |
| pathname_flow.rb:82:7:82:30 | call to new : | pathname_flow.rb:82:3:82:3 | a : |
| pathname_flow.rb:82:20:82:29 | call to source : | pathname_flow.rb:82:7:82:30 | call to new : |
| pathname_flow.rb:83:3:83:3 | b : | pathname_flow.rb:84:8:84:8 | b |
| pathname_flow.rb:83:7:83:7 | a : | pathname_flow.rb:83:7:83:17 | call to cleanpath : |
| pathname_flow.rb:83:7:83:17 | call to cleanpath : | pathname_flow.rb:83:3:83:3 | b : |
| pathname_flow.rb:88:3:88:3 | a : | pathname_flow.rb:89:7:89:7 | a : |
| pathname_flow.rb:88:7:88:30 | call to new : | pathname_flow.rb:88:3:88:3 | a : |
| pathname_flow.rb:88:20:88:29 | call to source : | pathname_flow.rb:88:7:88:30 | call to new : |
| pathname_flow.rb:89:3:89:3 | b : | pathname_flow.rb:90:8:90:8 | b |
| pathname_flow.rb:89:7:89:7 | a : | pathname_flow.rb:89:7:89:25 | call to sub : |
| pathname_flow.rb:89:7:89:25 | call to sub : | pathname_flow.rb:89:3:89:3 | b : |
| pathname_flow.rb:94:3:94:3 | a : | pathname_flow.rb:95:7:95:7 | a : |
| pathname_flow.rb:94:7:94:30 | call to new : | pathname_flow.rb:94:3:94:3 | a : |
| pathname_flow.rb:94:20:94:29 | call to source : | pathname_flow.rb:94:7:94:30 | call to new : |
| pathname_flow.rb:95:3:95:3 | b : | pathname_flow.rb:96:8:96:8 | b |
| pathname_flow.rb:95:7:95:7 | a : | pathname_flow.rb:95:7:95:23 | call to sub_ext : |
| pathname_flow.rb:95:7:95:23 | call to sub_ext : | pathname_flow.rb:95:3:95:3 | b : |
| pathname_flow.rb:101:3:101:3 | a : | pathname_flow.rb:103:3:103:3 | b : |
| pathname_flow.rb:101:3:101:3 | a : | pathname_flow.rb:106:3:106:3 | c : |
| pathname_flow.rb:101:3:101:3 | a : | pathname_flow.rb:109:7:109:7 | a : |
| pathname_flow.rb:101:3:101:3 | a : | pathname_flow.rb:112:7:112:7 | a : |
| pathname_flow.rb:101:3:101:3 | a : | pathname_flow.rb:115:7:115:7 | a : |
| pathname_flow.rb:101:3:101:3 | a : | pathname_flow.rb:118:7:118:7 | a : |
| pathname_flow.rb:101:3:101:3 | a : | pathname_flow.rb:121:7:121:7 | a : |
| pathname_flow.rb:101:3:101:3 | a : | pathname_flow.rb:124:7:124:7 | a : |
| pathname_flow.rb:101:3:101:3 | a : | pathname_flow.rb:127:7:127:7 | a : |
| pathname_flow.rb:101:3:101:3 | a : | pathname_flow.rb:130:7:130:7 | a : |
| pathname_flow.rb:101:3:101:3 | a : | pathname_flow.rb:133:7:133:7 | a : |
| pathname_flow.rb:101:7:101:30 | call to new : | pathname_flow.rb:101:3:101:3 | a : |
| pathname_flow.rb:101:20:101:29 | call to source : | pathname_flow.rb:101:7:101:30 | call to new : |
| pathname_flow.rb:103:3:103:3 | b : | pathname_flow.rb:104:8:104:8 | b : |
| pathname_flow.rb:104:8:104:8 | b : | pathname_flow.rb:104:8:104:17 | call to realpath |
| pathname_flow.rb:106:3:106:3 | c : | pathname_flow.rb:107:8:107:8 | c : |
| pathname_flow.rb:107:8:107:8 | c : | pathname_flow.rb:107:8:107:17 | call to realpath |
| pathname_flow.rb:109:3:109:3 | d : | pathname_flow.rb:110:8:110:8 | d : |
| pathname_flow.rb:109:7:109:7 | a : | pathname_flow.rb:109:7:109:16 | call to basename : |
| pathname_flow.rb:109:7:109:16 | call to basename : | pathname_flow.rb:109:3:109:3 | d : |
| pathname_flow.rb:110:8:110:8 | d : | pathname_flow.rb:110:8:110:17 | call to realpath |
| pathname_flow.rb:112:3:112:3 | e : | pathname_flow.rb:113:8:113:8 | e : |
| pathname_flow.rb:112:7:112:7 | a : | pathname_flow.rb:112:7:112:17 | call to cleanpath : |
| pathname_flow.rb:112:7:112:17 | call to cleanpath : | pathname_flow.rb:112:3:112:3 | e : |
| pathname_flow.rb:113:8:113:8 | e : | pathname_flow.rb:113:8:113:17 | call to realpath |
| pathname_flow.rb:115:3:115:3 | f : | pathname_flow.rb:116:8:116:8 | f : |
| pathname_flow.rb:115:7:115:7 | a : | pathname_flow.rb:115:7:115:19 | call to expand_path : |
| pathname_flow.rb:115:7:115:19 | call to expand_path : | pathname_flow.rb:115:3:115:3 | f : |
| pathname_flow.rb:116:8:116:8 | f : | pathname_flow.rb:116:8:116:17 | call to realpath |
| pathname_flow.rb:118:3:118:3 | g : | pathname_flow.rb:119:8:119:8 | g : |
| pathname_flow.rb:118:7:118:7 | a : | pathname_flow.rb:118:7:118:19 | call to join : |
| pathname_flow.rb:118:7:118:19 | call to join : | pathname_flow.rb:118:3:118:3 | g : |
| pathname_flow.rb:119:8:119:8 | g : | pathname_flow.rb:119:8:119:17 | call to realpath |
| pathname_flow.rb:121:3:121:3 | h : | pathname_flow.rb:122:8:122:8 | h : |
| pathname_flow.rb:121:7:121:7 | a : | pathname_flow.rb:121:7:121:16 | call to realpath : |
| pathname_flow.rb:121:7:121:16 | call to realpath : | pathname_flow.rb:121:3:121:3 | h : |
| pathname_flow.rb:122:8:122:8 | h : | pathname_flow.rb:122:8:122:17 | call to realpath |
| pathname_flow.rb:124:3:124:3 | i : | pathname_flow.rb:125:8:125:8 | i : |
| pathname_flow.rb:124:7:124:7 | a : | pathname_flow.rb:124:7:124:38 | call to relative_path_from : |
| pathname_flow.rb:124:7:124:38 | call to relative_path_from : | pathname_flow.rb:124:3:124:3 | i : |
| pathname_flow.rb:125:8:125:8 | i : | pathname_flow.rb:125:8:125:17 | call to realpath |
| pathname_flow.rb:127:3:127:3 | j : | pathname_flow.rb:128:8:128:8 | j : |
| pathname_flow.rb:127:7:127:7 | a : | pathname_flow.rb:127:7:127:25 | call to sub : |
| pathname_flow.rb:127:7:127:25 | call to sub : | pathname_flow.rb:127:3:127:3 | j : |
| pathname_flow.rb:128:8:128:8 | j : | pathname_flow.rb:128:8:128:17 | call to realpath |
| pathname_flow.rb:130:3:130:3 | k : | pathname_flow.rb:131:8:131:8 | k : |
| pathname_flow.rb:130:7:130:7 | a : | pathname_flow.rb:130:7:130:23 | call to sub_ext : |
| pathname_flow.rb:130:7:130:23 | call to sub_ext : | pathname_flow.rb:130:3:130:3 | k : |
| pathname_flow.rb:131:8:131:8 | k : | pathname_flow.rb:131:8:131:17 | call to realpath |
| pathname_flow.rb:133:3:133:3 | l : | pathname_flow.rb:134:8:134:8 | l : |
| pathname_flow.rb:133:7:133:7 | a : | pathname_flow.rb:133:7:133:15 | call to to_path : |
| pathname_flow.rb:133:7:133:15 | call to to_path : | pathname_flow.rb:133:3:133:3 | l : |
| pathname_flow.rb:134:8:134:8 | l : | pathname_flow.rb:134:8:134:17 | call to realpath |
| pathname_flow.rb:4:5:4:6 | pn | pathname_flow.rb:5:10:5:11 | pn |
| pathname_flow.rb:4:10:4:33 | call to new | pathname_flow.rb:4:5:4:6 | pn |
| pathname_flow.rb:4:23:4:32 | call to source | pathname_flow.rb:4:10:4:33 | call to new |
| pathname_flow.rb:9:3:9:3 | a | pathname_flow.rb:11:8:11:12 | ... + ... |
| pathname_flow.rb:9:7:9:30 | call to new | pathname_flow.rb:9:3:9:3 | a |
| pathname_flow.rb:9:20:9:29 | call to source | pathname_flow.rb:9:7:9:30 | call to new |
| pathname_flow.rb:10:3:10:3 | b | pathname_flow.rb:11:8:11:12 | ... + ... |
| pathname_flow.rb:10:7:10:30 | call to new | pathname_flow.rb:10:3:10:3 | b |
| pathname_flow.rb:10:20:10:29 | call to source | pathname_flow.rb:10:7:10:30 | call to new |
| pathname_flow.rb:15:3:15:4 | pn | pathname_flow.rb:16:8:16:9 | pn |
| pathname_flow.rb:15:8:15:31 | call to new | pathname_flow.rb:15:3:15:4 | pn |
| pathname_flow.rb:15:21:15:30 | call to source | pathname_flow.rb:15:8:15:31 | call to new |
| pathname_flow.rb:16:8:16:9 | pn | pathname_flow.rb:16:8:16:17 | call to dirname |
| pathname_flow.rb:20:3:20:3 | a | pathname_flow.rb:21:3:21:3 | a |
| pathname_flow.rb:20:7:20:30 | call to new | pathname_flow.rb:20:3:20:3 | a |
| pathname_flow.rb:20:20:20:29 | call to source | pathname_flow.rb:20:7:20:30 | call to new |
| pathname_flow.rb:21:3:21:3 | a | pathname_flow.rb:21:23:21:23 | x |
| pathname_flow.rb:21:23:21:23 | x | pathname_flow.rb:22:10:22:10 | x |
| pathname_flow.rb:27:3:27:3 | a | pathname_flow.rb:28:8:28:8 | a |
| pathname_flow.rb:27:7:27:30 | call to new | pathname_flow.rb:27:3:27:3 | a |
| pathname_flow.rb:27:20:27:29 | call to source | pathname_flow.rb:27:7:27:30 | call to new |
| pathname_flow.rb:28:8:28:8 | a | pathname_flow.rb:28:8:28:22 | call to expand_path |
| pathname_flow.rb:32:3:32:3 | a | pathname_flow.rb:35:8:35:8 | a |
| pathname_flow.rb:32:7:32:30 | call to new | pathname_flow.rb:32:3:32:3 | a |
| pathname_flow.rb:32:20:32:29 | call to source | pathname_flow.rb:32:7:32:30 | call to new |
| pathname_flow.rb:34:3:34:3 | c | pathname_flow.rb:35:18:35:18 | c |
| pathname_flow.rb:34:7:34:30 | call to new | pathname_flow.rb:34:3:34:3 | c |
| pathname_flow.rb:34:20:34:29 | call to source | pathname_flow.rb:34:7:34:30 | call to new |
| pathname_flow.rb:35:8:35:8 | a | pathname_flow.rb:35:8:35:19 | call to join |
| pathname_flow.rb:35:18:35:18 | c | pathname_flow.rb:35:8:35:19 | call to join |
| pathname_flow.rb:39:3:39:3 | a | pathname_flow.rb:40:8:40:8 | a |
| pathname_flow.rb:39:7:39:30 | call to new | pathname_flow.rb:39:3:39:3 | a |
| pathname_flow.rb:39:20:39:29 | call to source | pathname_flow.rb:39:7:39:30 | call to new |
| pathname_flow.rb:40:8:40:8 | a | pathname_flow.rb:40:8:40:17 | call to parent |
| pathname_flow.rb:44:3:44:3 | a | pathname_flow.rb:45:8:45:8 | a |
| pathname_flow.rb:44:7:44:30 | call to new | pathname_flow.rb:44:3:44:3 | a |
| pathname_flow.rb:44:20:44:29 | call to source | pathname_flow.rb:44:7:44:30 | call to new |
| pathname_flow.rb:45:8:45:8 | a | pathname_flow.rb:45:8:45:19 | call to realpath |
| pathname_flow.rb:49:3:49:3 | a | pathname_flow.rb:50:8:50:8 | a |
| pathname_flow.rb:49:7:49:30 | call to new | pathname_flow.rb:49:3:49:3 | a |
| pathname_flow.rb:49:20:49:29 | call to source | pathname_flow.rb:49:7:49:30 | call to new |
| pathname_flow.rb:50:8:50:8 | a | pathname_flow.rb:50:8:50:39 | call to relative_path_from |
| pathname_flow.rb:54:3:54:3 | a | pathname_flow.rb:55:8:55:8 | a |
| pathname_flow.rb:54:7:54:30 | call to new | pathname_flow.rb:54:3:54:3 | a |
| pathname_flow.rb:54:20:54:29 | call to source | pathname_flow.rb:54:7:54:30 | call to new |
| pathname_flow.rb:55:8:55:8 | a | pathname_flow.rb:55:8:55:16 | call to to_path |
| pathname_flow.rb:59:3:59:3 | a | pathname_flow.rb:60:8:60:8 | a |
| pathname_flow.rb:59:7:59:30 | call to new | pathname_flow.rb:59:3:59:3 | a |
| pathname_flow.rb:59:20:59:29 | call to source | pathname_flow.rb:59:7:59:30 | call to new |
| pathname_flow.rb:60:8:60:8 | a | pathname_flow.rb:60:8:60:13 | call to to_s |
| pathname_flow.rb:64:3:64:3 | a | pathname_flow.rb:65:3:65:3 | b |
| pathname_flow.rb:64:7:64:30 | call to new | pathname_flow.rb:64:3:64:3 | a |
| pathname_flow.rb:64:20:64:29 | call to source | pathname_flow.rb:64:7:64:30 | call to new |
| pathname_flow.rb:65:3:65:3 | b | pathname_flow.rb:66:8:66:8 | b |
| pathname_flow.rb:70:3:70:3 | a | pathname_flow.rb:71:3:71:3 | b |
| pathname_flow.rb:70:7:70:30 | call to new | pathname_flow.rb:70:3:70:3 | a |
| pathname_flow.rb:70:20:70:29 | call to source | pathname_flow.rb:70:7:70:30 | call to new |
| pathname_flow.rb:71:3:71:3 | b | pathname_flow.rb:72:8:72:8 | b |
| pathname_flow.rb:76:3:76:3 | a | pathname_flow.rb:77:7:77:7 | a |
| pathname_flow.rb:76:7:76:30 | call to new | pathname_flow.rb:76:3:76:3 | a |
| pathname_flow.rb:76:20:76:29 | call to source | pathname_flow.rb:76:7:76:30 | call to new |
| pathname_flow.rb:77:3:77:3 | b | pathname_flow.rb:78:8:78:8 | b |
| pathname_flow.rb:77:7:77:7 | a | pathname_flow.rb:77:7:77:16 | call to basename |
| pathname_flow.rb:77:7:77:16 | call to basename | pathname_flow.rb:77:3:77:3 | b |
| pathname_flow.rb:82:3:82:3 | a | pathname_flow.rb:83:7:83:7 | a |
| pathname_flow.rb:82:7:82:30 | call to new | pathname_flow.rb:82:3:82:3 | a |
| pathname_flow.rb:82:20:82:29 | call to source | pathname_flow.rb:82:7:82:30 | call to new |
| pathname_flow.rb:83:3:83:3 | b | pathname_flow.rb:84:8:84:8 | b |
| pathname_flow.rb:83:7:83:7 | a | pathname_flow.rb:83:7:83:17 | call to cleanpath |
| pathname_flow.rb:83:7:83:17 | call to cleanpath | pathname_flow.rb:83:3:83:3 | b |
| pathname_flow.rb:88:3:88:3 | a | pathname_flow.rb:89:7:89:7 | a |
| pathname_flow.rb:88:7:88:30 | call to new | pathname_flow.rb:88:3:88:3 | a |
| pathname_flow.rb:88:20:88:29 | call to source | pathname_flow.rb:88:7:88:30 | call to new |
| pathname_flow.rb:89:3:89:3 | b | pathname_flow.rb:90:8:90:8 | b |
| pathname_flow.rb:89:7:89:7 | a | pathname_flow.rb:89:7:89:25 | call to sub |
| pathname_flow.rb:89:7:89:25 | call to sub | pathname_flow.rb:89:3:89:3 | b |
| pathname_flow.rb:94:3:94:3 | a | pathname_flow.rb:95:7:95:7 | a |
| pathname_flow.rb:94:7:94:30 | call to new | pathname_flow.rb:94:3:94:3 | a |
| pathname_flow.rb:94:20:94:29 | call to source | pathname_flow.rb:94:7:94:30 | call to new |
| pathname_flow.rb:95:3:95:3 | b | pathname_flow.rb:96:8:96:8 | b |
| pathname_flow.rb:95:7:95:7 | a | pathname_flow.rb:95:7:95:23 | call to sub_ext |
| pathname_flow.rb:95:7:95:23 | call to sub_ext | pathname_flow.rb:95:3:95:3 | b |
| pathname_flow.rb:101:3:101:3 | a | pathname_flow.rb:103:3:103:3 | b |
| pathname_flow.rb:101:3:101:3 | a | pathname_flow.rb:106:3:106:3 | c |
| pathname_flow.rb:101:3:101:3 | a | pathname_flow.rb:109:7:109:7 | a |
| pathname_flow.rb:101:3:101:3 | a | pathname_flow.rb:112:7:112:7 | a |
| pathname_flow.rb:101:3:101:3 | a | pathname_flow.rb:115:7:115:7 | a |
| pathname_flow.rb:101:3:101:3 | a | pathname_flow.rb:118:7:118:7 | a |
| pathname_flow.rb:101:3:101:3 | a | pathname_flow.rb:121:7:121:7 | a |
| pathname_flow.rb:101:3:101:3 | a | pathname_flow.rb:124:7:124:7 | a |
| pathname_flow.rb:101:3:101:3 | a | pathname_flow.rb:127:7:127:7 | a |
| pathname_flow.rb:101:3:101:3 | a | pathname_flow.rb:130:7:130:7 | a |
| pathname_flow.rb:101:3:101:3 | a | pathname_flow.rb:133:7:133:7 | a |
| pathname_flow.rb:101:7:101:30 | call to new | pathname_flow.rb:101:3:101:3 | a |
| pathname_flow.rb:101:20:101:29 | call to source | pathname_flow.rb:101:7:101:30 | call to new |
| pathname_flow.rb:103:3:103:3 | b | pathname_flow.rb:104:8:104:8 | b |
| pathname_flow.rb:104:8:104:8 | b | pathname_flow.rb:104:8:104:17 | call to realpath |
| pathname_flow.rb:106:3:106:3 | c | pathname_flow.rb:107:8:107:8 | c |
| pathname_flow.rb:107:8:107:8 | c | pathname_flow.rb:107:8:107:17 | call to realpath |
| pathname_flow.rb:109:3:109:3 | d | pathname_flow.rb:110:8:110:8 | d |
| pathname_flow.rb:109:7:109:7 | a | pathname_flow.rb:109:7:109:16 | call to basename |
| pathname_flow.rb:109:7:109:16 | call to basename | pathname_flow.rb:109:3:109:3 | d |
| pathname_flow.rb:110:8:110:8 | d | pathname_flow.rb:110:8:110:17 | call to realpath |
| pathname_flow.rb:112:3:112:3 | e | pathname_flow.rb:113:8:113:8 | e |
| pathname_flow.rb:112:7:112:7 | a | pathname_flow.rb:112:7:112:17 | call to cleanpath |
| pathname_flow.rb:112:7:112:17 | call to cleanpath | pathname_flow.rb:112:3:112:3 | e |
| pathname_flow.rb:113:8:113:8 | e | pathname_flow.rb:113:8:113:17 | call to realpath |
| pathname_flow.rb:115:3:115:3 | f | pathname_flow.rb:116:8:116:8 | f |
| pathname_flow.rb:115:7:115:7 | a | pathname_flow.rb:115:7:115:19 | call to expand_path |
| pathname_flow.rb:115:7:115:19 | call to expand_path | pathname_flow.rb:115:3:115:3 | f |
| pathname_flow.rb:116:8:116:8 | f | pathname_flow.rb:116:8:116:17 | call to realpath |
| pathname_flow.rb:118:3:118:3 | g | pathname_flow.rb:119:8:119:8 | g |
| pathname_flow.rb:118:7:118:7 | a | pathname_flow.rb:118:7:118:19 | call to join |
| pathname_flow.rb:118:7:118:19 | call to join | pathname_flow.rb:118:3:118:3 | g |
| pathname_flow.rb:119:8:119:8 | g | pathname_flow.rb:119:8:119:17 | call to realpath |
| pathname_flow.rb:121:3:121:3 | h | pathname_flow.rb:122:8:122:8 | h |
| pathname_flow.rb:121:7:121:7 | a | pathname_flow.rb:121:7:121:16 | call to realpath |
| pathname_flow.rb:121:7:121:16 | call to realpath | pathname_flow.rb:121:3:121:3 | h |
| pathname_flow.rb:122:8:122:8 | h | pathname_flow.rb:122:8:122:17 | call to realpath |
| pathname_flow.rb:124:3:124:3 | i | pathname_flow.rb:125:8:125:8 | i |
| pathname_flow.rb:124:7:124:7 | a | pathname_flow.rb:124:7:124:38 | call to relative_path_from |
| pathname_flow.rb:124:7:124:38 | call to relative_path_from | pathname_flow.rb:124:3:124:3 | i |
| pathname_flow.rb:125:8:125:8 | i | pathname_flow.rb:125:8:125:17 | call to realpath |
| pathname_flow.rb:127:3:127:3 | j | pathname_flow.rb:128:8:128:8 | j |
| pathname_flow.rb:127:7:127:7 | a | pathname_flow.rb:127:7:127:25 | call to sub |
| pathname_flow.rb:127:7:127:25 | call to sub | pathname_flow.rb:127:3:127:3 | j |
| pathname_flow.rb:128:8:128:8 | j | pathname_flow.rb:128:8:128:17 | call to realpath |
| pathname_flow.rb:130:3:130:3 | k | pathname_flow.rb:131:8:131:8 | k |
| pathname_flow.rb:130:7:130:7 | a | pathname_flow.rb:130:7:130:23 | call to sub_ext |
| pathname_flow.rb:130:7:130:23 | call to sub_ext | pathname_flow.rb:130:3:130:3 | k |
| pathname_flow.rb:131:8:131:8 | k | pathname_flow.rb:131:8:131:17 | call to realpath |
| pathname_flow.rb:133:3:133:3 | l | pathname_flow.rb:134:8:134:8 | l |
| pathname_flow.rb:133:7:133:7 | a | pathname_flow.rb:133:7:133:15 | call to to_path |
| pathname_flow.rb:133:7:133:15 | call to to_path | pathname_flow.rb:133:3:133:3 | l |
| pathname_flow.rb:134:8:134:8 | l | pathname_flow.rb:134:8:134:17 | call to realpath |
nodes
| pathname_flow.rb:4:5:4:6 | pn : | semmle.label | pn : |
| pathname_flow.rb:4:10:4:33 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:4:23:4:32 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:4:5:4:6 | pn | semmle.label | pn |
| pathname_flow.rb:4:10:4:33 | call to new | semmle.label | call to new |
| pathname_flow.rb:4:23:4:32 | call to source | semmle.label | call to source |
| pathname_flow.rb:5:10:5:11 | pn | semmle.label | pn |
| pathname_flow.rb:9:3:9:3 | a : | semmle.label | a : |
| pathname_flow.rb:9:7:9:30 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:9:20:9:29 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:10:3:10:3 | b : | semmle.label | b : |
| pathname_flow.rb:10:7:10:30 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:10:20:10:29 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:9:3:9:3 | a | semmle.label | a |
| pathname_flow.rb:9:7:9:30 | call to new | semmle.label | call to new |
| pathname_flow.rb:9:20:9:29 | call to source | semmle.label | call to source |
| pathname_flow.rb:10:3:10:3 | b | semmle.label | b |
| pathname_flow.rb:10:7:10:30 | call to new | semmle.label | call to new |
| pathname_flow.rb:10:20:10:29 | call to source | semmle.label | call to source |
| pathname_flow.rb:11:8:11:12 | ... + ... | semmle.label | ... + ... |
| pathname_flow.rb:15:3:15:4 | pn : | semmle.label | pn : |
| pathname_flow.rb:15:8:15:31 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:15:21:15:30 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:16:8:16:9 | pn : | semmle.label | pn : |
| pathname_flow.rb:15:3:15:4 | pn | semmle.label | pn |
| pathname_flow.rb:15:8:15:31 | call to new | semmle.label | call to new |
| pathname_flow.rb:15:21:15:30 | call to source | semmle.label | call to source |
| pathname_flow.rb:16:8:16:9 | pn | semmle.label | pn |
| pathname_flow.rb:16:8:16:17 | call to dirname | semmle.label | call to dirname |
| pathname_flow.rb:20:3:20:3 | a : | semmle.label | a : |
| pathname_flow.rb:20:7:20:30 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:20:20:20:29 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:21:3:21:3 | a : | semmle.label | a : |
| pathname_flow.rb:21:23:21:23 | x : | semmle.label | x : |
| pathname_flow.rb:20:3:20:3 | a | semmle.label | a |
| pathname_flow.rb:20:7:20:30 | call to new | semmle.label | call to new |
| pathname_flow.rb:20:20:20:29 | call to source | semmle.label | call to source |
| pathname_flow.rb:21:3:21:3 | a | semmle.label | a |
| pathname_flow.rb:21:23:21:23 | x | semmle.label | x |
| pathname_flow.rb:22:10:22:10 | x | semmle.label | x |
| pathname_flow.rb:27:3:27:3 | a : | semmle.label | a : |
| pathname_flow.rb:27:7:27:30 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:27:20:27:29 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:28:8:28:8 | a : | semmle.label | a : |
| pathname_flow.rb:27:3:27:3 | a | semmle.label | a |
| pathname_flow.rb:27:7:27:30 | call to new | semmle.label | call to new |
| pathname_flow.rb:27:20:27:29 | call to source | semmle.label | call to source |
| pathname_flow.rb:28:8:28:8 | a | semmle.label | a |
| pathname_flow.rb:28:8:28:22 | call to expand_path | semmle.label | call to expand_path |
| pathname_flow.rb:32:3:32:3 | a : | semmle.label | a : |
| pathname_flow.rb:32:7:32:30 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:32:20:32:29 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:34:3:34:3 | c : | semmle.label | c : |
| pathname_flow.rb:34:7:34:30 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:34:20:34:29 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:35:8:35:8 | a : | semmle.label | a : |
| pathname_flow.rb:32:3:32:3 | a | semmle.label | a |
| pathname_flow.rb:32:7:32:30 | call to new | semmle.label | call to new |
| pathname_flow.rb:32:20:32:29 | call to source | semmle.label | call to source |
| pathname_flow.rb:34:3:34:3 | c | semmle.label | c |
| pathname_flow.rb:34:7:34:30 | call to new | semmle.label | call to new |
| pathname_flow.rb:34:20:34:29 | call to source | semmle.label | call to source |
| pathname_flow.rb:35:8:35:8 | a | semmle.label | a |
| pathname_flow.rb:35:8:35:19 | call to join | semmle.label | call to join |
| pathname_flow.rb:35:18:35:18 | c : | semmle.label | c : |
| pathname_flow.rb:39:3:39:3 | a : | semmle.label | a : |
| pathname_flow.rb:39:7:39:30 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:39:20:39:29 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:40:8:40:8 | a : | semmle.label | a : |
| pathname_flow.rb:35:18:35:18 | c | semmle.label | c |
| pathname_flow.rb:39:3:39:3 | a | semmle.label | a |
| pathname_flow.rb:39:7:39:30 | call to new | semmle.label | call to new |
| pathname_flow.rb:39:20:39:29 | call to source | semmle.label | call to source |
| pathname_flow.rb:40:8:40:8 | a | semmle.label | a |
| pathname_flow.rb:40:8:40:17 | call to parent | semmle.label | call to parent |
| pathname_flow.rb:44:3:44:3 | a : | semmle.label | a : |
| pathname_flow.rb:44:7:44:30 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:44:20:44:29 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:45:8:45:8 | a : | semmle.label | a : |
| pathname_flow.rb:44:3:44:3 | a | semmle.label | a |
| pathname_flow.rb:44:7:44:30 | call to new | semmle.label | call to new |
| pathname_flow.rb:44:20:44:29 | call to source | semmle.label | call to source |
| pathname_flow.rb:45:8:45:8 | a | semmle.label | a |
| pathname_flow.rb:45:8:45:19 | call to realpath | semmle.label | call to realpath |
| pathname_flow.rb:49:3:49:3 | a : | semmle.label | a : |
| pathname_flow.rb:49:7:49:30 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:49:20:49:29 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:50:8:50:8 | a : | semmle.label | a : |
| pathname_flow.rb:49:3:49:3 | a | semmle.label | a |
| pathname_flow.rb:49:7:49:30 | call to new | semmle.label | call to new |
| pathname_flow.rb:49:20:49:29 | call to source | semmle.label | call to source |
| pathname_flow.rb:50:8:50:8 | a | semmle.label | a |
| pathname_flow.rb:50:8:50:39 | call to relative_path_from | semmle.label | call to relative_path_from |
| pathname_flow.rb:54:3:54:3 | a : | semmle.label | a : |
| pathname_flow.rb:54:7:54:30 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:54:20:54:29 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:55:8:55:8 | a : | semmle.label | a : |
| pathname_flow.rb:54:3:54:3 | a | semmle.label | a |
| pathname_flow.rb:54:7:54:30 | call to new | semmle.label | call to new |
| pathname_flow.rb:54:20:54:29 | call to source | semmle.label | call to source |
| pathname_flow.rb:55:8:55:8 | a | semmle.label | a |
| pathname_flow.rb:55:8:55:16 | call to to_path | semmle.label | call to to_path |
| pathname_flow.rb:59:3:59:3 | a : | semmle.label | a : |
| pathname_flow.rb:59:7:59:30 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:59:20:59:29 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:60:8:60:8 | a : | semmle.label | a : |
| pathname_flow.rb:59:3:59:3 | a | semmle.label | a |
| pathname_flow.rb:59:7:59:30 | call to new | semmle.label | call to new |
| pathname_flow.rb:59:20:59:29 | call to source | semmle.label | call to source |
| pathname_flow.rb:60:8:60:8 | a | semmle.label | a |
| pathname_flow.rb:60:8:60:13 | call to to_s | semmle.label | call to to_s |
| pathname_flow.rb:64:3:64:3 | a : | semmle.label | a : |
| pathname_flow.rb:64:7:64:30 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:64:20:64:29 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:65:3:65:3 | b : | semmle.label | b : |
| pathname_flow.rb:64:3:64:3 | a | semmle.label | a |
| pathname_flow.rb:64:7:64:30 | call to new | semmle.label | call to new |
| pathname_flow.rb:64:20:64:29 | call to source | semmle.label | call to source |
| pathname_flow.rb:65:3:65:3 | b | semmle.label | b |
| pathname_flow.rb:66:8:66:8 | b | semmle.label | b |
| pathname_flow.rb:70:3:70:3 | a : | semmle.label | a : |
| pathname_flow.rb:70:7:70:30 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:70:20:70:29 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:71:3:71:3 | b : | semmle.label | b : |
| pathname_flow.rb:70:3:70:3 | a | semmle.label | a |
| pathname_flow.rb:70:7:70:30 | call to new | semmle.label | call to new |
| pathname_flow.rb:70:20:70:29 | call to source | semmle.label | call to source |
| pathname_flow.rb:71:3:71:3 | b | semmle.label | b |
| pathname_flow.rb:72:8:72:8 | b | semmle.label | b |
| pathname_flow.rb:76:3:76:3 | a : | semmle.label | a : |
| pathname_flow.rb:76:7:76:30 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:76:20:76:29 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:77:3:77:3 | b : | semmle.label | b : |
| pathname_flow.rb:77:7:77:7 | a : | semmle.label | a : |
| pathname_flow.rb:77:7:77:16 | call to basename : | semmle.label | call to basename : |
| pathname_flow.rb:76:3:76:3 | a | semmle.label | a |
| pathname_flow.rb:76:7:76:30 | call to new | semmle.label | call to new |
| pathname_flow.rb:76:20:76:29 | call to source | semmle.label | call to source |
| pathname_flow.rb:77:3:77:3 | b | semmle.label | b |
| pathname_flow.rb:77:7:77:7 | a | semmle.label | a |
| pathname_flow.rb:77:7:77:16 | call to basename | semmle.label | call to basename |
| pathname_flow.rb:78:8:78:8 | b | semmle.label | b |
| pathname_flow.rb:82:3:82:3 | a : | semmle.label | a : |
| pathname_flow.rb:82:7:82:30 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:82:20:82:29 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:83:3:83:3 | b : | semmle.label | b : |
| pathname_flow.rb:83:7:83:7 | a : | semmle.label | a : |
| pathname_flow.rb:83:7:83:17 | call to cleanpath : | semmle.label | call to cleanpath : |
| pathname_flow.rb:82:3:82:3 | a | semmle.label | a |
| pathname_flow.rb:82:7:82:30 | call to new | semmle.label | call to new |
| pathname_flow.rb:82:20:82:29 | call to source | semmle.label | call to source |
| pathname_flow.rb:83:3:83:3 | b | semmle.label | b |
| pathname_flow.rb:83:7:83:7 | a | semmle.label | a |
| pathname_flow.rb:83:7:83:17 | call to cleanpath | semmle.label | call to cleanpath |
| pathname_flow.rb:84:8:84:8 | b | semmle.label | b |
| pathname_flow.rb:88:3:88:3 | a : | semmle.label | a : |
| pathname_flow.rb:88:7:88:30 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:88:20:88:29 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:89:3:89:3 | b : | semmle.label | b : |
| pathname_flow.rb:89:7:89:7 | a : | semmle.label | a : |
| pathname_flow.rb:89:7:89:25 | call to sub : | semmle.label | call to sub : |
| pathname_flow.rb:88:3:88:3 | a | semmle.label | a |
| pathname_flow.rb:88:7:88:30 | call to new | semmle.label | call to new |
| pathname_flow.rb:88:20:88:29 | call to source | semmle.label | call to source |
| pathname_flow.rb:89:3:89:3 | b | semmle.label | b |
| pathname_flow.rb:89:7:89:7 | a | semmle.label | a |
| pathname_flow.rb:89:7:89:25 | call to sub | semmle.label | call to sub |
| pathname_flow.rb:90:8:90:8 | b | semmle.label | b |
| pathname_flow.rb:94:3:94:3 | a : | semmle.label | a : |
| pathname_flow.rb:94:7:94:30 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:94:20:94:29 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:95:3:95:3 | b : | semmle.label | b : |
| pathname_flow.rb:95:7:95:7 | a : | semmle.label | a : |
| pathname_flow.rb:95:7:95:23 | call to sub_ext : | semmle.label | call to sub_ext : |
| pathname_flow.rb:94:3:94:3 | a | semmle.label | a |
| pathname_flow.rb:94:7:94:30 | call to new | semmle.label | call to new |
| pathname_flow.rb:94:20:94:29 | call to source | semmle.label | call to source |
| pathname_flow.rb:95:3:95:3 | b | semmle.label | b |
| pathname_flow.rb:95:7:95:7 | a | semmle.label | a |
| pathname_flow.rb:95:7:95:23 | call to sub_ext | semmle.label | call to sub_ext |
| pathname_flow.rb:96:8:96:8 | b | semmle.label | b |
| pathname_flow.rb:101:3:101:3 | a : | semmle.label | a : |
| pathname_flow.rb:101:7:101:30 | call to new : | semmle.label | call to new : |
| pathname_flow.rb:101:20:101:29 | call to source : | semmle.label | call to source : |
| pathname_flow.rb:103:3:103:3 | b : | semmle.label | b : |
| pathname_flow.rb:104:8:104:8 | b : | semmle.label | b : |
| pathname_flow.rb:101:3:101:3 | a | semmle.label | a |
| pathname_flow.rb:101:7:101:30 | call to new | semmle.label | call to new |
| pathname_flow.rb:101:20:101:29 | call to source | semmle.label | call to source |
| pathname_flow.rb:103:3:103:3 | b | semmle.label | b |
| pathname_flow.rb:104:8:104:8 | b | semmle.label | b |
| pathname_flow.rb:104:8:104:17 | call to realpath | semmle.label | call to realpath |
| pathname_flow.rb:106:3:106:3 | c : | semmle.label | c : |
| pathname_flow.rb:107:8:107:8 | c : | semmle.label | c : |
| pathname_flow.rb:106:3:106:3 | c | semmle.label | c |
| pathname_flow.rb:107:8:107:8 | c | semmle.label | c |
| pathname_flow.rb:107:8:107:17 | call to realpath | semmle.label | call to realpath |
| pathname_flow.rb:109:3:109:3 | d : | semmle.label | d : |
| pathname_flow.rb:109:7:109:7 | a : | semmle.label | a : |
| pathname_flow.rb:109:7:109:16 | call to basename : | semmle.label | call to basename : |
| pathname_flow.rb:110:8:110:8 | d : | semmle.label | d : |
| pathname_flow.rb:109:3:109:3 | d | semmle.label | d |
| pathname_flow.rb:109:7:109:7 | a | semmle.label | a |
| pathname_flow.rb:109:7:109:16 | call to basename | semmle.label | call to basename |
| pathname_flow.rb:110:8:110:8 | d | semmle.label | d |
| pathname_flow.rb:110:8:110:17 | call to realpath | semmle.label | call to realpath |
| pathname_flow.rb:112:3:112:3 | e : | semmle.label | e : |
| pathname_flow.rb:112:7:112:7 | a : | semmle.label | a : |
| pathname_flow.rb:112:7:112:17 | call to cleanpath : | semmle.label | call to cleanpath : |
| pathname_flow.rb:113:8:113:8 | e : | semmle.label | e : |
| pathname_flow.rb:112:3:112:3 | e | semmle.label | e |
| pathname_flow.rb:112:7:112:7 | a | semmle.label | a |
| pathname_flow.rb:112:7:112:17 | call to cleanpath | semmle.label | call to cleanpath |
| pathname_flow.rb:113:8:113:8 | e | semmle.label | e |
| pathname_flow.rb:113:8:113:17 | call to realpath | semmle.label | call to realpath |
| pathname_flow.rb:115:3:115:3 | f : | semmle.label | f : |
| pathname_flow.rb:115:7:115:7 | a : | semmle.label | a : |
| pathname_flow.rb:115:7:115:19 | call to expand_path : | semmle.label | call to expand_path : |
| pathname_flow.rb:116:8:116:8 | f : | semmle.label | f : |
| pathname_flow.rb:115:3:115:3 | f | semmle.label | f |
| pathname_flow.rb:115:7:115:7 | a | semmle.label | a |
| pathname_flow.rb:115:7:115:19 | call to expand_path | semmle.label | call to expand_path |
| pathname_flow.rb:116:8:116:8 | f | semmle.label | f |
| pathname_flow.rb:116:8:116:17 | call to realpath | semmle.label | call to realpath |
| pathname_flow.rb:118:3:118:3 | g : | semmle.label | g : |
| pathname_flow.rb:118:7:118:7 | a : | semmle.label | a : |
| pathname_flow.rb:118:7:118:19 | call to join : | semmle.label | call to join : |
| pathname_flow.rb:119:8:119:8 | g : | semmle.label | g : |
| pathname_flow.rb:118:3:118:3 | g | semmle.label | g |
| pathname_flow.rb:118:7:118:7 | a | semmle.label | a |
| pathname_flow.rb:118:7:118:19 | call to join | semmle.label | call to join |
| pathname_flow.rb:119:8:119:8 | g | semmle.label | g |
| pathname_flow.rb:119:8:119:17 | call to realpath | semmle.label | call to realpath |
| pathname_flow.rb:121:3:121:3 | h : | semmle.label | h : |
| pathname_flow.rb:121:7:121:7 | a : | semmle.label | a : |
| pathname_flow.rb:121:7:121:16 | call to realpath : | semmle.label | call to realpath : |
| pathname_flow.rb:122:8:122:8 | h : | semmle.label | h : |
| pathname_flow.rb:121:3:121:3 | h | semmle.label | h |
| pathname_flow.rb:121:7:121:7 | a | semmle.label | a |
| pathname_flow.rb:121:7:121:16 | call to realpath | semmle.label | call to realpath |
| pathname_flow.rb:122:8:122:8 | h | semmle.label | h |
| pathname_flow.rb:122:8:122:17 | call to realpath | semmle.label | call to realpath |
| pathname_flow.rb:124:3:124:3 | i : | semmle.label | i : |
| pathname_flow.rb:124:7:124:7 | a : | semmle.label | a : |
| pathname_flow.rb:124:7:124:38 | call to relative_path_from : | semmle.label | call to relative_path_from : |
| pathname_flow.rb:125:8:125:8 | i : | semmle.label | i : |
| pathname_flow.rb:124:3:124:3 | i | semmle.label | i |
| pathname_flow.rb:124:7:124:7 | a | semmle.label | a |
| pathname_flow.rb:124:7:124:38 | call to relative_path_from | semmle.label | call to relative_path_from |
| pathname_flow.rb:125:8:125:8 | i | semmle.label | i |
| pathname_flow.rb:125:8:125:17 | call to realpath | semmle.label | call to realpath |
| pathname_flow.rb:127:3:127:3 | j : | semmle.label | j : |
| pathname_flow.rb:127:7:127:7 | a : | semmle.label | a : |
| pathname_flow.rb:127:7:127:25 | call to sub : | semmle.label | call to sub : |
| pathname_flow.rb:128:8:128:8 | j : | semmle.label | j : |
| pathname_flow.rb:127:3:127:3 | j | semmle.label | j |
| pathname_flow.rb:127:7:127:7 | a | semmle.label | a |
| pathname_flow.rb:127:7:127:25 | call to sub | semmle.label | call to sub |
| pathname_flow.rb:128:8:128:8 | j | semmle.label | j |
| pathname_flow.rb:128:8:128:17 | call to realpath | semmle.label | call to realpath |
| pathname_flow.rb:130:3:130:3 | k : | semmle.label | k : |
| pathname_flow.rb:130:7:130:7 | a : | semmle.label | a : |
| pathname_flow.rb:130:7:130:23 | call to sub_ext : | semmle.label | call to sub_ext : |
| pathname_flow.rb:131:8:131:8 | k : | semmle.label | k : |
| pathname_flow.rb:130:3:130:3 | k | semmle.label | k |
| pathname_flow.rb:130:7:130:7 | a | semmle.label | a |
| pathname_flow.rb:130:7:130:23 | call to sub_ext | semmle.label | call to sub_ext |
| pathname_flow.rb:131:8:131:8 | k | semmle.label | k |
| pathname_flow.rb:131:8:131:17 | call to realpath | semmle.label | call to realpath |
| pathname_flow.rb:133:3:133:3 | l : | semmle.label | l : |
| pathname_flow.rb:133:7:133:7 | a : | semmle.label | a : |
| pathname_flow.rb:133:7:133:15 | call to to_path : | semmle.label | call to to_path : |
| pathname_flow.rb:134:8:134:8 | l : | semmle.label | l : |
| pathname_flow.rb:133:3:133:3 | l | semmle.label | l |
| pathname_flow.rb:133:7:133:7 | a | semmle.label | a |
| pathname_flow.rb:133:7:133:15 | call to to_path | semmle.label | call to to_path |
| pathname_flow.rb:134:8:134:8 | l | semmle.label | l |
| pathname_flow.rb:134:8:134:17 | call to realpath | semmle.label | call to realpath |
subpaths
#select

26
ruby/ql/test/library-tests/dataflow/ssa-flow/ssa-flow.expected
View File

@@ -1,20 +1,20 @@
failures
edges
| ssa_flow.rb:12:9:12:9 | [post] a [element 0] : | ssa_flow.rb:16:10:16:10 | a [element 0] : |
| ssa_flow.rb:12:9:12:9 | [post] a [element 0] : | ssa_flow.rb:16:10:16:10 | a [element 0] : |
| ssa_flow.rb:12:16:12:23 | call to taint : | ssa_flow.rb:12:9:12:9 | [post] a [element 0] : |
| ssa_flow.rb:12:16:12:23 | call to taint : | ssa_flow.rb:12:9:12:9 | [post] a [element 0] : |
| ssa_flow.rb:16:10:16:10 | a [element 0] : | ssa_flow.rb:16:10:16:13 | ...[...] |
| ssa_flow.rb:16:10:16:10 | a [element 0] : | ssa_flow.rb:16:10:16:13 | ...[...] |
| ssa_flow.rb:12:9:12:9 | [post] a [element 0] | ssa_flow.rb:16:10:16:10 | a [element 0] |
| ssa_flow.rb:12:9:12:9 | [post] a [element 0] | ssa_flow.rb:16:10:16:10 | a [element 0] |
| ssa_flow.rb:12:16:12:23 | call to taint | ssa_flow.rb:12:9:12:9 | [post] a [element 0] |
| ssa_flow.rb:12:16:12:23 | call to taint | ssa_flow.rb:12:9:12:9 | [post] a [element 0] |
| ssa_flow.rb:16:10:16:10 | a [element 0] | ssa_flow.rb:16:10:16:13 | ...[...] |
| ssa_flow.rb:16:10:16:10 | a [element 0] | ssa_flow.rb:16:10:16:13 | ...[...] |
nodes
| ssa_flow.rb:12:9:12:9 | [post] a [element 0] : | semmle.label | [post] a [element 0] : |
| ssa_flow.rb:12:9:12:9 | [post] a [element 0] : | semmle.label | [post] a [element 0] : |
| ssa_flow.rb:12:16:12:23 | call to taint : | semmle.label | call to taint : |
| ssa_flow.rb:12:16:12:23 | call to taint : | semmle.label | call to taint : |
| ssa_flow.rb:16:10:16:10 | a [element 0] : | semmle.label | a [element 0] : |
| ssa_flow.rb:16:10:16:10 | a [element 0] : | semmle.label | a [element 0] : |
| ssa_flow.rb:12:9:12:9 | [post] a [element 0] | semmle.label | [post] a [element 0] |
| ssa_flow.rb:12:9:12:9 | [post] a [element 0] | semmle.label | [post] a [element 0] |
| ssa_flow.rb:12:16:12:23 | call to taint | semmle.label | call to taint |
| ssa_flow.rb:12:16:12:23 | call to taint | semmle.label | call to taint |
| ssa_flow.rb:16:10:16:10 | a [element 0] | semmle.label | a [element 0] |
| ssa_flow.rb:16:10:16:10 | a [element 0] | semmle.label | a [element 0] |
| ssa_flow.rb:16:10:16:13 | ...[...] | semmle.label | ...[...] |
| ssa_flow.rb:16:10:16:13 | ...[...] | semmle.label | ...[...] |
subpaths
#select
| ssa_flow.rb:16:10:16:13 | ...[...] | ssa_flow.rb:12:16:12:23 | call to taint : | ssa_flow.rb:16:10:16:13 | ...[...] | $@ | ssa_flow.rb:12:16:12:23 | call to taint : | call to taint : |
| ssa_flow.rb:16:10:16:13 | ...[...] | ssa_flow.rb:12:16:12:23 | call to taint | ssa_flow.rb:16:10:16:13 | ...[...] | $@ | ssa_flow.rb:12:16:12:23 | call to taint | call to taint |

1292
ruby/ql/test/library-tests/dataflow/string-flow/string-flow.expected
View File

File diff suppressed because it is too large Load Diff

966
ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected
View File

File diff suppressed because it is too large Load Diff

440
ruby/ql/test/library-tests/frameworks/action_controller/params-flow.expected
View File

@@ -5,278 +5,278 @@ failures
| filter_flow.rb:71:10:71:17 | call to bar | Unexpected result: hasTaintFlow= |
| filter_flow.rb:87:11:87:14 | @foo | Unexpected result: hasTaintFlow= |
edges
| filter_flow.rb:14:5:14:8 | [post] self [@foo] : | filter_flow.rb:17:3:18:5 | self in b [@foo] : |
| filter_flow.rb:14:12:14:17 | call to params : | filter_flow.rb:14:12:14:23 | ...[...] : |
| filter_flow.rb:14:12:14:23 | ...[...] : | filter_flow.rb:14:5:14:8 | [post] self [@foo] : |
| filter_flow.rb:17:3:18:5 | self in b [@foo] : | filter_flow.rb:20:3:22:5 | self in c [@foo] : |
| filter_flow.rb:20:3:22:5 | self in c [@foo] : | filter_flow.rb:21:10:21:13 | self [@foo] : |
| filter_flow.rb:21:10:21:13 | self [@foo] : | filter_flow.rb:21:10:21:13 | @foo |
| filter_flow.rb:30:5:30:8 | [post] self [@foo] : | filter_flow.rb:33:3:35:5 | self in b [@foo] : |
| filter_flow.rb:30:12:30:17 | call to params : | filter_flow.rb:30:12:30:23 | ...[...] : |
| filter_flow.rb:30:12:30:23 | ...[...] : | filter_flow.rb:30:5:30:8 | [post] self [@foo] : |
| filter_flow.rb:33:3:35:5 | self in b [@foo] : | filter_flow.rb:37:3:39:5 | self in c [@foo] : |
| filter_flow.rb:37:3:39:5 | self in c [@foo] : | filter_flow.rb:38:10:38:13 | self [@foo] : |
| filter_flow.rb:38:10:38:13 | self [@foo] : | filter_flow.rb:38:10:38:13 | @foo |
| filter_flow.rb:47:5:47:8 | [post] self [@foo] : | filter_flow.rb:51:3:52:5 | self in b [@foo] : |
| filter_flow.rb:47:12:47:17 | call to params : | filter_flow.rb:47:12:47:23 | ...[...] : |
| filter_flow.rb:47:12:47:23 | ...[...] : | filter_flow.rb:47:5:47:8 | [post] self [@foo] : |
| filter_flow.rb:51:3:52:5 | self in b [@foo] : | filter_flow.rb:54:3:56:5 | self in c [@foo] : |
| filter_flow.rb:54:3:56:5 | self in c [@foo] : | filter_flow.rb:55:10:55:13 | self [@foo] : |
| filter_flow.rb:55:10:55:13 | self [@foo] : | filter_flow.rb:55:10:55:13 | @foo |
| filter_flow.rb:64:5:64:8 | [post] @foo [@bar] : | filter_flow.rb:64:5:64:8 | [post] self [@foo, @bar] : |
| filter_flow.rb:64:5:64:8 | [post] self [@foo, @bar] : | filter_flow.rb:67:3:68:5 | self in b [@foo, @bar] : |
| filter_flow.rb:64:16:64:21 | call to params : | filter_flow.rb:64:16:64:27 | ...[...] : |
| filter_flow.rb:64:16:64:27 | ...[...] : | filter_flow.rb:64:5:64:8 | [post] @foo [@bar] : |
| filter_flow.rb:67:3:68:5 | self in b [@foo, @bar] : | filter_flow.rb:70:3:72:5 | self in c [@foo, @bar] : |
| filter_flow.rb:70:3:72:5 | self in c [@foo, @bar] : | filter_flow.rb:71:10:71:13 | self [@foo, @bar] : |
| filter_flow.rb:71:10:71:13 | @foo [@bar] : | filter_flow.rb:71:10:71:17 | call to bar |
| filter_flow.rb:71:10:71:13 | self [@foo, @bar] : | filter_flow.rb:71:10:71:13 | @foo [@bar] : |
| filter_flow.rb:80:5:80:8 | [post] self [@foo] : | filter_flow.rb:83:3:84:5 | self in b [@foo] : |
| filter_flow.rb:83:3:84:5 | self in b [@foo] : | filter_flow.rb:86:3:88:5 | self in c [@foo] : |
| filter_flow.rb:86:3:88:5 | self in c [@foo] : | filter_flow.rb:87:11:87:14 | self [@foo] : |
| filter_flow.rb:87:11:87:14 | self [@foo] : | filter_flow.rb:87:11:87:14 | @foo |
| filter_flow.rb:91:5:91:8 | [post] self [@foo] : | filter_flow.rb:80:5:80:8 | [post] self [@foo] : |
| filter_flow.rb:91:12:91:17 | call to params : | filter_flow.rb:91:12:91:23 | ...[...] : |
| filter_flow.rb:91:12:91:23 | ...[...] : | filter_flow.rb:91:5:91:8 | [post] self [@foo] : |
| params_flow.rb:3:10:3:15 | call to params : | params_flow.rb:3:10:3:19 | ...[...] |
| params_flow.rb:7:10:7:15 | call to params : | params_flow.rb:7:10:7:23 | call to as_json |
| params_flow.rb:15:10:15:15 | call to params : | params_flow.rb:15:10:15:33 | call to permit |
| params_flow.rb:19:10:19:15 | call to params : | params_flow.rb:19:10:19:34 | call to require |
| params_flow.rb:23:10:23:15 | call to params : | params_flow.rb:23:10:23:35 | call to required |
| params_flow.rb:27:10:27:15 | call to params : | params_flow.rb:27:10:27:24 | call to deep_dup |
| params_flow.rb:31:10:31:15 | call to params : | params_flow.rb:31:10:31:45 | call to deep_transform_keys |
| params_flow.rb:35:10:35:15 | call to params : | params_flow.rb:35:10:35:46 | call to deep_transform_keys! |
| params_flow.rb:39:10:39:15 | call to params : | params_flow.rb:39:10:39:48 | call to delete_if |
| params_flow.rb:43:10:43:15 | call to params : | params_flow.rb:43:10:43:32 | call to extract! |
| params_flow.rb:47:10:47:15 | call to params : | params_flow.rb:47:10:47:46 | call to keep_if |
| params_flow.rb:51:10:51:15 | call to params : | params_flow.rb:51:10:51:45 | call to select |
| params_flow.rb:55:10:55:15 | call to params : | params_flow.rb:55:10:55:46 | call to select! |
| params_flow.rb:59:10:59:15 | call to params : | params_flow.rb:59:10:59:45 | call to reject |
| params_flow.rb:63:10:63:15 | call to params : | params_flow.rb:63:10:63:46 | call to reject! |
| params_flow.rb:67:10:67:15 | call to params : | params_flow.rb:67:10:67:20 | call to to_h |
| params_flow.rb:71:10:71:15 | call to params : | params_flow.rb:71:10:71:23 | call to to_hash |
| params_flow.rb:75:10:75:15 | call to params : | params_flow.rb:75:10:75:24 | call to to_query |
| params_flow.rb:79:10:79:15 | call to params : | params_flow.rb:79:10:79:24 | call to to_param |
| params_flow.rb:83:10:83:15 | call to params : | params_flow.rb:83:10:83:27 | call to to_unsafe_h |
| params_flow.rb:87:10:87:15 | call to params : | params_flow.rb:87:10:87:30 | call to to_unsafe_hash |
| params_flow.rb:91:10:91:15 | call to params : | params_flow.rb:91:10:91:40 | call to transform_keys |
| params_flow.rb:95:10:95:15 | call to params : | params_flow.rb:95:10:95:41 | call to transform_keys! |
| params_flow.rb:99:10:99:15 | call to params : | params_flow.rb:99:10:99:42 | call to transform_values |
| params_flow.rb:103:10:103:15 | call to params : | params_flow.rb:103:10:103:43 | call to transform_values! |
| params_flow.rb:107:10:107:15 | call to params : | params_flow.rb:107:10:107:33 | call to values_at |
| params_flow.rb:111:10:111:15 | call to params : | params_flow.rb:111:10:111:29 | call to merge |
| params_flow.rb:112:23:112:28 | call to params : | params_flow.rb:112:10:112:29 | call to merge |
| params_flow.rb:116:10:116:15 | call to params : | params_flow.rb:116:10:116:37 | call to reverse_merge |
| params_flow.rb:117:31:117:36 | call to params : | params_flow.rb:117:10:117:37 | call to reverse_merge |
| params_flow.rb:121:10:121:15 | call to params : | params_flow.rb:121:10:121:43 | call to with_defaults |
| params_flow.rb:122:31:122:36 | call to params : | params_flow.rb:122:10:122:37 | call to with_defaults |
| params_flow.rb:126:10:126:15 | call to params : | params_flow.rb:126:10:126:30 | call to merge! |
| params_flow.rb:127:24:127:29 | call to params : | params_flow.rb:127:10:127:30 | call to merge! |
| params_flow.rb:130:5:130:5 | [post] p : | params_flow.rb:131:10:131:10 | p |
| params_flow.rb:130:14:130:19 | call to params : | params_flow.rb:130:5:130:5 | [post] p : |
| params_flow.rb:135:10:135:15 | call to params : | params_flow.rb:135:10:135:38 | call to reverse_merge! |
| params_flow.rb:136:32:136:37 | call to params : | params_flow.rb:136:10:136:38 | call to reverse_merge! |
| params_flow.rb:139:5:139:5 | [post] p : | params_flow.rb:140:10:140:10 | p |
| params_flow.rb:139:22:139:27 | call to params : | params_flow.rb:139:5:139:5 | [post] p : |
| params_flow.rb:144:10:144:15 | call to params : | params_flow.rb:144:10:144:44 | call to with_defaults! |
| params_flow.rb:145:32:145:37 | call to params : | params_flow.rb:145:10:145:38 | call to with_defaults! |
| params_flow.rb:148:5:148:5 | [post] p : | params_flow.rb:149:10:149:10 | p |
| params_flow.rb:148:22:148:27 | call to params : | params_flow.rb:148:5:148:5 | [post] p : |
| params_flow.rb:153:10:153:15 | call to params : | params_flow.rb:153:10:153:44 | call to reverse_update |
| params_flow.rb:154:32:154:37 | call to params : | params_flow.rb:154:10:154:38 | call to reverse_update |
| params_flow.rb:157:5:157:5 | [post] p : | params_flow.rb:158:10:158:10 | p |
| params_flow.rb:157:22:157:27 | call to params : | params_flow.rb:157:5:157:5 | [post] p : |
| params_flow.rb:166:10:166:15 | call to params : | params_flow.rb:166:10:166:19 | ...[...] |
| params_flow.rb:172:10:172:15 | call to params : | params_flow.rb:172:10:172:19 | ...[...] |
| params_flow.rb:176:10:176:15 | call to params : | params_flow.rb:176:10:176:19 | ...[...] |
| filter_flow.rb:14:5:14:8 | [post] self [@foo] | filter_flow.rb:17:3:18:5 | self in b [@foo] |
| filter_flow.rb:14:12:14:17 | call to params | filter_flow.rb:14:12:14:23 | ...[...] |
| filter_flow.rb:14:12:14:23 | ...[...] | filter_flow.rb:14:5:14:8 | [post] self [@foo] |
| filter_flow.rb:17:3:18:5 | self in b [@foo] | filter_flow.rb:20:3:22:5 | self in c [@foo] |
| filter_flow.rb:20:3:22:5 | self in c [@foo] | filter_flow.rb:21:10:21:13 | self [@foo] |
| filter_flow.rb:21:10:21:13 | self [@foo] | filter_flow.rb:21:10:21:13 | @foo |
| filter_flow.rb:30:5:30:8 | [post] self [@foo] | filter_flow.rb:33:3:35:5 | self in b [@foo] |
| filter_flow.rb:30:12:30:17 | call to params | filter_flow.rb:30:12:30:23 | ...[...] |
| filter_flow.rb:30:12:30:23 | ...[...] | filter_flow.rb:30:5:30:8 | [post] self [@foo] |
| filter_flow.rb:33:3:35:5 | self in b [@foo] | filter_flow.rb:37:3:39:5 | self in c [@foo] |
| filter_flow.rb:37:3:39:5 | self in c [@foo] | filter_flow.rb:38:10:38:13 | self [@foo] |
| filter_flow.rb:38:10:38:13 | self [@foo] | filter_flow.rb:38:10:38:13 | @foo |
| filter_flow.rb:47:5:47:8 | [post] self [@foo] | filter_flow.rb:51:3:52:5 | self in b [@foo] |
| filter_flow.rb:47:12:47:17 | call to params | filter_flow.rb:47:12:47:23 | ...[...] |
| filter_flow.rb:47:12:47:23 | ...[...] | filter_flow.rb:47:5:47:8 | [post] self [@foo] |
| filter_flow.rb:51:3:52:5 | self in b [@foo] | filter_flow.rb:54:3:56:5 | self in c [@foo] |
| filter_flow.rb:54:3:56:5 | self in c [@foo] | filter_flow.rb:55:10:55:13 | self [@foo] |
| filter_flow.rb:55:10:55:13 | self [@foo] | filter_flow.rb:55:10:55:13 | @foo |
| filter_flow.rb:64:5:64:8 | [post] @foo [@bar] | filter_flow.rb:64:5:64:8 | [post] self [@foo, @bar] |
| filter_flow.rb:64:5:64:8 | [post] self [@foo, @bar] | filter_flow.rb:67:3:68:5 | self in b [@foo, @bar] |
| filter_flow.rb:64:16:64:21 | call to params | filter_flow.rb:64:16:64:27 | ...[...] |
| filter_flow.rb:64:16:64:27 | ...[...] | filter_flow.rb:64:5:64:8 | [post] @foo [@bar] |
| filter_flow.rb:67:3:68:5 | self in b [@foo, @bar] | filter_flow.rb:70:3:72:5 | self in c [@foo, @bar] |
| filter_flow.rb:70:3:72:5 | self in c [@foo, @bar] | filter_flow.rb:71:10:71:13 | self [@foo, @bar] |
| filter_flow.rb:71:10:71:13 | @foo [@bar] | filter_flow.rb:71:10:71:17 | call to bar |
| filter_flow.rb:71:10:71:13 | self [@foo, @bar] | filter_flow.rb:71:10:71:13 | @foo [@bar] |
| filter_flow.rb:80:5:80:8 | [post] self [@foo] | filter_flow.rb:83:3:84:5 | self in b [@foo] |
| filter_flow.rb:83:3:84:5 | self in b [@foo] | filter_flow.rb:86:3:88:5 | self in c [@foo] |
| filter_flow.rb:86:3:88:5 | self in c [@foo] | filter_flow.rb:87:11:87:14 | self [@foo] |
| filter_flow.rb:87:11:87:14 | self [@foo] | filter_flow.rb:87:11:87:14 | @foo |
| filter_flow.rb:91:5:91:8 | [post] self [@foo] | filter_flow.rb:80:5:80:8 | [post] self [@foo] |
| filter_flow.rb:91:12:91:17 | call to params | filter_flow.rb:91:12:91:23 | ...[...] |
| filter_flow.rb:91:12:91:23 | ...[...] | filter_flow.rb:91:5:91:8 | [post] self [@foo] |
| params_flow.rb:3:10:3:15 | call to params | params_flow.rb:3:10:3:19 | ...[...] |
| params_flow.rb:7:10:7:15 | call to params | params_flow.rb:7:10:7:23 | call to as_json |
| params_flow.rb:15:10:15:15 | call to params | params_flow.rb:15:10:15:33 | call to permit |
| params_flow.rb:19:10:19:15 | call to params | params_flow.rb:19:10:19:34 | call to require |
| params_flow.rb:23:10:23:15 | call to params | params_flow.rb:23:10:23:35 | call to required |
| params_flow.rb:27:10:27:15 | call to params | params_flow.rb:27:10:27:24 | call to deep_dup |
| params_flow.rb:31:10:31:15 | call to params | params_flow.rb:31:10:31:45 | call to deep_transform_keys |
| params_flow.rb:35:10:35:15 | call to params | params_flow.rb:35:10:35:46 | call to deep_transform_keys! |
| params_flow.rb:39:10:39:15 | call to params | params_flow.rb:39:10:39:48 | call to delete_if |
| params_flow.rb:43:10:43:15 | call to params | params_flow.rb:43:10:43:32 | call to extract! |
| params_flow.rb:47:10:47:15 | call to params | params_flow.rb:47:10:47:46 | call to keep_if |
| params_flow.rb:51:10:51:15 | call to params | params_flow.rb:51:10:51:45 | call to select |
| params_flow.rb:55:10:55:15 | call to params | params_flow.rb:55:10:55:46 | call to select! |
| params_flow.rb:59:10:59:15 | call to params | params_flow.rb:59:10:59:45 | call to reject |
| params_flow.rb:63:10:63:15 | call to params | params_flow.rb:63:10:63:46 | call to reject! |
| params_flow.rb:67:10:67:15 | call to params | params_flow.rb:67:10:67:20 | call to to_h |
| params_flow.rb:71:10:71:15 | call to params | params_flow.rb:71:10:71:23 | call to to_hash |
| params_flow.rb:75:10:75:15 | call to params | params_flow.rb:75:10:75:24 | call to to_query |
| params_flow.rb:79:10:79:15 | call to params | params_flow.rb:79:10:79:24 | call to to_param |
| params_flow.rb:83:10:83:15 | call to params | params_flow.rb:83:10:83:27 | call to to_unsafe_h |
| params_flow.rb:87:10:87:15 | call to params | params_flow.rb:87:10:87:30 | call to to_unsafe_hash |
| params_flow.rb:91:10:91:15 | call to params | params_flow.rb:91:10:91:40 | call to transform_keys |
| params_flow.rb:95:10:95:15 | call to params | params_flow.rb:95:10:95:41 | call to transform_keys! |
| params_flow.rb:99:10:99:15 | call to params | params_flow.rb:99:10:99:42 | call to transform_values |
| params_flow.rb:103:10:103:15 | call to params | params_flow.rb:103:10:103:43 | call to transform_values! |
| params_flow.rb:107:10:107:15 | call to params | params_flow.rb:107:10:107:33 | call to values_at |
| params_flow.rb:111:10:111:15 | call to params | params_flow.rb:111:10:111:29 | call to merge |
| params_flow.rb:112:23:112:28 | call to params | params_flow.rb:112:10:112:29 | call to merge |
| params_flow.rb:116:10:116:15 | call to params | params_flow.rb:116:10:116:37 | call to reverse_merge |
| params_flow.rb:117:31:117:36 | call to params | params_flow.rb:117:10:117:37 | call to reverse_merge |
| params_flow.rb:121:10:121:15 | call to params | params_flow.rb:121:10:121:43 | call to with_defaults |
| params_flow.rb:122:31:122:36 | call to params | params_flow.rb:122:10:122:37 | call to with_defaults |
| params_flow.rb:126:10:126:15 | call to params | params_flow.rb:126:10:126:30 | call to merge! |
| params_flow.rb:127:24:127:29 | call to params | params_flow.rb:127:10:127:30 | call to merge! |
| params_flow.rb:130:5:130:5 | [post] p | params_flow.rb:131:10:131:10 | p |
| params_flow.rb:130:14:130:19 | call to params | params_flow.rb:130:5:130:5 | [post] p |
| params_flow.rb:135:10:135:15 | call to params | params_flow.rb:135:10:135:38 | call to reverse_merge! |
| params_flow.rb:136:32:136:37 | call to params | params_flow.rb:136:10:136:38 | call to reverse_merge! |
| params_flow.rb:139:5:139:5 | [post] p | params_flow.rb:140:10:140:10 | p |
| params_flow.rb:139:22:139:27 | call to params | params_flow.rb:139:5:139:5 | [post] p |
| params_flow.rb:144:10:144:15 | call to params | params_flow.rb:144:10:144:44 | call to with_defaults! |
| params_flow.rb:145:32:145:37 | call to params | params_flow.rb:145:10:145:38 | call to with_defaults! |
| params_flow.rb:148:5:148:5 | [post] p | params_flow.rb:149:10:149:10 | p |
| params_flow.rb:148:22:148:27 | call to params | params_flow.rb:148:5:148:5 | [post] p |
| params_flow.rb:153:10:153:15 | call to params | params_flow.rb:153:10:153:44 | call to reverse_update |
| params_flow.rb:154:32:154:37 | call to params | params_flow.rb:154:10:154:38 | call to reverse_update |
| params_flow.rb:157:5:157:5 | [post] p | params_flow.rb:158:10:158:10 | p |
| params_flow.rb:157:22:157:27 | call to params | params_flow.rb:157:5:157:5 | [post] p |
| params_flow.rb:166:10:166:15 | call to params | params_flow.rb:166:10:166:19 | ...[...] |
| params_flow.rb:172:10:172:15 | call to params | params_flow.rb:172:10:172:19 | ...[...] |
| params_flow.rb:176:10:176:15 | call to params | params_flow.rb:176:10:176:19 | ...[...] |
nodes
| filter_flow.rb:14:5:14:8 | [post] self [@foo] : | semmle.label | [post] self [@foo] : |
| filter_flow.rb:14:12:14:17 | call to params : | semmle.label | call to params : |
| filter_flow.rb:14:12:14:23 | ...[...] : | semmle.label | ...[...] : |
| filter_flow.rb:17:3:18:5 | self in b [@foo] : | semmle.label | self in b [@foo] : |
| filter_flow.rb:20:3:22:5 | self in c [@foo] : | semmle.label | self in c [@foo] : |
| filter_flow.rb:14:5:14:8 | [post] self [@foo] | semmle.label | [post] self [@foo] |
| filter_flow.rb:14:12:14:17 | call to params | semmle.label | call to params |
| filter_flow.rb:14:12:14:23 | ...[...] | semmle.label | ...[...] |
| filter_flow.rb:17:3:18:5 | self in b [@foo] | semmle.label | self in b [@foo] |
| filter_flow.rb:20:3:22:5 | self in c [@foo] | semmle.label | self in c [@foo] |
| filter_flow.rb:21:10:21:13 | @foo | semmle.label | @foo |
| filter_flow.rb:21:10:21:13 | self [@foo] : | semmle.label | self [@foo] : |
| filter_flow.rb:30:5:30:8 | [post] self [@foo] : | semmle.label | [post] self [@foo] : |
| filter_flow.rb:30:12:30:17 | call to params : | semmle.label | call to params : |
| filter_flow.rb:30:12:30:23 | ...[...] : | semmle.label | ...[...] : |
| filter_flow.rb:33:3:35:5 | self in b [@foo] : | semmle.label | self in b [@foo] : |
| filter_flow.rb:37:3:39:5 | self in c [@foo] : | semmle.label | self in c [@foo] : |
| filter_flow.rb:21:10:21:13 | self [@foo] | semmle.label | self [@foo] |
| filter_flow.rb:30:5:30:8 | [post] self [@foo] | semmle.label | [post] self [@foo] |
| filter_flow.rb:30:12:30:17 | call to params | semmle.label | call to params |
| filter_flow.rb:30:12:30:23 | ...[...] | semmle.label | ...[...] |
| filter_flow.rb:33:3:35:5 | self in b [@foo] | semmle.label | self in b [@foo] |
| filter_flow.rb:37:3:39:5 | self in c [@foo] | semmle.label | self in c [@foo] |
| filter_flow.rb:38:10:38:13 | @foo | semmle.label | @foo |
| filter_flow.rb:38:10:38:13 | self [@foo] : | semmle.label | self [@foo] : |
| filter_flow.rb:47:5:47:8 | [post] self [@foo] : | semmle.label | [post] self [@foo] : |
| filter_flow.rb:47:12:47:17 | call to params : | semmle.label | call to params : |
| filter_flow.rb:47:12:47:23 | ...[...] : | semmle.label | ...[...] : |
| filter_flow.rb:51:3:52:5 | self in b [@foo] : | semmle.label | self in b [@foo] : |
| filter_flow.rb:54:3:56:5 | self in c [@foo] : | semmle.label | self in c [@foo] : |
| filter_flow.rb:38:10:38:13 | self [@foo] | semmle.label | self [@foo] |
| filter_flow.rb:47:5:47:8 | [post] self [@foo] | semmle.label | [post] self [@foo] |
| filter_flow.rb:47:12:47:17 | call to params | semmle.label | call to params |
| filter_flow.rb:47:12:47:23 | ...[...] | semmle.label | ...[...] |
| filter_flow.rb:51:3:52:5 | self in b [@foo] | semmle.label | self in b [@foo] |
| filter_flow.rb:54:3:56:5 | self in c [@foo] | semmle.label | self in c [@foo] |
| filter_flow.rb:55:10:55:13 | @foo | semmle.label | @foo |
| filter_flow.rb:55:10:55:13 | self [@foo] : | semmle.label | self [@foo] : |
| filter_flow.rb:64:5:64:8 | [post] @foo [@bar] : | semmle.label | [post] @foo [@bar] : |
| filter_flow.rb:64:5:64:8 | [post] self [@foo, @bar] : | semmle.label | [post] self [@foo, @bar] : |
| filter_flow.rb:64:16:64:21 | call to params : | semmle.label | call to params : |
| filter_flow.rb:64:16:64:27 | ...[...] : | semmle.label | ...[...] : |
| filter_flow.rb:67:3:68:5 | self in b [@foo, @bar] : | semmle.label | self in b [@foo, @bar] : |
| filter_flow.rb:70:3:72:5 | self in c [@foo, @bar] : | semmle.label | self in c [@foo, @bar] : |
| filter_flow.rb:71:10:71:13 | @foo [@bar] : | semmle.label | @foo [@bar] : |
| filter_flow.rb:71:10:71:13 | self [@foo, @bar] : | semmle.label | self [@foo, @bar] : |
| filter_flow.rb:55:10:55:13 | self [@foo] | semmle.label | self [@foo] |
| filter_flow.rb:64:5:64:8 | [post] @foo [@bar] | semmle.label | [post] @foo [@bar] |
| filter_flow.rb:64:5:64:8 | [post] self [@foo, @bar] | semmle.label | [post] self [@foo, @bar] |
| filter_flow.rb:64:16:64:21 | call to params | semmle.label | call to params |
| filter_flow.rb:64:16:64:27 | ...[...] | semmle.label | ...[...] |
| filter_flow.rb:67:3:68:5 | self in b [@foo, @bar] | semmle.label | self in b [@foo, @bar] |
| filter_flow.rb:70:3:72:5 | self in c [@foo, @bar] | semmle.label | self in c [@foo, @bar] |
| filter_flow.rb:71:10:71:13 | @foo [@bar] | semmle.label | @foo [@bar] |
| filter_flow.rb:71:10:71:13 | self [@foo, @bar] | semmle.label | self [@foo, @bar] |
| filter_flow.rb:71:10:71:17 | call to bar | semmle.label | call to bar |
| filter_flow.rb:80:5:80:8 | [post] self [@foo] : | semmle.label | [post] self [@foo] : |
| filter_flow.rb:83:3:84:5 | self in b [@foo] : | semmle.label | self in b [@foo] : |
| filter_flow.rb:86:3:88:5 | self in c [@foo] : | semmle.label | self in c [@foo] : |
| filter_flow.rb:80:5:80:8 | [post] self [@foo] | semmle.label | [post] self [@foo] |
| filter_flow.rb:83:3:84:5 | self in b [@foo] | semmle.label | self in b [@foo] |
| filter_flow.rb:86:3:88:5 | self in c [@foo] | semmle.label | self in c [@foo] |
| filter_flow.rb:87:11:87:14 | @foo | semmle.label | @foo |
| filter_flow.rb:87:11:87:14 | self [@foo] : | semmle.label | self [@foo] : |
| filter_flow.rb:91:5:91:8 | [post] self [@foo] : | semmle.label | [post] self [@foo] : |
| filter_flow.rb:91:12:91:17 | call to params : | semmle.label | call to params : |
| filter_flow.rb:91:12:91:23 | ...[...] : | semmle.label | ...[...] : |
| params_flow.rb:3:10:3:15 | call to params : | semmle.label | call to params : |
| filter_flow.rb:87:11:87:14 | self [@foo] | semmle.label | self [@foo] |
| filter_flow.rb:91:5:91:8 | [post] self [@foo] | semmle.label | [post] self [@foo] |
| filter_flow.rb:91:12:91:17 | call to params | semmle.label | call to params |
| filter_flow.rb:91:12:91:23 | ...[...] | semmle.label | ...[...] |
| params_flow.rb:3:10:3:15 | call to params | semmle.label | call to params |
| params_flow.rb:3:10:3:19 | ...[...] | semmle.label | ...[...] |
| params_flow.rb:7:10:7:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:7:10:7:15 | call to params | semmle.label | call to params |
| params_flow.rb:7:10:7:23 | call to as_json | semmle.label | call to as_json |
| params_flow.rb:15:10:15:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:15:10:15:15 | call to params | semmle.label | call to params |
| params_flow.rb:15:10:15:33 | call to permit | semmle.label | call to permit |
| params_flow.rb:19:10:19:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:19:10:19:15 | call to params | semmle.label | call to params |
| params_flow.rb:19:10:19:34 | call to require | semmle.label | call to require |
| params_flow.rb:23:10:23:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:23:10:23:15 | call to params | semmle.label | call to params |
| params_flow.rb:23:10:23:35 | call to required | semmle.label | call to required |
| params_flow.rb:27:10:27:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:27:10:27:15 | call to params | semmle.label | call to params |
| params_flow.rb:27:10:27:24 | call to deep_dup | semmle.label | call to deep_dup |
| params_flow.rb:31:10:31:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:31:10:31:15 | call to params | semmle.label | call to params |
| params_flow.rb:31:10:31:45 | call to deep_transform_keys | semmle.label | call to deep_transform_keys |
| params_flow.rb:35:10:35:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:35:10:35:15 | call to params | semmle.label | call to params |
| params_flow.rb:35:10:35:46 | call to deep_transform_keys! | semmle.label | call to deep_transform_keys! |
| params_flow.rb:39:10:39:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:39:10:39:15 | call to params | semmle.label | call to params |
| params_flow.rb:39:10:39:48 | call to delete_if | semmle.label | call to delete_if |
| params_flow.rb:43:10:43:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:43:10:43:15 | call to params | semmle.label | call to params |
| params_flow.rb:43:10:43:32 | call to extract! | semmle.label | call to extract! |
| params_flow.rb:47:10:47:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:47:10:47:15 | call to params | semmle.label | call to params |
| params_flow.rb:47:10:47:46 | call to keep_if | semmle.label | call to keep_if |
| params_flow.rb:51:10:51:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:51:10:51:15 | call to params | semmle.label | call to params |
| params_flow.rb:51:10:51:45 | call to select | semmle.label | call to select |
| params_flow.rb:55:10:55:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:55:10:55:15 | call to params | semmle.label | call to params |
| params_flow.rb:55:10:55:46 | call to select! | semmle.label | call to select! |
| params_flow.rb:59:10:59:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:59:10:59:15 | call to params | semmle.label | call to params |
| params_flow.rb:59:10:59:45 | call to reject | semmle.label | call to reject |
| params_flow.rb:63:10:63:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:63:10:63:15 | call to params | semmle.label | call to params |
| params_flow.rb:63:10:63:46 | call to reject! | semmle.label | call to reject! |
| params_flow.rb:67:10:67:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:67:10:67:15 | call to params | semmle.label | call to params |
| params_flow.rb:67:10:67:20 | call to to_h | semmle.label | call to to_h |
| params_flow.rb:71:10:71:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:71:10:71:15 | call to params | semmle.label | call to params |
| params_flow.rb:71:10:71:23 | call to to_hash | semmle.label | call to to_hash |
| params_flow.rb:75:10:75:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:75:10:75:15 | call to params | semmle.label | call to params |
| params_flow.rb:75:10:75:24 | call to to_query | semmle.label | call to to_query |
| params_flow.rb:79:10:79:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:79:10:79:15 | call to params | semmle.label | call to params |
| params_flow.rb:79:10:79:24 | call to to_param | semmle.label | call to to_param |
| params_flow.rb:83:10:83:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:83:10:83:15 | call to params | semmle.label | call to params |
| params_flow.rb:83:10:83:27 | call to to_unsafe_h | semmle.label | call to to_unsafe_h |
| params_flow.rb:87:10:87:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:87:10:87:15 | call to params | semmle.label | call to params |
| params_flow.rb:87:10:87:30 | call to to_unsafe_hash | semmle.label | call to to_unsafe_hash |
| params_flow.rb:91:10:91:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:91:10:91:15 | call to params | semmle.label | call to params |
| params_flow.rb:91:10:91:40 | call to transform_keys | semmle.label | call to transform_keys |
| params_flow.rb:95:10:95:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:95:10:95:15 | call to params | semmle.label | call to params |
| params_flow.rb:95:10:95:41 | call to transform_keys! | semmle.label | call to transform_keys! |
| params_flow.rb:99:10:99:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:99:10:99:15 | call to params | semmle.label | call to params |
| params_flow.rb:99:10:99:42 | call to transform_values | semmle.label | call to transform_values |
| params_flow.rb:103:10:103:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:103:10:103:15 | call to params | semmle.label | call to params |
| params_flow.rb:103:10:103:43 | call to transform_values! | semmle.label | call to transform_values! |
| params_flow.rb:107:10:107:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:107:10:107:15 | call to params | semmle.label | call to params |
| params_flow.rb:107:10:107:33 | call to values_at | semmle.label | call to values_at |
| params_flow.rb:111:10:111:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:111:10:111:15 | call to params | semmle.label | call to params |
| params_flow.rb:111:10:111:29 | call to merge | semmle.label | call to merge |
| params_flow.rb:112:10:112:29 | call to merge | semmle.label | call to merge |
| params_flow.rb:112:23:112:28 | call to params : | semmle.label | call to params : |
| params_flow.rb:116:10:116:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:112:23:112:28 | call to params | semmle.label | call to params |
| params_flow.rb:116:10:116:15 | call to params | semmle.label | call to params |
| params_flow.rb:116:10:116:37 | call to reverse_merge | semmle.label | call to reverse_merge |
| params_flow.rb:117:10:117:37 | call to reverse_merge | semmle.label | call to reverse_merge |
| params_flow.rb:117:31:117:36 | call to params : | semmle.label | call to params : |
| params_flow.rb:121:10:121:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:117:31:117:36 | call to params | semmle.label | call to params |
| params_flow.rb:121:10:121:15 | call to params | semmle.label | call to params |
| params_flow.rb:121:10:121:43 | call to with_defaults | semmle.label | call to with_defaults |
| params_flow.rb:122:10:122:37 | call to with_defaults | semmle.label | call to with_defaults |
| params_flow.rb:122:31:122:36 | call to params : | semmle.label | call to params : |
| params_flow.rb:126:10:126:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:122:31:122:36 | call to params | semmle.label | call to params |
| params_flow.rb:126:10:126:15 | call to params | semmle.label | call to params |
| params_flow.rb:126:10:126:30 | call to merge! | semmle.label | call to merge! |
| params_flow.rb:127:10:127:30 | call to merge! | semmle.label | call to merge! |
| params_flow.rb:127:24:127:29 | call to params : | semmle.label | call to params : |
| params_flow.rb:130:5:130:5 | [post] p : | semmle.label | [post] p : |
| params_flow.rb:130:14:130:19 | call to params : | semmle.label | call to params : |
| params_flow.rb:127:24:127:29 | call to params | semmle.label | call to params |
| params_flow.rb:130:5:130:5 | [post] p | semmle.label | [post] p |
| params_flow.rb:130:14:130:19 | call to params | semmle.label | call to params |
| params_flow.rb:131:10:131:10 | p | semmle.label | p |
| params_flow.rb:135:10:135:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:135:10:135:15 | call to params | semmle.label | call to params |
| params_flow.rb:135:10:135:38 | call to reverse_merge! | semmle.label | call to reverse_merge! |
| params_flow.rb:136:10:136:38 | call to reverse_merge! | semmle.label | call to reverse_merge! |
| params_flow.rb:136:32:136:37 | call to params : | semmle.label | call to params : |
| params_flow.rb:139:5:139:5 | [post] p : | semmle.label | [post] p : |
| params_flow.rb:139:22:139:27 | call to params : | semmle.label | call to params : |
| params_flow.rb:136:32:136:37 | call to params | semmle.label | call to params |
| params_flow.rb:139:5:139:5 | [post] p | semmle.label | [post] p |
| params_flow.rb:139:22:139:27 | call to params | semmle.label | call to params |
| params_flow.rb:140:10:140:10 | p | semmle.label | p |
| params_flow.rb:144:10:144:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:144:10:144:15 | call to params | semmle.label | call to params |
| params_flow.rb:144:10:144:44 | call to with_defaults! | semmle.label | call to with_defaults! |
| params_flow.rb:145:10:145:38 | call to with_defaults! | semmle.label | call to with_defaults! |
| params_flow.rb:145:32:145:37 | call to params : | semmle.label | call to params : |
| params_flow.rb:148:5:148:5 | [post] p : | semmle.label | [post] p : |
| params_flow.rb:148:22:148:27 | call to params : | semmle.label | call to params : |
| params_flow.rb:145:32:145:37 | call to params | semmle.label | call to params |
| params_flow.rb:148:5:148:5 | [post] p | semmle.label | [post] p |
| params_flow.rb:148:22:148:27 | call to params | semmle.label | call to params |
| params_flow.rb:149:10:149:10 | p | semmle.label | p |
| params_flow.rb:153:10:153:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:153:10:153:15 | call to params | semmle.label | call to params |
| params_flow.rb:153:10:153:44 | call to reverse_update | semmle.label | call to reverse_update |
| params_flow.rb:154:10:154:38 | call to reverse_update | semmle.label | call to reverse_update |
| params_flow.rb:154:32:154:37 | call to params : | semmle.label | call to params : |
| params_flow.rb:157:5:157:5 | [post] p : | semmle.label | [post] p : |
| params_flow.rb:157:22:157:27 | call to params : | semmle.label | call to params : |
| params_flow.rb:154:32:154:37 | call to params | semmle.label | call to params |
| params_flow.rb:157:5:157:5 | [post] p | semmle.label | [post] p |
| params_flow.rb:157:22:157:27 | call to params | semmle.label | call to params |
| params_flow.rb:158:10:158:10 | p | semmle.label | p |
| params_flow.rb:166:10:166:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:166:10:166:15 | call to params | semmle.label | call to params |
| params_flow.rb:166:10:166:19 | ...[...] | semmle.label | ...[...] |
| params_flow.rb:172:10:172:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:172:10:172:15 | call to params | semmle.label | call to params |
| params_flow.rb:172:10:172:19 | ...[...] | semmle.label | ...[...] |
| params_flow.rb:176:10:176:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:176:10:176:15 | call to params | semmle.label | call to params |
| params_flow.rb:176:10:176:19 | ...[...] | semmle.label | ...[...] |
subpaths
#select
| filter_flow.rb:21:10:21:13 | @foo | filter_flow.rb:14:12:14:17 | call to params : | filter_flow.rb:21:10:21:13 | @foo | $@ | filter_flow.rb:14:12:14:17 | call to params : | call to params : |
| filter_flow.rb:38:10:38:13 | @foo | filter_flow.rb:30:12:30:17 | call to params : | filter_flow.rb:38:10:38:13 | @foo | $@ | filter_flow.rb:30:12:30:17 | call to params : | call to params : |
| filter_flow.rb:55:10:55:13 | @foo | filter_flow.rb:47:12:47:17 | call to params : | filter_flow.rb:55:10:55:13 | @foo | $@ | filter_flow.rb:47:12:47:17 | call to params : | call to params : |
| filter_flow.rb:71:10:71:17 | call to bar | filter_flow.rb:64:16:64:21 | call to params : | filter_flow.rb:71:10:71:17 | call to bar | $@ | filter_flow.rb:64:16:64:21 | call to params : | call to params : |
| filter_flow.rb:87:11:87:14 | @foo | filter_flow.rb:91:12:91:17 | call to params : | filter_flow.rb:87:11:87:14 | @foo | $@ | filter_flow.rb:91:12:91:17 | call to params : | call to params : |
| params_flow.rb:3:10:3:19 | ...[...] | params_flow.rb:3:10:3:15 | call to params : | params_flow.rb:3:10:3:19 | ...[...] | $@ | params_flow.rb:3:10:3:15 | call to params : | call to params : |
| params_flow.rb:7:10:7:23 | call to as_json | params_flow.rb:7:10:7:15 | call to params : | params_flow.rb:7:10:7:23 | call to as_json | $@ | params_flow.rb:7:10:7:15 | call to params : | call to params : |
| params_flow.rb:15:10:15:33 | call to permit | params_flow.rb:15:10:15:15 | call to params : | params_flow.rb:15:10:15:33 | call to permit | $@ | params_flow.rb:15:10:15:15 | call to params : | call to params : |
| params_flow.rb:19:10:19:34 | call to require | params_flow.rb:19:10:19:15 | call to params : | params_flow.rb:19:10:19:34 | call to require | $@ | params_flow.rb:19:10:19:15 | call to params : | call to params : |
| params_flow.rb:23:10:23:35 | call to required | params_flow.rb:23:10:23:15 | call to params : | params_flow.rb:23:10:23:35 | call to required | $@ | params_flow.rb:23:10:23:15 | call to params : | call to params : |
| params_flow.rb:27:10:27:24 | call to deep_dup | params_flow.rb:27:10:27:15 | call to params : | params_flow.rb:27:10:27:24 | call to deep_dup | $@ | params_flow.rb:27:10:27:15 | call to params : | call to params : |
| params_flow.rb:31:10:31:45 | call to deep_transform_keys | params_flow.rb:31:10:31:15 | call to params : | params_flow.rb:31:10:31:45 | call to deep_transform_keys | $@ | params_flow.rb:31:10:31:15 | call to params : | call to params : |
| params_flow.rb:35:10:35:46 | call to deep_transform_keys! | params_flow.rb:35:10:35:15 | call to params : | params_flow.rb:35:10:35:46 | call to deep_transform_keys! | $@ | params_flow.rb:35:10:35:15 | call to params : | call to params : |
| params_flow.rb:39:10:39:48 | call to delete_if | params_flow.rb:39:10:39:15 | call to params : | params_flow.rb:39:10:39:48 | call to delete_if | $@ | params_flow.rb:39:10:39:15 | call to params : | call to params : |
| params_flow.rb:43:10:43:32 | call to extract! | params_flow.rb:43:10:43:15 | call to params : | params_flow.rb:43:10:43:32 | call to extract! | $@ | params_flow.rb:43:10:43:15 | call to params : | call to params : |
| params_flow.rb:47:10:47:46 | call to keep_if | params_flow.rb:47:10:47:15 | call to params : | params_flow.rb:47:10:47:46 | call to keep_if | $@ | params_flow.rb:47:10:47:15 | call to params : | call to params : |
| params_flow.rb:51:10:51:45 | call to select | params_flow.rb:51:10:51:15 | call to params : | params_flow.rb:51:10:51:45 | call to select | $@ | params_flow.rb:51:10:51:15 | call to params : | call to params : |
| params_flow.rb:55:10:55:46 | call to select! | params_flow.rb:55:10:55:15 | call to params : | params_flow.rb:55:10:55:46 | call to select! | $@ | params_flow.rb:55:10:55:15 | call to params : | call to params : |
| params_flow.rb:59:10:59:45 | call to reject | params_flow.rb:59:10:59:15 | call to params : | params_flow.rb:59:10:59:45 | call to reject | $@ | params_flow.rb:59:10:59:15 | call to params : | call to params : |
| params_flow.rb:63:10:63:46 | call to reject! | params_flow.rb:63:10:63:15 | call to params : | params_flow.rb:63:10:63:46 | call to reject! | $@ | params_flow.rb:63:10:63:15 | call to params : | call to params : |
| params_flow.rb:67:10:67:20 | call to to_h | params_flow.rb:67:10:67:15 | call to params : | params_flow.rb:67:10:67:20 | call to to_h | $@ | params_flow.rb:67:10:67:15 | call to params : | call to params : |
| params_flow.rb:71:10:71:23 | call to to_hash | params_flow.rb:71:10:71:15 | call to params : | params_flow.rb:71:10:71:23 | call to to_hash | $@ | params_flow.rb:71:10:71:15 | call to params : | call to params : |
| params_flow.rb:75:10:75:24 | call to to_query | params_flow.rb:75:10:75:15 | call to params : | params_flow.rb:75:10:75:24 | call to to_query | $@ | params_flow.rb:75:10:75:15 | call to params : | call to params : |
| params_flow.rb:79:10:79:24 | call to to_param | params_flow.rb:79:10:79:15 | call to params : | params_flow.rb:79:10:79:24 | call to to_param | $@ | params_flow.rb:79:10:79:15 | call to params : | call to params : |
| params_flow.rb:83:10:83:27 | call to to_unsafe_h | params_flow.rb:83:10:83:15 | call to params : | params_flow.rb:83:10:83:27 | call to to_unsafe_h | $@ | params_flow.rb:83:10:83:15 | call to params : | call to params : |
| params_flow.rb:87:10:87:30 | call to to_unsafe_hash | params_flow.rb:87:10:87:15 | call to params : | params_flow.rb:87:10:87:30 | call to to_unsafe_hash | $@ | params_flow.rb:87:10:87:15 | call to params : | call to params : |
| params_flow.rb:91:10:91:40 | call to transform_keys | params_flow.rb:91:10:91:15 | call to params : | params_flow.rb:91:10:91:40 | call to transform_keys | $@ | params_flow.rb:91:10:91:15 | call to params : | call to params : |
| params_flow.rb:95:10:95:41 | call to transform_keys! | params_flow.rb:95:10:95:15 | call to params : | params_flow.rb:95:10:95:41 | call to transform_keys! | $@ | params_flow.rb:95:10:95:15 | call to params : | call to params : |
| params_flow.rb:99:10:99:42 | call to transform_values | params_flow.rb:99:10:99:15 | call to params : | params_flow.rb:99:10:99:42 | call to transform_values | $@ | params_flow.rb:99:10:99:15 | call to params : | call to params : |
| params_flow.rb:103:10:103:43 | call to transform_values! | params_flow.rb:103:10:103:15 | call to params : | params_flow.rb:103:10:103:43 | call to transform_values! | $@ | params_flow.rb:103:10:103:15 | call to params : | call to params : |
| params_flow.rb:107:10:107:33 | call to values_at | params_flow.rb:107:10:107:15 | call to params : | params_flow.rb:107:10:107:33 | call to values_at | $@ | params_flow.rb:107:10:107:15 | call to params : | call to params : |
| params_flow.rb:111:10:111:29 | call to merge | params_flow.rb:111:10:111:15 | call to params : | params_flow.rb:111:10:111:29 | call to merge | $@ | params_flow.rb:111:10:111:15 | call to params : | call to params : |
| params_flow.rb:112:10:112:29 | call to merge | params_flow.rb:112:23:112:28 | call to params : | params_flow.rb:112:10:112:29 | call to merge | $@ | params_flow.rb:112:23:112:28 | call to params : | call to params : |
| params_flow.rb:116:10:116:37 | call to reverse_merge | params_flow.rb:116:10:116:15 | call to params : | params_flow.rb:116:10:116:37 | call to reverse_merge | $@ | params_flow.rb:116:10:116:15 | call to params : | call to params : |
| params_flow.rb:117:10:117:37 | call to reverse_merge | params_flow.rb:117:31:117:36 | call to params : | params_flow.rb:117:10:117:37 | call to reverse_merge | $@ | params_flow.rb:117:31:117:36 | call to params : | call to params : |
| params_flow.rb:121:10:121:43 | call to with_defaults | params_flow.rb:121:10:121:15 | call to params : | params_flow.rb:121:10:121:43 | call to with_defaults | $@ | params_flow.rb:121:10:121:15 | call to params : | call to params : |
| params_flow.rb:122:10:122:37 | call to with_defaults | params_flow.rb:122:31:122:36 | call to params : | params_flow.rb:122:10:122:37 | call to with_defaults | $@ | params_flow.rb:122:31:122:36 | call to params : | call to params : |
| params_flow.rb:126:10:126:30 | call to merge! | params_flow.rb:126:10:126:15 | call to params : | params_flow.rb:126:10:126:30 | call to merge! | $@ | params_flow.rb:126:10:126:15 | call to params : | call to params : |
| params_flow.rb:127:10:127:30 | call to merge! | params_flow.rb:127:24:127:29 | call to params : | params_flow.rb:127:10:127:30 | call to merge! | $@ | params_flow.rb:127:24:127:29 | call to params : | call to params : |
| params_flow.rb:131:10:131:10 | p | params_flow.rb:130:14:130:19 | call to params : | params_flow.rb:131:10:131:10 | p | $@ | params_flow.rb:130:14:130:19 | call to params : | call to params : |
| params_flow.rb:135:10:135:38 | call to reverse_merge! | params_flow.rb:135:10:135:15 | call to params : | params_flow.rb:135:10:135:38 | call to reverse_merge! | $@ | params_flow.rb:135:10:135:15 | call to params : | call to params : |
| params_flow.rb:136:10:136:38 | call to reverse_merge! | params_flow.rb:136:32:136:37 | call to params : | params_flow.rb:136:10:136:38 | call to reverse_merge! | $@ | params_flow.rb:136:32:136:37 | call to params : | call to params : |
| params_flow.rb:140:10:140:10 | p | params_flow.rb:139:22:139:27 | call to params : | params_flow.rb:140:10:140:10 | p | $@ | params_flow.rb:139:22:139:27 | call to params : | call to params : |
| params_flow.rb:144:10:144:44 | call to with_defaults! | params_flow.rb:144:10:144:15 | call to params : | params_flow.rb:144:10:144:44 | call to with_defaults! | $@ | params_flow.rb:144:10:144:15 | call to params : | call to params : |
| params_flow.rb:145:10:145:38 | call to with_defaults! | params_flow.rb:145:32:145:37 | call to params : | params_flow.rb:145:10:145:38 | call to with_defaults! | $@ | params_flow.rb:145:32:145:37 | call to params : | call to params : |
| params_flow.rb:149:10:149:10 | p | params_flow.rb:148:22:148:27 | call to params : | params_flow.rb:149:10:149:10 | p | $@ | params_flow.rb:148:22:148:27 | call to params : | call to params : |
| params_flow.rb:153:10:153:44 | call to reverse_update | params_flow.rb:153:10:153:15 | call to params : | params_flow.rb:153:10:153:44 | call to reverse_update | $@ | params_flow.rb:153:10:153:15 | call to params : | call to params : |
| params_flow.rb:154:10:154:38 | call to reverse_update | params_flow.rb:154:32:154:37 | call to params : | params_flow.rb:154:10:154:38 | call to reverse_update | $@ | params_flow.rb:154:32:154:37 | call to params : | call to params : |
| params_flow.rb:158:10:158:10 | p | params_flow.rb:157:22:157:27 | call to params : | params_flow.rb:158:10:158:10 | p | $@ | params_flow.rb:157:22:157:27 | call to params : | call to params : |
| params_flow.rb:166:10:166:19 | ...[...] | params_flow.rb:166:10:166:15 | call to params : | params_flow.rb:166:10:166:19 | ...[...] | $@ | params_flow.rb:166:10:166:15 | call to params : | call to params : |
| params_flow.rb:172:10:172:19 | ...[...] | params_flow.rb:172:10:172:15 | call to params : | params_flow.rb:172:10:172:19 | ...[...] | $@ | params_flow.rb:172:10:172:15 | call to params : | call to params : |
| params_flow.rb:176:10:176:19 | ...[...] | params_flow.rb:176:10:176:15 | call to params : | params_flow.rb:176:10:176:19 | ...[...] | $@ | params_flow.rb:176:10:176:15 | call to params : | call to params : |
| filter_flow.rb:21:10:21:13 | @foo | filter_flow.rb:14:12:14:17 | call to params | filter_flow.rb:21:10:21:13 | @foo | $@ | filter_flow.rb:14:12:14:17 | call to params | call to params |
| filter_flow.rb:38:10:38:13 | @foo | filter_flow.rb:30:12:30:17 | call to params | filter_flow.rb:38:10:38:13 | @foo | $@ | filter_flow.rb:30:12:30:17 | call to params | call to params |
| filter_flow.rb:55:10:55:13 | @foo | filter_flow.rb:47:12:47:17 | call to params | filter_flow.rb:55:10:55:13 | @foo | $@ | filter_flow.rb:47:12:47:17 | call to params | call to params |
| filter_flow.rb:71:10:71:17 | call to bar | filter_flow.rb:64:16:64:21 | call to params | filter_flow.rb:71:10:71:17 | call to bar | $@ | filter_flow.rb:64:16:64:21 | call to params | call to params |
| filter_flow.rb:87:11:87:14 | @foo | filter_flow.rb:91:12:91:17 | call to params | filter_flow.rb:87:11:87:14 | @foo | $@ | filter_flow.rb:91:12:91:17 | call to params | call to params |
| params_flow.rb:3:10:3:19 | ...[...] | params_flow.rb:3:10:3:15 | call to params | params_flow.rb:3:10:3:19 | ...[...] | $@ | params_flow.rb:3:10:3:15 | call to params | call to params |
| params_flow.rb:7:10:7:23 | call to as_json | params_flow.rb:7:10:7:15 | call to params | params_flow.rb:7:10:7:23 | call to as_json | $@ | params_flow.rb:7:10:7:15 | call to params | call to params |
| params_flow.rb:15:10:15:33 | call to permit | params_flow.rb:15:10:15:15 | call to params | params_flow.rb:15:10:15:33 | call to permit | $@ | params_flow.rb:15:10:15:15 | call to params | call to params |
| params_flow.rb:19:10:19:34 | call to require | params_flow.rb:19:10:19:15 | call to params | params_flow.rb:19:10:19:34 | call to require | $@ | params_flow.rb:19:10:19:15 | call to params | call to params |
| params_flow.rb:23:10:23:35 | call to required | params_flow.rb:23:10:23:15 | call to params | params_flow.rb:23:10:23:35 | call to required | $@ | params_flow.rb:23:10:23:15 | call to params | call to params |
| params_flow.rb:27:10:27:24 | call to deep_dup | params_flow.rb:27:10:27:15 | call to params | params_flow.rb:27:10:27:24 | call to deep_dup | $@ | params_flow.rb:27:10:27:15 | call to params | call to params |
| params_flow.rb:31:10:31:45 | call to deep_transform_keys | params_flow.rb:31:10:31:15 | call to params | params_flow.rb:31:10:31:45 | call to deep_transform_keys | $@ | params_flow.rb:31:10:31:15 | call to params | call to params |
| params_flow.rb:35:10:35:46 | call to deep_transform_keys! | params_flow.rb:35:10:35:15 | call to params | params_flow.rb:35:10:35:46 | call to deep_transform_keys! | $@ | params_flow.rb:35:10:35:15 | call to params | call to params |
| params_flow.rb:39:10:39:48 | call to delete_if | params_flow.rb:39:10:39:15 | call to params | params_flow.rb:39:10:39:48 | call to delete_if | $@ | params_flow.rb:39:10:39:15 | call to params | call to params |
| params_flow.rb:43:10:43:32 | call to extract! | params_flow.rb:43:10:43:15 | call to params | params_flow.rb:43:10:43:32 | call to extract! | $@ | params_flow.rb:43:10:43:15 | call to params | call to params |
| params_flow.rb:47:10:47:46 | call to keep_if | params_flow.rb:47:10:47:15 | call to params | params_flow.rb:47:10:47:46 | call to keep_if | $@ | params_flow.rb:47:10:47:15 | call to params | call to params |
| params_flow.rb:51:10:51:45 | call to select | params_flow.rb:51:10:51:15 | call to params | params_flow.rb:51:10:51:45 | call to select | $@ | params_flow.rb:51:10:51:15 | call to params | call to params |
| params_flow.rb:55:10:55:46 | call to select! | params_flow.rb:55:10:55:15 | call to params | params_flow.rb:55:10:55:46 | call to select! | $@ | params_flow.rb:55:10:55:15 | call to params | call to params |
| params_flow.rb:59:10:59:45 | call to reject | params_flow.rb:59:10:59:15 | call to params | params_flow.rb:59:10:59:45 | call to reject | $@ | params_flow.rb:59:10:59:15 | call to params | call to params |
| params_flow.rb:63:10:63:46 | call to reject! | params_flow.rb:63:10:63:15 | call to params | params_flow.rb:63:10:63:46 | call to reject! | $@ | params_flow.rb:63:10:63:15 | call to params | call to params |
| params_flow.rb:67:10:67:20 | call to to_h | params_flow.rb:67:10:67:15 | call to params | params_flow.rb:67:10:67:20 | call to to_h | $@ | params_flow.rb:67:10:67:15 | call to params | call to params |
| params_flow.rb:71:10:71:23 | call to to_hash | params_flow.rb:71:10:71:15 | call to params | params_flow.rb:71:10:71:23 | call to to_hash | $@ | params_flow.rb:71:10:71:15 | call to params | call to params |
| params_flow.rb:75:10:75:24 | call to to_query | params_flow.rb:75:10:75:15 | call to params | params_flow.rb:75:10:75:24 | call to to_query | $@ | params_flow.rb:75:10:75:15 | call to params | call to params |
| params_flow.rb:79:10:79:24 | call to to_param | params_flow.rb:79:10:79:15 | call to params | params_flow.rb:79:10:79:24 | call to to_param | $@ | params_flow.rb:79:10:79:15 | call to params | call to params |
| params_flow.rb:83:10:83:27 | call to to_unsafe_h | params_flow.rb:83:10:83:15 | call to params | params_flow.rb:83:10:83:27 | call to to_unsafe_h | $@ | params_flow.rb:83:10:83:15 | call to params | call to params |
| params_flow.rb:87:10:87:30 | call to to_unsafe_hash | params_flow.rb:87:10:87:15 | call to params | params_flow.rb:87:10:87:30 | call to to_unsafe_hash | $@ | params_flow.rb:87:10:87:15 | call to params | call to params |
| params_flow.rb:91:10:91:40 | call to transform_keys | params_flow.rb:91:10:91:15 | call to params | params_flow.rb:91:10:91:40 | call to transform_keys | $@ | params_flow.rb:91:10:91:15 | call to params | call to params |
| params_flow.rb:95:10:95:41 | call to transform_keys! | params_flow.rb:95:10:95:15 | call to params | params_flow.rb:95:10:95:41 | call to transform_keys! | $@ | params_flow.rb:95:10:95:15 | call to params | call to params |
| params_flow.rb:99:10:99:42 | call to transform_values | params_flow.rb:99:10:99:15 | call to params | params_flow.rb:99:10:99:42 | call to transform_values | $@ | params_flow.rb:99:10:99:15 | call to params | call to params |
| params_flow.rb:103:10:103:43 | call to transform_values! | params_flow.rb:103:10:103:15 | call to params | params_flow.rb:103:10:103:43 | call to transform_values! | $@ | params_flow.rb:103:10:103:15 | call to params | call to params |
| params_flow.rb:107:10:107:33 | call to values_at | params_flow.rb:107:10:107:15 | call to params | params_flow.rb:107:10:107:33 | call to values_at | $@ | params_flow.rb:107:10:107:15 | call to params | call to params |
| params_flow.rb:111:10:111:29 | call to merge | params_flow.rb:111:10:111:15 | call to params | params_flow.rb:111:10:111:29 | call to merge | $@ | params_flow.rb:111:10:111:15 | call to params | call to params |
| params_flow.rb:112:10:112:29 | call to merge | params_flow.rb:112:23:112:28 | call to params | params_flow.rb:112:10:112:29 | call to merge | $@ | params_flow.rb:112:23:112:28 | call to params | call to params |
| params_flow.rb:116:10:116:37 | call to reverse_merge | params_flow.rb:116:10:116:15 | call to params | params_flow.rb:116:10:116:37 | call to reverse_merge | $@ | params_flow.rb:116:10:116:15 | call to params | call to params |
| params_flow.rb:117:10:117:37 | call to reverse_merge | params_flow.rb:117:31:117:36 | call to params | params_flow.rb:117:10:117:37 | call to reverse_merge | $@ | params_flow.rb:117:31:117:36 | call to params | call to params |
| params_flow.rb:121:10:121:43 | call to with_defaults | params_flow.rb:121:10:121:15 | call to params | params_flow.rb:121:10:121:43 | call to with_defaults | $@ | params_flow.rb:121:10:121:15 | call to params | call to params |
| params_flow.rb:122:10:122:37 | call to with_defaults | params_flow.rb:122:31:122:36 | call to params | params_flow.rb:122:10:122:37 | call to with_defaults | $@ | params_flow.rb:122:31:122:36 | call to params | call to params |
| params_flow.rb:126:10:126:30 | call to merge! | params_flow.rb:126:10:126:15 | call to params | params_flow.rb:126:10:126:30 | call to merge! | $@ | params_flow.rb:126:10:126:15 | call to params | call to params |
| params_flow.rb:127:10:127:30 | call to merge! | params_flow.rb:127:24:127:29 | call to params | params_flow.rb:127:10:127:30 | call to merge! | $@ | params_flow.rb:127:24:127:29 | call to params | call to params |
| params_flow.rb:131:10:131:10 | p | params_flow.rb:130:14:130:19 | call to params | params_flow.rb:131:10:131:10 | p | $@ | params_flow.rb:130:14:130:19 | call to params | call to params |
| params_flow.rb:135:10:135:38 | call to reverse_merge! | params_flow.rb:135:10:135:15 | call to params | params_flow.rb:135:10:135:38 | call to reverse_merge! | $@ | params_flow.rb:135:10:135:15 | call to params | call to params |
| params_flow.rb:136:10:136:38 | call to reverse_merge! | params_flow.rb:136:32:136:37 | call to params | params_flow.rb:136:10:136:38 | call to reverse_merge! | $@ | params_flow.rb:136:32:136:37 | call to params | call to params |
| params_flow.rb:140:10:140:10 | p | params_flow.rb:139:22:139:27 | call to params | params_flow.rb:140:10:140:10 | p | $@ | params_flow.rb:139:22:139:27 | call to params | call to params |
| params_flow.rb:144:10:144:44 | call to with_defaults! | params_flow.rb:144:10:144:15 | call to params | params_flow.rb:144:10:144:44 | call to with_defaults! | $@ | params_flow.rb:144:10:144:15 | call to params | call to params |
| params_flow.rb:145:10:145:38 | call to with_defaults! | params_flow.rb:145:32:145:37 | call to params | params_flow.rb:145:10:145:38 | call to with_defaults! | $@ | params_flow.rb:145:32:145:37 | call to params | call to params |
| params_flow.rb:149:10:149:10 | p | params_flow.rb:148:22:148:27 | call to params | params_flow.rb:149:10:149:10 | p | $@ | params_flow.rb:148:22:148:27 | call to params | call to params |
| params_flow.rb:153:10:153:44 | call to reverse_update | params_flow.rb:153:10:153:15 | call to params | params_flow.rb:153:10:153:44 | call to reverse_update | $@ | params_flow.rb:153:10:153:15 | call to params | call to params |
| params_flow.rb:154:10:154:38 | call to reverse_update | params_flow.rb:154:32:154:37 | call to params | params_flow.rb:154:10:154:38 | call to reverse_update | $@ | params_flow.rb:154:32:154:37 | call to params | call to params |
| params_flow.rb:158:10:158:10 | p | params_flow.rb:157:22:157:27 | call to params | params_flow.rb:158:10:158:10 | p | $@ | params_flow.rb:157:22:157:27 | call to params | call to params |
| params_flow.rb:166:10:166:19 | ...[...] | params_flow.rb:166:10:166:15 | call to params | params_flow.rb:166:10:166:19 | ...[...] | $@ | params_flow.rb:166:10:166:15 | call to params | call to params |
| params_flow.rb:172:10:172:19 | ...[...] | params_flow.rb:172:10:172:15 | call to params | params_flow.rb:172:10:172:19 | ...[...] | $@ | params_flow.rb:172:10:172:15 | call to params | call to params |
| params_flow.rb:176:10:176:19 | ...[...] | params_flow.rb:176:10:176:15 | call to params | params_flow.rb:176:10:176:19 | ...[...] | $@ | params_flow.rb:176:10:176:15 | call to params | call to params |

6
ruby/ql/test/library-tests/frameworks/action_mailer/params-flow.expected
View File

@@ -1,9 +1,9 @@
failures
edges
| mailer.rb:3:10:3:15 | call to params : | mailer.rb:3:10:3:21 | ...[...] |
| mailer.rb:3:10:3:15 | call to params | mailer.rb:3:10:3:21 | ...[...] |
nodes
| mailer.rb:3:10:3:15 | call to params : | semmle.label | call to params : |
| mailer.rb:3:10:3:15 | call to params | semmle.label | call to params |
| mailer.rb:3:10:3:21 | ...[...] | semmle.label | ...[...] |
subpaths
#select
| mailer.rb:3:10:3:21 | ...[...] | mailer.rb:3:10:3:15 | call to params : | mailer.rb:3:10:3:21 | ...[...] | $@ | mailer.rb:3:10:3:15 | call to params : | call to params : |
| mailer.rb:3:10:3:21 | ...[...] | mailer.rb:3:10:3:15 | call to params | mailer.rb:3:10:3:21 | ...[...] | $@ | mailer.rb:3:10:3:15 | call to params | call to params |

2420
ruby/ql/test/library-tests/frameworks/active_support/ActiveSupportDataFlow.expected
View File

File diff suppressed because it is too large Load Diff

2
ruby/ql/test/library-tests/frameworks/arel/Arel.expected
View File

@@ -1,3 +1,3 @@
failures
#select
| arel.rb:3:8:3:18 | call to sql | arel.rb:2:7:2:14 | call to source : | arel.rb:3:8:3:18 | call to sql | $@ | arel.rb:2:7:2:14 | call to source : | call to source : |
| arel.rb:3:8:3:18 | call to sql | arel.rb:2:7:2:14 | call to source | arel.rb:3:8:3:18 | call to sql | $@ | arel.rb:2:7:2:14 | call to source | call to source |

40
ruby/ql/test/library-tests/frameworks/json/JsonDataFlow.expected
View File

@@ -1,34 +1,34 @@
failures
edges
| json.rb:1:17:1:26 | call to source : | json.rb:1:6:1:27 | call to parse |
| json.rb:2:18:2:27 | call to source : | json.rb:2:6:2:28 | call to parse! |
| json.rb:3:16:3:25 | call to source : | json.rb:3:6:3:26 | call to load |
| json.rb:4:19:4:28 | call to source : | json.rb:4:6:4:29 | call to restore |
| json.rb:6:20:6:29 | call to source : | json.rb:6:6:6:30 | call to generate |
| json.rb:7:25:7:34 | call to source : | json.rb:7:6:7:35 | call to fast_generate |
| json.rb:8:27:8:36 | call to source : | json.rb:8:6:8:37 | call to pretty_generate |
| json.rb:9:16:9:25 | call to source : | json.rb:9:6:9:26 | call to dump |
| json.rb:10:19:10:28 | call to source : | json.rb:10:6:10:29 | call to unparse |
| json.rb:11:24:11:33 | call to source : | json.rb:11:6:11:34 | call to fast_unparse |
| json.rb:1:17:1:26 | call to source | json.rb:1:6:1:27 | call to parse |
| json.rb:2:18:2:27 | call to source | json.rb:2:6:2:28 | call to parse! |
| json.rb:3:16:3:25 | call to source | json.rb:3:6:3:26 | call to load |
| json.rb:4:19:4:28 | call to source | json.rb:4:6:4:29 | call to restore |
| json.rb:6:20:6:29 | call to source | json.rb:6:6:6:30 | call to generate |
| json.rb:7:25:7:34 | call to source | json.rb:7:6:7:35 | call to fast_generate |
| json.rb:8:27:8:36 | call to source | json.rb:8:6:8:37 | call to pretty_generate |
| json.rb:9:16:9:25 | call to source | json.rb:9:6:9:26 | call to dump |
| json.rb:10:19:10:28 | call to source | json.rb:10:6:10:29 | call to unparse |
| json.rb:11:24:11:33 | call to source | json.rb:11:6:11:34 | call to fast_unparse |
nodes
| json.rb:1:6:1:27 | call to parse | semmle.label | call to parse |
| json.rb:1:17:1:26 | call to source : | semmle.label | call to source : |
| json.rb:1:17:1:26 | call to source | semmle.label | call to source |
| json.rb:2:6:2:28 | call to parse! | semmle.label | call to parse! |
| json.rb:2:18:2:27 | call to source : | semmle.label | call to source : |
| json.rb:2:18:2:27 | call to source | semmle.label | call to source |
| json.rb:3:6:3:26 | call to load | semmle.label | call to load |
| json.rb:3:16:3:25 | call to source : | semmle.label | call to source : |
| json.rb:3:16:3:25 | call to source | semmle.label | call to source |
| json.rb:4:6:4:29 | call to restore | semmle.label | call to restore |
| json.rb:4:19:4:28 | call to source : | semmle.label | call to source : |
| json.rb:4:19:4:28 | call to source | semmle.label | call to source |
| json.rb:6:6:6:30 | call to generate | semmle.label | call to generate |
| json.rb:6:20:6:29 | call to source : | semmle.label | call to source : |
| json.rb:6:20:6:29 | call to source | semmle.label | call to source |
| json.rb:7:6:7:35 | call to fast_generate | semmle.label | call to fast_generate |
| json.rb:7:25:7:34 | call to source : | semmle.label | call to source : |
| json.rb:7:25:7:34 | call to source | semmle.label | call to source |
| json.rb:8:6:8:37 | call to pretty_generate | semmle.label | call to pretty_generate |
| json.rb:8:27:8:36 | call to source : | semmle.label | call to source : |
| json.rb:8:27:8:36 | call to source | semmle.label | call to source |
| json.rb:9:6:9:26 | call to dump | semmle.label | call to dump |
| json.rb:9:16:9:25 | call to source : | semmle.label | call to source : |
| json.rb:9:16:9:25 | call to source | semmle.label | call to source |
| json.rb:10:6:10:29 | call to unparse | semmle.label | call to unparse |
| json.rb:10:19:10:28 | call to source : | semmle.label | call to source : |
| json.rb:10:19:10:28 | call to source | semmle.label | call to source |
| json.rb:11:6:11:34 | call to fast_unparse | semmle.label | call to fast_unparse |
| json.rb:11:24:11:33 | call to source : | semmle.label | call to source : |
| json.rb:11:24:11:33 | call to source | semmle.label | call to source |
subpaths

34
ruby/ql/test/library-tests/frameworks/sinatra/Flow.expected
View File

@@ -1,25 +1,25 @@
failures
| views/index.erb:2:10:2:12 | call to foo | Unexpected result: hasTaintFlow= |
edges
| app.rb:75:5:75:8 | [post] self [@foo] : | app.rb:76:32:76:35 | self [@foo] : |
| app.rb:75:12:75:17 | call to params : | app.rb:75:12:75:24 | ...[...] : |
| app.rb:75:12:75:24 | ...[...] : | app.rb:75:5:75:8 | [post] self [@foo] : |
| app.rb:76:32:76:35 | @foo : | views/index.erb:2:10:2:12 | call to foo |
| app.rb:76:32:76:35 | self [@foo] : | app.rb:76:32:76:35 | @foo : |
| app.rb:95:10:95:14 | self [@user] : | app.rb:95:10:95:14 | @user |
| app.rb:103:5:103:9 | [post] self [@user] : | app.rb:95:10:95:14 | self [@user] : |
| app.rb:103:13:103:22 | call to source : | app.rb:103:5:103:9 | [post] self [@user] : |
| app.rb:75:5:75:8 | [post] self [@foo] | app.rb:76:32:76:35 | self [@foo] |
| app.rb:75:12:75:17 | call to params | app.rb:75:12:75:24 | ...[...] |
| app.rb:75:12:75:24 | ...[...] | app.rb:75:5:75:8 | [post] self [@foo] |
| app.rb:76:32:76:35 | @foo | views/index.erb:2:10:2:12 | call to foo |
| app.rb:76:32:76:35 | self [@foo] | app.rb:76:32:76:35 | @foo |
| app.rb:95:10:95:14 | self [@user] | app.rb:95:10:95:14 | @user |
| app.rb:103:5:103:9 | [post] self [@user] | app.rb:95:10:95:14 | self [@user] |
| app.rb:103:13:103:22 | call to source | app.rb:103:5:103:9 | [post] self [@user] |
nodes
| app.rb:75:5:75:8 | [post] self [@foo] : | semmle.label | [post] self [@foo] : |
| app.rb:75:12:75:17 | call to params : | semmle.label | call to params : |
| app.rb:75:12:75:24 | ...[...] : | semmle.label | ...[...] : |
| app.rb:76:32:76:35 | @foo : | semmle.label | @foo : |
| app.rb:76:32:76:35 | self [@foo] : | semmle.label | self [@foo] : |
| app.rb:75:5:75:8 | [post] self [@foo] | semmle.label | [post] self [@foo] |
| app.rb:75:12:75:17 | call to params | semmle.label | call to params |
| app.rb:75:12:75:24 | ...[...] | semmle.label | ...[...] |
| app.rb:76:32:76:35 | @foo | semmle.label | @foo |
| app.rb:76:32:76:35 | self [@foo] | semmle.label | self [@foo] |
| app.rb:95:10:95:14 | @user | semmle.label | @user |
| app.rb:95:10:95:14 | self [@user] : | semmle.label | self [@user] : |
| app.rb:103:5:103:9 | [post] self [@user] : | semmle.label | [post] self [@user] : |
| app.rb:103:13:103:22 | call to source : | semmle.label | call to source : |
| app.rb:95:10:95:14 | self [@user] | semmle.label | self [@user] |
| app.rb:103:5:103:9 | [post] self [@user] | semmle.label | [post] self [@user] |
| app.rb:103:13:103:22 | call to source | semmle.label | call to source |
| views/index.erb:2:10:2:12 | call to foo | semmle.label | call to foo |
subpaths
#select
| views/index.erb:2:10:2:12 | call to foo | app.rb:75:12:75:17 | call to params : | views/index.erb:2:10:2:12 | call to foo | $@ | app.rb:75:12:75:17 | call to params : | call to params : |
| views/index.erb:2:10:2:12 | call to foo | app.rb:75:12:75:17 | call to params | views/index.erb:2:10:2:12 | call to foo | $@ | app.rb:75:12:75:17 | call to params | call to params |

68
ruby/ql/test/query-tests/experimental/TemplateInjection/TemplateInjection.expected
View File

@@ -1,42 +1,42 @@
edges
| ErbInjection.rb:5:5:5:8 | name : | ErbInjection.rb:8:5:8:12 | bad_text : |
| ErbInjection.rb:5:5:5:8 | name : | ErbInjection.rb:11:11:11:14 | name : |
| ErbInjection.rb:5:12:5:17 | call to params : | ErbInjection.rb:5:12:5:24 | ...[...] : |
| ErbInjection.rb:5:12:5:24 | ...[...] : | ErbInjection.rb:5:5:5:8 | name : |
| ErbInjection.rb:8:5:8:12 | bad_text : | ErbInjection.rb:15:24:15:31 | bad_text |
| ErbInjection.rb:8:5:8:12 | bad_text : | ErbInjection.rb:19:20:19:27 | bad_text |
| ErbInjection.rb:8:16:11:14 | ... % ... : | ErbInjection.rb:8:5:8:12 | bad_text : |
| ErbInjection.rb:11:11:11:14 | name : | ErbInjection.rb:8:16:11:14 | ... % ... : |
| SlimInjection.rb:5:5:5:8 | name : | SlimInjection.rb:8:5:8:12 | bad_text : |
| SlimInjection.rb:5:5:5:8 | name : | SlimInjection.rb:11:11:11:14 | name : |
| SlimInjection.rb:5:5:5:8 | name : | SlimInjection.rb:17:5:17:13 | bad2_text : |
| SlimInjection.rb:5:12:5:17 | call to params : | SlimInjection.rb:5:12:5:24 | ...[...] : |
| SlimInjection.rb:5:12:5:24 | ...[...] : | SlimInjection.rb:5:5:5:8 | name : |
| SlimInjection.rb:8:5:8:12 | bad_text : | SlimInjection.rb:14:25:14:32 | bad_text |
| SlimInjection.rb:8:16:11:14 | ... % ... : | SlimInjection.rb:8:5:8:12 | bad_text : |
| SlimInjection.rb:11:11:11:14 | name : | SlimInjection.rb:8:16:11:14 | ... % ... : |
| SlimInjection.rb:17:5:17:13 | bad2_text : | SlimInjection.rb:23:25:23:33 | bad2_text |
| ErbInjection.rb:5:5:5:8 | name | ErbInjection.rb:8:5:8:12 | bad_text |
| ErbInjection.rb:5:5:5:8 | name | ErbInjection.rb:11:11:11:14 | name |
| ErbInjection.rb:5:12:5:17 | call to params | ErbInjection.rb:5:12:5:24 | ...[...] |
| ErbInjection.rb:5:12:5:24 | ...[...] | ErbInjection.rb:5:5:5:8 | name |
| ErbInjection.rb:8:5:8:12 | bad_text | ErbInjection.rb:15:24:15:31 | bad_text |
| ErbInjection.rb:8:5:8:12 | bad_text | ErbInjection.rb:19:20:19:27 | bad_text |
| ErbInjection.rb:8:16:11:14 | ... % ... | ErbInjection.rb:8:5:8:12 | bad_text |
| ErbInjection.rb:11:11:11:14 | name | ErbInjection.rb:8:16:11:14 | ... % ... |
| SlimInjection.rb:5:5:5:8 | name | SlimInjection.rb:8:5:8:12 | bad_text |
| SlimInjection.rb:5:5:5:8 | name | SlimInjection.rb:11:11:11:14 | name |
| SlimInjection.rb:5:5:5:8 | name | SlimInjection.rb:17:5:17:13 | bad2_text |
| SlimInjection.rb:5:12:5:17 | call to params | SlimInjection.rb:5:12:5:24 | ...[...] |
| SlimInjection.rb:5:12:5:24 | ...[...] | SlimInjection.rb:5:5:5:8 | name |
| SlimInjection.rb:8:5:8:12 | bad_text | SlimInjection.rb:14:25:14:32 | bad_text |
| SlimInjection.rb:8:16:11:14 | ... % ... | SlimInjection.rb:8:5:8:12 | bad_text |
| SlimInjection.rb:11:11:11:14 | name | SlimInjection.rb:8:16:11:14 | ... % ... |
| SlimInjection.rb:17:5:17:13 | bad2_text | SlimInjection.rb:23:25:23:33 | bad2_text |
nodes
| ErbInjection.rb:5:5:5:8 | name : | semmle.label | name : |
| ErbInjection.rb:5:12:5:17 | call to params : | semmle.label | call to params : |
| ErbInjection.rb:5:12:5:24 | ...[...] : | semmle.label | ...[...] : |
| ErbInjection.rb:8:5:8:12 | bad_text : | semmle.label | bad_text : |
| ErbInjection.rb:8:16:11:14 | ... % ... : | semmle.label | ... % ... : |
| ErbInjection.rb:11:11:11:14 | name : | semmle.label | name : |
| ErbInjection.rb:5:5:5:8 | name | semmle.label | name |
| ErbInjection.rb:5:12:5:17 | call to params | semmle.label | call to params |
| ErbInjection.rb:5:12:5:24 | ...[...] | semmle.label | ...[...] |
| ErbInjection.rb:8:5:8:12 | bad_text | semmle.label | bad_text |
| ErbInjection.rb:8:16:11:14 | ... % ... | semmle.label | ... % ... |
| ErbInjection.rb:11:11:11:14 | name | semmle.label | name |
| ErbInjection.rb:15:24:15:31 | bad_text | semmle.label | bad_text |
| ErbInjection.rb:19:20:19:27 | bad_text | semmle.label | bad_text |
| SlimInjection.rb:5:5:5:8 | name : | semmle.label | name : |
| SlimInjection.rb:5:12:5:17 | call to params : | semmle.label | call to params : |
| SlimInjection.rb:5:12:5:24 | ...[...] : | semmle.label | ...[...] : |
| SlimInjection.rb:8:5:8:12 | bad_text : | semmle.label | bad_text : |
| SlimInjection.rb:8:16:11:14 | ... % ... : | semmle.label | ... % ... : |
| SlimInjection.rb:11:11:11:14 | name : | semmle.label | name : |
| SlimInjection.rb:5:5:5:8 | name | semmle.label | name |
| SlimInjection.rb:5:12:5:17 | call to params | semmle.label | call to params |
| SlimInjection.rb:5:12:5:24 | ...[...] | semmle.label | ...[...] |
| SlimInjection.rb:8:5:8:12 | bad_text | semmle.label | bad_text |
| SlimInjection.rb:8:16:11:14 | ... % ... | semmle.label | ... % ... |
| SlimInjection.rb:11:11:11:14 | name | semmle.label | name |
| SlimInjection.rb:14:25:14:32 | bad_text | semmle.label | bad_text |
| SlimInjection.rb:17:5:17:13 | bad2_text : | semmle.label | bad2_text : |
| SlimInjection.rb:17:5:17:13 | bad2_text | semmle.label | bad2_text |
| SlimInjection.rb:23:25:23:33 | bad2_text | semmle.label | bad2_text |
subpaths
#select
| ErbInjection.rb:15:24:15:31 | bad_text | ErbInjection.rb:5:12:5:17 | call to params : | ErbInjection.rb:15:24:15:31 | bad_text | This template depends on a $@. | ErbInjection.rb:5:12:5:17 | call to params | user-provided value |
| ErbInjection.rb:19:20:19:27 | bad_text | ErbInjection.rb:5:12:5:17 | call to params : | ErbInjection.rb:19:20:19:27 | bad_text | This template depends on a $@. | ErbInjection.rb:5:12:5:17 | call to params | user-provided value |
| SlimInjection.rb:14:25:14:32 | bad_text | SlimInjection.rb:5:12:5:17 | call to params : | SlimInjection.rb:14:25:14:32 | bad_text | This template depends on a $@. | SlimInjection.rb:5:12:5:17 | call to params | user-provided value |
| SlimInjection.rb:23:25:23:33 | bad2_text | SlimInjection.rb:5:12:5:17 | call to params : | SlimInjection.rb:23:25:23:33 | bad2_text | This template depends on a $@. | SlimInjection.rb:5:12:5:17 | call to params | user-provided value |
| ErbInjection.rb:15:24:15:31 | bad_text | ErbInjection.rb:5:12:5:17 | call to params | ErbInjection.rb:15:24:15:31 | bad_text | This template depends on a $@. | ErbInjection.rb:5:12:5:17 | call to params | user-provided value |
| ErbInjection.rb:19:20:19:27 | bad_text | ErbInjection.rb:5:12:5:17 | call to params | ErbInjection.rb:19:20:19:27 | bad_text | This template depends on a $@. | ErbInjection.rb:5:12:5:17 | call to params | user-provided value |
| SlimInjection.rb:14:25:14:32 | bad_text | SlimInjection.rb:5:12:5:17 | call to params | SlimInjection.rb:14:25:14:32 | bad_text | This template depends on a $@. | SlimInjection.rb:5:12:5:17 | call to params | user-provided value |
| SlimInjection.rb:23:25:23:33 | bad2_text | SlimInjection.rb:5:12:5:17 | call to params | SlimInjection.rb:23:25:23:33 | bad2_text | This template depends on a $@. | SlimInjection.rb:5:12:5:17 | call to params | user-provided value |

108
ruby/ql/test/query-tests/experimental/cwe-022-ZipSlip/ZipSlip.expected
View File

@@ -1,64 +1,64 @@
edges
| zip_slip.rb:8:5:8:11 | tarfile : | zip_slip.rb:9:5:9:11 | tarfile : |
| zip_slip.rb:8:15:8:54 | call to new : | zip_slip.rb:8:5:8:11 | tarfile : |
| zip_slip.rb:9:5:9:11 | tarfile : | zip_slip.rb:9:22:9:26 | entry : |
| zip_slip.rb:9:22:9:26 | entry : | zip_slip.rb:10:19:10:33 | call to full_name |
| zip_slip.rb:20:50:20:56 | tarfile : | zip_slip.rb:21:7:21:13 | tarfile : |
| zip_slip.rb:21:7:21:13 | tarfile : | zip_slip.rb:21:30:21:34 | entry : |
| zip_slip.rb:21:30:21:34 | entry : | zip_slip.rb:22:21:22:35 | call to full_name |
| zip_slip.rb:46:5:46:24 | call to open : | zip_slip.rb:46:35:46:39 | entry : |
| zip_slip.rb:46:35:46:39 | entry : | zip_slip.rb:47:17:47:26 | call to name |
| zip_slip.rb:56:30:56:37 | zip_file : | zip_slip.rb:57:7:57:14 | zip_file : |
| zip_slip.rb:57:7:57:14 | zip_file : | zip_slip.rb:57:25:57:29 | entry : |
| zip_slip.rb:57:25:57:29 | entry : | zip_slip.rb:58:19:58:28 | call to name |
| zip_slip.rb:90:5:90:8 | gzip : | zip_slip.rb:91:11:91:14 | gzip : |
| zip_slip.rb:90:12:90:54 | call to open : | zip_slip.rb:90:5:90:8 | gzip : |
| zip_slip.rb:91:11:91:14 | gzip : | zip_slip.rb:97:42:97:56 | compressed_file : |
| zip_slip.rb:97:42:97:56 | compressed_file : | zip_slip.rb:98:7:98:21 | compressed_file : |
| zip_slip.rb:98:7:98:21 | compressed_file : | zip_slip.rb:98:32:98:36 | entry : |
| zip_slip.rb:98:32:98:36 | entry : | zip_slip.rb:99:9:99:18 | entry_path : |
| zip_slip.rb:99:9:99:18 | entry_path : | zip_slip.rb:100:21:100:30 | entry_path |
| zip_slip.rb:123:7:123:8 | gz : | zip_slip.rb:124:7:124:8 | gz : |
| zip_slip.rb:123:12:123:34 | call to new : | zip_slip.rb:123:7:123:8 | gz : |
| zip_slip.rb:124:7:124:8 | gz : | zip_slip.rb:124:19:124:23 | entry : |
| zip_slip.rb:124:19:124:23 | entry : | zip_slip.rb:125:9:125:18 | entry_path : |
| zip_slip.rb:125:9:125:18 | entry_path : | zip_slip.rb:126:21:126:30 | entry_path |
| zip_slip.rb:8:5:8:11 | tarfile | zip_slip.rb:9:5:9:11 | tarfile |
| zip_slip.rb:8:15:8:54 | call to new | zip_slip.rb:8:5:8:11 | tarfile |
| zip_slip.rb:9:5:9:11 | tarfile | zip_slip.rb:9:22:9:26 | entry |
| zip_slip.rb:9:22:9:26 | entry | zip_slip.rb:10:19:10:33 | call to full_name |
| zip_slip.rb:20:50:20:56 | tarfile | zip_slip.rb:21:7:21:13 | tarfile |
| zip_slip.rb:21:7:21:13 | tarfile | zip_slip.rb:21:30:21:34 | entry |
| zip_slip.rb:21:30:21:34 | entry | zip_slip.rb:22:21:22:35 | call to full_name |
| zip_slip.rb:46:5:46:24 | call to open | zip_slip.rb:46:35:46:39 | entry |
| zip_slip.rb:46:35:46:39 | entry | zip_slip.rb:47:17:47:26 | call to name |
| zip_slip.rb:56:30:56:37 | zip_file | zip_slip.rb:57:7:57:14 | zip_file |
| zip_slip.rb:57:7:57:14 | zip_file | zip_slip.rb:57:25:57:29 | entry |
| zip_slip.rb:57:25:57:29 | entry | zip_slip.rb:58:19:58:28 | call to name |
| zip_slip.rb:90:5:90:8 | gzip | zip_slip.rb:91:11:91:14 | gzip |
| zip_slip.rb:90:12:90:54 | call to open | zip_slip.rb:90:5:90:8 | gzip |
| zip_slip.rb:91:11:91:14 | gzip | zip_slip.rb:97:42:97:56 | compressed_file |
| zip_slip.rb:97:42:97:56 | compressed_file | zip_slip.rb:98:7:98:21 | compressed_file |
| zip_slip.rb:98:7:98:21 | compressed_file | zip_slip.rb:98:32:98:36 | entry |
| zip_slip.rb:98:32:98:36 | entry | zip_slip.rb:99:9:99:18 | entry_path |
| zip_slip.rb:99:9:99:18 | entry_path | zip_slip.rb:100:21:100:30 | entry_path |
| zip_slip.rb:123:7:123:8 | gz | zip_slip.rb:124:7:124:8 | gz |
| zip_slip.rb:123:12:123:34 | call to new | zip_slip.rb:123:7:123:8 | gz |
| zip_slip.rb:124:7:124:8 | gz | zip_slip.rb:124:19:124:23 | entry |
| zip_slip.rb:124:19:124:23 | entry | zip_slip.rb:125:9:125:18 | entry_path |
| zip_slip.rb:125:9:125:18 | entry_path | zip_slip.rb:126:21:126:30 | entry_path |
nodes
| zip_slip.rb:8:5:8:11 | tarfile : | semmle.label | tarfile : |
| zip_slip.rb:8:15:8:54 | call to new : | semmle.label | call to new : |
| zip_slip.rb:9:5:9:11 | tarfile : | semmle.label | tarfile : |
| zip_slip.rb:9:22:9:26 | entry : | semmle.label | entry : |
| zip_slip.rb:8:5:8:11 | tarfile | semmle.label | tarfile |
| zip_slip.rb:8:15:8:54 | call to new | semmle.label | call to new |
| zip_slip.rb:9:5:9:11 | tarfile | semmle.label | tarfile |
| zip_slip.rb:9:22:9:26 | entry | semmle.label | entry |
| zip_slip.rb:10:19:10:33 | call to full_name | semmle.label | call to full_name |
| zip_slip.rb:20:50:20:56 | tarfile : | semmle.label | tarfile : |
| zip_slip.rb:21:7:21:13 | tarfile : | semmle.label | tarfile : |
| zip_slip.rb:21:30:21:34 | entry : | semmle.label | entry : |
| zip_slip.rb:20:50:20:56 | tarfile | semmle.label | tarfile |
| zip_slip.rb:21:7:21:13 | tarfile | semmle.label | tarfile |
| zip_slip.rb:21:30:21:34 | entry | semmle.label | entry |
| zip_slip.rb:22:21:22:35 | call to full_name | semmle.label | call to full_name |
| zip_slip.rb:46:5:46:24 | call to open : | semmle.label | call to open : |
| zip_slip.rb:46:35:46:39 | entry : | semmle.label | entry : |
| zip_slip.rb:46:5:46:24 | call to open | semmle.label | call to open |
| zip_slip.rb:46:35:46:39 | entry | semmle.label | entry |
| zip_slip.rb:47:17:47:26 | call to name | semmle.label | call to name |
| zip_slip.rb:56:30:56:37 | zip_file : | semmle.label | zip_file : |
| zip_slip.rb:57:7:57:14 | zip_file : | semmle.label | zip_file : |
| zip_slip.rb:57:25:57:29 | entry : | semmle.label | entry : |
| zip_slip.rb:56:30:56:37 | zip_file | semmle.label | zip_file |
| zip_slip.rb:57:7:57:14 | zip_file | semmle.label | zip_file |
| zip_slip.rb:57:25:57:29 | entry | semmle.label | entry |
| zip_slip.rb:58:19:58:28 | call to name | semmle.label | call to name |
| zip_slip.rb:90:5:90:8 | gzip : | semmle.label | gzip : |
| zip_slip.rb:90:12:90:54 | call to open : | semmle.label | call to open : |
| zip_slip.rb:91:11:91:14 | gzip : | semmle.label | gzip : |
| zip_slip.rb:97:42:97:56 | compressed_file : | semmle.label | compressed_file : |
| zip_slip.rb:98:7:98:21 | compressed_file : | semmle.label | compressed_file : |
| zip_slip.rb:98:32:98:36 | entry : | semmle.label | entry : |
| zip_slip.rb:99:9:99:18 | entry_path : | semmle.label | entry_path : |
| zip_slip.rb:90:5:90:8 | gzip | semmle.label | gzip |
| zip_slip.rb:90:12:90:54 | call to open | semmle.label | call to open |
| zip_slip.rb:91:11:91:14 | gzip | semmle.label | gzip |
| zip_slip.rb:97:42:97:56 | compressed_file | semmle.label | compressed_file |
| zip_slip.rb:98:7:98:21 | compressed_file | semmle.label | compressed_file |
| zip_slip.rb:98:32:98:36 | entry | semmle.label | entry |
| zip_slip.rb:99:9:99:18 | entry_path | semmle.label | entry_path |
| zip_slip.rb:100:21:100:30 | entry_path | semmle.label | entry_path |
| zip_slip.rb:123:7:123:8 | gz : | semmle.label | gz : |
| zip_slip.rb:123:12:123:34 | call to new : | semmle.label | call to new : |
| zip_slip.rb:124:7:124:8 | gz : | semmle.label | gz : |
| zip_slip.rb:124:19:124:23 | entry : | semmle.label | entry : |
| zip_slip.rb:125:9:125:18 | entry_path : | semmle.label | entry_path : |
| zip_slip.rb:123:7:123:8 | gz | semmle.label | gz |
| zip_slip.rb:123:12:123:34 | call to new | semmle.label | call to new |
| zip_slip.rb:124:7:124:8 | gz | semmle.label | gz |
| zip_slip.rb:124:19:124:23 | entry | semmle.label | entry |
| zip_slip.rb:125:9:125:18 | entry_path | semmle.label | entry_path |
| zip_slip.rb:126:21:126:30 | entry_path | semmle.label | entry_path |
subpaths
#select
| zip_slip.rb:10:19:10:33 | call to full_name | zip_slip.rb:8:15:8:54 | call to new : | zip_slip.rb:10:19:10:33 | call to full_name | This file extraction depends on a $@. | zip_slip.rb:8:15:8:54 | call to new | potentially untrusted source |
| zip_slip.rb:22:21:22:35 | call to full_name | zip_slip.rb:20:50:20:56 | tarfile : | zip_slip.rb:22:21:22:35 | call to full_name | This file extraction depends on a $@. | zip_slip.rb:20:50:20:56 | tarfile | potentially untrusted source |
| zip_slip.rb:47:17:47:26 | call to name | zip_slip.rb:46:5:46:24 | call to open : | zip_slip.rb:47:17:47:26 | call to name | This file extraction depends on a $@. | zip_slip.rb:46:5:46:24 | call to open | potentially untrusted source |
| zip_slip.rb:58:19:58:28 | call to name | zip_slip.rb:56:30:56:37 | zip_file : | zip_slip.rb:58:19:58:28 | call to name | This file extraction depends on a $@. | zip_slip.rb:56:30:56:37 | zip_file | potentially untrusted source |
| zip_slip.rb:100:21:100:30 | entry_path | zip_slip.rb:90:12:90:54 | call to open : | zip_slip.rb:100:21:100:30 | entry_path | This file extraction depends on a $@. | zip_slip.rb:90:12:90:54 | call to open | potentially untrusted source |
| zip_slip.rb:126:21:126:30 | entry_path | zip_slip.rb:123:12:123:34 | call to new : | zip_slip.rb:126:21:126:30 | entry_path | This file extraction depends on a $@. | zip_slip.rb:123:12:123:34 | call to new | potentially untrusted source |
| zip_slip.rb:10:19:10:33 | call to full_name | zip_slip.rb:8:15:8:54 | call to new | zip_slip.rb:10:19:10:33 | call to full_name | This file extraction depends on a $@. | zip_slip.rb:8:15:8:54 | call to new | potentially untrusted source |
| zip_slip.rb:22:21:22:35 | call to full_name | zip_slip.rb:20:50:20:56 | tarfile | zip_slip.rb:22:21:22:35 | call to full_name | This file extraction depends on a $@. | zip_slip.rb:20:50:20:56 | tarfile | potentially untrusted source |
| zip_slip.rb:47:17:47:26 | call to name | zip_slip.rb:46:5:46:24 | call to open | zip_slip.rb:47:17:47:26 | call to name | This file extraction depends on a $@. | zip_slip.rb:46:5:46:24 | call to open | potentially untrusted source |
| zip_slip.rb:58:19:58:28 | call to name | zip_slip.rb:56:30:56:37 | zip_file | zip_slip.rb:58:19:58:28 | call to name | This file extraction depends on a $@. | zip_slip.rb:56:30:56:37 | zip_file | potentially untrusted source |
| zip_slip.rb:100:21:100:30 | entry_path | zip_slip.rb:90:12:90:54 | call to open | zip_slip.rb:100:21:100:30 | entry_path | This file extraction depends on a $@. | zip_slip.rb:90:12:90:54 | call to open | potentially untrusted source |
| zip_slip.rb:126:21:126:30 | entry_path | zip_slip.rb:123:12:123:34 | call to new | zip_slip.rb:126:21:126:30 | entry_path | This file extraction depends on a $@. | zip_slip.rb:123:12:123:34 | call to new | potentially untrusted source |

60
ruby/ql/test/query-tests/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.expected
View File

@@ -1,42 +1,42 @@
edges
| ManuallyCheckHttpVerb.rb:11:5:11:10 | method : | ManuallyCheckHttpVerb.rb:12:8:12:22 | ... == ... |
| ManuallyCheckHttpVerb.rb:11:14:11:24 | call to env : | ManuallyCheckHttpVerb.rb:11:14:11:42 | ...[...] : |
| ManuallyCheckHttpVerb.rb:11:14:11:42 | ...[...] : | ManuallyCheckHttpVerb.rb:11:5:11:10 | method : |
| ManuallyCheckHttpVerb.rb:19:5:19:10 | method : | ManuallyCheckHttpVerb.rb:20:8:20:22 | ... == ... |
| ManuallyCheckHttpVerb.rb:19:14:19:35 | call to request_method : | ManuallyCheckHttpVerb.rb:19:5:19:10 | method : |
| ManuallyCheckHttpVerb.rb:27:5:27:10 | method : | ManuallyCheckHttpVerb.rb:28:8:28:22 | ... == ... |
| ManuallyCheckHttpVerb.rb:27:14:27:27 | call to method : | ManuallyCheckHttpVerb.rb:27:5:27:10 | method : |
| ManuallyCheckHttpVerb.rb:35:5:35:10 | method : | ManuallyCheckHttpVerb.rb:36:8:36:22 | ... == ... |
| ManuallyCheckHttpVerb.rb:35:14:35:39 | call to raw_request_method : | ManuallyCheckHttpVerb.rb:35:5:35:10 | method : |
| ManuallyCheckHttpVerb.rb:51:7:51:12 | method : | ManuallyCheckHttpVerb.rb:52:10:52:23 | ... == ... |
| ManuallyCheckHttpVerb.rb:51:16:51:44 | call to request_method_symbol : | ManuallyCheckHttpVerb.rb:51:7:51:12 | method : |
| ManuallyCheckHttpVerb.rb:59:10:59:20 | call to env : | ManuallyCheckHttpVerb.rb:59:10:59:38 | ...[...] |
| ManuallyCheckHttpVerb.rb:11:5:11:10 | method | ManuallyCheckHttpVerb.rb:12:8:12:22 | ... == ... |
| ManuallyCheckHttpVerb.rb:11:14:11:24 | call to env | ManuallyCheckHttpVerb.rb:11:14:11:42 | ...[...] |
| ManuallyCheckHttpVerb.rb:11:14:11:42 | ...[...] | ManuallyCheckHttpVerb.rb:11:5:11:10 | method |
| ManuallyCheckHttpVerb.rb:19:5:19:10 | method | ManuallyCheckHttpVerb.rb:20:8:20:22 | ... == ... |
| ManuallyCheckHttpVerb.rb:19:14:19:35 | call to request_method | ManuallyCheckHttpVerb.rb:19:5:19:10 | method |
| ManuallyCheckHttpVerb.rb:27:5:27:10 | method | ManuallyCheckHttpVerb.rb:28:8:28:22 | ... == ... |
| ManuallyCheckHttpVerb.rb:27:14:27:27 | call to method | ManuallyCheckHttpVerb.rb:27:5:27:10 | method |
| ManuallyCheckHttpVerb.rb:35:5:35:10 | method | ManuallyCheckHttpVerb.rb:36:8:36:22 | ... == ... |
| ManuallyCheckHttpVerb.rb:35:14:35:39 | call to raw_request_method | ManuallyCheckHttpVerb.rb:35:5:35:10 | method |
| ManuallyCheckHttpVerb.rb:51:7:51:12 | method | ManuallyCheckHttpVerb.rb:52:10:52:23 | ... == ... |
| ManuallyCheckHttpVerb.rb:51:16:51:44 | call to request_method_symbol | ManuallyCheckHttpVerb.rb:51:7:51:12 | method |
| ManuallyCheckHttpVerb.rb:59:10:59:20 | call to env | ManuallyCheckHttpVerb.rb:59:10:59:38 | ...[...] |
nodes
| ManuallyCheckHttpVerb.rb:4:8:4:19 | call to get? | semmle.label | call to get? |
| ManuallyCheckHttpVerb.rb:11:5:11:10 | method : | semmle.label | method : |
| ManuallyCheckHttpVerb.rb:11:14:11:24 | call to env : | semmle.label | call to env : |
| ManuallyCheckHttpVerb.rb:11:14:11:42 | ...[...] : | semmle.label | ...[...] : |
| ManuallyCheckHttpVerb.rb:11:5:11:10 | method | semmle.label | method |
| ManuallyCheckHttpVerb.rb:11:14:11:24 | call to env | semmle.label | call to env |
| ManuallyCheckHttpVerb.rb:11:14:11:42 | ...[...] | semmle.label | ...[...] |
| ManuallyCheckHttpVerb.rb:12:8:12:22 | ... == ... | semmle.label | ... == ... |
| ManuallyCheckHttpVerb.rb:19:5:19:10 | method : | semmle.label | method : |
| ManuallyCheckHttpVerb.rb:19:14:19:35 | call to request_method : | semmle.label | call to request_method : |
| ManuallyCheckHttpVerb.rb:19:5:19:10 | method | semmle.label | method |
| ManuallyCheckHttpVerb.rb:19:14:19:35 | call to request_method | semmle.label | call to request_method |
| ManuallyCheckHttpVerb.rb:20:8:20:22 | ... == ... | semmle.label | ... == ... |
| ManuallyCheckHttpVerb.rb:27:5:27:10 | method : | semmle.label | method : |
| ManuallyCheckHttpVerb.rb:27:14:27:27 | call to method : | semmle.label | call to method : |
| ManuallyCheckHttpVerb.rb:27:5:27:10 | method | semmle.label | method |
| ManuallyCheckHttpVerb.rb:27:14:27:27 | call to method | semmle.label | call to method |
| ManuallyCheckHttpVerb.rb:28:8:28:22 | ... == ... | semmle.label | ... == ... |
| ManuallyCheckHttpVerb.rb:35:5:35:10 | method : | semmle.label | method : |
| ManuallyCheckHttpVerb.rb:35:14:35:39 | call to raw_request_method : | semmle.label | call to raw_request_method : |
| ManuallyCheckHttpVerb.rb:35:5:35:10 | method | semmle.label | method |
| ManuallyCheckHttpVerb.rb:35:14:35:39 | call to raw_request_method | semmle.label | call to raw_request_method |
| ManuallyCheckHttpVerb.rb:36:8:36:22 | ... == ... | semmle.label | ... == ... |
| ManuallyCheckHttpVerb.rb:51:7:51:12 | method : | semmle.label | method : |
| ManuallyCheckHttpVerb.rb:51:16:51:44 | call to request_method_symbol : | semmle.label | call to request_method_symbol : |
| ManuallyCheckHttpVerb.rb:51:7:51:12 | method | semmle.label | method |
| ManuallyCheckHttpVerb.rb:51:16:51:44 | call to request_method_symbol | semmle.label | call to request_method_symbol |
| ManuallyCheckHttpVerb.rb:52:10:52:23 | ... == ... | semmle.label | ... == ... |
| ManuallyCheckHttpVerb.rb:59:10:59:20 | call to env : | semmle.label | call to env : |
| ManuallyCheckHttpVerb.rb:59:10:59:20 | call to env | semmle.label | call to env |
| ManuallyCheckHttpVerb.rb:59:10:59:38 | ...[...] | semmle.label | ...[...] |
subpaths
#select
| ManuallyCheckHttpVerb.rb:4:8:4:19 | call to get? | ManuallyCheckHttpVerb.rb:4:8:4:19 | call to get? | ManuallyCheckHttpVerb.rb:4:8:4:19 | call to get? | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |
| ManuallyCheckHttpVerb.rb:12:8:12:22 | ... == ... | ManuallyCheckHttpVerb.rb:11:14:11:24 | call to env : | ManuallyCheckHttpVerb.rb:12:8:12:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |
| ManuallyCheckHttpVerb.rb:20:8:20:22 | ... == ... | ManuallyCheckHttpVerb.rb:19:14:19:35 | call to request_method : | ManuallyCheckHttpVerb.rb:20:8:20:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |
| ManuallyCheckHttpVerb.rb:28:8:28:22 | ... == ... | ManuallyCheckHttpVerb.rb:27:14:27:27 | call to method : | ManuallyCheckHttpVerb.rb:28:8:28:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |
| ManuallyCheckHttpVerb.rb:36:8:36:22 | ... == ... | ManuallyCheckHttpVerb.rb:35:14:35:39 | call to raw_request_method : | ManuallyCheckHttpVerb.rb:36:8:36:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |
| ManuallyCheckHttpVerb.rb:52:10:52:23 | ... == ... | ManuallyCheckHttpVerb.rb:51:16:51:44 | call to request_method_symbol : | ManuallyCheckHttpVerb.rb:52:10:52:23 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |
| ManuallyCheckHttpVerb.rb:59:10:59:38 | ...[...] | ManuallyCheckHttpVerb.rb:59:10:59:20 | call to env : | ManuallyCheckHttpVerb.rb:59:10:59:38 | ...[...] | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |
| ManuallyCheckHttpVerb.rb:12:8:12:22 | ... == ... | ManuallyCheckHttpVerb.rb:11:14:11:24 | call to env | ManuallyCheckHttpVerb.rb:12:8:12:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |
| ManuallyCheckHttpVerb.rb:20:8:20:22 | ... == ... | ManuallyCheckHttpVerb.rb:19:14:19:35 | call to request_method | ManuallyCheckHttpVerb.rb:20:8:20:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |
| ManuallyCheckHttpVerb.rb:28:8:28:22 | ... == ... | ManuallyCheckHttpVerb.rb:27:14:27:27 | call to method | ManuallyCheckHttpVerb.rb:28:8:28:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |
| ManuallyCheckHttpVerb.rb:36:8:36:22 | ... == ... | ManuallyCheckHttpVerb.rb:35:14:35:39 | call to raw_request_method | ManuallyCheckHttpVerb.rb:36:8:36:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |
| ManuallyCheckHttpVerb.rb:52:10:52:23 | ... == ... | ManuallyCheckHttpVerb.rb:51:16:51:44 | call to request_method_symbol | ManuallyCheckHttpVerb.rb:52:10:52:23 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |
| ManuallyCheckHttpVerb.rb:59:10:59:38 | ...[...] | ManuallyCheckHttpVerb.rb:59:10:59:20 | call to env | ManuallyCheckHttpVerb.rb:59:10:59:38 | ...[...] | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |

24
ruby/ql/test/query-tests/experimental/weak-params/WeakParams.expected
View File

@@ -1,20 +1,20 @@
edges
| WeakParams.rb:5:28:5:53 | call to request_parameters : | WeakParams.rb:5:28:5:59 | ...[...] |
| WeakParams.rb:10:28:10:51 | call to query_parameters : | WeakParams.rb:10:28:10:57 | ...[...] |
| WeakParams.rb:15:28:15:39 | call to POST : | WeakParams.rb:15:28:15:45 | ...[...] |
| WeakParams.rb:20:28:20:38 | call to GET : | WeakParams.rb:20:28:20:44 | ...[...] |
| WeakParams.rb:5:28:5:53 | call to request_parameters | WeakParams.rb:5:28:5:59 | ...[...] |
| WeakParams.rb:10:28:10:51 | call to query_parameters | WeakParams.rb:10:28:10:57 | ...[...] |
| WeakParams.rb:15:28:15:39 | call to POST | WeakParams.rb:15:28:15:45 | ...[...] |
| WeakParams.rb:20:28:20:38 | call to GET | WeakParams.rb:20:28:20:44 | ...[...] |
nodes
| WeakParams.rb:5:28:5:53 | call to request_parameters : | semmle.label | call to request_parameters : |
| WeakParams.rb:5:28:5:53 | call to request_parameters | semmle.label | call to request_parameters |
| WeakParams.rb:5:28:5:59 | ...[...] | semmle.label | ...[...] |
| WeakParams.rb:10:28:10:51 | call to query_parameters : | semmle.label | call to query_parameters : |
| WeakParams.rb:10:28:10:51 | call to query_parameters | semmle.label | call to query_parameters |
| WeakParams.rb:10:28:10:57 | ...[...] | semmle.label | ...[...] |
| WeakParams.rb:15:28:15:39 | call to POST : | semmle.label | call to POST : |
| WeakParams.rb:15:28:15:39 | call to POST | semmle.label | call to POST |
| WeakParams.rb:15:28:15:45 | ...[...] | semmle.label | ...[...] |
| WeakParams.rb:20:28:20:38 | call to GET : | semmle.label | call to GET : |
| WeakParams.rb:20:28:20:38 | call to GET | semmle.label | call to GET |
| WeakParams.rb:20:28:20:44 | ...[...] | semmle.label | ...[...] |
subpaths
#select
| WeakParams.rb:5:28:5:59 | ...[...] | WeakParams.rb:5:28:5:53 | call to request_parameters : | WeakParams.rb:5:28:5:59 | ...[...] | By exposing all keys in request parameters or by blindy accessing them, unintended parameters could be used and lead to mass-assignment or have other unexpected side-effects. It is safer to follow the 'strong parameters' pattern in Rails, which is outlined here: https://api.rubyonrails.org/classes/ActionController/StrongParameters.html |
| WeakParams.rb:10:28:10:57 | ...[...] | WeakParams.rb:10:28:10:51 | call to query_parameters : | WeakParams.rb:10:28:10:57 | ...[...] | By exposing all keys in request parameters or by blindy accessing them, unintended parameters could be used and lead to mass-assignment or have other unexpected side-effects. It is safer to follow the 'strong parameters' pattern in Rails, which is outlined here: https://api.rubyonrails.org/classes/ActionController/StrongParameters.html |
| WeakParams.rb:15:28:15:45 | ...[...] | WeakParams.rb:15:28:15:39 | call to POST : | WeakParams.rb:15:28:15:45 | ...[...] | By exposing all keys in request parameters or by blindy accessing them, unintended parameters could be used and lead to mass-assignment or have other unexpected side-effects. It is safer to follow the 'strong parameters' pattern in Rails, which is outlined here: https://api.rubyonrails.org/classes/ActionController/StrongParameters.html |
| WeakParams.rb:20:28:20:44 | ...[...] | WeakParams.rb:20:28:20:38 | call to GET : | WeakParams.rb:20:28:20:44 | ...[...] | By exposing all keys in request parameters or by blindy accessing them, unintended parameters could be used and lead to mass-assignment or have other unexpected side-effects. It is safer to follow the 'strong parameters' pattern in Rails, which is outlined here: https://api.rubyonrails.org/classes/ActionController/StrongParameters.html |
| WeakParams.rb:5:28:5:59 | ...[...] | WeakParams.rb:5:28:5:53 | call to request_parameters | WeakParams.rb:5:28:5:59 | ...[...] | By exposing all keys in request parameters or by blindy accessing them, unintended parameters could be used and lead to mass-assignment or have other unexpected side-effects. It is safer to follow the 'strong parameters' pattern in Rails, which is outlined here: https://api.rubyonrails.org/classes/ActionController/StrongParameters.html |
| WeakParams.rb:10:28:10:57 | ...[...] | WeakParams.rb:10:28:10:51 | call to query_parameters | WeakParams.rb:10:28:10:57 | ...[...] | By exposing all keys in request parameters or by blindy accessing them, unintended parameters could be used and lead to mass-assignment or have other unexpected side-effects. It is safer to follow the 'strong parameters' pattern in Rails, which is outlined here: https://api.rubyonrails.org/classes/ActionController/StrongParameters.html |
| WeakParams.rb:15:28:15:45 | ...[...] | WeakParams.rb:15:28:15:39 | call to POST | WeakParams.rb:15:28:15:45 | ...[...] | By exposing all keys in request parameters or by blindy accessing them, unintended parameters could be used and lead to mass-assignment or have other unexpected side-effects. It is safer to follow the 'strong parameters' pattern in Rails, which is outlined here: https://api.rubyonrails.org/classes/ActionController/StrongParameters.html |
| WeakParams.rb:20:28:20:44 | ...[...] | WeakParams.rb:20:28:20:38 | call to GET | WeakParams.rb:20:28:20:44 | ...[...] | By exposing all keys in request parameters or by blindy accessing them, unintended parameters could be used and lead to mass-assignment or have other unexpected side-effects. It is safer to follow the 'strong parameters' pattern in Rails, which is outlined here: https://api.rubyonrails.org/classes/ActionController/StrongParameters.html |

18
ruby/ql/test/query-tests/security/cwe-020/MissingFullAnchor/MissingFullAnchor.expected
View File

@@ -1,16 +1,16 @@
edges
| impl/miss-anchor.rb:2:12:2:15 | name : | impl/miss-anchor.rb:3:39:3:42 | name |
| impl/miss-anchor.rb:6:12:6:15 | name : | impl/miss-anchor.rb:7:43:7:46 | name |
| impl/miss-anchor.rb:14:12:14:15 | name : | impl/miss-anchor.rb:15:47:15:50 | name |
| impl/miss-anchor.rb:2:12:2:15 | name | impl/miss-anchor.rb:3:39:3:42 | name |
| impl/miss-anchor.rb:6:12:6:15 | name | impl/miss-anchor.rb:7:43:7:46 | name |
| impl/miss-anchor.rb:14:12:14:15 | name | impl/miss-anchor.rb:15:47:15:50 | name |
nodes
| impl/miss-anchor.rb:2:12:2:15 | name : | semmle.label | name : |
| impl/miss-anchor.rb:2:12:2:15 | name | semmle.label | name |
| impl/miss-anchor.rb:3:39:3:42 | name | semmle.label | name |
| impl/miss-anchor.rb:6:12:6:15 | name : | semmle.label | name : |
| impl/miss-anchor.rb:6:12:6:15 | name | semmle.label | name |
| impl/miss-anchor.rb:7:43:7:46 | name | semmle.label | name |
| impl/miss-anchor.rb:14:12:14:15 | name : | semmle.label | name : |
| impl/miss-anchor.rb:14:12:14:15 | name | semmle.label | name |
| impl/miss-anchor.rb:15:47:15:50 | name | semmle.label | name |
subpaths
#select
| impl/miss-anchor.rb:3:39:3:42 | name | impl/miss-anchor.rb:2:12:2:15 | name : | impl/miss-anchor.rb:3:39:3:42 | name | This value depends on $@, and is $@ against a $@. | impl/miss-anchor.rb:2:12:2:15 | name | library input | impl/miss-anchor.rb:3:39:3:89 | ... !~ ... | checked | impl/miss-anchor.rb:3:48:3:88 | ^[A-Za-z0-9\\+\\-_]+(\\/[A-Za-z0-9\\+\\-_]+)*$ | badly anchored regular expression |
| impl/miss-anchor.rb:7:43:7:46 | name | impl/miss-anchor.rb:6:12:6:15 | name : | impl/miss-anchor.rb:7:43:7:46 | name | This value depends on $@, and is $@ against a $@. | impl/miss-anchor.rb:6:12:6:15 | name | library input | impl/miss-anchor.rb:7:43:7:93 | ... !~ ... | checked | impl/miss-anchor.rb:7:52:7:92 | ^[A-Za-z0-9\\+\\-_]+(\\/[A-Za-z0-9\\+\\-_]+)*$ | badly anchored regular expression |
| impl/miss-anchor.rb:15:47:15:50 | name | impl/miss-anchor.rb:14:12:14:15 | name : | impl/miss-anchor.rb:15:47:15:50 | name | This value depends on $@, and is $@ against a $@. | impl/miss-anchor.rb:14:12:14:15 | name | library input | impl/miss-anchor.rb:15:47:15:97 | ... !~ ... | checked | impl/miss-anchor.rb:15:56:15:96 | ^[A-Za-z0-9\\+\\-_]+(\\/[A-Za-z0-9\\+\\-_]+)*$ | badly anchored regular expression |
| impl/miss-anchor.rb:3:39:3:42 | name | impl/miss-anchor.rb:2:12:2:15 | name | impl/miss-anchor.rb:3:39:3:42 | name | This value depends on $@, and is $@ against a $@. | impl/miss-anchor.rb:2:12:2:15 | name | library input | impl/miss-anchor.rb:3:39:3:89 | ... !~ ... | checked | impl/miss-anchor.rb:3:48:3:88 | ^[A-Za-z0-9\\+\\-_]+(\\/[A-Za-z0-9\\+\\-_]+)*$ | badly anchored regular expression |
| impl/miss-anchor.rb:7:43:7:46 | name | impl/miss-anchor.rb:6:12:6:15 | name | impl/miss-anchor.rb:7:43:7:46 | name | This value depends on $@, and is $@ against a $@. | impl/miss-anchor.rb:6:12:6:15 | name | library input | impl/miss-anchor.rb:7:43:7:93 | ... !~ ... | checked | impl/miss-anchor.rb:7:52:7:92 | ^[A-Za-z0-9\\+\\-_]+(\\/[A-Za-z0-9\\+\\-_]+)*$ | badly anchored regular expression |
| impl/miss-anchor.rb:15:47:15:50 | name | impl/miss-anchor.rb:14:12:14:15 | name | impl/miss-anchor.rb:15:47:15:50 | name | This value depends on $@, and is $@ against a $@. | impl/miss-anchor.rb:14:12:14:15 | name | library input | impl/miss-anchor.rb:15:47:15:97 | ... !~ ... | checked | impl/miss-anchor.rb:15:56:15:96 | ^[A-Za-z0-9\\+\\-_]+(\\/[A-Za-z0-9\\+\\-_]+)*$ | badly anchored regular expression |

292
ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected
View File

@@ -1,168 +1,168 @@
edges
| ArchiveApiPathTraversal.rb:5:26:5:31 | call to params : | ArchiveApiPathTraversal.rb:5:26:5:42 | ...[...] : |
| ArchiveApiPathTraversal.rb:5:26:5:42 | ...[...] : | ArchiveApiPathTraversal.rb:49:17:49:27 | destination : |
| ArchiveApiPathTraversal.rb:10:11:10:16 | call to params : | ArchiveApiPathTraversal.rb:10:11:10:23 | ...[...] : |
| ArchiveApiPathTraversal.rb:10:11:10:23 | ...[...] : | ArchiveApiPathTraversal.rb:67:13:67:16 | file : |
| ArchiveApiPathTraversal.rb:15:9:15:14 | call to params : | ArchiveApiPathTraversal.rb:15:9:15:25 | ...[...] : |
| ArchiveApiPathTraversal.rb:15:9:15:25 | ...[...] : | ArchiveApiPathTraversal.rb:75:11:75:18 | filename : |
| ArchiveApiPathTraversal.rb:49:17:49:27 | destination : | ArchiveApiPathTraversal.rb:52:38:52:48 | destination : |
| ArchiveApiPathTraversal.rb:52:9:52:24 | destination_file : | ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file |
| ArchiveApiPathTraversal.rb:52:28:52:67 | call to join : | ArchiveApiPathTraversal.rb:52:9:52:24 | destination_file : |
| ArchiveApiPathTraversal.rb:52:38:52:48 | destination : | ArchiveApiPathTraversal.rb:52:28:52:67 | call to join : |
| ArchiveApiPathTraversal.rb:67:13:67:16 | file : | ArchiveApiPathTraversal.rb:68:20:68:23 | file |
| ArchiveApiPathTraversal.rb:75:11:75:18 | filename : | ArchiveApiPathTraversal.rb:76:19:76:26 | filename |
| tainted_path.rb:4:5:4:8 | path : | tainted_path.rb:5:26:5:29 | path |
| tainted_path.rb:4:12:4:17 | call to params : | tainted_path.rb:4:12:4:24 | ...[...] : |
| tainted_path.rb:4:12:4:24 | ...[...] : | tainted_path.rb:4:5:4:8 | path : |
| tainted_path.rb:10:5:10:8 | path : | tainted_path.rb:11:26:11:29 | path |
| tainted_path.rb:10:12:10:43 | call to absolute_path : | tainted_path.rb:10:5:10:8 | path : |
| tainted_path.rb:10:31:10:36 | call to params : | tainted_path.rb:10:31:10:43 | ...[...] : |
| tainted_path.rb:10:31:10:43 | ...[...] : | tainted_path.rb:10:12:10:43 | call to absolute_path : |
| tainted_path.rb:16:5:16:8 | path : | tainted_path.rb:17:26:17:29 | path |
| tainted_path.rb:16:15:16:41 | call to dirname : | tainted_path.rb:16:5:16:8 | path : |
| tainted_path.rb:16:28:16:33 | call to params : | tainted_path.rb:16:28:16:40 | ...[...] : |
| tainted_path.rb:16:28:16:40 | ...[...] : | tainted_path.rb:16:15:16:41 | call to dirname : |
| tainted_path.rb:22:5:22:8 | path : | tainted_path.rb:23:26:23:29 | path |
| tainted_path.rb:22:12:22:41 | call to expand_path : | tainted_path.rb:22:5:22:8 | path : |
| tainted_path.rb:22:29:22:34 | call to params : | tainted_path.rb:22:29:22:41 | ...[...] : |
| tainted_path.rb:22:29:22:41 | ...[...] : | tainted_path.rb:22:12:22:41 | call to expand_path : |
| tainted_path.rb:28:5:28:8 | path : | tainted_path.rb:29:26:29:29 | path |
| tainted_path.rb:28:12:28:34 | call to path : | tainted_path.rb:28:5:28:8 | path : |
| tainted_path.rb:28:22:28:27 | call to params : | tainted_path.rb:28:22:28:34 | ...[...] : |
| tainted_path.rb:28:22:28:34 | ...[...] : | tainted_path.rb:28:12:28:34 | call to path : |
| tainted_path.rb:34:5:34:8 | path : | tainted_path.rb:35:26:35:29 | path |
| tainted_path.rb:34:12:34:41 | call to realdirpath : | tainted_path.rb:34:5:34:8 | path : |
| tainted_path.rb:34:29:34:34 | call to params : | tainted_path.rb:34:29:34:41 | ...[...] : |
| tainted_path.rb:34:29:34:41 | ...[...] : | tainted_path.rb:34:12:34:41 | call to realdirpath : |
| tainted_path.rb:40:5:40:8 | path : | tainted_path.rb:41:26:41:29 | path |
| tainted_path.rb:40:12:40:38 | call to realpath : | tainted_path.rb:40:5:40:8 | path : |
| tainted_path.rb:40:26:40:31 | call to params : | tainted_path.rb:40:26:40:38 | ...[...] : |
| tainted_path.rb:40:26:40:38 | ...[...] : | tainted_path.rb:40:12:40:38 | call to realpath : |
| tainted_path.rb:47:5:47:8 | path : | tainted_path.rb:48:26:48:29 | path |
| tainted_path.rb:47:12:47:63 | call to join : | tainted_path.rb:47:5:47:8 | path : |
| tainted_path.rb:47:43:47:48 | call to params : | tainted_path.rb:47:43:47:55 | ...[...] : |
| tainted_path.rb:47:43:47:55 | ...[...] : | tainted_path.rb:47:12:47:63 | call to join : |
| tainted_path.rb:59:5:59:8 | path : | tainted_path.rb:60:26:60:29 | path |
| tainted_path.rb:59:12:59:53 | call to new : | tainted_path.rb:59:5:59:8 | path : |
| tainted_path.rb:59:40:59:45 | call to params : | tainted_path.rb:59:40:59:52 | ...[...] : |
| tainted_path.rb:59:40:59:52 | ...[...] : | tainted_path.rb:59:12:59:53 | call to new : |
| tainted_path.rb:71:5:71:8 | path : | tainted_path.rb:72:15:72:18 | path |
| tainted_path.rb:71:12:71:53 | call to new : | tainted_path.rb:71:5:71:8 | path : |
| tainted_path.rb:71:40:71:45 | call to params : | tainted_path.rb:71:40:71:52 | ...[...] : |
| tainted_path.rb:71:40:71:52 | ...[...] : | tainted_path.rb:71:12:71:53 | call to new : |
| tainted_path.rb:77:5:77:8 | path : | tainted_path.rb:78:19:78:22 | path |
| tainted_path.rb:77:5:77:8 | path : | tainted_path.rb:79:14:79:17 | path |
| tainted_path.rb:77:12:77:53 | call to new : | tainted_path.rb:77:5:77:8 | path : |
| tainted_path.rb:77:40:77:45 | call to params : | tainted_path.rb:77:40:77:52 | ...[...] : |
| tainted_path.rb:77:40:77:52 | ...[...] : | tainted_path.rb:77:12:77:53 | call to new : |
| tainted_path.rb:84:5:84:8 | path : | tainted_path.rb:85:10:85:13 | path |
| tainted_path.rb:84:5:84:8 | path : | tainted_path.rb:86:25:86:28 | path |
| tainted_path.rb:84:12:84:53 | call to new : | tainted_path.rb:84:5:84:8 | path : |
| tainted_path.rb:84:40:84:45 | call to params : | tainted_path.rb:84:40:84:52 | ...[...] : |
| tainted_path.rb:84:40:84:52 | ...[...] : | tainted_path.rb:84:12:84:53 | call to new : |
| tainted_path.rb:90:5:90:8 | path : | tainted_path.rb:92:11:92:14 | path |
| tainted_path.rb:90:12:90:53 | call to new : | tainted_path.rb:90:5:90:8 | path : |
| tainted_path.rb:90:40:90:45 | call to params : | tainted_path.rb:90:40:90:52 | ...[...] : |
| tainted_path.rb:90:40:90:52 | ...[...] : | tainted_path.rb:90:12:90:53 | call to new : |
| ArchiveApiPathTraversal.rb:5:26:5:31 | call to params | ArchiveApiPathTraversal.rb:5:26:5:42 | ...[...] |
| ArchiveApiPathTraversal.rb:5:26:5:42 | ...[...] | ArchiveApiPathTraversal.rb:49:17:49:27 | destination |
| ArchiveApiPathTraversal.rb:10:11:10:16 | call to params | ArchiveApiPathTraversal.rb:10:11:10:23 | ...[...] |
| ArchiveApiPathTraversal.rb:10:11:10:23 | ...[...] | ArchiveApiPathTraversal.rb:67:13:67:16 | file |
| ArchiveApiPathTraversal.rb:15:9:15:14 | call to params | ArchiveApiPathTraversal.rb:15:9:15:25 | ...[...] |
| ArchiveApiPathTraversal.rb:15:9:15:25 | ...[...] | ArchiveApiPathTraversal.rb:75:11:75:18 | filename |
| ArchiveApiPathTraversal.rb:49:17:49:27 | destination | ArchiveApiPathTraversal.rb:52:38:52:48 | destination |
| ArchiveApiPathTraversal.rb:52:9:52:24 | destination_file | ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file |
| ArchiveApiPathTraversal.rb:52:28:52:67 | call to join | ArchiveApiPathTraversal.rb:52:9:52:24 | destination_file |
| ArchiveApiPathTraversal.rb:52:38:52:48 | destination | ArchiveApiPathTraversal.rb:52:28:52:67 | call to join |
| ArchiveApiPathTraversal.rb:67:13:67:16 | file | ArchiveApiPathTraversal.rb:68:20:68:23 | file |
| ArchiveApiPathTraversal.rb:75:11:75:18 | filename | ArchiveApiPathTraversal.rb:76:19:76:26 | filename |
| tainted_path.rb:4:5:4:8 | path | tainted_path.rb:5:26:5:29 | path |
| tainted_path.rb:4:12:4:17 | call to params | tainted_path.rb:4:12:4:24 | ...[...] |
| tainted_path.rb:4:12:4:24 | ...[...] | tainted_path.rb:4:5:4:8 | path |
| tainted_path.rb:10:5:10:8 | path | tainted_path.rb:11:26:11:29 | path |
| tainted_path.rb:10:12:10:43 | call to absolute_path | tainted_path.rb:10:5:10:8 | path |
| tainted_path.rb:10:31:10:36 | call to params | tainted_path.rb:10:31:10:43 | ...[...] |
| tainted_path.rb:10:31:10:43 | ...[...] | tainted_path.rb:10:12:10:43 | call to absolute_path |
| tainted_path.rb:16:5:16:8 | path | tainted_path.rb:17:26:17:29 | path |
| tainted_path.rb:16:15:16:41 | call to dirname | tainted_path.rb:16:5:16:8 | path |
| tainted_path.rb:16:28:16:33 | call to params | tainted_path.rb:16:28:16:40 | ...[...] |
| tainted_path.rb:16:28:16:40 | ...[...] | tainted_path.rb:16:15:16:41 | call to dirname |
| tainted_path.rb:22:5:22:8 | path | tainted_path.rb:23:26:23:29 | path |
| tainted_path.rb:22:12:22:41 | call to expand_path | tainted_path.rb:22:5:22:8 | path |
| tainted_path.rb:22:29:22:34 | call to params | tainted_path.rb:22:29:22:41 | ...[...] |
| tainted_path.rb:22:29:22:41 | ...[...] | tainted_path.rb:22:12:22:41 | call to expand_path |
| tainted_path.rb:28:5:28:8 | path | tainted_path.rb:29:26:29:29 | path |
| tainted_path.rb:28:12:28:34 | call to path | tainted_path.rb:28:5:28:8 | path |
| tainted_path.rb:28:22:28:27 | call to params | tainted_path.rb:28:22:28:34 | ...[...] |
| tainted_path.rb:28:22:28:34 | ...[...] | tainted_path.rb:28:12:28:34 | call to path |
| tainted_path.rb:34:5:34:8 | path | tainted_path.rb:35:26:35:29 | path |
| tainted_path.rb:34:12:34:41 | call to realdirpath | tainted_path.rb:34:5:34:8 | path |
| tainted_path.rb:34:29:34:34 | call to params | tainted_path.rb:34:29:34:41 | ...[...] |
| tainted_path.rb:34:29:34:41 | ...[...] | tainted_path.rb:34:12:34:41 | call to realdirpath |
| tainted_path.rb:40:5:40:8 | path | tainted_path.rb:41:26:41:29 | path |
| tainted_path.rb:40:12:40:38 | call to realpath | tainted_path.rb:40:5:40:8 | path |
| tainted_path.rb:40:26:40:31 | call to params | tainted_path.rb:40:26:40:38 | ...[...] |
| tainted_path.rb:40:26:40:38 | ...[...] | tainted_path.rb:40:12:40:38 | call to realpath |
| tainted_path.rb:47:5:47:8 | path | tainted_path.rb:48:26:48:29 | path |
| tainted_path.rb:47:12:47:63 | call to join | tainted_path.rb:47:5:47:8 | path |
| tainted_path.rb:47:43:47:48 | call to params | tainted_path.rb:47:43:47:55 | ...[...] |
| tainted_path.rb:47:43:47:55 | ...[...] | tainted_path.rb:47:12:47:63 | call to join |
| tainted_path.rb:59:5:59:8 | path | tainted_path.rb:60:26:60:29 | path |
| tainted_path.rb:59:12:59:53 | call to new | tainted_path.rb:59:5:59:8 | path |
| tainted_path.rb:59:40:59:45 | call to params | tainted_path.rb:59:40:59:52 | ...[...] |
| tainted_path.rb:59:40:59:52 | ...[...] | tainted_path.rb:59:12:59:53 | call to new |
| tainted_path.rb:71:5:71:8 | path | tainted_path.rb:72:15:72:18 | path |
| tainted_path.rb:71:12:71:53 | call to new | tainted_path.rb:71:5:71:8 | path |
| tainted_path.rb:71:40:71:45 | call to params | tainted_path.rb:71:40:71:52 | ...[...] |
| tainted_path.rb:71:40:71:52 | ...[...] | tainted_path.rb:71:12:71:53 | call to new |
| tainted_path.rb:77:5:77:8 | path | tainted_path.rb:78:19:78:22 | path |
| tainted_path.rb:77:5:77:8 | path | tainted_path.rb:79:14:79:17 | path |
| tainted_path.rb:77:12:77:53 | call to new | tainted_path.rb:77:5:77:8 | path |
| tainted_path.rb:77:40:77:45 | call to params | tainted_path.rb:77:40:77:52 | ...[...] |
| tainted_path.rb:77:40:77:52 | ...[...] | tainted_path.rb:77:12:77:53 | call to new |
| tainted_path.rb:84:5:84:8 | path | tainted_path.rb:85:10:85:13 | path |
| tainted_path.rb:84:5:84:8 | path | tainted_path.rb:86:25:86:28 | path |
| tainted_path.rb:84:12:84:53 | call to new | tainted_path.rb:84:5:84:8 | path |
| tainted_path.rb:84:40:84:45 | call to params | tainted_path.rb:84:40:84:52 | ...[...] |
| tainted_path.rb:84:40:84:52 | ...[...] | tainted_path.rb:84:12:84:53 | call to new |
| tainted_path.rb:90:5:90:8 | path | tainted_path.rb:92:11:92:14 | path |
| tainted_path.rb:90:12:90:53 | call to new | tainted_path.rb:90:5:90:8 | path |
| tainted_path.rb:90:40:90:45 | call to params | tainted_path.rb:90:40:90:52 | ...[...] |
| tainted_path.rb:90:40:90:52 | ...[...] | tainted_path.rb:90:12:90:53 | call to new |
nodes
| ArchiveApiPathTraversal.rb:5:26:5:31 | call to params : | semmle.label | call to params : |
| ArchiveApiPathTraversal.rb:5:26:5:42 | ...[...] : | semmle.label | ...[...] : |
| ArchiveApiPathTraversal.rb:10:11:10:16 | call to params : | semmle.label | call to params : |
| ArchiveApiPathTraversal.rb:10:11:10:23 | ...[...] : | semmle.label | ...[...] : |
| ArchiveApiPathTraversal.rb:15:9:15:14 | call to params : | semmle.label | call to params : |
| ArchiveApiPathTraversal.rb:15:9:15:25 | ...[...] : | semmle.label | ...[...] : |
| ArchiveApiPathTraversal.rb:49:17:49:27 | destination : | semmle.label | destination : |
| ArchiveApiPathTraversal.rb:52:9:52:24 | destination_file : | semmle.label | destination_file : |
| ArchiveApiPathTraversal.rb:52:28:52:67 | call to join : | semmle.label | call to join : |
| ArchiveApiPathTraversal.rb:52:38:52:48 | destination : | semmle.label | destination : |
| ArchiveApiPathTraversal.rb:5:26:5:31 | call to params | semmle.label | call to params |
| ArchiveApiPathTraversal.rb:5:26:5:42 | ...[...] | semmle.label | ...[...] |
| ArchiveApiPathTraversal.rb:10:11:10:16 | call to params | semmle.label | call to params |
| ArchiveApiPathTraversal.rb:10:11:10:23 | ...[...] | semmle.label | ...[...] |
| ArchiveApiPathTraversal.rb:15:9:15:14 | call to params | semmle.label | call to params |
| ArchiveApiPathTraversal.rb:15:9:15:25 | ...[...] | semmle.label | ...[...] |
| ArchiveApiPathTraversal.rb:49:17:49:27 | destination | semmle.label | destination |
| ArchiveApiPathTraversal.rb:52:9:52:24 | destination_file | semmle.label | destination_file |
| ArchiveApiPathTraversal.rb:52:28:52:67 | call to join | semmle.label | call to join |
| ArchiveApiPathTraversal.rb:52:38:52:48 | destination | semmle.label | destination |
| ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file | semmle.label | destination_file |
| ArchiveApiPathTraversal.rb:67:13:67:16 | file : | semmle.label | file : |
| ArchiveApiPathTraversal.rb:67:13:67:16 | file | semmle.label | file |
| ArchiveApiPathTraversal.rb:68:20:68:23 | file | semmle.label | file |
| ArchiveApiPathTraversal.rb:75:11:75:18 | filename : | semmle.label | filename : |
| ArchiveApiPathTraversal.rb:75:11:75:18 | filename | semmle.label | filename |
| ArchiveApiPathTraversal.rb:76:19:76:26 | filename | semmle.label | filename |
| tainted_path.rb:4:5:4:8 | path : | semmle.label | path : |
| tainted_path.rb:4:12:4:17 | call to params : | semmle.label | call to params : |
| tainted_path.rb:4:12:4:24 | ...[...] : | semmle.label | ...[...] : |
| tainted_path.rb:4:5:4:8 | path | semmle.label | path |
| tainted_path.rb:4:12:4:17 | call to params | semmle.label | call to params |
| tainted_path.rb:4:12:4:24 | ...[...] | semmle.label | ...[...] |
| tainted_path.rb:5:26:5:29 | path | semmle.label | path |
| tainted_path.rb:10:5:10:8 | path : | semmle.label | path : |
| tainted_path.rb:10:12:10:43 | call to absolute_path : | semmle.label | call to absolute_path : |
| tainted_path.rb:10:31:10:36 | call to params : | semmle.label | call to params : |
| tainted_path.rb:10:31:10:43 | ...[...] : | semmle.label | ...[...] : |
| tainted_path.rb:10:5:10:8 | path | semmle.label | path |
| tainted_path.rb:10:12:10:43 | call to absolute_path | semmle.label | call to absolute_path |
| tainted_path.rb:10:31:10:36 | call to params | semmle.label | call to params |
| tainted_path.rb:10:31:10:43 | ...[...] | semmle.label | ...[...] |
| tainted_path.rb:11:26:11:29 | path | semmle.label | path |
| tainted_path.rb:16:5:16:8 | path : | semmle.label | path : |
| tainted_path.rb:16:15:16:41 | call to dirname : | semmle.label | call to dirname : |
| tainted_path.rb:16:28:16:33 | call to params : | semmle.label | call to params : |
| tainted_path.rb:16:28:16:40 | ...[...] : | semmle.label | ...[...] : |
| tainted_path.rb:16:5:16:8 | path | semmle.label | path |
| tainted_path.rb:16:15:16:41 | call to dirname | semmle.label | call to dirname |
| tainted_path.rb:16:28:16:33 | call to params | semmle.label | call to params |
| tainted_path.rb:16:28:16:40 | ...[...] | semmle.label | ...[...] |
| tainted_path.rb:17:26:17:29 | path | semmle.label | path |
| tainted_path.rb:22:5:22:8 | path : | semmle.label | path : |
| tainted_path.rb:22:12:22:41 | call to expand_path : | semmle.label | call to expand_path : |
| tainted_path.rb:22:29:22:34 | call to params : | semmle.label | call to params : |
| tainted_path.rb:22:29:22:41 | ...[...] : | semmle.label | ...[...] : |
| tainted_path.rb:22:5:22:8 | path | semmle.label | path |
| tainted_path.rb:22:12:22:41 | call to expand_path | semmle.label | call to expand_path |
| tainted_path.rb:22:29:22:34 | call to params | semmle.label | call to params |
| tainted_path.rb:22:29:22:41 | ...[...] | semmle.label | ...[...] |
| tainted_path.rb:23:26:23:29 | path | semmle.label | path |
| tainted_path.rb:28:5:28:8 | path : | semmle.label | path : |
| tainted_path.rb:28:12:28:34 | call to path : | semmle.label | call to path : |
| tainted_path.rb:28:22:28:27 | call to params : | semmle.label | call to params : |
| tainted_path.rb:28:22:28:34 | ...[...] : | semmle.label | ...[...] : |
| tainted_path.rb:28:5:28:8 | path | semmle.label | path |
| tainted_path.rb:28:12:28:34 | call to path | semmle.label | call to path |
| tainted_path.rb:28:22:28:27 | call to params | semmle.label | call to params |
| tainted_path.rb:28:22:28:34 | ...[...] | semmle.label | ...[...] |
| tainted_path.rb:29:26:29:29 | path | semmle.label | path |
| tainted_path.rb:34:5:34:8 | path : | semmle.label | path : |
| tainted_path.rb:34:12:34:41 | call to realdirpath : | semmle.label | call to realdirpath : |
| tainted_path.rb:34:29:34:34 | call to params : | semmle.label | call to params : |
| tainted_path.rb:34:29:34:41 | ...[...] : | semmle.label | ...[...] : |
| tainted_path.rb:34:5:34:8 | path | semmle.label | path |
| tainted_path.rb:34:12:34:41 | call to realdirpath | semmle.label | call to realdirpath |
| tainted_path.rb:34:29:34:34 | call to params | semmle.label | call to params |
| tainted_path.rb:34:29:34:41 | ...[...] | semmle.label | ...[...] |
| tainted_path.rb:35:26:35:29 | path | semmle.label | path |
| tainted_path.rb:40:5:40:8 | path : | semmle.label | path : |
| tainted_path.rb:40:12:40:38 | call to realpath : | semmle.label | call to realpath : |
| tainted_path.rb:40:26:40:31 | call to params : | semmle.label | call to params : |
| tainted_path.rb:40:26:40:38 | ...[...] : | semmle.label | ...[...] : |
| tainted_path.rb:40:5:40:8 | path | semmle.label | path |
| tainted_path.rb:40:12:40:38 | call to realpath | semmle.label | call to realpath |
| tainted_path.rb:40:26:40:31 | call to params | semmle.label | call to params |
| tainted_path.rb:40:26:40:38 | ...[...] | semmle.label | ...[...] |
| tainted_path.rb:41:26:41:29 | path | semmle.label | path |
| tainted_path.rb:47:5:47:8 | path : | semmle.label | path : |
| tainted_path.rb:47:12:47:63 | call to join : | semmle.label | call to join : |
| tainted_path.rb:47:43:47:48 | call to params : | semmle.label | call to params : |
| tainted_path.rb:47:43:47:55 | ...[...] : | semmle.label | ...[...] : |
| tainted_path.rb:47:5:47:8 | path | semmle.label | path |
| tainted_path.rb:47:12:47:63 | call to join | semmle.label | call to join |
| tainted_path.rb:47:43:47:48 | call to params | semmle.label | call to params |
| tainted_path.rb:47:43:47:55 | ...[...] | semmle.label | ...[...] |
| tainted_path.rb:48:26:48:29 | path | semmle.label | path |
| tainted_path.rb:59:5:59:8 | path : | semmle.label | path : |
| tainted_path.rb:59:12:59:53 | call to new : | semmle.label | call to new : |
| tainted_path.rb:59:40:59:45 | call to params : | semmle.label | call to params : |
| tainted_path.rb:59:40:59:52 | ...[...] : | semmle.label | ...[...] : |
| tainted_path.rb:59:5:59:8 | path | semmle.label | path |
| tainted_path.rb:59:12:59:53 | call to new | semmle.label | call to new |
| tainted_path.rb:59:40:59:45 | call to params | semmle.label | call to params |
| tainted_path.rb:59:40:59:52 | ...[...] | semmle.label | ...[...] |
| tainted_path.rb:60:26:60:29 | path | semmle.label | path |
| tainted_path.rb:71:5:71:8 | path : | semmle.label | path : |
| tainted_path.rb:71:12:71:53 | call to new : | semmle.label | call to new : |
| tainted_path.rb:71:40:71:45 | call to params : | semmle.label | call to params : |
| tainted_path.rb:71:40:71:52 | ...[...] : | semmle.label | ...[...] : |
| tainted_path.rb:71:5:71:8 | path | semmle.label | path |
| tainted_path.rb:71:12:71:53 | call to new | semmle.label | call to new |
| tainted_path.rb:71:40:71:45 | call to params | semmle.label | call to params |
| tainted_path.rb:71:40:71:52 | ...[...] | semmle.label | ...[...] |
| tainted_path.rb:72:15:72:18 | path | semmle.label | path |
| tainted_path.rb:77:5:77:8 | path : | semmle.label | path : |
| tainted_path.rb:77:12:77:53 | call to new : | semmle.label | call to new : |
| tainted_path.rb:77:40:77:45 | call to params : | semmle.label | call to params : |
| tainted_path.rb:77:40:77:52 | ...[...] : | semmle.label | ...[...] : |
| tainted_path.rb:77:5:77:8 | path | semmle.label | path |
| tainted_path.rb:77:12:77:53 | call to new | semmle.label | call to new |
| tainted_path.rb:77:40:77:45 | call to params | semmle.label | call to params |
| tainted_path.rb:77:40:77:52 | ...[...] | semmle.label | ...[...] |
| tainted_path.rb:78:19:78:22 | path | semmle.label | path |
| tainted_path.rb:79:14:79:17 | path | semmle.label | path |
| tainted_path.rb:84:5:84:8 | path : | semmle.label | path : |
| tainted_path.rb:84:12:84:53 | call to new : | semmle.label | call to new : |
| tainted_path.rb:84:40:84:45 | call to params : | semmle.label | call to params : |
| tainted_path.rb:84:40:84:52 | ...[...] : | semmle.label | ...[...] : |
| tainted_path.rb:84:5:84:8 | path | semmle.label | path |
| tainted_path.rb:84:12:84:53 | call to new | semmle.label | call to new |
| tainted_path.rb:84:40:84:45 | call to params | semmle.label | call to params |
| tainted_path.rb:84:40:84:52 | ...[...] | semmle.label | ...[...] |
| tainted_path.rb:85:10:85:13 | path | semmle.label | path |
| tainted_path.rb:86:25:86:28 | path | semmle.label | path |
| tainted_path.rb:90:5:90:8 | path : | semmle.label | path : |
| tainted_path.rb:90:12:90:53 | call to new : | semmle.label | call to new : |
| tainted_path.rb:90:40:90:45 | call to params : | semmle.label | call to params : |
| tainted_path.rb:90:40:90:52 | ...[...] : | semmle.label | ...[...] : |
| tainted_path.rb:90:5:90:8 | path | semmle.label | path |
| tainted_path.rb:90:12:90:53 | call to new | semmle.label | call to new |
| tainted_path.rb:90:40:90:45 | call to params | semmle.label | call to params |
| tainted_path.rb:90:40:90:52 | ...[...] | semmle.label | ...[...] |
| tainted_path.rb:92:11:92:14 | path | semmle.label | path |
subpaths
#select
| ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file | ArchiveApiPathTraversal.rb:5:26:5:31 | call to params : | ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file | This path depends on a $@. | ArchiveApiPathTraversal.rb:5:26:5:31 | call to params | user-provided value |
| ArchiveApiPathTraversal.rb:68:20:68:23 | file | ArchiveApiPathTraversal.rb:10:11:10:16 | call to params : | ArchiveApiPathTraversal.rb:68:20:68:23 | file | This path depends on a $@. | ArchiveApiPathTraversal.rb:10:11:10:16 | call to params | user-provided value |
| ArchiveApiPathTraversal.rb:76:19:76:26 | filename | ArchiveApiPathTraversal.rb:15:9:15:14 | call to params : | ArchiveApiPathTraversal.rb:76:19:76:26 | filename | This path depends on a $@. | ArchiveApiPathTraversal.rb:15:9:15:14 | call to params | user-provided value |
| tainted_path.rb:5:26:5:29 | path | tainted_path.rb:4:12:4:17 | call to params : | tainted_path.rb:5:26:5:29 | path | This path depends on a $@. | tainted_path.rb:4:12:4:17 | call to params | user-provided value |
| tainted_path.rb:11:26:11:29 | path | tainted_path.rb:10:31:10:36 | call to params : | tainted_path.rb:11:26:11:29 | path | This path depends on a $@. | tainted_path.rb:10:31:10:36 | call to params | user-provided value |
| tainted_path.rb:17:26:17:29 | path | tainted_path.rb:16:28:16:33 | call to params : | tainted_path.rb:17:26:17:29 | path | This path depends on a $@. | tainted_path.rb:16:28:16:33 | call to params | user-provided value |
| tainted_path.rb:23:26:23:29 | path | tainted_path.rb:22:29:22:34 | call to params : | tainted_path.rb:23:26:23:29 | path | This path depends on a $@. | tainted_path.rb:22:29:22:34 | call to params | user-provided value |
| tainted_path.rb:29:26:29:29 | path | tainted_path.rb:28:22:28:27 | call to params : | tainted_path.rb:29:26:29:29 | path | This path depends on a $@. | tainted_path.rb:28:22:28:27 | call to params | user-provided value |
| tainted_path.rb:35:26:35:29 | path | tainted_path.rb:34:29:34:34 | call to params : | tainted_path.rb:35:26:35:29 | path | This path depends on a $@. | tainted_path.rb:34:29:34:34 | call to params | user-provided value |
| tainted_path.rb:41:26:41:29 | path | tainted_path.rb:40:26:40:31 | call to params : | tainted_path.rb:41:26:41:29 | path | This path depends on a $@. | tainted_path.rb:40:26:40:31 | call to params | user-provided value |
| tainted_path.rb:48:26:48:29 | path | tainted_path.rb:47:43:47:48 | call to params : | tainted_path.rb:48:26:48:29 | path | This path depends on a $@. | tainted_path.rb:47:43:47:48 | call to params | user-provided value |
| tainted_path.rb:60:26:60:29 | path | tainted_path.rb:59:40:59:45 | call to params : | tainted_path.rb:60:26:60:29 | path | This path depends on a $@. | tainted_path.rb:59:40:59:45 | call to params | user-provided value |
| tainted_path.rb:72:15:72:18 | path | tainted_path.rb:71:40:71:45 | call to params : | tainted_path.rb:72:15:72:18 | path | This path depends on a $@. | tainted_path.rb:71:40:71:45 | call to params | user-provided value |
| tainted_path.rb:78:19:78:22 | path | tainted_path.rb:77:40:77:45 | call to params : | tainted_path.rb:78:19:78:22 | path | This path depends on a $@. | tainted_path.rb:77:40:77:45 | call to params | user-provided value |
| tainted_path.rb:79:14:79:17 | path | tainted_path.rb:77:40:77:45 | call to params : | tainted_path.rb:79:14:79:17 | path | This path depends on a $@. | tainted_path.rb:77:40:77:45 | call to params | user-provided value |
| tainted_path.rb:85:10:85:13 | path | tainted_path.rb:84:40:84:45 | call to params : | tainted_path.rb:85:10:85:13 | path | This path depends on a $@. | tainted_path.rb:84:40:84:45 | call to params | user-provided value |
| tainted_path.rb:86:25:86:28 | path | tainted_path.rb:84:40:84:45 | call to params : | tainted_path.rb:86:25:86:28 | path | This path depends on a $@. | tainted_path.rb:84:40:84:45 | call to params | user-provided value |
| tainted_path.rb:92:11:92:14 | path | tainted_path.rb:90:40:90:45 | call to params : | tainted_path.rb:92:11:92:14 | path | This path depends on a $@. | tainted_path.rb:90:40:90:45 | call to params | user-provided value |
| ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file | ArchiveApiPathTraversal.rb:5:26:5:31 | call to params | ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file | This path depends on a $@. | ArchiveApiPathTraversal.rb:5:26:5:31 | call to params | user-provided value |
| ArchiveApiPathTraversal.rb:68:20:68:23 | file | ArchiveApiPathTraversal.rb:10:11:10:16 | call to params | ArchiveApiPathTraversal.rb:68:20:68:23 | file | This path depends on a $@. | ArchiveApiPathTraversal.rb:10:11:10:16 | call to params | user-provided value |
| ArchiveApiPathTraversal.rb:76:19:76:26 | filename | ArchiveApiPathTraversal.rb:15:9:15:14 | call to params | ArchiveApiPathTraversal.rb:76:19:76:26 | filename | This path depends on a $@. | ArchiveApiPathTraversal.rb:15:9:15:14 | call to params | user-provided value |
| tainted_path.rb:5:26:5:29 | path | tainted_path.rb:4:12:4:17 | call to params | tainted_path.rb:5:26:5:29 | path | This path depends on a $@. | tainted_path.rb:4:12:4:17 | call to params | user-provided value |
| tainted_path.rb:11:26:11:29 | path | tainted_path.rb:10:31:10:36 | call to params | tainted_path.rb:11:26:11:29 | path | This path depends on a $@. | tainted_path.rb:10:31:10:36 | call to params | user-provided value |
| tainted_path.rb:17:26:17:29 | path | tainted_path.rb:16:28:16:33 | call to params | tainted_path.rb:17:26:17:29 | path | This path depends on a $@. | tainted_path.rb:16:28:16:33 | call to params | user-provided value |
| tainted_path.rb:23:26:23:29 | path | tainted_path.rb:22:29:22:34 | call to params | tainted_path.rb:23:26:23:29 | path | This path depends on a $@. | tainted_path.rb:22:29:22:34 | call to params | user-provided value |
| tainted_path.rb:29:26:29:29 | path | tainted_path.rb:28:22:28:27 | call to params | tainted_path.rb:29:26:29:29 | path | This path depends on a $@. | tainted_path.rb:28:22:28:27 | call to params | user-provided value |
| tainted_path.rb:35:26:35:29 | path | tainted_path.rb:34:29:34:34 | call to params | tainted_path.rb:35:26:35:29 | path | This path depends on a $@. | tainted_path.rb:34:29:34:34 | call to params | user-provided value |
| tainted_path.rb:41:26:41:29 | path | tainted_path.rb:40:26:40:31 | call to params | tainted_path.rb:41:26:41:29 | path | This path depends on a $@. | tainted_path.rb:40:26:40:31 | call to params | user-provided value |
| tainted_path.rb:48:26:48:29 | path | tainted_path.rb:47:43:47:48 | call to params | tainted_path.rb:48:26:48:29 | path | This path depends on a $@. | tainted_path.rb:47:43:47:48 | call to params | user-provided value |
| tainted_path.rb:60:26:60:29 | path | tainted_path.rb:59:40:59:45 | call to params | tainted_path.rb:60:26:60:29 | path | This path depends on a $@. | tainted_path.rb:59:40:59:45 | call to params | user-provided value |
| tainted_path.rb:72:15:72:18 | path | tainted_path.rb:71:40:71:45 | call to params | tainted_path.rb:72:15:72:18 | path | This path depends on a $@. | tainted_path.rb:71:40:71:45 | call to params | user-provided value |
| tainted_path.rb:78:19:78:22 | path | tainted_path.rb:77:40:77:45 | call to params | tainted_path.rb:78:19:78:22 | path | This path depends on a $@. | tainted_path.rb:77:40:77:45 | call to params | user-provided value |
| tainted_path.rb:79:14:79:17 | path | tainted_path.rb:77:40:77:45 | call to params | tainted_path.rb:79:14:79:17 | path | This path depends on a $@. | tainted_path.rb:77:40:77:45 | call to params | user-provided value |
| tainted_path.rb:85:10:85:13 | path | tainted_path.rb:84:40:84:45 | call to params | tainted_path.rb:85:10:85:13 | path | This path depends on a $@. | tainted_path.rb:84:40:84:45 | call to params | user-provided value |
| tainted_path.rb:86:25:86:28 | path | tainted_path.rb:84:40:84:45 | call to params | tainted_path.rb:86:25:86:28 | path | This path depends on a $@. | tainted_path.rb:84:40:84:45 | call to params | user-provided value |
| tainted_path.rb:92:11:92:14 | path | tainted_path.rb:90:40:90:45 | call to params | tainted_path.rb:92:11:92:14 | path | This path depends on a $@. | tainted_path.rb:90:40:90:45 | call to params | user-provided value |

110
ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected
View File

@@ -1,32 +1,32 @@
edges
| CommandInjection.rb:6:9:6:11 | cmd : | CommandInjection.rb:7:10:7:15 | #{...} |
| CommandInjection.rb:6:9:6:11 | cmd : | CommandInjection.rb:8:16:8:18 | cmd |
| CommandInjection.rb:6:9:6:11 | cmd : | CommandInjection.rb:10:14:10:16 | cmd |
| CommandInjection.rb:6:9:6:11 | cmd : | CommandInjection.rb:11:17:11:22 | #{...} |
| CommandInjection.rb:6:9:6:11 | cmd : | CommandInjection.rb:13:9:13:14 | #{...} |
| CommandInjection.rb:6:9:6:11 | cmd : | CommandInjection.rb:29:19:29:24 | #{...} |
| CommandInjection.rb:6:9:6:11 | cmd : | CommandInjection.rb:33:24:33:36 | "echo #{...}" |
| CommandInjection.rb:6:9:6:11 | cmd : | CommandInjection.rb:34:39:34:51 | "grep #{...}" |
| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:6:15:6:26 | ...[...] : |
| CommandInjection.rb:6:15:6:26 | ...[...] : | CommandInjection.rb:6:9:6:11 | cmd : |
| CommandInjection.rb:46:9:46:11 | cmd : | CommandInjection.rb:50:24:50:36 | "echo #{...}" |
| CommandInjection.rb:46:15:46:20 | call to params : | CommandInjection.rb:46:15:46:26 | ...[...] : |
| CommandInjection.rb:46:15:46:26 | ...[...] : | CommandInjection.rb:46:9:46:11 | cmd : |
| CommandInjection.rb:54:7:54:9 | cmd : | CommandInjection.rb:59:14:59:16 | cmd |
| CommandInjection.rb:54:13:54:18 | call to params : | CommandInjection.rb:54:13:54:24 | ...[...] : |
| CommandInjection.rb:54:13:54:24 | ...[...] : | CommandInjection.rb:54:7:54:9 | cmd : |
| CommandInjection.rb:73:18:73:23 | number : | CommandInjection.rb:74:14:74:29 | "echo #{...}" |
| CommandInjection.rb:81:23:81:33 | blah_number : | CommandInjection.rb:82:14:82:34 | "echo #{...}" |
| CommandInjection.rb:90:20:90:25 | **args : | CommandInjection.rb:91:22:91:25 | args : |
| CommandInjection.rb:91:22:91:25 | args : | CommandInjection.rb:91:22:91:37 | ...[...] : |
| CommandInjection.rb:91:22:91:37 | ...[...] : | CommandInjection.rb:91:14:91:39 | "echo #{...}" |
| CommandInjection.rb:103:9:103:12 | file : | CommandInjection.rb:104:16:104:28 | "cat #{...}" |
| CommandInjection.rb:103:16:103:21 | call to params : | CommandInjection.rb:103:16:103:28 | ...[...] : |
| CommandInjection.rb:103:16:103:28 | ...[...] : | CommandInjection.rb:103:9:103:12 | file : |
| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:7:10:7:15 | #{...} |
| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:8:16:8:18 | cmd |
| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:10:14:10:16 | cmd |
| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:11:17:11:22 | #{...} |
| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:13:9:13:14 | #{...} |
| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:29:19:29:24 | #{...} |
| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:33:24:33:36 | "echo #{...}" |
| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:34:39:34:51 | "grep #{...}" |
| CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:6:15:6:26 | ...[...] |
| CommandInjection.rb:6:15:6:26 | ...[...] | CommandInjection.rb:6:9:6:11 | cmd |
| CommandInjection.rb:46:9:46:11 | cmd | CommandInjection.rb:50:24:50:36 | "echo #{...}" |
| CommandInjection.rb:46:15:46:20 | call to params | CommandInjection.rb:46:15:46:26 | ...[...] |
| CommandInjection.rb:46:15:46:26 | ...[...] | CommandInjection.rb:46:9:46:11 | cmd |
| CommandInjection.rb:54:7:54:9 | cmd | CommandInjection.rb:59:14:59:16 | cmd |
| CommandInjection.rb:54:13:54:18 | call to params | CommandInjection.rb:54:13:54:24 | ...[...] |
| CommandInjection.rb:54:13:54:24 | ...[...] | CommandInjection.rb:54:7:54:9 | cmd |
| CommandInjection.rb:73:18:73:23 | number | CommandInjection.rb:74:14:74:29 | "echo #{...}" |
| CommandInjection.rb:81:23:81:33 | blah_number | CommandInjection.rb:82:14:82:34 | "echo #{...}" |
| CommandInjection.rb:90:20:90:25 | **args | CommandInjection.rb:91:22:91:25 | args |
| CommandInjection.rb:91:22:91:25 | args | CommandInjection.rb:91:22:91:37 | ...[...] |
| CommandInjection.rb:91:22:91:37 | ...[...] | CommandInjection.rb:91:14:91:39 | "echo #{...}" |
| CommandInjection.rb:103:9:103:12 | file | CommandInjection.rb:104:16:104:28 | "cat #{...}" |
| CommandInjection.rb:103:16:103:21 | call to params | CommandInjection.rb:103:16:103:28 | ...[...] |
| CommandInjection.rb:103:16:103:28 | ...[...] | CommandInjection.rb:103:9:103:12 | file |
nodes
| CommandInjection.rb:6:9:6:11 | cmd : | semmle.label | cmd : |
| CommandInjection.rb:6:15:6:20 | call to params : | semmle.label | call to params : |
| CommandInjection.rb:6:15:6:26 | ...[...] : | semmle.label | ...[...] : |
| CommandInjection.rb:6:9:6:11 | cmd | semmle.label | cmd |
| CommandInjection.rb:6:15:6:20 | call to params | semmle.label | call to params |
| CommandInjection.rb:6:15:6:26 | ...[...] | semmle.label | ...[...] |
| CommandInjection.rb:7:10:7:15 | #{...} | semmle.label | #{...} |
| CommandInjection.rb:8:16:8:18 | cmd | semmle.label | cmd |
| CommandInjection.rb:10:14:10:16 | cmd | semmle.label | cmd |
@@ -35,39 +35,39 @@ nodes
| CommandInjection.rb:29:19:29:24 | #{...} | semmle.label | #{...} |
| CommandInjection.rb:33:24:33:36 | "echo #{...}" | semmle.label | "echo #{...}" |
| CommandInjection.rb:34:39:34:51 | "grep #{...}" | semmle.label | "grep #{...}" |
| CommandInjection.rb:46:9:46:11 | cmd : | semmle.label | cmd : |
| CommandInjection.rb:46:15:46:20 | call to params : | semmle.label | call to params : |
| CommandInjection.rb:46:15:46:26 | ...[...] : | semmle.label | ...[...] : |
| CommandInjection.rb:46:9:46:11 | cmd | semmle.label | cmd |
| CommandInjection.rb:46:15:46:20 | call to params | semmle.label | call to params |
| CommandInjection.rb:46:15:46:26 | ...[...] | semmle.label | ...[...] |
| CommandInjection.rb:50:24:50:36 | "echo #{...}" | semmle.label | "echo #{...}" |
| CommandInjection.rb:54:7:54:9 | cmd : | semmle.label | cmd : |
| CommandInjection.rb:54:13:54:18 | call to params : | semmle.label | call to params : |
| CommandInjection.rb:54:13:54:24 | ...[...] : | semmle.label | ...[...] : |
| CommandInjection.rb:54:7:54:9 | cmd | semmle.label | cmd |
| CommandInjection.rb:54:13:54:18 | call to params | semmle.label | call to params |
| CommandInjection.rb:54:13:54:24 | ...[...] | semmle.label | ...[...] |
| CommandInjection.rb:59:14:59:16 | cmd | semmle.label | cmd |
| CommandInjection.rb:73:18:73:23 | number : | semmle.label | number : |
| CommandInjection.rb:73:18:73:23 | number | semmle.label | number |
| CommandInjection.rb:74:14:74:29 | "echo #{...}" | semmle.label | "echo #{...}" |
| CommandInjection.rb:81:23:81:33 | blah_number : | semmle.label | blah_number : |
| CommandInjection.rb:81:23:81:33 | blah_number | semmle.label | blah_number |
| CommandInjection.rb:82:14:82:34 | "echo #{...}" | semmle.label | "echo #{...}" |
| CommandInjection.rb:90:20:90:25 | **args : | semmle.label | **args : |
| CommandInjection.rb:90:20:90:25 | **args | semmle.label | **args |
| CommandInjection.rb:91:14:91:39 | "echo #{...}" | semmle.label | "echo #{...}" |
| CommandInjection.rb:91:22:91:25 | args : | semmle.label | args : |
| CommandInjection.rb:91:22:91:37 | ...[...] : | semmle.label | ...[...] : |
| CommandInjection.rb:103:9:103:12 | file : | semmle.label | file : |
| CommandInjection.rb:103:16:103:21 | call to params : | semmle.label | call to params : |
| CommandInjection.rb:103:16:103:28 | ...[...] : | semmle.label | ...[...] : |
| CommandInjection.rb:91:22:91:25 | args | semmle.label | args |
| CommandInjection.rb:91:22:91:37 | ...[...] | semmle.label | ...[...] |
| CommandInjection.rb:103:9:103:12 | file | semmle.label | file |
| CommandInjection.rb:103:16:103:21 | call to params | semmle.label | call to params |
| CommandInjection.rb:103:16:103:28 | ...[...] | semmle.label | ...[...] |
| CommandInjection.rb:104:16:104:28 | "cat #{...}" | semmle.label | "cat #{...}" |
subpaths
#select
| CommandInjection.rb:7:10:7:15 | #{...} | CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:7:10:7:15 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
| CommandInjection.rb:8:16:8:18 | cmd | CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:8:16:8:18 | cmd | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
| CommandInjection.rb:10:14:10:16 | cmd | CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:10:14:10:16 | cmd | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
| CommandInjection.rb:11:17:11:22 | #{...} | CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:11:17:11:22 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
| CommandInjection.rb:13:9:13:14 | #{...} | CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:13:9:13:14 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
| CommandInjection.rb:29:19:29:24 | #{...} | CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:29:19:29:24 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
| CommandInjection.rb:33:24:33:36 | "echo #{...}" | CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:33:24:33:36 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
| CommandInjection.rb:34:39:34:51 | "grep #{...}" | CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:34:39:34:51 | "grep #{...}" | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
| CommandInjection.rb:50:24:50:36 | "echo #{...}" | CommandInjection.rb:46:15:46:20 | call to params : | CommandInjection.rb:50:24:50:36 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:46:15:46:20 | call to params | user-provided value |
| CommandInjection.rb:59:14:59:16 | cmd | CommandInjection.rb:54:13:54:18 | call to params : | CommandInjection.rb:59:14:59:16 | cmd | This command depends on a $@. | CommandInjection.rb:54:13:54:18 | call to params | user-provided value |
| CommandInjection.rb:74:14:74:29 | "echo #{...}" | CommandInjection.rb:73:18:73:23 | number : | CommandInjection.rb:74:14:74:29 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:73:18:73:23 | number | user-provided value |
| CommandInjection.rb:82:14:82:34 | "echo #{...}" | CommandInjection.rb:81:23:81:33 | blah_number : | CommandInjection.rb:82:14:82:34 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:81:23:81:33 | blah_number | user-provided value |
| CommandInjection.rb:91:14:91:39 | "echo #{...}" | CommandInjection.rb:90:20:90:25 | **args : | CommandInjection.rb:91:14:91:39 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:90:20:90:25 | **args | user-provided value |
| CommandInjection.rb:104:16:104:28 | "cat #{...}" | CommandInjection.rb:103:16:103:21 | call to params : | CommandInjection.rb:104:16:104:28 | "cat #{...}" | This command depends on a $@. | CommandInjection.rb:103:16:103:21 | call to params | user-provided value |
| CommandInjection.rb:7:10:7:15 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:7:10:7:15 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
| CommandInjection.rb:8:16:8:18 | cmd | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:8:16:8:18 | cmd | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
| CommandInjection.rb:10:14:10:16 | cmd | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:10:14:10:16 | cmd | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
| CommandInjection.rb:11:17:11:22 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:11:17:11:22 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
| CommandInjection.rb:13:9:13:14 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:13:9:13:14 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
| CommandInjection.rb:29:19:29:24 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:29:19:29:24 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
| CommandInjection.rb:33:24:33:36 | "echo #{...}" | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:33:24:33:36 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
| CommandInjection.rb:34:39:34:51 | "grep #{...}" | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:34:39:34:51 | "grep #{...}" | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
| CommandInjection.rb:50:24:50:36 | "echo #{...}" | CommandInjection.rb:46:15:46:20 | call to params | CommandInjection.rb:50:24:50:36 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:46:15:46:20 | call to params | user-provided value |
| CommandInjection.rb:59:14:59:16 | cmd | CommandInjection.rb:54:13:54:18 | call to params | CommandInjection.rb:59:14:59:16 | cmd | This command depends on a $@. | CommandInjection.rb:54:13:54:18 | call to params | user-provided value |
| CommandInjection.rb:74:14:74:29 | "echo #{...}" | CommandInjection.rb:73:18:73:23 | number | CommandInjection.rb:74:14:74:29 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:73:18:73:23 | number | user-provided value |
| CommandInjection.rb:82:14:82:34 | "echo #{...}" | CommandInjection.rb:81:23:81:33 | blah_number | CommandInjection.rb:82:14:82:34 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:81:23:81:33 | blah_number | user-provided value |
| CommandInjection.rb:91:14:91:39 | "echo #{...}" | CommandInjection.rb:90:20:90:25 | **args | CommandInjection.rb:91:14:91:39 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:90:20:90:25 | **args | user-provided value |
| CommandInjection.rb:104:16:104:28 | "cat #{...}" | CommandInjection.rb:103:16:103:21 | call to params | CommandInjection.rb:104:16:104:28 | "cat #{...}" | This command depends on a $@. | CommandInjection.rb:103:16:103:21 | call to params | user-provided value |

54
ruby/ql/test/query-tests/security/cwe-078/KernelOpen/KernelOpen.expected
View File

@@ -1,21 +1,21 @@
edges
| KernelOpen.rb:3:5:3:8 | file : | KernelOpen.rb:4:10:4:13 | file |
| KernelOpen.rb:3:5:3:8 | file : | KernelOpen.rb:5:13:5:16 | file |
| KernelOpen.rb:3:5:3:8 | file : | KernelOpen.rb:6:14:6:17 | file |
| KernelOpen.rb:3:5:3:8 | file : | KernelOpen.rb:7:16:7:19 | file |
| KernelOpen.rb:3:5:3:8 | file : | KernelOpen.rb:8:17:8:20 | file |
| KernelOpen.rb:3:5:3:8 | file : | KernelOpen.rb:9:16:9:19 | file |
| KernelOpen.rb:3:5:3:8 | file : | KernelOpen.rb:10:18:10:21 | file |
| KernelOpen.rb:3:5:3:8 | file : | KernelOpen.rb:11:14:11:17 | file |
| KernelOpen.rb:3:5:3:8 | file : | KernelOpen.rb:13:23:13:26 | file : |
| KernelOpen.rb:3:5:3:8 | file : | KernelOpen.rb:26:10:26:13 | file |
| KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:3:12:3:24 | ...[...] : |
| KernelOpen.rb:3:12:3:24 | ...[...] : | KernelOpen.rb:3:5:3:8 | file : |
| KernelOpen.rb:13:23:13:26 | file : | KernelOpen.rb:13:13:13:31 | call to join |
| KernelOpen.rb:3:5:3:8 | file | KernelOpen.rb:4:10:4:13 | file |
| KernelOpen.rb:3:5:3:8 | file | KernelOpen.rb:5:13:5:16 | file |
| KernelOpen.rb:3:5:3:8 | file | KernelOpen.rb:6:14:6:17 | file |
| KernelOpen.rb:3:5:3:8 | file | KernelOpen.rb:7:16:7:19 | file |
| KernelOpen.rb:3:5:3:8 | file | KernelOpen.rb:8:17:8:20 | file |
| KernelOpen.rb:3:5:3:8 | file | KernelOpen.rb:9:16:9:19 | file |
| KernelOpen.rb:3:5:3:8 | file | KernelOpen.rb:10:18:10:21 | file |
| KernelOpen.rb:3:5:3:8 | file | KernelOpen.rb:11:14:11:17 | file |
| KernelOpen.rb:3:5:3:8 | file | KernelOpen.rb:13:23:13:26 | file |
| KernelOpen.rb:3:5:3:8 | file | KernelOpen.rb:26:10:26:13 | file |
| KernelOpen.rb:3:12:3:17 | call to params | KernelOpen.rb:3:12:3:24 | ...[...] |
| KernelOpen.rb:3:12:3:24 | ...[...] | KernelOpen.rb:3:5:3:8 | file |
| KernelOpen.rb:13:23:13:26 | file | KernelOpen.rb:13:13:13:31 | call to join |
nodes
| KernelOpen.rb:3:5:3:8 | file : | semmle.label | file : |
| KernelOpen.rb:3:12:3:17 | call to params : | semmle.label | call to params : |
| KernelOpen.rb:3:12:3:24 | ...[...] : | semmle.label | ...[...] : |
| KernelOpen.rb:3:5:3:8 | file | semmle.label | file |
| KernelOpen.rb:3:12:3:17 | call to params | semmle.label | call to params |
| KernelOpen.rb:3:12:3:24 | ...[...] | semmle.label | ...[...] |
| KernelOpen.rb:4:10:4:13 | file | semmle.label | file |
| KernelOpen.rb:5:13:5:16 | file | semmle.label | file |
| KernelOpen.rb:6:14:6:17 | file | semmle.label | file |
@@ -25,17 +25,17 @@ nodes
| KernelOpen.rb:10:18:10:21 | file | semmle.label | file |
| KernelOpen.rb:11:14:11:17 | file | semmle.label | file |
| KernelOpen.rb:13:13:13:31 | call to join | semmle.label | call to join |
| KernelOpen.rb:13:23:13:26 | file : | semmle.label | file : |
| KernelOpen.rb:13:23:13:26 | file | semmle.label | file |
| KernelOpen.rb:26:10:26:13 | file | semmle.label | file |
subpaths
#select
| KernelOpen.rb:4:10:4:13 | file | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:4:10:4:13 | file | This call to Kernel.open depends on a $@. Consider replacing it with File.open. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:5:13:5:16 | file | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:5:13:5:16 | file | This call to IO.read depends on a $@. Consider replacing it with File.read. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:6:14:6:17 | file | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:6:14:6:17 | file | This call to IO.write depends on a $@. Consider replacing it with File.write. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:7:16:7:19 | file | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:7:16:7:19 | file | This call to IO.binread depends on a $@. Consider replacing it with File.binread. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:8:17:8:20 | file | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:8:17:8:20 | file | This call to IO.binwrite depends on a $@. Consider replacing it with File.binwrite. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:9:16:9:19 | file | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:9:16:9:19 | file | This call to IO.foreach depends on a $@. Consider replacing it with File.foreach. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:10:18:10:21 | file | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:10:18:10:21 | file | This call to IO.readlines depends on a $@. Consider replacing it with File.readlines. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:11:14:11:17 | file | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:11:14:11:17 | file | This call to URI.open depends on a $@. Consider replacing it with URI(<uri>).open. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:13:13:13:31 | call to join | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:13:13:13:31 | call to join | This call to IO.read depends on a $@. Consider replacing it with File.read. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:26:10:26:13 | file | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:26:10:26:13 | file | This call to Kernel.open depends on a $@. Consider replacing it with File.open. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:4:10:4:13 | file | KernelOpen.rb:3:12:3:17 | call to params | KernelOpen.rb:4:10:4:13 | file | This call to Kernel.open depends on a $@. Consider replacing it with File.open. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:5:13:5:16 | file | KernelOpen.rb:3:12:3:17 | call to params | KernelOpen.rb:5:13:5:16 | file | This call to IO.read depends on a $@. Consider replacing it with File.read. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:6:14:6:17 | file | KernelOpen.rb:3:12:3:17 | call to params | KernelOpen.rb:6:14:6:17 | file | This call to IO.write depends on a $@. Consider replacing it with File.write. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:7:16:7:19 | file | KernelOpen.rb:3:12:3:17 | call to params | KernelOpen.rb:7:16:7:19 | file | This call to IO.binread depends on a $@. Consider replacing it with File.binread. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:8:17:8:20 | file | KernelOpen.rb:3:12:3:17 | call to params | KernelOpen.rb:8:17:8:20 | file | This call to IO.binwrite depends on a $@. Consider replacing it with File.binwrite. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:9:16:9:19 | file | KernelOpen.rb:3:12:3:17 | call to params | KernelOpen.rb:9:16:9:19 | file | This call to IO.foreach depends on a $@. Consider replacing it with File.foreach. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:10:18:10:21 | file | KernelOpen.rb:3:12:3:17 | call to params | KernelOpen.rb:10:18:10:21 | file | This call to IO.readlines depends on a $@. Consider replacing it with File.readlines. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:11:14:11:17 | file | KernelOpen.rb:3:12:3:17 | call to params | KernelOpen.rb:11:14:11:17 | file | This call to URI.open depends on a $@. Consider replacing it with URI(<uri>).open. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:13:13:13:31 | call to join | KernelOpen.rb:3:12:3:17 | call to params | KernelOpen.rb:13:13:13:31 | call to join | This call to IO.read depends on a $@. Consider replacing it with File.read. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
| KernelOpen.rb:26:10:26:13 | file | KernelOpen.rb:3:12:3:17 | call to params | KernelOpen.rb:26:10:26:13 | file | This call to Kernel.open depends on a $@. Consider replacing it with File.open. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |

22
ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.expected
View File

@@ -1,11 +1,11 @@
| NonConstantKernelOpen.rb:4:5:4:14 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. |
| NonConstantKernelOpen.rb:5:5:5:17 | call to read | Call to IO.read with a non-constant value. Consider replacing it with File.read. |
| NonConstantKernelOpen.rb:6:5:6:18 | call to write | Call to IO.write with a non-constant value. Consider replacing it with File.write. |
| NonConstantKernelOpen.rb:7:5:7:20 | call to binread | Call to IO.binread with a non-constant value. Consider replacing it with File.binread. |
| NonConstantKernelOpen.rb:8:5:8:21 | call to binwrite | Call to IO.binwrite with a non-constant value. Consider replacing it with File.binwrite. |
| NonConstantKernelOpen.rb:9:5:9:20 | call to foreach | Call to IO.foreach with a non-constant value. Consider replacing it with File.foreach. |
| NonConstantKernelOpen.rb:10:5:10:22 | call to readlines | Call to IO.readlines with a non-constant value. Consider replacing it with File.readlines. |
| NonConstantKernelOpen.rb:11:5:11:18 | call to open | Call to URI.open with a non-constant value. Consider replacing it with URI(<uri>).open. |
| NonConstantKernelOpen.rb:15:5:15:21 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. |
| NonConstantKernelOpen.rb:25:5:25:33 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. |
| NonConstantKernelOpen.rb:33:5:33:14 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. |
| NonConstantKernelOpen.rb:7:5:7:14 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. |
| NonConstantKernelOpen.rb:8:5:8:17 | call to read | Call to IO.read with a non-constant value. Consider replacing it with File.read. |
| NonConstantKernelOpen.rb:9:5:9:18 | call to write | Call to IO.write with a non-constant value. Consider replacing it with File.write. |
| NonConstantKernelOpen.rb:10:5:10:20 | call to binread | Call to IO.binread with a non-constant value. Consider replacing it with File.binread. |
| NonConstantKernelOpen.rb:11:5:11:21 | call to binwrite | Call to IO.binwrite with a non-constant value. Consider replacing it with File.binwrite. |
| NonConstantKernelOpen.rb:12:5:12:20 | call to foreach | Call to IO.foreach with a non-constant value. Consider replacing it with File.foreach. |
| NonConstantKernelOpen.rb:13:5:13:22 | call to readlines | Call to IO.readlines with a non-constant value. Consider replacing it with File.readlines. |
| NonConstantKernelOpen.rb:14:5:14:18 | call to open | Call to URI.open with a non-constant value. Consider replacing it with URI(<uri>).open. |
| NonConstantKernelOpen.rb:18:5:18:21 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. |
| NonConstantKernelOpen.rb:28:5:28:33 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. |
| NonConstantKernelOpen.rb:46:5:46:14 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. |

13
ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.rb
View File

@@ -1,4 +1,7 @@
class UsersController < ActionController::Base
CONSTANT = "constant"
CONSTANT_WITH_FREEZE = "constant-with-freeze".freeze
def create
file = params[:file]
open(file) # BAD
@@ -30,6 +33,16 @@ class UsersController < ActionController::Base
IO.write(File.join("foo", "bar.txt"), "bar") # GOOD
IO.read(CONSTANT) # GOOD
IO.read(CONSTANT + file) # GOOD
IO.read(CONSTANT_WITH_FREEZE) # GOOD
IO.read(CONSTANT_WITH_FREEZE + file) # GOOD
open.where(external: false) # GOOD - an open method is called withoout arguments
open(file) # BAD - sanity check to verify that file was not mistakenly marked as sanitized
end
end

94
ruby/ql/test/query-tests/security/cwe-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected
View File

@@ -1,66 +1,66 @@
edges
| impl/sub/notImported.rb:2:12:2:17 | target : | impl/sub/notImported.rb:3:19:3:27 | #{...} |
| impl/sub/other2.rb:2:12:2:17 | target : | impl/sub/other2.rb:3:19:3:27 | #{...} |
| impl/sub/other.rb:2:12:2:17 | target : | impl/sub/other.rb:3:19:3:27 | #{...} |
| impl/unsafeShell.rb:2:12:2:17 | target : | impl/unsafeShell.rb:3:19:3:27 | #{...} |
| impl/unsafeShell.rb:6:12:6:12 | x : | impl/unsafeShell.rb:7:32:7:32 | x |
| impl/unsafeShell.rb:15:47:15:64 | innocent_file_path : | impl/unsafeShell.rb:20:21:20:41 | #{...} |
| impl/unsafeShell.rb:23:15:23:23 | file_path : | impl/unsafeShell.rb:26:19:26:30 | #{...} |
| impl/unsafeShell.rb:33:12:33:17 | target : | impl/unsafeShell.rb:34:19:34:27 | #{...} |
| impl/unsafeShell.rb:37:10:37:10 | x : | impl/unsafeShell.rb:38:19:38:22 | #{...} |
| impl/unsafeShell.rb:47:16:47:21 | target : | impl/unsafeShell.rb:48:19:48:27 | #{...} |
| impl/unsafeShell.rb:51:17:51:17 | x : | impl/unsafeShell.rb:52:14:52:14 | x |
| impl/unsafeShell.rb:51:17:51:17 | x : | impl/unsafeShell.rb:54:29:54:29 | x |
| impl/unsafeShell.rb:57:21:57:21 | x : | impl/unsafeShell.rb:58:23:58:23 | x |
| impl/unsafeShell.rb:61:20:61:20 | x : | impl/unsafeShell.rb:63:14:63:14 | x : |
| impl/unsafeShell.rb:63:5:63:7 | [post] arr [element] : | impl/unsafeShell.rb:64:14:64:16 | arr |
| impl/unsafeShell.rb:63:5:63:7 | [post] arr [element] : | impl/unsafeShell.rb:68:14:68:16 | arr |
| impl/unsafeShell.rb:63:14:63:14 | x : | impl/unsafeShell.rb:63:5:63:7 | [post] arr [element] : |
| impl/sub/notImported.rb:2:12:2:17 | target | impl/sub/notImported.rb:3:19:3:27 | #{...} |
| impl/sub/other2.rb:2:12:2:17 | target | impl/sub/other2.rb:3:19:3:27 | #{...} |
| impl/sub/other.rb:2:12:2:17 | target | impl/sub/other.rb:3:19:3:27 | #{...} |
| impl/unsafeShell.rb:2:12:2:17 | target | impl/unsafeShell.rb:3:19:3:27 | #{...} |
| impl/unsafeShell.rb:6:12:6:12 | x | impl/unsafeShell.rb:7:32:7:32 | x |
| impl/unsafeShell.rb:15:47:15:64 | innocent_file_path | impl/unsafeShell.rb:20:21:20:41 | #{...} |
| impl/unsafeShell.rb:23:15:23:23 | file_path | impl/unsafeShell.rb:26:19:26:30 | #{...} |
| impl/unsafeShell.rb:33:12:33:17 | target | impl/unsafeShell.rb:34:19:34:27 | #{...} |
| impl/unsafeShell.rb:37:10:37:10 | x | impl/unsafeShell.rb:38:19:38:22 | #{...} |
| impl/unsafeShell.rb:47:16:47:21 | target | impl/unsafeShell.rb:48:19:48:27 | #{...} |
| impl/unsafeShell.rb:51:17:51:17 | x | impl/unsafeShell.rb:52:14:52:14 | x |
| impl/unsafeShell.rb:51:17:51:17 | x | impl/unsafeShell.rb:54:29:54:29 | x |
| impl/unsafeShell.rb:57:21:57:21 | x | impl/unsafeShell.rb:58:23:58:23 | x |
| impl/unsafeShell.rb:61:20:61:20 | x | impl/unsafeShell.rb:63:14:63:14 | x |
| impl/unsafeShell.rb:63:5:63:7 | [post] arr [element] | impl/unsafeShell.rb:64:14:64:16 | arr |
| impl/unsafeShell.rb:63:5:63:7 | [post] arr [element] | impl/unsafeShell.rb:68:14:68:16 | arr |
| impl/unsafeShell.rb:63:14:63:14 | x | impl/unsafeShell.rb:63:5:63:7 | [post] arr [element] |
nodes
| impl/sub/notImported.rb:2:12:2:17 | target : | semmle.label | target : |
| impl/sub/notImported.rb:2:12:2:17 | target | semmle.label | target |
| impl/sub/notImported.rb:3:19:3:27 | #{...} | semmle.label | #{...} |
| impl/sub/other2.rb:2:12:2:17 | target : | semmle.label | target : |
| impl/sub/other2.rb:2:12:2:17 | target | semmle.label | target |
| impl/sub/other2.rb:3:19:3:27 | #{...} | semmle.label | #{...} |
| impl/sub/other.rb:2:12:2:17 | target : | semmle.label | target : |
| impl/sub/other.rb:2:12:2:17 | target | semmle.label | target |
| impl/sub/other.rb:3:19:3:27 | #{...} | semmle.label | #{...} |
| impl/unsafeShell.rb:2:12:2:17 | target : | semmle.label | target : |
| impl/unsafeShell.rb:2:12:2:17 | target | semmle.label | target |
| impl/unsafeShell.rb:3:19:3:27 | #{...} | semmle.label | #{...} |
| impl/unsafeShell.rb:6:12:6:12 | x : | semmle.label | x : |
| impl/unsafeShell.rb:6:12:6:12 | x | semmle.label | x |
| impl/unsafeShell.rb:7:32:7:32 | x | semmle.label | x |
| impl/unsafeShell.rb:15:47:15:64 | innocent_file_path : | semmle.label | innocent_file_path : |
| impl/unsafeShell.rb:15:47:15:64 | innocent_file_path | semmle.label | innocent_file_path |
| impl/unsafeShell.rb:20:21:20:41 | #{...} | semmle.label | #{...} |
| impl/unsafeShell.rb:23:15:23:23 | file_path : | semmle.label | file_path : |
| impl/unsafeShell.rb:23:15:23:23 | file_path | semmle.label | file_path |
| impl/unsafeShell.rb:26:19:26:30 | #{...} | semmle.label | #{...} |
| impl/unsafeShell.rb:33:12:33:17 | target : | semmle.label | target : |
| impl/unsafeShell.rb:33:12:33:17 | target | semmle.label | target |
| impl/unsafeShell.rb:34:19:34:27 | #{...} | semmle.label | #{...} |
| impl/unsafeShell.rb:37:10:37:10 | x : | semmle.label | x : |
| impl/unsafeShell.rb:37:10:37:10 | x | semmle.label | x |
| impl/unsafeShell.rb:38:19:38:22 | #{...} | semmle.label | #{...} |
| impl/unsafeShell.rb:47:16:47:21 | target : | semmle.label | target : |
| impl/unsafeShell.rb:47:16:47:21 | target | semmle.label | target |
| impl/unsafeShell.rb:48:19:48:27 | #{...} | semmle.label | #{...} |
| impl/unsafeShell.rb:51:17:51:17 | x : | semmle.label | x : |
| impl/unsafeShell.rb:51:17:51:17 | x | semmle.label | x |
| impl/unsafeShell.rb:52:14:52:14 | x | semmle.label | x |
| impl/unsafeShell.rb:54:29:54:29 | x | semmle.label | x |
| impl/unsafeShell.rb:57:21:57:21 | x : | semmle.label | x : |
| impl/unsafeShell.rb:57:21:57:21 | x | semmle.label | x |
| impl/unsafeShell.rb:58:23:58:23 | x | semmle.label | x |
| impl/unsafeShell.rb:61:20:61:20 | x : | semmle.label | x : |
| impl/unsafeShell.rb:63:5:63:7 | [post] arr [element] : | semmle.label | [post] arr [element] : |
| impl/unsafeShell.rb:63:14:63:14 | x : | semmle.label | x : |
| impl/unsafeShell.rb:61:20:61:20 | x | semmle.label | x |
| impl/unsafeShell.rb:63:5:63:7 | [post] arr [element] | semmle.label | [post] arr [element] |
| impl/unsafeShell.rb:63:14:63:14 | x | semmle.label | x |
| impl/unsafeShell.rb:64:14:64:16 | arr | semmle.label | arr |
| impl/unsafeShell.rb:68:14:68:16 | arr | semmle.label | arr |
subpaths
#select
| impl/sub/notImported.rb:3:14:3:28 | "cat #{...}" | impl/sub/notImported.rb:2:12:2:17 | target : | impl/sub/notImported.rb:3:19:3:27 | #{...} | This string construction which depends on $@ is later used in a $@. | impl/sub/notImported.rb:2:12:2:17 | target | library input | impl/sub/notImported.rb:3:5:3:34 | call to popen | shell command |
| impl/sub/other2.rb:3:14:3:28 | "cat #{...}" | impl/sub/other2.rb:2:12:2:17 | target : | impl/sub/other2.rb:3:19:3:27 | #{...} | This string construction which depends on $@ is later used in a $@. | impl/sub/other2.rb:2:12:2:17 | target | library input | impl/sub/other2.rb:3:5:3:34 | call to popen | shell command |
| impl/sub/other.rb:3:14:3:28 | "cat #{...}" | impl/sub/other.rb:2:12:2:17 | target : | impl/sub/other.rb:3:19:3:27 | #{...} | This string construction which depends on $@ is later used in a $@. | impl/sub/other.rb:2:12:2:17 | target | library input | impl/sub/other.rb:3:5:3:34 | call to popen | shell command |
| impl/unsafeShell.rb:3:14:3:28 | "cat #{...}" | impl/unsafeShell.rb:2:12:2:17 | target : | impl/unsafeShell.rb:3:19:3:27 | #{...} | This string construction which depends on $@ is later used in a $@. | impl/unsafeShell.rb:2:12:2:17 | target | library input | impl/unsafeShell.rb:3:5:3:34 | call to popen | shell command |
| impl/unsafeShell.rb:7:14:7:33 | call to sprintf | impl/unsafeShell.rb:6:12:6:12 | x : | impl/unsafeShell.rb:7:32:7:32 | x | This formatted string which depends on $@ is later used in a $@. | impl/unsafeShell.rb:6:12:6:12 | x | library input | impl/unsafeShell.rb:8:5:8:25 | call to popen | shell command |
| impl/unsafeShell.rb:20:14:20:42 | "which #{...}" | impl/unsafeShell.rb:15:47:15:64 | innocent_file_path : | impl/unsafeShell.rb:20:21:20:41 | #{...} | This string construction which depends on $@ is later used in a $@. | impl/unsafeShell.rb:15:47:15:64 | innocent_file_path | library input | impl/unsafeShell.rb:20:5:20:48 | call to popen | shell command |
| impl/unsafeShell.rb:26:14:26:31 | "cat #{...}" | impl/unsafeShell.rb:23:15:23:23 | file_path : | impl/unsafeShell.rb:26:19:26:30 | #{...} | This string construction which depends on $@ is later used in a $@. | impl/unsafeShell.rb:23:15:23:23 | file_path | library input | impl/unsafeShell.rb:26:5:26:37 | call to popen | shell command |
| impl/unsafeShell.rb:34:14:34:28 | "cat #{...}" | impl/unsafeShell.rb:33:12:33:17 | target : | impl/unsafeShell.rb:34:19:34:27 | #{...} | This string construction which depends on $@ is later used in a $@. | impl/unsafeShell.rb:33:12:33:17 | target | library input | impl/unsafeShell.rb:34:5:34:34 | call to popen | shell command |
| impl/unsafeShell.rb:38:14:38:23 | "cat #{...}" | impl/unsafeShell.rb:37:10:37:10 | x : | impl/unsafeShell.rb:38:19:38:22 | #{...} | This string construction which depends on $@ is later used in a $@. | impl/unsafeShell.rb:37:10:37:10 | x | library input | impl/unsafeShell.rb:38:5:38:29 | call to popen | shell command |
| impl/unsafeShell.rb:48:14:48:28 | "cat #{...}" | impl/unsafeShell.rb:47:16:47:21 | target : | impl/unsafeShell.rb:48:19:48:27 | #{...} | This string construction which depends on $@ is later used in a $@. | impl/unsafeShell.rb:47:16:47:21 | target | library input | impl/unsafeShell.rb:48:5:48:34 | call to popen | shell command |
| impl/unsafeShell.rb:52:14:52:24 | call to join | impl/unsafeShell.rb:51:17:51:17 | x : | impl/unsafeShell.rb:52:14:52:14 | x | This array which depends on $@ is later used in a $@. | impl/unsafeShell.rb:51:17:51:17 | x | library input | impl/unsafeShell.rb:52:5:52:30 | call to popen | shell command |
| impl/unsafeShell.rb:54:14:54:40 | call to join | impl/unsafeShell.rb:51:17:51:17 | x : | impl/unsafeShell.rb:54:29:54:29 | x | This array which depends on $@ is later used in a $@. | impl/unsafeShell.rb:51:17:51:17 | x | library input | impl/unsafeShell.rb:54:5:54:46 | call to popen | shell command |
| impl/unsafeShell.rb:58:14:58:23 | ... + ... | impl/unsafeShell.rb:57:21:57:21 | x : | impl/unsafeShell.rb:58:23:58:23 | x | This string concatenation which depends on $@ is later used in a $@. | impl/unsafeShell.rb:57:21:57:21 | x | library input | impl/unsafeShell.rb:58:5:58:29 | call to popen | shell command |
| impl/unsafeShell.rb:64:14:64:26 | call to join | impl/unsafeShell.rb:61:20:61:20 | x : | impl/unsafeShell.rb:64:14:64:16 | arr | This array which depends on $@ is later used in a $@. | impl/unsafeShell.rb:61:20:61:20 | x | library input | impl/unsafeShell.rb:64:5:64:32 | call to popen | shell command |
| impl/unsafeShell.rb:68:14:68:26 | call to join | impl/unsafeShell.rb:61:20:61:20 | x : | impl/unsafeShell.rb:68:14:68:16 | arr | This array which depends on $@ is later used in a $@. | impl/unsafeShell.rb:61:20:61:20 | x | library input | impl/unsafeShell.rb:68:5:68:32 | call to popen | shell command |
| impl/sub/notImported.rb:3:14:3:28 | "cat #{...}" | impl/sub/notImported.rb:2:12:2:17 | target | impl/sub/notImported.rb:3:19:3:27 | #{...} | This string construction which depends on $@ is later used in a $@. | impl/sub/notImported.rb:2:12:2:17 | target | library input | impl/sub/notImported.rb:3:5:3:34 | call to popen | shell command |
| impl/sub/other2.rb:3:14:3:28 | "cat #{...}" | impl/sub/other2.rb:2:12:2:17 | target | impl/sub/other2.rb:3:19:3:27 | #{...} | This string construction which depends on $@ is later used in a $@. | impl/sub/other2.rb:2:12:2:17 | target | library input | impl/sub/other2.rb:3:5:3:34 | call to popen | shell command |
| impl/sub/other.rb:3:14:3:28 | "cat #{...}" | impl/sub/other.rb:2:12:2:17 | target | impl/sub/other.rb:3:19:3:27 | #{...} | This string construction which depends on $@ is later used in a $@. | impl/sub/other.rb:2:12:2:17 | target | library input | impl/sub/other.rb:3:5:3:34 | call to popen | shell command |
| impl/unsafeShell.rb:3:14:3:28 | "cat #{...}" | impl/unsafeShell.rb:2:12:2:17 | target | impl/unsafeShell.rb:3:19:3:27 | #{...} | This string construction which depends on $@ is later used in a $@. | impl/unsafeShell.rb:2:12:2:17 | target | library input | impl/unsafeShell.rb:3:5:3:34 | call to popen | shell command |
| impl/unsafeShell.rb:7:14:7:33 | call to sprintf | impl/unsafeShell.rb:6:12:6:12 | x | impl/unsafeShell.rb:7:32:7:32 | x | This formatted string which depends on $@ is later used in a $@. | impl/unsafeShell.rb:6:12:6:12 | x | library input | impl/unsafeShell.rb:8:5:8:25 | call to popen | shell command |
| impl/unsafeShell.rb:20:14:20:42 | "which #{...}" | impl/unsafeShell.rb:15:47:15:64 | innocent_file_path | impl/unsafeShell.rb:20:21:20:41 | #{...} | This string construction which depends on $@ is later used in a $@. | impl/unsafeShell.rb:15:47:15:64 | innocent_file_path | library input | impl/unsafeShell.rb:20:5:20:48 | call to popen | shell command |
| impl/unsafeShell.rb:26:14:26:31 | "cat #{...}" | impl/unsafeShell.rb:23:15:23:23 | file_path | impl/unsafeShell.rb:26:19:26:30 | #{...} | This string construction which depends on $@ is later used in a $@. | impl/unsafeShell.rb:23:15:23:23 | file_path | library input | impl/unsafeShell.rb:26:5:26:37 | call to popen | shell command |
| impl/unsafeShell.rb:34:14:34:28 | "cat #{...}" | impl/unsafeShell.rb:33:12:33:17 | target | impl/unsafeShell.rb:34:19:34:27 | #{...} | This string construction which depends on $@ is later used in a $@. | impl/unsafeShell.rb:33:12:33:17 | target | library input | impl/unsafeShell.rb:34:5:34:34 | call to popen | shell command |
| impl/unsafeShell.rb:38:14:38:23 | "cat #{...}" | impl/unsafeShell.rb:37:10:37:10 | x | impl/unsafeShell.rb:38:19:38:22 | #{...} | This string construction which depends on $@ is later used in a $@. | impl/unsafeShell.rb:37:10:37:10 | x | library input | impl/unsafeShell.rb:38:5:38:29 | call to popen | shell command |
| impl/unsafeShell.rb:48:14:48:28 | "cat #{...}" | impl/unsafeShell.rb:47:16:47:21 | target | impl/unsafeShell.rb:48:19:48:27 | #{...} | This string construction which depends on $@ is later used in a $@. | impl/unsafeShell.rb:47:16:47:21 | target | library input | impl/unsafeShell.rb:48:5:48:34 | call to popen | shell command |
| impl/unsafeShell.rb:52:14:52:24 | call to join | impl/unsafeShell.rb:51:17:51:17 | x | impl/unsafeShell.rb:52:14:52:14 | x | This array which depends on $@ is later used in a $@. | impl/unsafeShell.rb:51:17:51:17 | x | library input | impl/unsafeShell.rb:52:5:52:30 | call to popen | shell command |
| impl/unsafeShell.rb:54:14:54:40 | call to join | impl/unsafeShell.rb:51:17:51:17 | x | impl/unsafeShell.rb:54:29:54:29 | x | This array which depends on $@ is later used in a $@. | impl/unsafeShell.rb:51:17:51:17 | x | library input | impl/unsafeShell.rb:54:5:54:46 | call to popen | shell command |
| impl/unsafeShell.rb:58:14:58:23 | ... + ... | impl/unsafeShell.rb:57:21:57:21 | x | impl/unsafeShell.rb:58:23:58:23 | x | This string concatenation which depends on $@ is later used in a $@. | impl/unsafeShell.rb:57:21:57:21 | x | library input | impl/unsafeShell.rb:58:5:58:29 | call to popen | shell command |
| impl/unsafeShell.rb:64:14:64:26 | call to join | impl/unsafeShell.rb:61:20:61:20 | x | impl/unsafeShell.rb:64:14:64:16 | arr | This array which depends on $@ is later used in a $@. | impl/unsafeShell.rb:61:20:61:20 | x | library input | impl/unsafeShell.rb:64:5:64:32 | call to popen | shell command |
| impl/unsafeShell.rb:68:14:68:26 | call to join | impl/unsafeShell.rb:61:20:61:20 | x | impl/unsafeShell.rb:68:14:68:16 | arr | This array which depends on $@ is later used in a $@. | impl/unsafeShell.rb:61:20:61:20 | x | library input | impl/unsafeShell.rb:68:5:68:32 | call to popen | shell command |

160
ruby/ql/test/query-tests/security/cwe-079/ReflectedXSS.expected
View File

@@ -1,101 +1,101 @@
edges
| app/controllers/foo/bars_controller.rb:9:12:9:17 | call to params : | app/controllers/foo/bars_controller.rb:9:12:9:29 | ...[...] : |
| app/controllers/foo/bars_controller.rb:9:12:9:29 | ...[...] : | app/views/foo/bars/show.html.erb:46:5:46:13 | call to user_name |
| app/controllers/foo/bars_controller.rb:13:5:13:14 | [post] self [@user_name] : | app/controllers/foo/bars_controller.rb:13:5:13:14 | [post] self [@user_name] : |
| app/controllers/foo/bars_controller.rb:13:5:13:14 | [post] self [@user_name] : | app/views/foo/bars/show.html.erb:50:5:50:18 | call to user_name_memo |
| app/controllers/foo/bars_controller.rb:13:20:13:25 | call to params : | app/controllers/foo/bars_controller.rb:13:20:13:37 | ...[...] : |
| app/controllers/foo/bars_controller.rb:13:20:13:37 | ...[...] : | app/controllers/foo/bars_controller.rb:13:5:13:14 | [post] self [@user_name] : |
| app/controllers/foo/bars_controller.rb:13:20:13:37 | ...[...] : | app/views/foo/bars/show.html.erb:50:5:50:18 | call to user_name_memo |
| app/controllers/foo/bars_controller.rb:17:21:17:26 | call to params : | app/controllers/foo/bars_controller.rb:17:21:17:36 | ...[...] : |
| app/controllers/foo/bars_controller.rb:17:21:17:36 | ...[...] : | app/views/foo/bars/show.html.erb:2:18:2:30 | @user_website |
| app/controllers/foo/bars_controller.rb:18:5:18:6 | dt : | app/controllers/foo/bars_controller.rb:19:22:19:23 | dt : |
| app/controllers/foo/bars_controller.rb:18:5:18:6 | dt : | app/controllers/foo/bars_controller.rb:26:53:26:54 | dt : |
| app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | app/controllers/foo/bars_controller.rb:18:10:18:22 | ...[...] : |
| app/controllers/foo/bars_controller.rb:18:10:18:22 | ...[...] : | app/controllers/foo/bars_controller.rb:18:5:18:6 | dt : |
| app/controllers/foo/bars_controller.rb:19:22:19:23 | dt : | app/views/foo/bars/show.html.erb:40:3:40:16 | @instance_text |
| app/controllers/foo/bars_controller.rb:24:39:24:44 | call to params : | app/controllers/foo/bars_controller.rb:24:39:24:59 | ...[...] : |
| app/controllers/foo/bars_controller.rb:24:39:24:59 | ...[...] : | app/controllers/foo/bars_controller.rb:24:39:24:59 | ... = ... |
| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt : | app/views/foo/bars/show.html.erb:5:9:5:20 | call to display_text |
| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt : | app/views/foo/bars/show.html.erb:8:9:8:21 | call to local_assigns [element :display_text] : |
| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt : | app/views/foo/bars/show.html.erb:12:9:12:21 | call to local_assigns [element :display_text] : |
| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt : | app/views/foo/bars/show.html.erb:17:15:17:27 | call to local_assigns [element :display_text] : |
| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt : | app/views/foo/bars/show.html.erb:35:3:35:14 | call to display_text |
| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt : | app/views/foo/bars/show.html.erb:43:76:43:87 | call to display_text : |
| app/controllers/foo/bars_controller.rb:30:5:30:7 | str : | app/controllers/foo/bars_controller.rb:31:5:31:7 | str |
| app/controllers/foo/bars_controller.rb:30:11:30:16 | call to params : | app/controllers/foo/bars_controller.rb:30:11:30:28 | ...[...] : |
| app/controllers/foo/bars_controller.rb:30:11:30:28 | ...[...] : | app/controllers/foo/bars_controller.rb:30:5:30:7 | str : |
| app/views/foo/bars/_widget.html.erb:8:9:8:21 | call to local_assigns [element :display_text] : | app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] |
| app/views/foo/bars/show.html.erb:8:9:8:21 | call to local_assigns [element :display_text] : | app/views/foo/bars/show.html.erb:8:9:8:36 | ...[...] |
| app/views/foo/bars/show.html.erb:12:9:12:21 | call to local_assigns [element :display_text] : | app/views/foo/bars/show.html.erb:12:9:12:26 | ...[...] |
| app/views/foo/bars/show.html.erb:17:15:17:27 | call to local_assigns [element :display_text] : | app/views/foo/bars/show.html.erb:17:15:17:32 | ...[...] |
| app/views/foo/bars/show.html.erb:43:64:43:87 | ... + ... : | app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text |
| app/views/foo/bars/show.html.erb:43:64:43:87 | ... + ... : | app/views/foo/bars/_widget.html.erb:8:9:8:21 | call to local_assigns [element :display_text] : |
| app/views/foo/bars/show.html.erb:43:76:43:87 | call to display_text : | app/views/foo/bars/show.html.erb:43:64:43:87 | ... + ... : |
| app/views/foo/bars/show.html.erb:53:29:53:34 | call to params : | app/views/foo/bars/show.html.erb:53:29:53:44 | ...[...] |
| app/views/foo/bars/show.html.erb:56:13:56:18 | call to params : | app/views/foo/bars/show.html.erb:56:13:56:28 | ...[...] |
| app/views/foo/bars/show.html.erb:73:19:73:24 | call to params : | app/views/foo/bars/show.html.erb:73:19:73:34 | ...[...] |
| app/views/foo/bars/show.html.erb:76:28:76:33 | call to params : | app/views/foo/bars/show.html.erb:76:28:76:39 | ...[...] |
| app/controllers/foo/bars_controller.rb:9:12:9:17 | call to params | app/controllers/foo/bars_controller.rb:9:12:9:29 | ...[...] |
| app/controllers/foo/bars_controller.rb:9:12:9:29 | ...[...] | app/views/foo/bars/show.html.erb:46:5:46:13 | call to user_name |
| app/controllers/foo/bars_controller.rb:13:5:13:14 | [post] self [@user_name] | app/controllers/foo/bars_controller.rb:13:5:13:14 | [post] self [@user_name] |
| app/controllers/foo/bars_controller.rb:13:5:13:14 | [post] self [@user_name] | app/views/foo/bars/show.html.erb:50:5:50:18 | call to user_name_memo |
| app/controllers/foo/bars_controller.rb:13:20:13:25 | call to params | app/controllers/foo/bars_controller.rb:13:20:13:37 | ...[...] |
| app/controllers/foo/bars_controller.rb:13:20:13:37 | ...[...] | app/controllers/foo/bars_controller.rb:13:5:13:14 | [post] self [@user_name] |
| app/controllers/foo/bars_controller.rb:13:20:13:37 | ...[...] | app/views/foo/bars/show.html.erb:50:5:50:18 | call to user_name_memo |
| app/controllers/foo/bars_controller.rb:17:21:17:26 | call to params | app/controllers/foo/bars_controller.rb:17:21:17:36 | ...[...] |
| app/controllers/foo/bars_controller.rb:17:21:17:36 | ...[...] | app/views/foo/bars/show.html.erb:2:18:2:30 | @user_website |
| app/controllers/foo/bars_controller.rb:18:5:18:6 | dt | app/controllers/foo/bars_controller.rb:19:22:19:23 | dt |
| app/controllers/foo/bars_controller.rb:18:5:18:6 | dt | app/controllers/foo/bars_controller.rb:26:53:26:54 | dt |
| app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | app/controllers/foo/bars_controller.rb:18:10:18:22 | ...[...] |
| app/controllers/foo/bars_controller.rb:18:10:18:22 | ...[...] | app/controllers/foo/bars_controller.rb:18:5:18:6 | dt |
| app/controllers/foo/bars_controller.rb:19:22:19:23 | dt | app/views/foo/bars/show.html.erb:40:3:40:16 | @instance_text |
| app/controllers/foo/bars_controller.rb:24:39:24:44 | call to params | app/controllers/foo/bars_controller.rb:24:39:24:59 | ...[...] |
| app/controllers/foo/bars_controller.rb:24:39:24:59 | ...[...] | app/controllers/foo/bars_controller.rb:24:39:24:59 | ... = ... |
| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt | app/views/foo/bars/show.html.erb:5:9:5:20 | call to display_text |
| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt | app/views/foo/bars/show.html.erb:8:9:8:21 | call to local_assigns [element :display_text] |
| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt | app/views/foo/bars/show.html.erb:12:9:12:21 | call to local_assigns [element :display_text] |
| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt | app/views/foo/bars/show.html.erb:17:15:17:27 | call to local_assigns [element :display_text] |
| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt | app/views/foo/bars/show.html.erb:35:3:35:14 | call to display_text |
| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt | app/views/foo/bars/show.html.erb:43:76:43:87 | call to display_text |
| app/controllers/foo/bars_controller.rb:30:5:30:7 | str | app/controllers/foo/bars_controller.rb:31:5:31:7 | str |
| app/controllers/foo/bars_controller.rb:30:11:30:16 | call to params | app/controllers/foo/bars_controller.rb:30:11:30:28 | ...[...] |
| app/controllers/foo/bars_controller.rb:30:11:30:28 | ...[...] | app/controllers/foo/bars_controller.rb:30:5:30:7 | str |
| app/views/foo/bars/_widget.html.erb:8:9:8:21 | call to local_assigns [element :display_text] | app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] |
| app/views/foo/bars/show.html.erb:8:9:8:21 | call to local_assigns [element :display_text] | app/views/foo/bars/show.html.erb:8:9:8:36 | ...[...] |
| app/views/foo/bars/show.html.erb:12:9:12:21 | call to local_assigns [element :display_text] | app/views/foo/bars/show.html.erb:12:9:12:26 | ...[...] |
| app/views/foo/bars/show.html.erb:17:15:17:27 | call to local_assigns [element :display_text] | app/views/foo/bars/show.html.erb:17:15:17:32 | ...[...] |
| app/views/foo/bars/show.html.erb:43:64:43:87 | ... + ... | app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text |
| app/views/foo/bars/show.html.erb:43:64:43:87 | ... + ... | app/views/foo/bars/_widget.html.erb:8:9:8:21 | call to local_assigns [element :display_text] |
| app/views/foo/bars/show.html.erb:43:76:43:87 | call to display_text | app/views/foo/bars/show.html.erb:43:64:43:87 | ... + ... |
| app/views/foo/bars/show.html.erb:53:29:53:34 | call to params | app/views/foo/bars/show.html.erb:53:29:53:44 | ...[...] |
| app/views/foo/bars/show.html.erb:56:13:56:18 | call to params | app/views/foo/bars/show.html.erb:56:13:56:28 | ...[...] |
| app/views/foo/bars/show.html.erb:73:19:73:24 | call to params | app/views/foo/bars/show.html.erb:73:19:73:34 | ...[...] |
| app/views/foo/bars/show.html.erb:76:28:76:33 | call to params | app/views/foo/bars/show.html.erb:76:28:76:39 | ...[...] |
nodes
| app/controllers/foo/bars_controller.rb:9:12:9:17 | call to params : | semmle.label | call to params : |
| app/controllers/foo/bars_controller.rb:9:12:9:29 | ...[...] : | semmle.label | ...[...] : |
| app/controllers/foo/bars_controller.rb:13:5:13:14 | [post] self [@user_name] : | semmle.label | [post] self [@user_name] : |
| app/controllers/foo/bars_controller.rb:13:20:13:25 | call to params : | semmle.label | call to params : |
| app/controllers/foo/bars_controller.rb:13:20:13:37 | ...[...] : | semmle.label | ...[...] : |
| app/controllers/foo/bars_controller.rb:17:21:17:26 | call to params : | semmle.label | call to params : |
| app/controllers/foo/bars_controller.rb:17:21:17:36 | ...[...] : | semmle.label | ...[...] : |
| app/controllers/foo/bars_controller.rb:18:5:18:6 | dt : | semmle.label | dt : |
| app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | semmle.label | call to params : |
| app/controllers/foo/bars_controller.rb:18:10:18:22 | ...[...] : | semmle.label | ...[...] : |
| app/controllers/foo/bars_controller.rb:19:22:19:23 | dt : | semmle.label | dt : |
| app/controllers/foo/bars_controller.rb:24:39:24:44 | call to params : | semmle.label | call to params : |
| app/controllers/foo/bars_controller.rb:9:12:9:17 | call to params | semmle.label | call to params |
| app/controllers/foo/bars_controller.rb:9:12:9:29 | ...[...] | semmle.label | ...[...] |
| app/controllers/foo/bars_controller.rb:13:5:13:14 | [post] self [@user_name] | semmle.label | [post] self [@user_name] |
| app/controllers/foo/bars_controller.rb:13:20:13:25 | call to params | semmle.label | call to params |
| app/controllers/foo/bars_controller.rb:13:20:13:37 | ...[...] | semmle.label | ...[...] |
| app/controllers/foo/bars_controller.rb:17:21:17:26 | call to params | semmle.label | call to params |
| app/controllers/foo/bars_controller.rb:17:21:17:36 | ...[...] | semmle.label | ...[...] |
| app/controllers/foo/bars_controller.rb:18:5:18:6 | dt | semmle.label | dt |
| app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | semmle.label | call to params |
| app/controllers/foo/bars_controller.rb:18:10:18:22 | ...[...] | semmle.label | ...[...] |
| app/controllers/foo/bars_controller.rb:19:22:19:23 | dt | semmle.label | dt |
| app/controllers/foo/bars_controller.rb:24:39:24:44 | call to params | semmle.label | call to params |
| app/controllers/foo/bars_controller.rb:24:39:24:59 | ... = ... | semmle.label | ... = ... |
| app/controllers/foo/bars_controller.rb:24:39:24:59 | ...[...] : | semmle.label | ...[...] : |
| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt : | semmle.label | dt : |
| app/controllers/foo/bars_controller.rb:30:5:30:7 | str : | semmle.label | str : |
| app/controllers/foo/bars_controller.rb:30:11:30:16 | call to params : | semmle.label | call to params : |
| app/controllers/foo/bars_controller.rb:30:11:30:28 | ...[...] : | semmle.label | ...[...] : |
| app/controllers/foo/bars_controller.rb:24:39:24:59 | ...[...] | semmle.label | ...[...] |
| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt | semmle.label | dt |
| app/controllers/foo/bars_controller.rb:30:5:30:7 | str | semmle.label | str |
| app/controllers/foo/bars_controller.rb:30:11:30:16 | call to params | semmle.label | call to params |
| app/controllers/foo/bars_controller.rb:30:11:30:28 | ...[...] | semmle.label | ...[...] |
| app/controllers/foo/bars_controller.rb:31:5:31:7 | str | semmle.label | str |
| app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | semmle.label | call to display_text |
| app/views/foo/bars/_widget.html.erb:8:9:8:21 | call to local_assigns [element :display_text] : | semmle.label | call to local_assigns [element :display_text] : |
| app/views/foo/bars/_widget.html.erb:8:9:8:21 | call to local_assigns [element :display_text] | semmle.label | call to local_assigns [element :display_text] |
| app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] | semmle.label | ...[...] |
| app/views/foo/bars/show.html.erb:2:18:2:30 | @user_website | semmle.label | @user_website |
| app/views/foo/bars/show.html.erb:5:9:5:20 | call to display_text | semmle.label | call to display_text |
| app/views/foo/bars/show.html.erb:8:9:8:21 | call to local_assigns [element :display_text] : | semmle.label | call to local_assigns [element :display_text] : |
| app/views/foo/bars/show.html.erb:8:9:8:21 | call to local_assigns [element :display_text] | semmle.label | call to local_assigns [element :display_text] |
| app/views/foo/bars/show.html.erb:8:9:8:36 | ...[...] | semmle.label | ...[...] |
| app/views/foo/bars/show.html.erb:12:9:12:21 | call to local_assigns [element :display_text] : | semmle.label | call to local_assigns [element :display_text] : |
| app/views/foo/bars/show.html.erb:12:9:12:21 | call to local_assigns [element :display_text] | semmle.label | call to local_assigns [element :display_text] |
| app/views/foo/bars/show.html.erb:12:9:12:26 | ...[...] | semmle.label | ...[...] |
| app/views/foo/bars/show.html.erb:17:15:17:27 | call to local_assigns [element :display_text] : | semmle.label | call to local_assigns [element :display_text] : |
| app/views/foo/bars/show.html.erb:17:15:17:27 | call to local_assigns [element :display_text] | semmle.label | call to local_assigns [element :display_text] |
| app/views/foo/bars/show.html.erb:17:15:17:32 | ...[...] | semmle.label | ...[...] |
| app/views/foo/bars/show.html.erb:35:3:35:14 | call to display_text | semmle.label | call to display_text |
| app/views/foo/bars/show.html.erb:40:3:40:16 | @instance_text | semmle.label | @instance_text |
| app/views/foo/bars/show.html.erb:43:64:43:87 | ... + ... : | semmle.label | ... + ... : |
| app/views/foo/bars/show.html.erb:43:76:43:87 | call to display_text : | semmle.label | call to display_text : |
| app/views/foo/bars/show.html.erb:43:64:43:87 | ... + ... | semmle.label | ... + ... |
| app/views/foo/bars/show.html.erb:43:76:43:87 | call to display_text | semmle.label | call to display_text |
| app/views/foo/bars/show.html.erb:46:5:46:13 | call to user_name | semmle.label | call to user_name |
| app/views/foo/bars/show.html.erb:50:5:50:18 | call to user_name_memo | semmle.label | call to user_name_memo |
| app/views/foo/bars/show.html.erb:53:29:53:34 | call to params : | semmle.label | call to params : |
| app/views/foo/bars/show.html.erb:53:29:53:34 | call to params | semmle.label | call to params |
| app/views/foo/bars/show.html.erb:53:29:53:44 | ...[...] | semmle.label | ...[...] |
| app/views/foo/bars/show.html.erb:56:13:56:18 | call to params : | semmle.label | call to params : |
| app/views/foo/bars/show.html.erb:56:13:56:18 | call to params | semmle.label | call to params |
| app/views/foo/bars/show.html.erb:56:13:56:28 | ...[...] | semmle.label | ...[...] |
| app/views/foo/bars/show.html.erb:73:19:73:24 | call to params : | semmle.label | call to params : |
| app/views/foo/bars/show.html.erb:73:19:73:24 | call to params | semmle.label | call to params |
| app/views/foo/bars/show.html.erb:73:19:73:34 | ...[...] | semmle.label | ...[...] |
| app/views/foo/bars/show.html.erb:76:28:76:33 | call to params : | semmle.label | call to params : |
| app/views/foo/bars/show.html.erb:76:28:76:33 | call to params | semmle.label | call to params |
| app/views/foo/bars/show.html.erb:76:28:76:39 | ...[...] | semmle.label | ...[...] |
subpaths
#select
| app/controllers/foo/bars_controller.rb:24:39:24:59 | ... = ... | app/controllers/foo/bars_controller.rb:24:39:24:44 | call to params : | app/controllers/foo/bars_controller.rb:24:39:24:59 | ... = ... | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:24:39:24:44 | call to params | user-provided value |
| app/controllers/foo/bars_controller.rb:31:5:31:7 | str | app/controllers/foo/bars_controller.rb:30:11:30:16 | call to params : | app/controllers/foo/bars_controller.rb:31:5:31:7 | str | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:30:11:30:16 | call to params | user-provided value |
| app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
| app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:2:18:2:30 | @user_website | app/controllers/foo/bars_controller.rb:17:21:17:26 | call to params : | app/views/foo/bars/show.html.erb:2:18:2:30 | @user_website | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:17:21:17:26 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:5:9:5:20 | call to display_text | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | app/views/foo/bars/show.html.erb:5:9:5:20 | call to display_text | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:8:9:8:36 | ...[...] | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | app/views/foo/bars/show.html.erb:8:9:8:36 | ...[...] | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:12:9:12:26 | ...[...] | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | app/views/foo/bars/show.html.erb:12:9:12:26 | ...[...] | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:17:15:17:32 | ...[...] | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | app/views/foo/bars/show.html.erb:17:15:17:32 | ...[...] | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:35:3:35:14 | call to display_text | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | app/views/foo/bars/show.html.erb:35:3:35:14 | call to display_text | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:40:3:40:16 | @instance_text | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | app/views/foo/bars/show.html.erb:40:3:40:16 | @instance_text | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:46:5:46:13 | call to user_name | app/controllers/foo/bars_controller.rb:9:12:9:17 | call to params : | app/views/foo/bars/show.html.erb:46:5:46:13 | call to user_name | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:9:12:9:17 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:50:5:50:18 | call to user_name_memo | app/controllers/foo/bars_controller.rb:13:20:13:25 | call to params : | app/views/foo/bars/show.html.erb:50:5:50:18 | call to user_name_memo | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:13:20:13:25 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:53:29:53:44 | ...[...] | app/views/foo/bars/show.html.erb:53:29:53:34 | call to params : | app/views/foo/bars/show.html.erb:53:29:53:44 | ...[...] | Cross-site scripting vulnerability due to a $@. | app/views/foo/bars/show.html.erb:53:29:53:34 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:56:13:56:28 | ...[...] | app/views/foo/bars/show.html.erb:56:13:56:18 | call to params : | app/views/foo/bars/show.html.erb:56:13:56:28 | ...[...] | Cross-site scripting vulnerability due to a $@. | app/views/foo/bars/show.html.erb:56:13:56:18 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:73:19:73:34 | ...[...] | app/views/foo/bars/show.html.erb:73:19:73:24 | call to params : | app/views/foo/bars/show.html.erb:73:19:73:34 | ...[...] | Cross-site scripting vulnerability due to a $@. | app/views/foo/bars/show.html.erb:73:19:73:24 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:76:28:76:39 | ...[...] | app/views/foo/bars/show.html.erb:76:28:76:33 | call to params : | app/views/foo/bars/show.html.erb:76:28:76:39 | ...[...] | Cross-site scripting vulnerability due to a $@. | app/views/foo/bars/show.html.erb:76:28:76:33 | call to params | user-provided value |
| app/controllers/foo/bars_controller.rb:24:39:24:59 | ... = ... | app/controllers/foo/bars_controller.rb:24:39:24:44 | call to params | app/controllers/foo/bars_controller.rb:24:39:24:59 | ... = ... | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:24:39:24:44 | call to params | user-provided value |
| app/controllers/foo/bars_controller.rb:31:5:31:7 | str | app/controllers/foo/bars_controller.rb:30:11:30:16 | call to params | app/controllers/foo/bars_controller.rb:31:5:31:7 | str | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:30:11:30:16 | call to params | user-provided value |
| app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
| app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:2:18:2:30 | @user_website | app/controllers/foo/bars_controller.rb:17:21:17:26 | call to params | app/views/foo/bars/show.html.erb:2:18:2:30 | @user_website | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:17:21:17:26 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:5:9:5:20 | call to display_text | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | app/views/foo/bars/show.html.erb:5:9:5:20 | call to display_text | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:8:9:8:36 | ...[...] | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | app/views/foo/bars/show.html.erb:8:9:8:36 | ...[...] | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:12:9:12:26 | ...[...] | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | app/views/foo/bars/show.html.erb:12:9:12:26 | ...[...] | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:17:15:17:32 | ...[...] | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | app/views/foo/bars/show.html.erb:17:15:17:32 | ...[...] | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:35:3:35:14 | call to display_text | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | app/views/foo/bars/show.html.erb:35:3:35:14 | call to display_text | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:40:3:40:16 | @instance_text | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | app/views/foo/bars/show.html.erb:40:3:40:16 | @instance_text | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:46:5:46:13 | call to user_name | app/controllers/foo/bars_controller.rb:9:12:9:17 | call to params | app/views/foo/bars/show.html.erb:46:5:46:13 | call to user_name | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:9:12:9:17 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:50:5:50:18 | call to user_name_memo | app/controllers/foo/bars_controller.rb:13:20:13:25 | call to params | app/views/foo/bars/show.html.erb:50:5:50:18 | call to user_name_memo | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:13:20:13:25 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:53:29:53:44 | ...[...] | app/views/foo/bars/show.html.erb:53:29:53:34 | call to params | app/views/foo/bars/show.html.erb:53:29:53:44 | ...[...] | Cross-site scripting vulnerability due to a $@. | app/views/foo/bars/show.html.erb:53:29:53:34 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:56:13:56:28 | ...[...] | app/views/foo/bars/show.html.erb:56:13:56:18 | call to params | app/views/foo/bars/show.html.erb:56:13:56:28 | ...[...] | Cross-site scripting vulnerability due to a $@. | app/views/foo/bars/show.html.erb:56:13:56:18 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:73:19:73:34 | ...[...] | app/views/foo/bars/show.html.erb:73:19:73:24 | call to params | app/views/foo/bars/show.html.erb:73:19:73:34 | ...[...] | Cross-site scripting vulnerability due to a $@. | app/views/foo/bars/show.html.erb:73:19:73:24 | call to params | user-provided value |
| app/views/foo/bars/show.html.erb:76:28:76:39 | ...[...] | app/views/foo/bars/show.html.erb:76:28:76:33 | call to params | app/views/foo/bars/show.html.erb:76:28:76:39 | ...[...] | Cross-site scripting vulnerability due to a $@. | app/views/foo/bars/show.html.erb:76:28:76:33 | call to params | user-provided value |

82
ruby/ql/test/query-tests/security/cwe-079/StoredXSS.expected
View File

@@ -1,43 +1,43 @@
edges
| app/controllers/foo/stores_controller.rb:8:5:8:6 | dt : | app/controllers/foo/stores_controller.rb:9:22:9:23 | dt : |
| app/controllers/foo/stores_controller.rb:8:5:8:6 | dt : | app/controllers/foo/stores_controller.rb:13:55:13:56 | dt : |
| app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read : | app/controllers/foo/stores_controller.rb:8:5:8:6 | dt : |
| app/controllers/foo/stores_controller.rb:9:22:9:23 | dt : | app/views/foo/stores/show.html.erb:37:3:37:16 | @instance_text |
| app/controllers/foo/stores_controller.rb:12:28:12:48 | call to raw_name : | app/views/foo/stores/show.html.erb:82:5:82:24 | @other_user_raw_name |
| app/controllers/foo/stores_controller.rb:13:55:13:56 | dt : | app/views/foo/stores/show.html.erb:2:9:2:20 | call to display_text |
| app/controllers/foo/stores_controller.rb:13:55:13:56 | dt : | app/views/foo/stores/show.html.erb:5:9:5:21 | call to local_assigns [element :display_text] : |
| app/controllers/foo/stores_controller.rb:13:55:13:56 | dt : | app/views/foo/stores/show.html.erb:9:9:9:21 | call to local_assigns [element :display_text] : |
| app/controllers/foo/stores_controller.rb:13:55:13:56 | dt : | app/views/foo/stores/show.html.erb:14:15:14:27 | call to local_assigns [element :display_text] : |
| app/controllers/foo/stores_controller.rb:13:55:13:56 | dt : | app/views/foo/stores/show.html.erb:32:3:32:14 | call to display_text |
| app/controllers/foo/stores_controller.rb:13:55:13:56 | dt : | app/views/foo/stores/show.html.erb:40:76:40:87 | call to display_text : |
| app/views/foo/bars/_widget.html.erb:8:9:8:21 | call to local_assigns [element :display_text] : | app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] |
| app/views/foo/stores/show.html.erb:5:9:5:21 | call to local_assigns [element :display_text] : | app/views/foo/stores/show.html.erb:5:9:5:36 | ...[...] |
| app/views/foo/stores/show.html.erb:9:9:9:21 | call to local_assigns [element :display_text] : | app/views/foo/stores/show.html.erb:9:9:9:26 | ...[...] |
| app/views/foo/stores/show.html.erb:14:15:14:27 | call to local_assigns [element :display_text] : | app/views/foo/stores/show.html.erb:14:15:14:32 | ...[...] |
| app/views/foo/stores/show.html.erb:40:64:40:87 | ... + ... : | app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text |
| app/views/foo/stores/show.html.erb:40:64:40:87 | ... + ... : | app/views/foo/bars/_widget.html.erb:8:9:8:21 | call to local_assigns [element :display_text] : |
| app/views/foo/stores/show.html.erb:40:76:40:87 | call to display_text : | app/views/foo/stores/show.html.erb:40:64:40:87 | ... + ... : |
| app/views/foo/stores/show.html.erb:86:17:86:28 | call to handle : | app/views/foo/stores/show.html.erb:86:3:86:29 | call to sprintf |
| app/controllers/foo/stores_controller.rb:8:5:8:6 | dt | app/controllers/foo/stores_controller.rb:9:22:9:23 | dt |
| app/controllers/foo/stores_controller.rb:8:5:8:6 | dt | app/controllers/foo/stores_controller.rb:13:55:13:56 | dt |
| app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | app/controllers/foo/stores_controller.rb:8:5:8:6 | dt |
| app/controllers/foo/stores_controller.rb:9:22:9:23 | dt | app/views/foo/stores/show.html.erb:37:3:37:16 | @instance_text |
| app/controllers/foo/stores_controller.rb:12:28:12:48 | call to raw_name | app/views/foo/stores/show.html.erb:82:5:82:24 | @other_user_raw_name |
| app/controllers/foo/stores_controller.rb:13:55:13:56 | dt | app/views/foo/stores/show.html.erb:2:9:2:20 | call to display_text |
| app/controllers/foo/stores_controller.rb:13:55:13:56 | dt | app/views/foo/stores/show.html.erb:5:9:5:21 | call to local_assigns [element :display_text] |
| app/controllers/foo/stores_controller.rb:13:55:13:56 | dt | app/views/foo/stores/show.html.erb:9:9:9:21 | call to local_assigns [element :display_text] |
| app/controllers/foo/stores_controller.rb:13:55:13:56 | dt | app/views/foo/stores/show.html.erb:14:15:14:27 | call to local_assigns [element :display_text] |
| app/controllers/foo/stores_controller.rb:13:55:13:56 | dt | app/views/foo/stores/show.html.erb:32:3:32:14 | call to display_text |
| app/controllers/foo/stores_controller.rb:13:55:13:56 | dt | app/views/foo/stores/show.html.erb:40:76:40:87 | call to display_text |
| app/views/foo/bars/_widget.html.erb:8:9:8:21 | call to local_assigns [element :display_text] | app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] |
| app/views/foo/stores/show.html.erb:5:9:5:21 | call to local_assigns [element :display_text] | app/views/foo/stores/show.html.erb:5:9:5:36 | ...[...] |
| app/views/foo/stores/show.html.erb:9:9:9:21 | call to local_assigns [element :display_text] | app/views/foo/stores/show.html.erb:9:9:9:26 | ...[...] |
| app/views/foo/stores/show.html.erb:14:15:14:27 | call to local_assigns [element :display_text] | app/views/foo/stores/show.html.erb:14:15:14:32 | ...[...] |
| app/views/foo/stores/show.html.erb:40:64:40:87 | ... + ... | app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text |
| app/views/foo/stores/show.html.erb:40:64:40:87 | ... + ... | app/views/foo/bars/_widget.html.erb:8:9:8:21 | call to local_assigns [element :display_text] |
| app/views/foo/stores/show.html.erb:40:76:40:87 | call to display_text | app/views/foo/stores/show.html.erb:40:64:40:87 | ... + ... |
| app/views/foo/stores/show.html.erb:86:17:86:28 | call to handle | app/views/foo/stores/show.html.erb:86:3:86:29 | call to sprintf |
nodes
| app/controllers/foo/stores_controller.rb:8:5:8:6 | dt : | semmle.label | dt : |
| app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read : | semmle.label | call to read : |
| app/controllers/foo/stores_controller.rb:9:22:9:23 | dt : | semmle.label | dt : |
| app/controllers/foo/stores_controller.rb:12:28:12:48 | call to raw_name : | semmle.label | call to raw_name : |
| app/controllers/foo/stores_controller.rb:13:55:13:56 | dt : | semmle.label | dt : |
| app/controllers/foo/stores_controller.rb:8:5:8:6 | dt | semmle.label | dt |
| app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | semmle.label | call to read |
| app/controllers/foo/stores_controller.rb:9:22:9:23 | dt | semmle.label | dt |
| app/controllers/foo/stores_controller.rb:12:28:12:48 | call to raw_name | semmle.label | call to raw_name |
| app/controllers/foo/stores_controller.rb:13:55:13:56 | dt | semmle.label | dt |
| app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | semmle.label | call to display_text |
| app/views/foo/bars/_widget.html.erb:8:9:8:21 | call to local_assigns [element :display_text] : | semmle.label | call to local_assigns [element :display_text] : |
| app/views/foo/bars/_widget.html.erb:8:9:8:21 | call to local_assigns [element :display_text] | semmle.label | call to local_assigns [element :display_text] |
| app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] | semmle.label | ...[...] |
| app/views/foo/stores/show.html.erb:2:9:2:20 | call to display_text | semmle.label | call to display_text |
| app/views/foo/stores/show.html.erb:5:9:5:21 | call to local_assigns [element :display_text] : | semmle.label | call to local_assigns [element :display_text] : |
| app/views/foo/stores/show.html.erb:5:9:5:21 | call to local_assigns [element :display_text] | semmle.label | call to local_assigns [element :display_text] |
| app/views/foo/stores/show.html.erb:5:9:5:36 | ...[...] | semmle.label | ...[...] |
| app/views/foo/stores/show.html.erb:9:9:9:21 | call to local_assigns [element :display_text] : | semmle.label | call to local_assigns [element :display_text] : |
| app/views/foo/stores/show.html.erb:9:9:9:21 | call to local_assigns [element :display_text] | semmle.label | call to local_assigns [element :display_text] |
| app/views/foo/stores/show.html.erb:9:9:9:26 | ...[...] | semmle.label | ...[...] |
| app/views/foo/stores/show.html.erb:14:15:14:27 | call to local_assigns [element :display_text] : | semmle.label | call to local_assigns [element :display_text] : |
| app/views/foo/stores/show.html.erb:14:15:14:27 | call to local_assigns [element :display_text] | semmle.label | call to local_assigns [element :display_text] |
| app/views/foo/stores/show.html.erb:14:15:14:32 | ...[...] | semmle.label | ...[...] |
| app/views/foo/stores/show.html.erb:32:3:32:14 | call to display_text | semmle.label | call to display_text |
| app/views/foo/stores/show.html.erb:37:3:37:16 | @instance_text | semmle.label | @instance_text |
| app/views/foo/stores/show.html.erb:40:64:40:87 | ... + ... : | semmle.label | ... + ... : |
| app/views/foo/stores/show.html.erb:40:76:40:87 | call to display_text : | semmle.label | call to display_text : |
| app/views/foo/stores/show.html.erb:40:64:40:87 | ... + ... | semmle.label | ... + ... |
| app/views/foo/stores/show.html.erb:40:76:40:87 | call to display_text | semmle.label | call to display_text |
| app/views/foo/stores/show.html.erb:46:5:46:16 | call to handle | semmle.label | call to handle |
| app/views/foo/stores/show.html.erb:49:5:49:18 | call to raw_name | semmle.label | call to raw_name |
| app/views/foo/stores/show.html.erb:63:3:63:18 | call to handle | semmle.label | call to handle |
@@ -45,21 +45,21 @@ nodes
| app/views/foo/stores/show.html.erb:79:5:79:22 | call to display_name | semmle.label | call to display_name |
| app/views/foo/stores/show.html.erb:82:5:82:24 | @other_user_raw_name | semmle.label | @other_user_raw_name |
| app/views/foo/stores/show.html.erb:86:3:86:29 | call to sprintf | semmle.label | call to sprintf |
| app/views/foo/stores/show.html.erb:86:17:86:28 | call to handle : | semmle.label | call to handle : |
| app/views/foo/stores/show.html.erb:86:17:86:28 | call to handle | semmle.label | call to handle |
subpaths
#select
| app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read : | app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | stored value |
| app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read : | app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | stored value |
| app/views/foo/stores/show.html.erb:2:9:2:20 | call to display_text | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read : | app/views/foo/stores/show.html.erb:2:9:2:20 | call to display_text | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | stored value |
| app/views/foo/stores/show.html.erb:5:9:5:36 | ...[...] | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read : | app/views/foo/stores/show.html.erb:5:9:5:36 | ...[...] | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | stored value |
| app/views/foo/stores/show.html.erb:9:9:9:26 | ...[...] | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read : | app/views/foo/stores/show.html.erb:9:9:9:26 | ...[...] | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | stored value |
| app/views/foo/stores/show.html.erb:14:15:14:32 | ...[...] | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read : | app/views/foo/stores/show.html.erb:14:15:14:32 | ...[...] | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | stored value |
| app/views/foo/stores/show.html.erb:32:3:32:14 | call to display_text | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read : | app/views/foo/stores/show.html.erb:32:3:32:14 | call to display_text | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | stored value |
| app/views/foo/stores/show.html.erb:37:3:37:16 | @instance_text | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read : | app/views/foo/stores/show.html.erb:37:3:37:16 | @instance_text | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | stored value |
| app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | stored value |
| app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | stored value |
| app/views/foo/stores/show.html.erb:2:9:2:20 | call to display_text | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | app/views/foo/stores/show.html.erb:2:9:2:20 | call to display_text | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | stored value |
| app/views/foo/stores/show.html.erb:5:9:5:36 | ...[...] | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | app/views/foo/stores/show.html.erb:5:9:5:36 | ...[...] | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | stored value |
| app/views/foo/stores/show.html.erb:9:9:9:26 | ...[...] | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | app/views/foo/stores/show.html.erb:9:9:9:26 | ...[...] | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | stored value |
| app/views/foo/stores/show.html.erb:14:15:14:32 | ...[...] | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | app/views/foo/stores/show.html.erb:14:15:14:32 | ...[...] | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | stored value |
| app/views/foo/stores/show.html.erb:32:3:32:14 | call to display_text | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | app/views/foo/stores/show.html.erb:32:3:32:14 | call to display_text | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | stored value |
| app/views/foo/stores/show.html.erb:37:3:37:16 | @instance_text | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | app/views/foo/stores/show.html.erb:37:3:37:16 | @instance_text | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | stored value |
| app/views/foo/stores/show.html.erb:46:5:46:16 | call to handle | app/views/foo/stores/show.html.erb:46:5:46:16 | call to handle | app/views/foo/stores/show.html.erb:46:5:46:16 | call to handle | Stored cross-site scripting vulnerability due to $@. | app/views/foo/stores/show.html.erb:46:5:46:16 | call to handle | stored value |
| app/views/foo/stores/show.html.erb:49:5:49:18 | call to raw_name | app/views/foo/stores/show.html.erb:49:5:49:18 | call to raw_name | app/views/foo/stores/show.html.erb:49:5:49:18 | call to raw_name | Stored cross-site scripting vulnerability due to $@. | app/views/foo/stores/show.html.erb:49:5:49:18 | call to raw_name | stored value |
| app/views/foo/stores/show.html.erb:63:3:63:18 | call to handle | app/views/foo/stores/show.html.erb:63:3:63:18 | call to handle | app/views/foo/stores/show.html.erb:63:3:63:18 | call to handle | Stored cross-site scripting vulnerability due to $@. | app/views/foo/stores/show.html.erb:63:3:63:18 | call to handle | stored value |
| app/views/foo/stores/show.html.erb:69:3:69:20 | call to raw_name | app/views/foo/stores/show.html.erb:69:3:69:20 | call to raw_name | app/views/foo/stores/show.html.erb:69:3:69:20 | call to raw_name | Stored cross-site scripting vulnerability due to $@. | app/views/foo/stores/show.html.erb:69:3:69:20 | call to raw_name | stored value |
| app/views/foo/stores/show.html.erb:79:5:79:22 | call to display_name | app/views/foo/stores/show.html.erb:79:5:79:22 | call to display_name | app/views/foo/stores/show.html.erb:79:5:79:22 | call to display_name | Stored cross-site scripting vulnerability due to $@. | app/views/foo/stores/show.html.erb:79:5:79:22 | call to display_name | stored value |
| app/views/foo/stores/show.html.erb:82:5:82:24 | @other_user_raw_name | app/controllers/foo/stores_controller.rb:12:28:12:48 | call to raw_name : | app/views/foo/stores/show.html.erb:82:5:82:24 | @other_user_raw_name | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:12:28:12:48 | call to raw_name | stored value |
| app/views/foo/stores/show.html.erb:86:3:86:29 | call to sprintf | app/views/foo/stores/show.html.erb:86:17:86:28 | call to handle : | app/views/foo/stores/show.html.erb:86:3:86:29 | call to sprintf | Stored cross-site scripting vulnerability due to $@. | app/views/foo/stores/show.html.erb:86:17:86:28 | call to handle | stored value |
| app/views/foo/stores/show.html.erb:82:5:82:24 | @other_user_raw_name | app/controllers/foo/stores_controller.rb:12:28:12:48 | call to raw_name | app/views/foo/stores/show.html.erb:82:5:82:24 | @other_user_raw_name | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:12:28:12:48 | call to raw_name | stored value |
| app/views/foo/stores/show.html.erb:86:3:86:29 | call to sprintf | app/views/foo/stores/show.html.erb:86:17:86:28 | call to handle | app/views/foo/stores/show.html.erb:86:3:86:29 | call to sprintf | Stored cross-site scripting vulnerability due to $@. | app/views/foo/stores/show.html.erb:86:17:86:28 | call to handle | stored value |

18
ruby/ql/test/query-tests/security/cwe-079/UnsafeHtmlConstruction.expected
View File

@@ -1,16 +1,16 @@
edges
| lib/unsafeHtml.rb:2:31:2:34 | name : | lib/unsafeHtml.rb:3:10:3:16 | #{...} |
| lib/unsafeHtml.rb:9:27:9:30 | name : | lib/unsafeHtml.rb:11:13:11:19 | #{...} |
| lib/unsafeHtml.rb:16:19:16:22 | name : | lib/unsafeHtml.rb:17:28:17:31 | name |
| lib/unsafeHtml.rb:2:31:2:34 | name | lib/unsafeHtml.rb:3:10:3:16 | #{...} |
| lib/unsafeHtml.rb:9:27:9:30 | name | lib/unsafeHtml.rb:11:13:11:19 | #{...} |
| lib/unsafeHtml.rb:16:19:16:22 | name | lib/unsafeHtml.rb:17:28:17:31 | name |
nodes
| lib/unsafeHtml.rb:2:31:2:34 | name : | semmle.label | name : |
| lib/unsafeHtml.rb:2:31:2:34 | name | semmle.label | name |
| lib/unsafeHtml.rb:3:10:3:16 | #{...} | semmle.label | #{...} |
| lib/unsafeHtml.rb:9:27:9:30 | name : | semmle.label | name : |
| lib/unsafeHtml.rb:9:27:9:30 | name | semmle.label | name |
| lib/unsafeHtml.rb:11:13:11:19 | #{...} | semmle.label | #{...} |
| lib/unsafeHtml.rb:16:19:16:22 | name : | semmle.label | name : |
| lib/unsafeHtml.rb:16:19:16:22 | name | semmle.label | name |
| lib/unsafeHtml.rb:17:28:17:31 | name | semmle.label | name |
subpaths
#select
| lib/unsafeHtml.rb:3:10:3:16 | #{...} | lib/unsafeHtml.rb:2:31:2:34 | name : | lib/unsafeHtml.rb:3:10:3:16 | #{...} | This string interpolation which depends on $@ might later allow $@. | lib/unsafeHtml.rb:2:31:2:34 | name | library input | lib/unsafeHtml.rb:3:5:3:22 | "<h2>#{...}</h2>" | cross-site scripting |
| lib/unsafeHtml.rb:11:13:11:19 | #{...} | lib/unsafeHtml.rb:9:27:9:30 | name : | lib/unsafeHtml.rb:11:13:11:19 | #{...} | This string interpolation which depends on $@ might later allow $@. | lib/unsafeHtml.rb:9:27:9:30 | name | library input | lib/unsafeHtml.rb:13:5:13:5 | h | cross-site scripting |
| lib/unsafeHtml.rb:17:28:17:31 | name | lib/unsafeHtml.rb:16:19:16:22 | name : | lib/unsafeHtml.rb:17:28:17:31 | name | This string format which depends on $@ might later allow $@. | lib/unsafeHtml.rb:16:19:16:22 | name | library input | lib/unsafeHtml.rb:17:5:17:32 | call to sprintf | cross-site scripting |
| lib/unsafeHtml.rb:3:10:3:16 | #{...} | lib/unsafeHtml.rb:2:31:2:34 | name | lib/unsafeHtml.rb:3:10:3:16 | #{...} | This string interpolation which depends on $@ might later allow $@. | lib/unsafeHtml.rb:2:31:2:34 | name | library input | lib/unsafeHtml.rb:3:5:3:22 | "<h2>#{...}</h2>" | cross-site scripting |
| lib/unsafeHtml.rb:11:13:11:19 | #{...} | lib/unsafeHtml.rb:9:27:9:30 | name | lib/unsafeHtml.rb:11:13:11:19 | #{...} | This string interpolation which depends on $@ might later allow $@. | lib/unsafeHtml.rb:9:27:9:30 | name | library input | lib/unsafeHtml.rb:13:5:13:5 | h | cross-site scripting |
| lib/unsafeHtml.rb:17:28:17:31 | name | lib/unsafeHtml.rb:16:19:16:22 | name | lib/unsafeHtml.rb:17:28:17:31 | name | This string format which depends on $@ might later allow $@. | lib/unsafeHtml.rb:16:19:16:22 | name | library input | lib/unsafeHtml.rb:17:5:17:32 | call to sprintf | cross-site scripting |

268
ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected
View File

@@ -1,161 +1,161 @@
edges
| ActiveRecordInjection.rb:8:25:8:28 | name : | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" |
| ActiveRecordInjection.rb:8:31:8:34 | pass : | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" |
| ActiveRecordInjection.rb:20:22:20:30 | condition : | ActiveRecordInjection.rb:23:16:23:24 | condition |
| ActiveRecordInjection.rb:35:30:35:35 | call to params : | ActiveRecordInjection.rb:35:30:35:44 | ...[...] |
| ActiveRecordInjection.rb:39:18:39:23 | call to params : | ActiveRecordInjection.rb:39:18:39:32 | ...[...] |
| ActiveRecordInjection.rb:43:29:43:34 | call to params : | ActiveRecordInjection.rb:43:29:43:39 | ...[...] : |
| ActiveRecordInjection.rb:43:29:43:39 | ...[...] : | ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" |
| ActiveRecordInjection.rb:48:30:48:35 | call to params : | ActiveRecordInjection.rb:48:30:48:40 | ...[...] : |
| ActiveRecordInjection.rb:48:30:48:40 | ...[...] : | ActiveRecordInjection.rb:48:21:48:43 | "id = '#{...}'" |
| ActiveRecordInjection.rb:52:31:52:36 | call to params : | ActiveRecordInjection.rb:52:31:52:41 | ...[...] : |
| ActiveRecordInjection.rb:52:31:52:41 | ...[...] : | ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" |
| ActiveRecordInjection.rb:57:32:57:37 | call to params : | ActiveRecordInjection.rb:57:32:57:42 | ...[...] : |
| ActiveRecordInjection.rb:57:32:57:42 | ...[...] : | ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" |
| ActiveRecordInjection.rb:62:21:62:26 | call to params : | ActiveRecordInjection.rb:62:21:62:35 | ...[...] : |
| ActiveRecordInjection.rb:62:21:62:35 | ...[...] : | ActiveRecordInjection.rb:61:16:61:21 | <<-SQL |
| ActiveRecordInjection.rb:68:34:68:39 | call to params : | ActiveRecordInjection.rb:68:34:68:44 | ...[...] : |
| ActiveRecordInjection.rb:68:34:68:44 | ...[...] : | ActiveRecordInjection.rb:68:20:68:47 | "user.id = '#{...}'" |
| ActiveRecordInjection.rb:70:23:70:28 | call to params : | ActiveRecordInjection.rb:70:23:70:35 | ...[...] : |
| ActiveRecordInjection.rb:70:23:70:35 | ...[...] : | ActiveRecordInjection.rb:8:25:8:28 | name : |
| ActiveRecordInjection.rb:70:38:70:43 | call to params : | ActiveRecordInjection.rb:70:38:70:50 | ...[...] : |
| ActiveRecordInjection.rb:70:38:70:50 | ...[...] : | ActiveRecordInjection.rb:8:31:8:34 | pass : |
| ActiveRecordInjection.rb:74:41:74:46 | call to params : | ActiveRecordInjection.rb:74:41:74:51 | ...[...] : |
| ActiveRecordInjection.rb:74:41:74:51 | ...[...] : | ActiveRecordInjection.rb:74:32:74:54 | "id = '#{...}'" |
| ActiveRecordInjection.rb:83:17:83:22 | call to params : | ActiveRecordInjection.rb:83:17:83:31 | ...[...] |
| ActiveRecordInjection.rb:84:19:84:24 | call to params : | ActiveRecordInjection.rb:84:19:84:33 | ...[...] |
| ActiveRecordInjection.rb:88:18:88:23 | call to params : | ActiveRecordInjection.rb:88:18:88:35 | ...[...] |
| ActiveRecordInjection.rb:92:21:92:26 | call to params : | ActiveRecordInjection.rb:92:21:92:35 | ...[...] |
| ActiveRecordInjection.rb:94:18:94:23 | call to params : | ActiveRecordInjection.rb:94:18:94:35 | ...[...] |
| ActiveRecordInjection.rb:96:23:96:28 | call to params : | ActiveRecordInjection.rb:96:23:96:47 | ...[...] |
| ActiveRecordInjection.rb:102:5:102:6 | ps : | ActiveRecordInjection.rb:103:11:103:12 | ps : |
| ActiveRecordInjection.rb:102:10:102:15 | call to params : | ActiveRecordInjection.rb:102:5:102:6 | ps : |
| ActiveRecordInjection.rb:103:5:103:7 | uid : | ActiveRecordInjection.rb:104:5:104:9 | uidEq : |
| ActiveRecordInjection.rb:103:11:103:12 | ps : | ActiveRecordInjection.rb:103:11:103:17 | ...[...] : |
| ActiveRecordInjection.rb:103:11:103:17 | ...[...] : | ActiveRecordInjection.rb:103:5:103:7 | uid : |
| ActiveRecordInjection.rb:104:5:104:9 | uidEq : | ActiveRecordInjection.rb:108:20:108:32 | ... + ... |
| ActiveRecordInjection.rb:141:21:141:26 | call to params : | ActiveRecordInjection.rb:141:21:141:44 | ...[...] : |
| ActiveRecordInjection.rb:141:21:141:44 | ...[...] : | ActiveRecordInjection.rb:20:22:20:30 | condition : |
| ActiveRecordInjection.rb:155:59:155:64 | call to params : | ActiveRecordInjection.rb:155:59:155:74 | ...[...] : |
| ActiveRecordInjection.rb:155:59:155:74 | ...[...] : | ActiveRecordInjection.rb:155:27:155:76 | "this is an unsafe annotation:..." |
| ActiveRecordInjection.rb:166:5:166:13 | my_params : | ActiveRecordInjection.rb:167:47:167:55 | my_params : |
| ActiveRecordInjection.rb:166:17:166:32 | call to permitted_params : | ActiveRecordInjection.rb:166:5:166:13 | my_params : |
| ActiveRecordInjection.rb:167:5:167:9 | query : | ActiveRecordInjection.rb:168:37:168:41 | query |
| ActiveRecordInjection.rb:167:47:167:55 | my_params : | ActiveRecordInjection.rb:167:47:167:65 | ...[...] : |
| ActiveRecordInjection.rb:167:47:167:65 | ...[...] : | ActiveRecordInjection.rb:167:5:167:9 | query : |
| ActiveRecordInjection.rb:173:5:173:10 | call to params : | ActiveRecordInjection.rb:173:5:173:27 | call to require : |
| ActiveRecordInjection.rb:173:5:173:27 | call to require : | ActiveRecordInjection.rb:173:5:173:59 | call to permit : |
| ActiveRecordInjection.rb:173:5:173:59 | call to permit : | ActiveRecordInjection.rb:166:17:166:32 | call to permitted_params : |
| ActiveRecordInjection.rb:173:5:173:59 | call to permit : | ActiveRecordInjection.rb:177:77:177:92 | call to permitted_params : |
| ActiveRecordInjection.rb:173:5:173:59 | call to permit : | ActiveRecordInjection.rb:178:69:178:84 | call to permitted_params : |
| ActiveRecordInjection.rb:177:77:177:92 | call to permitted_params : | ActiveRecordInjection.rb:177:77:177:102 | ...[...] : |
| ActiveRecordInjection.rb:177:77:177:102 | ...[...] : | ActiveRecordInjection.rb:177:43:177:104 | "SELECT * FROM users WHERE id ..." |
| ActiveRecordInjection.rb:178:69:178:84 | call to permitted_params : | ActiveRecordInjection.rb:178:69:178:94 | ...[...] : |
| ActiveRecordInjection.rb:178:69:178:94 | ...[...] : | ActiveRecordInjection.rb:178:35:178:96 | "SELECT * FROM users WHERE id ..." |
| ArelInjection.rb:4:5:4:8 | name : | ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." |
| ArelInjection.rb:4:12:4:17 | call to params : | ArelInjection.rb:4:12:4:29 | ...[...] : |
| ArelInjection.rb:4:12:4:29 | ...[...] : | ArelInjection.rb:4:5:4:8 | name : |
| ActiveRecordInjection.rb:8:25:8:28 | name | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" |
| ActiveRecordInjection.rb:8:31:8:34 | pass | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" |
| ActiveRecordInjection.rb:20:22:20:30 | condition | ActiveRecordInjection.rb:23:16:23:24 | condition |
| ActiveRecordInjection.rb:35:30:35:35 | call to params | ActiveRecordInjection.rb:35:30:35:44 | ...[...] |
| ActiveRecordInjection.rb:39:18:39:23 | call to params | ActiveRecordInjection.rb:39:18:39:32 | ...[...] |
| ActiveRecordInjection.rb:43:29:43:34 | call to params | ActiveRecordInjection.rb:43:29:43:39 | ...[...] |
| ActiveRecordInjection.rb:43:29:43:39 | ...[...] | ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" |
| ActiveRecordInjection.rb:48:30:48:35 | call to params | ActiveRecordInjection.rb:48:30:48:40 | ...[...] |
| ActiveRecordInjection.rb:48:30:48:40 | ...[...] | ActiveRecordInjection.rb:48:21:48:43 | "id = '#{...}'" |
| ActiveRecordInjection.rb:52:31:52:36 | call to params | ActiveRecordInjection.rb:52:31:52:41 | ...[...] |
| ActiveRecordInjection.rb:52:31:52:41 | ...[...] | ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" |
| ActiveRecordInjection.rb:57:32:57:37 | call to params | ActiveRecordInjection.rb:57:32:57:42 | ...[...] |
| ActiveRecordInjection.rb:57:32:57:42 | ...[...] | ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" |
| ActiveRecordInjection.rb:62:21:62:26 | call to params | ActiveRecordInjection.rb:62:21:62:35 | ...[...] |
| ActiveRecordInjection.rb:62:21:62:35 | ...[...] | ActiveRecordInjection.rb:61:16:61:21 | <<-SQL |
| ActiveRecordInjection.rb:68:34:68:39 | call to params | ActiveRecordInjection.rb:68:34:68:44 | ...[...] |
| ActiveRecordInjection.rb:68:34:68:44 | ...[...] | ActiveRecordInjection.rb:68:20:68:47 | "user.id = '#{...}'" |
| ActiveRecordInjection.rb:70:23:70:28 | call to params | ActiveRecordInjection.rb:70:23:70:35 | ...[...] |
| ActiveRecordInjection.rb:70:23:70:35 | ...[...] | ActiveRecordInjection.rb:8:25:8:28 | name |
| ActiveRecordInjection.rb:70:38:70:43 | call to params | ActiveRecordInjection.rb:70:38:70:50 | ...[...] |
| ActiveRecordInjection.rb:70:38:70:50 | ...[...] | ActiveRecordInjection.rb:8:31:8:34 | pass |
| ActiveRecordInjection.rb:74:41:74:46 | call to params | ActiveRecordInjection.rb:74:41:74:51 | ...[...] |
| ActiveRecordInjection.rb:74:41:74:51 | ...[...] | ActiveRecordInjection.rb:74:32:74:54 | "id = '#{...}'" |
| ActiveRecordInjection.rb:83:17:83:22 | call to params | ActiveRecordInjection.rb:83:17:83:31 | ...[...] |
| ActiveRecordInjection.rb:84:19:84:24 | call to params | ActiveRecordInjection.rb:84:19:84:33 | ...[...] |
| ActiveRecordInjection.rb:88:18:88:23 | call to params | ActiveRecordInjection.rb:88:18:88:35 | ...[...] |
| ActiveRecordInjection.rb:92:21:92:26 | call to params | ActiveRecordInjection.rb:92:21:92:35 | ...[...] |
| ActiveRecordInjection.rb:94:18:94:23 | call to params | ActiveRecordInjection.rb:94:18:94:35 | ...[...] |
| ActiveRecordInjection.rb:96:23:96:28 | call to params | ActiveRecordInjection.rb:96:23:96:47 | ...[...] |
| ActiveRecordInjection.rb:102:5:102:6 | ps | ActiveRecordInjection.rb:103:11:103:12 | ps |
| ActiveRecordInjection.rb:102:10:102:15 | call to params | ActiveRecordInjection.rb:102:5:102:6 | ps |
| ActiveRecordInjection.rb:103:5:103:7 | uid | ActiveRecordInjection.rb:104:5:104:9 | uidEq |
| ActiveRecordInjection.rb:103:11:103:12 | ps | ActiveRecordInjection.rb:103:11:103:17 | ...[...] |
| ActiveRecordInjection.rb:103:11:103:17 | ...[...] | ActiveRecordInjection.rb:103:5:103:7 | uid |
| ActiveRecordInjection.rb:104:5:104:9 | uidEq | ActiveRecordInjection.rb:108:20:108:32 | ... + ... |
| ActiveRecordInjection.rb:141:21:141:26 | call to params | ActiveRecordInjection.rb:141:21:141:44 | ...[...] |
| ActiveRecordInjection.rb:141:21:141:44 | ...[...] | ActiveRecordInjection.rb:20:22:20:30 | condition |
| ActiveRecordInjection.rb:155:59:155:64 | call to params | ActiveRecordInjection.rb:155:59:155:74 | ...[...] |
| ActiveRecordInjection.rb:155:59:155:74 | ...[...] | ActiveRecordInjection.rb:155:27:155:76 | "this is an unsafe annotation:..." |
| ActiveRecordInjection.rb:166:5:166:13 | my_params | ActiveRecordInjection.rb:167:47:167:55 | my_params |
| ActiveRecordInjection.rb:166:17:166:32 | call to permitted_params | ActiveRecordInjection.rb:166:5:166:13 | my_params |
| ActiveRecordInjection.rb:167:5:167:9 | query | ActiveRecordInjection.rb:168:37:168:41 | query |
| ActiveRecordInjection.rb:167:47:167:55 | my_params | ActiveRecordInjection.rb:167:47:167:65 | ...[...] |
| ActiveRecordInjection.rb:167:47:167:65 | ...[...] | ActiveRecordInjection.rb:167:5:167:9 | query |
| ActiveRecordInjection.rb:173:5:173:10 | call to params | ActiveRecordInjection.rb:173:5:173:27 | call to require |
| ActiveRecordInjection.rb:173:5:173:27 | call to require | ActiveRecordInjection.rb:173:5:173:59 | call to permit |
| ActiveRecordInjection.rb:173:5:173:59 | call to permit | ActiveRecordInjection.rb:166:17:166:32 | call to permitted_params |
| ActiveRecordInjection.rb:173:5:173:59 | call to permit | ActiveRecordInjection.rb:177:77:177:92 | call to permitted_params |
| ActiveRecordInjection.rb:173:5:173:59 | call to permit | ActiveRecordInjection.rb:178:69:178:84 | call to permitted_params |
| ActiveRecordInjection.rb:177:77:177:92 | call to permitted_params | ActiveRecordInjection.rb:177:77:177:102 | ...[...] |
| ActiveRecordInjection.rb:177:77:177:102 | ...[...] | ActiveRecordInjection.rb:177:43:177:104 | "SELECT * FROM users WHERE id ..." |
| ActiveRecordInjection.rb:178:69:178:84 | call to permitted_params | ActiveRecordInjection.rb:178:69:178:94 | ...[...] |
| ActiveRecordInjection.rb:178:69:178:94 | ...[...] | ActiveRecordInjection.rb:178:35:178:96 | "SELECT * FROM users WHERE id ..." |
| ArelInjection.rb:4:5:4:8 | name | ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." |
| ArelInjection.rb:4:12:4:17 | call to params | ArelInjection.rb:4:12:4:29 | ...[...] |
| ArelInjection.rb:4:12:4:29 | ...[...] | ArelInjection.rb:4:5:4:8 | name |
nodes
| ActiveRecordInjection.rb:8:25:8:28 | name : | semmle.label | name : |
| ActiveRecordInjection.rb:8:31:8:34 | pass : | semmle.label | pass : |
| ActiveRecordInjection.rb:8:25:8:28 | name | semmle.label | name |
| ActiveRecordInjection.rb:8:31:8:34 | pass | semmle.label | pass |
| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | semmle.label | "name='#{...}' and pass='#{...}'" |
| ActiveRecordInjection.rb:20:22:20:30 | condition : | semmle.label | condition : |
| ActiveRecordInjection.rb:20:22:20:30 | condition | semmle.label | condition |
| ActiveRecordInjection.rb:23:16:23:24 | condition | semmle.label | condition |
| ActiveRecordInjection.rb:35:30:35:35 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:35:30:35:35 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:35:30:35:44 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:39:18:39:23 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:39:18:39:23 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:39:18:39:32 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:43:29:43:34 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:43:29:43:39 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:43:29:43:34 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:43:29:43:39 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:48:21:48:43 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:48:30:48:35 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:48:30:48:40 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:48:30:48:35 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:48:30:48:40 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:52:31:52:36 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:52:31:52:41 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:52:31:52:36 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:52:31:52:41 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:57:32:57:37 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:57:32:57:42 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:57:32:57:37 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:57:32:57:42 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:61:16:61:21 | <<-SQL | semmle.label | <<-SQL |
| ActiveRecordInjection.rb:62:21:62:26 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:62:21:62:35 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:62:21:62:26 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:62:21:62:35 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:68:20:68:47 | "user.id = '#{...}'" | semmle.label | "user.id = '#{...}'" |
| ActiveRecordInjection.rb:68:34:68:39 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:68:34:68:44 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:70:23:70:28 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:70:23:70:35 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:70:38:70:43 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:70:38:70:50 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:68:34:68:39 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:68:34:68:44 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:70:23:70:28 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:70:23:70:35 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:70:38:70:43 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:70:38:70:50 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:74:32:74:54 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:74:41:74:46 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:74:41:74:51 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:83:17:83:22 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:74:41:74:46 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:74:41:74:51 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:83:17:83:22 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:83:17:83:31 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:84:19:84:24 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:84:19:84:24 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:84:19:84:33 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:88:18:88:23 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:88:18:88:23 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:88:18:88:35 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:92:21:92:26 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:92:21:92:26 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:92:21:92:35 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:94:18:94:23 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:94:18:94:23 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:94:18:94:35 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:96:23:96:28 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:96:23:96:28 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:96:23:96:47 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:102:5:102:6 | ps : | semmle.label | ps : |
| ActiveRecordInjection.rb:102:10:102:15 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:103:5:103:7 | uid : | semmle.label | uid : |
| ActiveRecordInjection.rb:103:11:103:12 | ps : | semmle.label | ps : |
| ActiveRecordInjection.rb:103:11:103:17 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:104:5:104:9 | uidEq : | semmle.label | uidEq : |
| ActiveRecordInjection.rb:102:5:102:6 | ps | semmle.label | ps |
| ActiveRecordInjection.rb:102:10:102:15 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:103:5:103:7 | uid | semmle.label | uid |
| ActiveRecordInjection.rb:103:11:103:12 | ps | semmle.label | ps |
| ActiveRecordInjection.rb:103:11:103:17 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:104:5:104:9 | uidEq | semmle.label | uidEq |
| ActiveRecordInjection.rb:108:20:108:32 | ... + ... | semmle.label | ... + ... |
| ActiveRecordInjection.rb:141:21:141:26 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:141:21:141:44 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:141:21:141:26 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:141:21:141:44 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:155:27:155:76 | "this is an unsafe annotation:..." | semmle.label | "this is an unsafe annotation:..." |
| ActiveRecordInjection.rb:155:59:155:64 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:155:59:155:74 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:166:5:166:13 | my_params : | semmle.label | my_params : |
| ActiveRecordInjection.rb:166:17:166:32 | call to permitted_params : | semmle.label | call to permitted_params : |
| ActiveRecordInjection.rb:167:5:167:9 | query : | semmle.label | query : |
| ActiveRecordInjection.rb:167:47:167:55 | my_params : | semmle.label | my_params : |
| ActiveRecordInjection.rb:167:47:167:65 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:155:59:155:64 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:155:59:155:74 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:166:5:166:13 | my_params | semmle.label | my_params |
| ActiveRecordInjection.rb:166:17:166:32 | call to permitted_params | semmle.label | call to permitted_params |
| ActiveRecordInjection.rb:167:5:167:9 | query | semmle.label | query |
| ActiveRecordInjection.rb:167:47:167:55 | my_params | semmle.label | my_params |
| ActiveRecordInjection.rb:167:47:167:65 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:168:37:168:41 | query | semmle.label | query |
| ActiveRecordInjection.rb:173:5:173:10 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:173:5:173:27 | call to require : | semmle.label | call to require : |
| ActiveRecordInjection.rb:173:5:173:59 | call to permit : | semmle.label | call to permit : |
| ActiveRecordInjection.rb:173:5:173:10 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:173:5:173:27 | call to require | semmle.label | call to require |
| ActiveRecordInjection.rb:173:5:173:59 | call to permit | semmle.label | call to permit |
| ActiveRecordInjection.rb:177:43:177:104 | "SELECT * FROM users WHERE id ..." | semmle.label | "SELECT * FROM users WHERE id ..." |
| ActiveRecordInjection.rb:177:77:177:92 | call to permitted_params : | semmle.label | call to permitted_params : |
| ActiveRecordInjection.rb:177:77:177:102 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:177:77:177:92 | call to permitted_params | semmle.label | call to permitted_params |
| ActiveRecordInjection.rb:177:77:177:102 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:178:35:178:96 | "SELECT * FROM users WHERE id ..." | semmle.label | "SELECT * FROM users WHERE id ..." |
| ActiveRecordInjection.rb:178:69:178:84 | call to permitted_params : | semmle.label | call to permitted_params : |
| ActiveRecordInjection.rb:178:69:178:94 | ...[...] : | semmle.label | ...[...] : |
| ArelInjection.rb:4:5:4:8 | name : | semmle.label | name : |
| ArelInjection.rb:4:12:4:17 | call to params : | semmle.label | call to params : |
| ArelInjection.rb:4:12:4:29 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:178:69:178:84 | call to permitted_params | semmle.label | call to permitted_params |
| ActiveRecordInjection.rb:178:69:178:94 | ...[...] | semmle.label | ...[...] |
| ArelInjection.rb:4:5:4:8 | name | semmle.label | name |
| ArelInjection.rb:4:12:4:17 | call to params | semmle.label | call to params |
| ArelInjection.rb:4:12:4:29 | ...[...] | semmle.label | ...[...] |
| ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | semmle.label | "SELECT * FROM users WHERE nam..." |
subpaths
#select
| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:70:23:70:28 | call to params : | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:70:23:70:28 | call to params | user-provided value |
| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:70:38:70:43 | call to params : | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:70:38:70:43 | call to params | user-provided value |
| ActiveRecordInjection.rb:23:16:23:24 | condition | ActiveRecordInjection.rb:141:21:141:26 | call to params : | ActiveRecordInjection.rb:23:16:23:24 | condition | This SQL query depends on a $@. | ActiveRecordInjection.rb:141:21:141:26 | call to params | user-provided value |
| ActiveRecordInjection.rb:35:30:35:44 | ...[...] | ActiveRecordInjection.rb:35:30:35:35 | call to params : | ActiveRecordInjection.rb:35:30:35:44 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:35:30:35:35 | call to params | user-provided value |
| ActiveRecordInjection.rb:39:18:39:32 | ...[...] | ActiveRecordInjection.rb:39:18:39:23 | call to params : | ActiveRecordInjection.rb:39:18:39:32 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:39:18:39:23 | call to params | user-provided value |
| ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" | ActiveRecordInjection.rb:43:29:43:34 | call to params : | ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:43:29:43:34 | call to params | user-provided value |
| ActiveRecordInjection.rb:48:21:48:43 | "id = '#{...}'" | ActiveRecordInjection.rb:48:30:48:35 | call to params : | ActiveRecordInjection.rb:48:21:48:43 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:48:30:48:35 | call to params | user-provided value |
| ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" | ActiveRecordInjection.rb:52:31:52:36 | call to params : | ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:52:31:52:36 | call to params | user-provided value |
| ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" | ActiveRecordInjection.rb:57:32:57:37 | call to params : | ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:57:32:57:37 | call to params | user-provided value |
| ActiveRecordInjection.rb:61:16:61:21 | <<-SQL | ActiveRecordInjection.rb:62:21:62:26 | call to params : | ActiveRecordInjection.rb:61:16:61:21 | <<-SQL | This SQL query depends on a $@. | ActiveRecordInjection.rb:62:21:62:26 | call to params | user-provided value |
| ActiveRecordInjection.rb:68:20:68:47 | "user.id = '#{...}'" | ActiveRecordInjection.rb:68:34:68:39 | call to params : | ActiveRecordInjection.rb:68:20:68:47 | "user.id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:68:34:68:39 | call to params | user-provided value |
| ActiveRecordInjection.rb:74:32:74:54 | "id = '#{...}'" | ActiveRecordInjection.rb:74:41:74:46 | call to params : | ActiveRecordInjection.rb:74:32:74:54 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:74:41:74:46 | call to params | user-provided value |
| ActiveRecordInjection.rb:83:17:83:31 | ...[...] | ActiveRecordInjection.rb:83:17:83:22 | call to params : | ActiveRecordInjection.rb:83:17:83:31 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:83:17:83:22 | call to params | user-provided value |
| ActiveRecordInjection.rb:84:19:84:33 | ...[...] | ActiveRecordInjection.rb:84:19:84:24 | call to params : | ActiveRecordInjection.rb:84:19:84:33 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:84:19:84:24 | call to params | user-provided value |
| ActiveRecordInjection.rb:88:18:88:35 | ...[...] | ActiveRecordInjection.rb:88:18:88:23 | call to params : | ActiveRecordInjection.rb:88:18:88:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:88:18:88:23 | call to params | user-provided value |
| ActiveRecordInjection.rb:92:21:92:35 | ...[...] | ActiveRecordInjection.rb:92:21:92:26 | call to params : | ActiveRecordInjection.rb:92:21:92:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:92:21:92:26 | call to params | user-provided value |
| ActiveRecordInjection.rb:94:18:94:35 | ...[...] | ActiveRecordInjection.rb:94:18:94:23 | call to params : | ActiveRecordInjection.rb:94:18:94:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:94:18:94:23 | call to params | user-provided value |
| ActiveRecordInjection.rb:96:23:96:47 | ...[...] | ActiveRecordInjection.rb:96:23:96:28 | call to params : | ActiveRecordInjection.rb:96:23:96:47 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:96:23:96:28 | call to params | user-provided value |
| ActiveRecordInjection.rb:108:20:108:32 | ... + ... | ActiveRecordInjection.rb:102:10:102:15 | call to params : | ActiveRecordInjection.rb:108:20:108:32 | ... + ... | This SQL query depends on a $@. | ActiveRecordInjection.rb:102:10:102:15 | call to params | user-provided value |
| ActiveRecordInjection.rb:155:27:155:76 | "this is an unsafe annotation:..." | ActiveRecordInjection.rb:155:59:155:64 | call to params : | ActiveRecordInjection.rb:155:27:155:76 | "this is an unsafe annotation:..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:155:59:155:64 | call to params | user-provided value |
| ActiveRecordInjection.rb:168:37:168:41 | query | ActiveRecordInjection.rb:173:5:173:10 | call to params : | ActiveRecordInjection.rb:168:37:168:41 | query | This SQL query depends on a $@. | ActiveRecordInjection.rb:173:5:173:10 | call to params | user-provided value |
| ActiveRecordInjection.rb:177:43:177:104 | "SELECT * FROM users WHERE id ..." | ActiveRecordInjection.rb:173:5:173:10 | call to params : | ActiveRecordInjection.rb:177:43:177:104 | "SELECT * FROM users WHERE id ..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:173:5:173:10 | call to params | user-provided value |
| ActiveRecordInjection.rb:178:35:178:96 | "SELECT * FROM users WHERE id ..." | ActiveRecordInjection.rb:173:5:173:10 | call to params : | ActiveRecordInjection.rb:178:35:178:96 | "SELECT * FROM users WHERE id ..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:173:5:173:10 | call to params | user-provided value |
| ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | ArelInjection.rb:4:12:4:17 | call to params : | ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | This SQL query depends on a $@. | ArelInjection.rb:4:12:4:17 | call to params | user-provided value |
| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:70:23:70:28 | call to params | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:70:23:70:28 | call to params | user-provided value |
| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:70:38:70:43 | call to params | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:70:38:70:43 | call to params | user-provided value |
| ActiveRecordInjection.rb:23:16:23:24 | condition | ActiveRecordInjection.rb:141:21:141:26 | call to params | ActiveRecordInjection.rb:23:16:23:24 | condition | This SQL query depends on a $@. | ActiveRecordInjection.rb:141:21:141:26 | call to params | user-provided value |
| ActiveRecordInjection.rb:35:30:35:44 | ...[...] | ActiveRecordInjection.rb:35:30:35:35 | call to params | ActiveRecordInjection.rb:35:30:35:44 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:35:30:35:35 | call to params | user-provided value |
| ActiveRecordInjection.rb:39:18:39:32 | ...[...] | ActiveRecordInjection.rb:39:18:39:23 | call to params | ActiveRecordInjection.rb:39:18:39:32 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:39:18:39:23 | call to params | user-provided value |
| ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" | ActiveRecordInjection.rb:43:29:43:34 | call to params | ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:43:29:43:34 | call to params | user-provided value |
| ActiveRecordInjection.rb:48:21:48:43 | "id = '#{...}'" | ActiveRecordInjection.rb:48:30:48:35 | call to params | ActiveRecordInjection.rb:48:21:48:43 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:48:30:48:35 | call to params | user-provided value |
| ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" | ActiveRecordInjection.rb:52:31:52:36 | call to params | ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:52:31:52:36 | call to params | user-provided value |
| ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" | ActiveRecordInjection.rb:57:32:57:37 | call to params | ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:57:32:57:37 | call to params | user-provided value |
| ActiveRecordInjection.rb:61:16:61:21 | <<-SQL | ActiveRecordInjection.rb:62:21:62:26 | call to params | ActiveRecordInjection.rb:61:16:61:21 | <<-SQL | This SQL query depends on a $@. | ActiveRecordInjection.rb:62:21:62:26 | call to params | user-provided value |
| ActiveRecordInjection.rb:68:20:68:47 | "user.id = '#{...}'" | ActiveRecordInjection.rb:68:34:68:39 | call to params | ActiveRecordInjection.rb:68:20:68:47 | "user.id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:68:34:68:39 | call to params | user-provided value |
| ActiveRecordInjection.rb:74:32:74:54 | "id = '#{...}'" | ActiveRecordInjection.rb:74:41:74:46 | call to params | ActiveRecordInjection.rb:74:32:74:54 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:74:41:74:46 | call to params | user-provided value |
| ActiveRecordInjection.rb:83:17:83:31 | ...[...] | ActiveRecordInjection.rb:83:17:83:22 | call to params | ActiveRecordInjection.rb:83:17:83:31 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:83:17:83:22 | call to params | user-provided value |
| ActiveRecordInjection.rb:84:19:84:33 | ...[...] | ActiveRecordInjection.rb:84:19:84:24 | call to params | ActiveRecordInjection.rb:84:19:84:33 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:84:19:84:24 | call to params | user-provided value |
| ActiveRecordInjection.rb:88:18:88:35 | ...[...] | ActiveRecordInjection.rb:88:18:88:23 | call to params | ActiveRecordInjection.rb:88:18:88:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:88:18:88:23 | call to params | user-provided value |
| ActiveRecordInjection.rb:92:21:92:35 | ...[...] | ActiveRecordInjection.rb:92:21:92:26 | call to params | ActiveRecordInjection.rb:92:21:92:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:92:21:92:26 | call to params | user-provided value |
| ActiveRecordInjection.rb:94:18:94:35 | ...[...] | ActiveRecordInjection.rb:94:18:94:23 | call to params | ActiveRecordInjection.rb:94:18:94:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:94:18:94:23 | call to params | user-provided value |
| ActiveRecordInjection.rb:96:23:96:47 | ...[...] | ActiveRecordInjection.rb:96:23:96:28 | call to params | ActiveRecordInjection.rb:96:23:96:47 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:96:23:96:28 | call to params | user-provided value |
| ActiveRecordInjection.rb:108:20:108:32 | ... + ... | ActiveRecordInjection.rb:102:10:102:15 | call to params | ActiveRecordInjection.rb:108:20:108:32 | ... + ... | This SQL query depends on a $@. | ActiveRecordInjection.rb:102:10:102:15 | call to params | user-provided value |
| ActiveRecordInjection.rb:155:27:155:76 | "this is an unsafe annotation:..." | ActiveRecordInjection.rb:155:59:155:64 | call to params | ActiveRecordInjection.rb:155:27:155:76 | "this is an unsafe annotation:..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:155:59:155:64 | call to params | user-provided value |
| ActiveRecordInjection.rb:168:37:168:41 | query | ActiveRecordInjection.rb:173:5:173:10 | call to params | ActiveRecordInjection.rb:168:37:168:41 | query | This SQL query depends on a $@. | ActiveRecordInjection.rb:173:5:173:10 | call to params | user-provided value |
| ActiveRecordInjection.rb:177:43:177:104 | "SELECT * FROM users WHERE id ..." | ActiveRecordInjection.rb:173:5:173:10 | call to params | ActiveRecordInjection.rb:177:43:177:104 | "SELECT * FROM users WHERE id ..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:173:5:173:10 | call to params | user-provided value |
| ActiveRecordInjection.rb:178:35:178:96 | "SELECT * FROM users WHERE id ..." | ActiveRecordInjection.rb:173:5:173:10 | call to params | ActiveRecordInjection.rb:178:35:178:96 | "SELECT * FROM users WHERE id ..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:173:5:173:10 | call to params | user-provided value |
| ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | ArelInjection.rb:4:12:4:17 | call to params | ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | This SQL query depends on a $@. | ArelInjection.rb:4:12:4:17 | call to params | user-provided value |

160
ruby/ql/test/query-tests/security/cwe-094/CodeInjection/CodeInjection.expected
View File

@@ -1,51 +1,51 @@
edges
| CodeInjection.rb:5:5:5:8 | code : | CodeInjection.rb:8:10:8:13 | code |
| CodeInjection.rb:5:5:5:8 | code : | CodeInjection.rb:8:10:8:13 | code |
| CodeInjection.rb:5:5:5:8 | code : | CodeInjection.rb:20:20:20:23 | code |
| CodeInjection.rb:5:5:5:8 | code : | CodeInjection.rb:20:20:20:23 | code |
| CodeInjection.rb:5:5:5:8 | code : | CodeInjection.rb:23:21:23:24 | code |
| CodeInjection.rb:5:5:5:8 | code : | CodeInjection.rb:23:21:23:24 | code |
| CodeInjection.rb:5:5:5:8 | code : | CodeInjection.rb:29:15:29:18 | code |
| CodeInjection.rb:5:5:5:8 | code : | CodeInjection.rb:32:19:32:22 | code |
| CodeInjection.rb:5:5:5:8 | code : | CodeInjection.rb:38:24:38:27 | code : |
| CodeInjection.rb:5:5:5:8 | code : | CodeInjection.rb:38:24:38:27 | code : |
| CodeInjection.rb:5:5:5:8 | code : | CodeInjection.rb:41:40:41:43 | code |
| CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:5:12:5:24 | ...[...] : |
| CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:5:12:5:24 | ...[...] : |
| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:5:5:5:8 | code : |
| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:5:5:5:8 | code : |
| CodeInjection.rb:38:24:38:27 | code : | CodeInjection.rb:38:10:38:28 | call to escape |
| CodeInjection.rb:38:24:38:27 | code : | CodeInjection.rb:38:10:38:28 | call to escape |
| CodeInjection.rb:78:5:78:8 | code : | CodeInjection.rb:80:16:80:19 | code |
| CodeInjection.rb:78:5:78:8 | code : | CodeInjection.rb:86:10:86:37 | ... + ... |
| CodeInjection.rb:78:5:78:8 | code : | CodeInjection.rb:88:10:88:32 | "prefix_#{...}_suffix" |
| CodeInjection.rb:78:5:78:8 | code : | CodeInjection.rb:90:10:90:13 | code |
| CodeInjection.rb:78:5:78:8 | code : | CodeInjection.rb:90:10:90:13 | code |
| CodeInjection.rb:78:12:78:17 | call to params : | CodeInjection.rb:78:12:78:24 | ...[...] : |
| CodeInjection.rb:78:12:78:17 | call to params : | CodeInjection.rb:78:12:78:24 | ...[...] : |
| CodeInjection.rb:78:12:78:24 | ...[...] : | CodeInjection.rb:78:5:78:8 | code : |
| CodeInjection.rb:78:12:78:24 | ...[...] : | CodeInjection.rb:78:5:78:8 | code : |
| CodeInjection.rb:101:3:102:5 | self in index [@foo] : | CodeInjection.rb:111:3:113:5 | self in baz [@foo] : |
| CodeInjection.rb:101:3:102:5 | self in index [@foo] : | CodeInjection.rb:111:3:113:5 | self in baz [@foo] : |
| CodeInjection.rb:105:5:105:8 | [post] self [@foo] : | CodeInjection.rb:108:3:109:5 | self in bar [@foo] : |
| CodeInjection.rb:105:5:105:8 | [post] self [@foo] : | CodeInjection.rb:108:3:109:5 | self in bar [@foo] : |
| CodeInjection.rb:105:12:105:17 | call to params : | CodeInjection.rb:105:12:105:23 | ...[...] : |
| CodeInjection.rb:105:12:105:17 | call to params : | CodeInjection.rb:105:12:105:23 | ...[...] : |
| CodeInjection.rb:105:12:105:23 | ...[...] : | CodeInjection.rb:105:5:105:8 | [post] self [@foo] : |
| CodeInjection.rb:105:12:105:23 | ...[...] : | CodeInjection.rb:105:5:105:8 | [post] self [@foo] : |
| CodeInjection.rb:108:3:109:5 | self in bar [@foo] : | CodeInjection.rb:101:3:102:5 | self in index [@foo] : |
| CodeInjection.rb:108:3:109:5 | self in bar [@foo] : | CodeInjection.rb:101:3:102:5 | self in index [@foo] : |
| CodeInjection.rb:111:3:113:5 | self in baz [@foo] : | CodeInjection.rb:112:10:112:13 | self [@foo] : |
| CodeInjection.rb:111:3:113:5 | self in baz [@foo] : | CodeInjection.rb:112:10:112:13 | self [@foo] : |
| CodeInjection.rb:112:10:112:13 | self [@foo] : | CodeInjection.rb:112:10:112:13 | @foo |
| CodeInjection.rb:112:10:112:13 | self [@foo] : | CodeInjection.rb:112:10:112:13 | @foo |
| CodeInjection.rb:5:5:5:8 | code | CodeInjection.rb:8:10:8:13 | code |
| CodeInjection.rb:5:5:5:8 | code | CodeInjection.rb:8:10:8:13 | code |
| CodeInjection.rb:5:5:5:8 | code | CodeInjection.rb:20:20:20:23 | code |
| CodeInjection.rb:5:5:5:8 | code | CodeInjection.rb:20:20:20:23 | code |
| CodeInjection.rb:5:5:5:8 | code | CodeInjection.rb:23:21:23:24 | code |
| CodeInjection.rb:5:5:5:8 | code | CodeInjection.rb:23:21:23:24 | code |
| CodeInjection.rb:5:5:5:8 | code | CodeInjection.rb:29:15:29:18 | code |
| CodeInjection.rb:5:5:5:8 | code | CodeInjection.rb:32:19:32:22 | code |
| CodeInjection.rb:5:5:5:8 | code | CodeInjection.rb:38:24:38:27 | code |
| CodeInjection.rb:5:5:5:8 | code | CodeInjection.rb:38:24:38:27 | code |
| CodeInjection.rb:5:5:5:8 | code | CodeInjection.rb:41:40:41:43 | code |
| CodeInjection.rb:5:12:5:17 | call to params | CodeInjection.rb:5:12:5:24 | ...[...] |
| CodeInjection.rb:5:12:5:17 | call to params | CodeInjection.rb:5:12:5:24 | ...[...] |
| CodeInjection.rb:5:12:5:24 | ...[...] | CodeInjection.rb:5:5:5:8 | code |
| CodeInjection.rb:5:12:5:24 | ...[...] | CodeInjection.rb:5:5:5:8 | code |
| CodeInjection.rb:38:24:38:27 | code | CodeInjection.rb:38:10:38:28 | call to escape |
| CodeInjection.rb:38:24:38:27 | code | CodeInjection.rb:38:10:38:28 | call to escape |
| CodeInjection.rb:78:5:78:8 | code | CodeInjection.rb:80:16:80:19 | code |
| CodeInjection.rb:78:5:78:8 | code | CodeInjection.rb:86:10:86:37 | ... + ... |
| CodeInjection.rb:78:5:78:8 | code | CodeInjection.rb:88:10:88:32 | "prefix_#{...}_suffix" |
| CodeInjection.rb:78:5:78:8 | code | CodeInjection.rb:90:10:90:13 | code |
| CodeInjection.rb:78:5:78:8 | code | CodeInjection.rb:90:10:90:13 | code |
| CodeInjection.rb:78:12:78:17 | call to params | CodeInjection.rb:78:12:78:24 | ...[...] |
| CodeInjection.rb:78:12:78:17 | call to params | CodeInjection.rb:78:12:78:24 | ...[...] |
| CodeInjection.rb:78:12:78:24 | ...[...] | CodeInjection.rb:78:5:78:8 | code |
| CodeInjection.rb:78:12:78:24 | ...[...] | CodeInjection.rb:78:5:78:8 | code |
| CodeInjection.rb:101:3:102:5 | self in index [@foo] | CodeInjection.rb:111:3:113:5 | self in baz [@foo] |
| CodeInjection.rb:101:3:102:5 | self in index [@foo] | CodeInjection.rb:111:3:113:5 | self in baz [@foo] |
| CodeInjection.rb:105:5:105:8 | [post] self [@foo] | CodeInjection.rb:108:3:109:5 | self in bar [@foo] |
| CodeInjection.rb:105:5:105:8 | [post] self [@foo] | CodeInjection.rb:108:3:109:5 | self in bar [@foo] |
| CodeInjection.rb:105:12:105:17 | call to params | CodeInjection.rb:105:12:105:23 | ...[...] |
| CodeInjection.rb:105:12:105:17 | call to params | CodeInjection.rb:105:12:105:23 | ...[...] |
| CodeInjection.rb:105:12:105:23 | ...[...] | CodeInjection.rb:105:5:105:8 | [post] self [@foo] |
| CodeInjection.rb:105:12:105:23 | ...[...] | CodeInjection.rb:105:5:105:8 | [post] self [@foo] |
| CodeInjection.rb:108:3:109:5 | self in bar [@foo] | CodeInjection.rb:101:3:102:5 | self in index [@foo] |
| CodeInjection.rb:108:3:109:5 | self in bar [@foo] | CodeInjection.rb:101:3:102:5 | self in index [@foo] |
| CodeInjection.rb:111:3:113:5 | self in baz [@foo] | CodeInjection.rb:112:10:112:13 | self [@foo] |
| CodeInjection.rb:111:3:113:5 | self in baz [@foo] | CodeInjection.rb:112:10:112:13 | self [@foo] |
| CodeInjection.rb:112:10:112:13 | self [@foo] | CodeInjection.rb:112:10:112:13 | @foo |
| CodeInjection.rb:112:10:112:13 | self [@foo] | CodeInjection.rb:112:10:112:13 | @foo |
nodes
| CodeInjection.rb:5:5:5:8 | code : | semmle.label | code : |
| CodeInjection.rb:5:5:5:8 | code : | semmle.label | code : |
| CodeInjection.rb:5:12:5:17 | call to params : | semmle.label | call to params : |
| CodeInjection.rb:5:12:5:17 | call to params : | semmle.label | call to params : |
| CodeInjection.rb:5:12:5:24 | ...[...] : | semmle.label | ...[...] : |
| CodeInjection.rb:5:12:5:24 | ...[...] : | semmle.label | ...[...] : |
| CodeInjection.rb:5:5:5:8 | code | semmle.label | code |
| CodeInjection.rb:5:5:5:8 | code | semmle.label | code |
| CodeInjection.rb:5:12:5:17 | call to params | semmle.label | call to params |
| CodeInjection.rb:5:12:5:17 | call to params | semmle.label | call to params |
| CodeInjection.rb:5:12:5:24 | ...[...] | semmle.label | ...[...] |
| CodeInjection.rb:5:12:5:24 | ...[...] | semmle.label | ...[...] |
| CodeInjection.rb:8:10:8:13 | code | semmle.label | code |
| CodeInjection.rb:8:10:8:13 | code | semmle.label | code |
| CodeInjection.rb:11:10:11:15 | call to params | semmle.label | call to params |
@@ -58,48 +58,48 @@ nodes
| CodeInjection.rb:32:19:32:22 | code | semmle.label | code |
| CodeInjection.rb:38:10:38:28 | call to escape | semmle.label | call to escape |
| CodeInjection.rb:38:10:38:28 | call to escape | semmle.label | call to escape |
| CodeInjection.rb:38:24:38:27 | code : | semmle.label | code : |
| CodeInjection.rb:38:24:38:27 | code : | semmle.label | code : |
| CodeInjection.rb:38:24:38:27 | code | semmle.label | code |
| CodeInjection.rb:38:24:38:27 | code | semmle.label | code |
| CodeInjection.rb:41:40:41:43 | code | semmle.label | code |
| CodeInjection.rb:78:5:78:8 | code : | semmle.label | code : |
| CodeInjection.rb:78:5:78:8 | code : | semmle.label | code : |
| CodeInjection.rb:78:12:78:17 | call to params : | semmle.label | call to params : |
| CodeInjection.rb:78:12:78:17 | call to params : | semmle.label | call to params : |
| CodeInjection.rb:78:12:78:24 | ...[...] : | semmle.label | ...[...] : |
| CodeInjection.rb:78:12:78:24 | ...[...] : | semmle.label | ...[...] : |
| CodeInjection.rb:78:5:78:8 | code | semmle.label | code |
| CodeInjection.rb:78:5:78:8 | code | semmle.label | code |
| CodeInjection.rb:78:12:78:17 | call to params | semmle.label | call to params |
| CodeInjection.rb:78:12:78:17 | call to params | semmle.label | call to params |
| CodeInjection.rb:78:12:78:24 | ...[...] | semmle.label | ...[...] |
| CodeInjection.rb:78:12:78:24 | ...[...] | semmle.label | ...[...] |
| CodeInjection.rb:80:16:80:19 | code | semmle.label | code |
| CodeInjection.rb:86:10:86:37 | ... + ... | semmle.label | ... + ... |
| CodeInjection.rb:88:10:88:32 | "prefix_#{...}_suffix" | semmle.label | "prefix_#{...}_suffix" |
| CodeInjection.rb:90:10:90:13 | code | semmle.label | code |
| CodeInjection.rb:90:10:90:13 | code | semmle.label | code |
| CodeInjection.rb:101:3:102:5 | self in index [@foo] : | semmle.label | self in index [@foo] : |
| CodeInjection.rb:101:3:102:5 | self in index [@foo] : | semmle.label | self in index [@foo] : |
| CodeInjection.rb:105:5:105:8 | [post] self [@foo] : | semmle.label | [post] self [@foo] : |
| CodeInjection.rb:105:5:105:8 | [post] self [@foo] : | semmle.label | [post] self [@foo] : |
| CodeInjection.rb:105:12:105:17 | call to params : | semmle.label | call to params : |
| CodeInjection.rb:105:12:105:17 | call to params : | semmle.label | call to params : |
| CodeInjection.rb:105:12:105:23 | ...[...] : | semmle.label | ...[...] : |
| CodeInjection.rb:105:12:105:23 | ...[...] : | semmle.label | ...[...] : |
| CodeInjection.rb:108:3:109:5 | self in bar [@foo] : | semmle.label | self in bar [@foo] : |
| CodeInjection.rb:108:3:109:5 | self in bar [@foo] : | semmle.label | self in bar [@foo] : |
| CodeInjection.rb:111:3:113:5 | self in baz [@foo] : | semmle.label | self in baz [@foo] : |
| CodeInjection.rb:111:3:113:5 | self in baz [@foo] : | semmle.label | self in baz [@foo] : |
| CodeInjection.rb:101:3:102:5 | self in index [@foo] | semmle.label | self in index [@foo] |
| CodeInjection.rb:101:3:102:5 | self in index [@foo] | semmle.label | self in index [@foo] |
| CodeInjection.rb:105:5:105:8 | [post] self [@foo] | semmle.label | [post] self [@foo] |
| CodeInjection.rb:105:5:105:8 | [post] self [@foo] | semmle.label | [post] self [@foo] |
| CodeInjection.rb:105:12:105:17 | call to params | semmle.label | call to params |
| CodeInjection.rb:105:12:105:17 | call to params | semmle.label | call to params |
| CodeInjection.rb:105:12:105:23 | ...[...] | semmle.label | ...[...] |
| CodeInjection.rb:105:12:105:23 | ...[...] | semmle.label | ...[...] |
| CodeInjection.rb:108:3:109:5 | self in bar [@foo] | semmle.label | self in bar [@foo] |
| CodeInjection.rb:108:3:109:5 | self in bar [@foo] | semmle.label | self in bar [@foo] |
| CodeInjection.rb:111:3:113:5 | self in baz [@foo] | semmle.label | self in baz [@foo] |
| CodeInjection.rb:111:3:113:5 | self in baz [@foo] | semmle.label | self in baz [@foo] |
| CodeInjection.rb:112:10:112:13 | @foo | semmle.label | @foo |
| CodeInjection.rb:112:10:112:13 | @foo | semmle.label | @foo |
| CodeInjection.rb:112:10:112:13 | self [@foo] : | semmle.label | self [@foo] : |
| CodeInjection.rb:112:10:112:13 | self [@foo] : | semmle.label | self [@foo] : |
| CodeInjection.rb:112:10:112:13 | self [@foo] | semmle.label | self [@foo] |
| CodeInjection.rb:112:10:112:13 | self [@foo] | semmle.label | self [@foo] |
subpaths
#select
| CodeInjection.rb:8:10:8:13 | code | CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:8:10:8:13 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
| CodeInjection.rb:8:10:8:13 | code | CodeInjection.rb:5:12:5:17 | call to params | CodeInjection.rb:8:10:8:13 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
| CodeInjection.rb:11:10:11:15 | call to params | CodeInjection.rb:11:10:11:15 | call to params | CodeInjection.rb:11:10:11:15 | call to params | This code execution depends on a $@. | CodeInjection.rb:11:10:11:15 | call to params | user-provided value |
| CodeInjection.rb:20:20:20:23 | code | CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:20:20:20:23 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
| CodeInjection.rb:23:21:23:24 | code | CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:23:21:23:24 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
| CodeInjection.rb:29:15:29:18 | code | CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:29:15:29:18 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
| CodeInjection.rb:32:19:32:22 | code | CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:32:19:32:22 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
| CodeInjection.rb:38:10:38:28 | call to escape | CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:38:10:38:28 | call to escape | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
| CodeInjection.rb:41:40:41:43 | code | CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:41:40:41:43 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
| CodeInjection.rb:80:16:80:19 | code | CodeInjection.rb:78:12:78:17 | call to params : | CodeInjection.rb:80:16:80:19 | code | This code execution depends on a $@. | CodeInjection.rb:78:12:78:17 | call to params | user-provided value |
| CodeInjection.rb:86:10:86:37 | ... + ... | CodeInjection.rb:78:12:78:17 | call to params : | CodeInjection.rb:86:10:86:37 | ... + ... | This code execution depends on a $@. | CodeInjection.rb:78:12:78:17 | call to params | user-provided value |
| CodeInjection.rb:88:10:88:32 | "prefix_#{...}_suffix" | CodeInjection.rb:78:12:78:17 | call to params : | CodeInjection.rb:88:10:88:32 | "prefix_#{...}_suffix" | This code execution depends on a $@. | CodeInjection.rb:78:12:78:17 | call to params | user-provided value |
| CodeInjection.rb:90:10:90:13 | code | CodeInjection.rb:78:12:78:17 | call to params : | CodeInjection.rb:90:10:90:13 | code | This code execution depends on a $@. | CodeInjection.rb:78:12:78:17 | call to params | user-provided value |
| CodeInjection.rb:112:10:112:13 | @foo | CodeInjection.rb:105:12:105:17 | call to params : | CodeInjection.rb:112:10:112:13 | @foo | This code execution depends on a $@. | CodeInjection.rb:105:12:105:17 | call to params | user-provided value |
| CodeInjection.rb:20:20:20:23 | code | CodeInjection.rb:5:12:5:17 | call to params | CodeInjection.rb:20:20:20:23 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
| CodeInjection.rb:23:21:23:24 | code | CodeInjection.rb:5:12:5:17 | call to params | CodeInjection.rb:23:21:23:24 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
| CodeInjection.rb:29:15:29:18 | code | CodeInjection.rb:5:12:5:17 | call to params | CodeInjection.rb:29:15:29:18 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
| CodeInjection.rb:32:19:32:22 | code | CodeInjection.rb:5:12:5:17 | call to params | CodeInjection.rb:32:19:32:22 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
| CodeInjection.rb:38:10:38:28 | call to escape | CodeInjection.rb:5:12:5:17 | call to params | CodeInjection.rb:38:10:38:28 | call to escape | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
| CodeInjection.rb:41:40:41:43 | code | CodeInjection.rb:5:12:5:17 | call to params | CodeInjection.rb:41:40:41:43 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
| CodeInjection.rb:80:16:80:19 | code | CodeInjection.rb:78:12:78:17 | call to params | CodeInjection.rb:80:16:80:19 | code | This code execution depends on a $@. | CodeInjection.rb:78:12:78:17 | call to params | user-provided value |
| CodeInjection.rb:86:10:86:37 | ... + ... | CodeInjection.rb:78:12:78:17 | call to params | CodeInjection.rb:86:10:86:37 | ... + ... | This code execution depends on a $@. | CodeInjection.rb:78:12:78:17 | call to params | user-provided value |
| CodeInjection.rb:88:10:88:32 | "prefix_#{...}_suffix" | CodeInjection.rb:78:12:78:17 | call to params | CodeInjection.rb:88:10:88:32 | "prefix_#{...}_suffix" | This code execution depends on a $@. | CodeInjection.rb:78:12:78:17 | call to params | user-provided value |
| CodeInjection.rb:90:10:90:13 | code | CodeInjection.rb:78:12:78:17 | call to params | CodeInjection.rb:90:10:90:13 | code | This code execution depends on a $@. | CodeInjection.rb:78:12:78:17 | call to params | user-provided value |
| CodeInjection.rb:112:10:112:13 | @foo | CodeInjection.rb:105:12:105:17 | call to params | CodeInjection.rb:112:10:112:13 | @foo | This code execution depends on a $@. | CodeInjection.rb:105:12:105:17 | call to params | user-provided value |

108
ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/UnsafeCodeConstruction.expected
View File

@@ -1,69 +1,69 @@
edges
| impl/unsafeCode.rb:2:12:2:17 | target : | impl/unsafeCode.rb:3:17:3:25 | #{...} |
| impl/unsafeCode.rb:7:12:7:12 | x : | impl/unsafeCode.rb:8:30:8:30 | x |
| impl/unsafeCode.rb:12:12:12:12 | x : | impl/unsafeCode.rb:13:33:13:33 | x |
| impl/unsafeCode.rb:28:17:28:22 | my_arr : | impl/unsafeCode.rb:29:10:29:15 | my_arr |
| impl/unsafeCode.rb:32:21:32:21 | x : | impl/unsafeCode.rb:33:12:33:12 | x : |
| impl/unsafeCode.rb:33:5:33:7 | arr [element 0] : | impl/unsafeCode.rb:34:10:34:12 | arr |
| impl/unsafeCode.rb:33:12:33:12 | x : | impl/unsafeCode.rb:33:5:33:7 | arr [element 0] : |
| impl/unsafeCode.rb:37:15:37:15 | x : | impl/unsafeCode.rb:39:14:39:14 | x : |
| impl/unsafeCode.rb:39:5:39:7 | [post] arr [element] : | impl/unsafeCode.rb:40:10:40:12 | arr |
| impl/unsafeCode.rb:39:5:39:7 | [post] arr [element] : | impl/unsafeCode.rb:44:10:44:12 | arr |
| impl/unsafeCode.rb:39:14:39:14 | x : | impl/unsafeCode.rb:39:5:39:7 | [post] arr [element] : |
| impl/unsafeCode.rb:47:15:47:15 | x : | impl/unsafeCode.rb:49:9:49:12 | #{...} |
| impl/unsafeCode.rb:54:21:54:21 | x : | impl/unsafeCode.rb:55:22:55:22 | x |
| impl/unsafeCode.rb:59:21:59:21 | x : | impl/unsafeCode.rb:60:17:60:17 | x : |
| impl/unsafeCode.rb:59:24:59:24 | y : | impl/unsafeCode.rb:63:30:63:30 | y : |
| impl/unsafeCode.rb:60:5:60:7 | arr [element 0] : | impl/unsafeCode.rb:61:10:61:12 | arr |
| impl/unsafeCode.rb:60:11:60:18 | call to Array [element 0] : | impl/unsafeCode.rb:60:5:60:7 | arr [element 0] : |
| impl/unsafeCode.rb:60:17:60:17 | x : | impl/unsafeCode.rb:60:11:60:18 | call to Array [element 0] : |
| impl/unsafeCode.rb:63:5:63:8 | arr2 [element 0] : | impl/unsafeCode.rb:64:10:64:13 | arr2 |
| impl/unsafeCode.rb:63:13:63:32 | call to Array [element 1] : | impl/unsafeCode.rb:63:13:63:42 | call to join : |
| impl/unsafeCode.rb:63:13:63:42 | call to join : | impl/unsafeCode.rb:63:5:63:8 | arr2 [element 0] : |
| impl/unsafeCode.rb:63:30:63:30 | y : | impl/unsafeCode.rb:63:13:63:32 | call to Array [element 1] : |
| impl/unsafeCode.rb:2:12:2:17 | target | impl/unsafeCode.rb:3:17:3:25 | #{...} |
| impl/unsafeCode.rb:7:12:7:12 | x | impl/unsafeCode.rb:8:30:8:30 | x |
| impl/unsafeCode.rb:12:12:12:12 | x | impl/unsafeCode.rb:13:33:13:33 | x |
| impl/unsafeCode.rb:28:17:28:22 | my_arr | impl/unsafeCode.rb:29:10:29:15 | my_arr |
| impl/unsafeCode.rb:32:21:32:21 | x | impl/unsafeCode.rb:33:12:33:12 | x |
| impl/unsafeCode.rb:33:5:33:7 | arr [element 0] | impl/unsafeCode.rb:34:10:34:12 | arr |
| impl/unsafeCode.rb:33:12:33:12 | x | impl/unsafeCode.rb:33:5:33:7 | arr [element 0] |
| impl/unsafeCode.rb:37:15:37:15 | x | impl/unsafeCode.rb:39:14:39:14 | x |
| impl/unsafeCode.rb:39:5:39:7 | [post] arr [element] | impl/unsafeCode.rb:40:10:40:12 | arr |
| impl/unsafeCode.rb:39:5:39:7 | [post] arr [element] | impl/unsafeCode.rb:44:10:44:12 | arr |
| impl/unsafeCode.rb:39:14:39:14 | x | impl/unsafeCode.rb:39:5:39:7 | [post] arr [element] |
| impl/unsafeCode.rb:47:15:47:15 | x | impl/unsafeCode.rb:49:9:49:12 | #{...} |
| impl/unsafeCode.rb:54:21:54:21 | x | impl/unsafeCode.rb:55:22:55:22 | x |
| impl/unsafeCode.rb:59:21:59:21 | x | impl/unsafeCode.rb:60:17:60:17 | x |
| impl/unsafeCode.rb:59:24:59:24 | y | impl/unsafeCode.rb:63:30:63:30 | y |
| impl/unsafeCode.rb:60:5:60:7 | arr [element 0] | impl/unsafeCode.rb:61:10:61:12 | arr |
| impl/unsafeCode.rb:60:11:60:18 | call to Array [element 0] | impl/unsafeCode.rb:60:5:60:7 | arr [element 0] |
| impl/unsafeCode.rb:60:17:60:17 | x | impl/unsafeCode.rb:60:11:60:18 | call to Array [element 0] |
| impl/unsafeCode.rb:63:5:63:8 | arr2 [element 0] | impl/unsafeCode.rb:64:10:64:13 | arr2 |
| impl/unsafeCode.rb:63:13:63:32 | call to Array [element 1] | impl/unsafeCode.rb:63:13:63:42 | call to join |
| impl/unsafeCode.rb:63:13:63:42 | call to join | impl/unsafeCode.rb:63:5:63:8 | arr2 [element 0] |
| impl/unsafeCode.rb:63:30:63:30 | y | impl/unsafeCode.rb:63:13:63:32 | call to Array [element 1] |
nodes
| impl/unsafeCode.rb:2:12:2:17 | target : | semmle.label | target : |
| impl/unsafeCode.rb:2:12:2:17 | target | semmle.label | target |
| impl/unsafeCode.rb:3:17:3:25 | #{...} | semmle.label | #{...} |
| impl/unsafeCode.rb:7:12:7:12 | x : | semmle.label | x : |
| impl/unsafeCode.rb:7:12:7:12 | x | semmle.label | x |
| impl/unsafeCode.rb:8:30:8:30 | x | semmle.label | x |
| impl/unsafeCode.rb:12:12:12:12 | x : | semmle.label | x : |
| impl/unsafeCode.rb:12:12:12:12 | x | semmle.label | x |
| impl/unsafeCode.rb:13:33:13:33 | x | semmle.label | x |
| impl/unsafeCode.rb:28:17:28:22 | my_arr : | semmle.label | my_arr : |
| impl/unsafeCode.rb:28:17:28:22 | my_arr | semmle.label | my_arr |
| impl/unsafeCode.rb:29:10:29:15 | my_arr | semmle.label | my_arr |
| impl/unsafeCode.rb:32:21:32:21 | x : | semmle.label | x : |
| impl/unsafeCode.rb:33:5:33:7 | arr [element 0] : | semmle.label | arr [element 0] : |
| impl/unsafeCode.rb:33:12:33:12 | x : | semmle.label | x : |
| impl/unsafeCode.rb:32:21:32:21 | x | semmle.label | x |
| impl/unsafeCode.rb:33:5:33:7 | arr [element 0] | semmle.label | arr [element 0] |
| impl/unsafeCode.rb:33:12:33:12 | x | semmle.label | x |
| impl/unsafeCode.rb:34:10:34:12 | arr | semmle.label | arr |
| impl/unsafeCode.rb:37:15:37:15 | x : | semmle.label | x : |
| impl/unsafeCode.rb:39:5:39:7 | [post] arr [element] : | semmle.label | [post] arr [element] : |
| impl/unsafeCode.rb:39:14:39:14 | x : | semmle.label | x : |
| impl/unsafeCode.rb:37:15:37:15 | x | semmle.label | x |
| impl/unsafeCode.rb:39:5:39:7 | [post] arr [element] | semmle.label | [post] arr [element] |
| impl/unsafeCode.rb:39:14:39:14 | x | semmle.label | x |
| impl/unsafeCode.rb:40:10:40:12 | arr | semmle.label | arr |
| impl/unsafeCode.rb:44:10:44:12 | arr | semmle.label | arr |
| impl/unsafeCode.rb:47:15:47:15 | x : | semmle.label | x : |
| impl/unsafeCode.rb:47:15:47:15 | x | semmle.label | x |
| impl/unsafeCode.rb:49:9:49:12 | #{...} | semmle.label | #{...} |
| impl/unsafeCode.rb:54:21:54:21 | x : | semmle.label | x : |
| impl/unsafeCode.rb:54:21:54:21 | x | semmle.label | x |
| impl/unsafeCode.rb:55:22:55:22 | x | semmle.label | x |
| impl/unsafeCode.rb:59:21:59:21 | x : | semmle.label | x : |
| impl/unsafeCode.rb:59:24:59:24 | y : | semmle.label | y : |
| impl/unsafeCode.rb:60:5:60:7 | arr [element 0] : | semmle.label | arr [element 0] : |
| impl/unsafeCode.rb:60:11:60:18 | call to Array [element 0] : | semmle.label | call to Array [element 0] : |
| impl/unsafeCode.rb:60:17:60:17 | x : | semmle.label | x : |
| impl/unsafeCode.rb:59:21:59:21 | x | semmle.label | x |
| impl/unsafeCode.rb:59:24:59:24 | y | semmle.label | y |
| impl/unsafeCode.rb:60:5:60:7 | arr [element 0] | semmle.label | arr [element 0] |
| impl/unsafeCode.rb:60:11:60:18 | call to Array [element 0] | semmle.label | call to Array [element 0] |
| impl/unsafeCode.rb:60:17:60:17 | x | semmle.label | x |
| impl/unsafeCode.rb:61:10:61:12 | arr | semmle.label | arr |
| impl/unsafeCode.rb:63:5:63:8 | arr2 [element 0] : | semmle.label | arr2 [element 0] : |
| impl/unsafeCode.rb:63:13:63:32 | call to Array [element 1] : | semmle.label | call to Array [element 1] : |
| impl/unsafeCode.rb:63:13:63:42 | call to join : | semmle.label | call to join : |
| impl/unsafeCode.rb:63:30:63:30 | y : | semmle.label | y : |
| impl/unsafeCode.rb:63:5:63:8 | arr2 [element 0] | semmle.label | arr2 [element 0] |
| impl/unsafeCode.rb:63:13:63:32 | call to Array [element 1] | semmle.label | call to Array [element 1] |
| impl/unsafeCode.rb:63:13:63:42 | call to join | semmle.label | call to join |
| impl/unsafeCode.rb:63:30:63:30 | y | semmle.label | y |
| impl/unsafeCode.rb:64:10:64:13 | arr2 | semmle.label | arr2 |
subpaths
#select
| impl/unsafeCode.rb:3:17:3:25 | #{...} | impl/unsafeCode.rb:2:12:2:17 | target : | impl/unsafeCode.rb:3:17:3:25 | #{...} | This string interpolation which depends on $@ is later $@. | impl/unsafeCode.rb:2:12:2:17 | target | library input | impl/unsafeCode.rb:3:5:3:27 | call to eval | interpreted as code |
| impl/unsafeCode.rb:8:30:8:30 | x | impl/unsafeCode.rb:7:12:7:12 | x : | impl/unsafeCode.rb:8:30:8:30 | x | This string format which depends on $@ is later $@. | impl/unsafeCode.rb:7:12:7:12 | x | library input | impl/unsafeCode.rb:8:5:8:32 | call to eval | interpreted as code |
| impl/unsafeCode.rb:13:33:13:33 | x | impl/unsafeCode.rb:12:12:12:12 | x : | impl/unsafeCode.rb:13:33:13:33 | x | This string format which depends on $@ is later $@. | impl/unsafeCode.rb:12:12:12:12 | x | library input | impl/unsafeCode.rb:13:5:13:35 | call to eval | interpreted as code |
| impl/unsafeCode.rb:29:10:29:15 | my_arr | impl/unsafeCode.rb:28:17:28:22 | my_arr : | impl/unsafeCode.rb:29:10:29:15 | my_arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:28:17:28:22 | my_arr | library input | impl/unsafeCode.rb:29:5:29:27 | call to eval | interpreted as code |
| impl/unsafeCode.rb:34:10:34:12 | arr | impl/unsafeCode.rb:32:21:32:21 | x : | impl/unsafeCode.rb:34:10:34:12 | arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:32:21:32:21 | x | library input | impl/unsafeCode.rb:34:5:34:24 | call to eval | interpreted as code |
| impl/unsafeCode.rb:40:10:40:12 | arr | impl/unsafeCode.rb:37:15:37:15 | x : | impl/unsafeCode.rb:40:10:40:12 | arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:37:15:37:15 | x | library input | impl/unsafeCode.rb:40:5:40:24 | call to eval | interpreted as code |
| impl/unsafeCode.rb:44:10:44:12 | arr | impl/unsafeCode.rb:37:15:37:15 | x : | impl/unsafeCode.rb:44:10:44:12 | arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:37:15:37:15 | x | library input | impl/unsafeCode.rb:44:5:44:24 | call to eval | interpreted as code |
| impl/unsafeCode.rb:49:9:49:12 | #{...} | impl/unsafeCode.rb:47:15:47:15 | x : | impl/unsafeCode.rb:49:9:49:12 | #{...} | This string interpolation which depends on $@ is later $@. | impl/unsafeCode.rb:47:15:47:15 | x | library input | impl/unsafeCode.rb:51:5:51:13 | call to eval | interpreted as code |
| impl/unsafeCode.rb:55:22:55:22 | x | impl/unsafeCode.rb:54:21:54:21 | x : | impl/unsafeCode.rb:55:22:55:22 | x | This string concatenation which depends on $@ is later $@. | impl/unsafeCode.rb:54:21:54:21 | x | library input | impl/unsafeCode.rb:56:5:56:13 | call to eval | interpreted as code |
| impl/unsafeCode.rb:61:10:61:12 | arr | impl/unsafeCode.rb:59:21:59:21 | x : | impl/unsafeCode.rb:61:10:61:12 | arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:59:21:59:21 | x | library input | impl/unsafeCode.rb:61:5:61:23 | call to eval | interpreted as code |
| impl/unsafeCode.rb:64:10:64:13 | arr2 | impl/unsafeCode.rb:59:24:59:24 | y : | impl/unsafeCode.rb:64:10:64:13 | arr2 | This array which depends on $@ is later $@. | impl/unsafeCode.rb:59:24:59:24 | y | library input | impl/unsafeCode.rb:64:5:64:25 | call to eval | interpreted as code |
| impl/unsafeCode.rb:3:17:3:25 | #{...} | impl/unsafeCode.rb:2:12:2:17 | target | impl/unsafeCode.rb:3:17:3:25 | #{...} | This string interpolation which depends on $@ is later $@. | impl/unsafeCode.rb:2:12:2:17 | target | library input | impl/unsafeCode.rb:3:5:3:27 | call to eval | interpreted as code |
| impl/unsafeCode.rb:8:30:8:30 | x | impl/unsafeCode.rb:7:12:7:12 | x | impl/unsafeCode.rb:8:30:8:30 | x | This string format which depends on $@ is later $@. | impl/unsafeCode.rb:7:12:7:12 | x | library input | impl/unsafeCode.rb:8:5:8:32 | call to eval | interpreted as code |
| impl/unsafeCode.rb:13:33:13:33 | x | impl/unsafeCode.rb:12:12:12:12 | x | impl/unsafeCode.rb:13:33:13:33 | x | This string format which depends on $@ is later $@. | impl/unsafeCode.rb:12:12:12:12 | x | library input | impl/unsafeCode.rb:13:5:13:35 | call to eval | interpreted as code |
| impl/unsafeCode.rb:29:10:29:15 | my_arr | impl/unsafeCode.rb:28:17:28:22 | my_arr | impl/unsafeCode.rb:29:10:29:15 | my_arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:28:17:28:22 | my_arr | library input | impl/unsafeCode.rb:29:5:29:27 | call to eval | interpreted as code |
| impl/unsafeCode.rb:34:10:34:12 | arr | impl/unsafeCode.rb:32:21:32:21 | x | impl/unsafeCode.rb:34:10:34:12 | arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:32:21:32:21 | x | library input | impl/unsafeCode.rb:34:5:34:24 | call to eval | interpreted as code |
| impl/unsafeCode.rb:40:10:40:12 | arr | impl/unsafeCode.rb:37:15:37:15 | x | impl/unsafeCode.rb:40:10:40:12 | arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:37:15:37:15 | x | library input | impl/unsafeCode.rb:40:5:40:24 | call to eval | interpreted as code |
| impl/unsafeCode.rb:44:10:44:12 | arr | impl/unsafeCode.rb:37:15:37:15 | x | impl/unsafeCode.rb:44:10:44:12 | arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:37:15:37:15 | x | library input | impl/unsafeCode.rb:44:5:44:24 | call to eval | interpreted as code |
| impl/unsafeCode.rb:49:9:49:12 | #{...} | impl/unsafeCode.rb:47:15:47:15 | x | impl/unsafeCode.rb:49:9:49:12 | #{...} | This string interpolation which depends on $@ is later $@. | impl/unsafeCode.rb:47:15:47:15 | x | library input | impl/unsafeCode.rb:51:5:51:13 | call to eval | interpreted as code |
| impl/unsafeCode.rb:55:22:55:22 | x | impl/unsafeCode.rb:54:21:54:21 | x | impl/unsafeCode.rb:55:22:55:22 | x | This string concatenation which depends on $@ is later $@. | impl/unsafeCode.rb:54:21:54:21 | x | library input | impl/unsafeCode.rb:56:5:56:13 | call to eval | interpreted as code |
| impl/unsafeCode.rb:61:10:61:12 | arr | impl/unsafeCode.rb:59:21:59:21 | x | impl/unsafeCode.rb:61:10:61:12 | arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:59:21:59:21 | x | library input | impl/unsafeCode.rb:61:5:61:23 | call to eval | interpreted as code |
| impl/unsafeCode.rb:64:10:64:13 | arr2 | impl/unsafeCode.rb:59:24:59:24 | y | impl/unsafeCode.rb:64:10:64:13 | arr2 | This array which depends on $@ is later $@. | impl/unsafeCode.rb:59:24:59:24 | y | library input | impl/unsafeCode.rb:64:5:64:25 | call to eval | interpreted as code |

62
ruby/ql/test/query-tests/security/cwe-117/LogInjection.expected
View File

@@ -1,42 +1,42 @@
edges
| app/controllers/users_controller.rb:15:5:15:15 | unsanitized : | app/controllers/users_controller.rb:16:19:16:29 | unsanitized |
| app/controllers/users_controller.rb:15:5:15:15 | unsanitized : | app/controllers/users_controller.rb:17:19:17:41 | ... + ... |
| app/controllers/users_controller.rb:15:5:15:15 | unsanitized : | app/controllers/users_controller.rb:23:20:23:30 | unsanitized : |
| app/controllers/users_controller.rb:15:19:15:24 | call to params : | app/controllers/users_controller.rb:15:19:15:30 | ...[...] : |
| app/controllers/users_controller.rb:15:19:15:30 | ...[...] : | app/controllers/users_controller.rb:15:5:15:15 | unsanitized : |
| app/controllers/users_controller.rb:23:5:23:16 | unsanitized2 : | app/controllers/users_controller.rb:25:7:25:18 | unsanitized2 |
| app/controllers/users_controller.rb:23:5:23:16 | unsanitized2 : | app/controllers/users_controller.rb:27:16:27:39 | ... + ... |
| app/controllers/users_controller.rb:23:20:23:30 | unsanitized : | app/controllers/users_controller.rb:23:20:23:44 | call to sub : |
| app/controllers/users_controller.rb:23:20:23:44 | call to sub : | app/controllers/users_controller.rb:23:5:23:16 | unsanitized2 : |
| app/controllers/users_controller.rb:33:5:33:15 | unsanitized : | app/controllers/users_controller.rb:34:33:34:43 | unsanitized |
| app/controllers/users_controller.rb:33:5:33:15 | unsanitized : | app/controllers/users_controller.rb:35:33:35:55 | ... + ... |
| app/controllers/users_controller.rb:33:19:33:25 | call to cookies : | app/controllers/users_controller.rb:33:19:33:31 | ...[...] : |
| app/controllers/users_controller.rb:33:19:33:31 | ...[...] : | app/controllers/users_controller.rb:33:5:33:15 | unsanitized : |
| app/controllers/users_controller.rb:49:19:49:24 | call to params : | app/controllers/users_controller.rb:49:19:49:30 | ...[...] |
| app/controllers/users_controller.rb:15:5:15:15 | unsanitized | app/controllers/users_controller.rb:16:19:16:29 | unsanitized |
| app/controllers/users_controller.rb:15:5:15:15 | unsanitized | app/controllers/users_controller.rb:17:19:17:41 | ... + ... |
| app/controllers/users_controller.rb:15:5:15:15 | unsanitized | app/controllers/users_controller.rb:23:20:23:30 | unsanitized |
| app/controllers/users_controller.rb:15:19:15:24 | call to params | app/controllers/users_controller.rb:15:19:15:30 | ...[...] |
| app/controllers/users_controller.rb:15:19:15:30 | ...[...] | app/controllers/users_controller.rb:15:5:15:15 | unsanitized |
| app/controllers/users_controller.rb:23:5:23:16 | unsanitized2 | app/controllers/users_controller.rb:25:7:25:18 | unsanitized2 |
| app/controllers/users_controller.rb:23:5:23:16 | unsanitized2 | app/controllers/users_controller.rb:27:16:27:39 | ... + ... |
| app/controllers/users_controller.rb:23:20:23:30 | unsanitized | app/controllers/users_controller.rb:23:20:23:44 | call to sub |
| app/controllers/users_controller.rb:23:20:23:44 | call to sub | app/controllers/users_controller.rb:23:5:23:16 | unsanitized2 |
| app/controllers/users_controller.rb:33:5:33:15 | unsanitized | app/controllers/users_controller.rb:34:33:34:43 | unsanitized |
| app/controllers/users_controller.rb:33:5:33:15 | unsanitized | app/controllers/users_controller.rb:35:33:35:55 | ... + ... |
| app/controllers/users_controller.rb:33:19:33:25 | call to cookies | app/controllers/users_controller.rb:33:19:33:31 | ...[...] |
| app/controllers/users_controller.rb:33:19:33:31 | ...[...] | app/controllers/users_controller.rb:33:5:33:15 | unsanitized |
| app/controllers/users_controller.rb:49:19:49:24 | call to params | app/controllers/users_controller.rb:49:19:49:30 | ...[...] |
nodes
| app/controllers/users_controller.rb:15:5:15:15 | unsanitized : | semmle.label | unsanitized : |
| app/controllers/users_controller.rb:15:19:15:24 | call to params : | semmle.label | call to params : |
| app/controllers/users_controller.rb:15:19:15:30 | ...[...] : | semmle.label | ...[...] : |
| app/controllers/users_controller.rb:15:5:15:15 | unsanitized | semmle.label | unsanitized |
| app/controllers/users_controller.rb:15:19:15:24 | call to params | semmle.label | call to params |
| app/controllers/users_controller.rb:15:19:15:30 | ...[...] | semmle.label | ...[...] |
| app/controllers/users_controller.rb:16:19:16:29 | unsanitized | semmle.label | unsanitized |
| app/controllers/users_controller.rb:17:19:17:41 | ... + ... | semmle.label | ... + ... |
| app/controllers/users_controller.rb:23:5:23:16 | unsanitized2 : | semmle.label | unsanitized2 : |
| app/controllers/users_controller.rb:23:20:23:30 | unsanitized : | semmle.label | unsanitized : |
| app/controllers/users_controller.rb:23:20:23:44 | call to sub : | semmle.label | call to sub : |
| app/controllers/users_controller.rb:23:5:23:16 | unsanitized2 | semmle.label | unsanitized2 |
| app/controllers/users_controller.rb:23:20:23:30 | unsanitized | semmle.label | unsanitized |
| app/controllers/users_controller.rb:23:20:23:44 | call to sub | semmle.label | call to sub |
| app/controllers/users_controller.rb:25:7:25:18 | unsanitized2 | semmle.label | unsanitized2 |
| app/controllers/users_controller.rb:27:16:27:39 | ... + ... | semmle.label | ... + ... |
| app/controllers/users_controller.rb:33:5:33:15 | unsanitized : | semmle.label | unsanitized : |
| app/controllers/users_controller.rb:33:19:33:25 | call to cookies : | semmle.label | call to cookies : |
| app/controllers/users_controller.rb:33:19:33:31 | ...[...] : | semmle.label | ...[...] : |
| app/controllers/users_controller.rb:33:5:33:15 | unsanitized | semmle.label | unsanitized |
| app/controllers/users_controller.rb:33:19:33:25 | call to cookies | semmle.label | call to cookies |
| app/controllers/users_controller.rb:33:19:33:31 | ...[...] | semmle.label | ...[...] |
| app/controllers/users_controller.rb:34:33:34:43 | unsanitized | semmle.label | unsanitized |
| app/controllers/users_controller.rb:35:33:35:55 | ... + ... | semmle.label | ... + ... |
| app/controllers/users_controller.rb:49:19:49:24 | call to params : | semmle.label | call to params : |
| app/controllers/users_controller.rb:49:19:49:24 | call to params | semmle.label | call to params |
| app/controllers/users_controller.rb:49:19:49:30 | ...[...] | semmle.label | ...[...] |
subpaths
#select
| app/controllers/users_controller.rb:16:19:16:29 | unsanitized | app/controllers/users_controller.rb:15:19:15:24 | call to params : | app/controllers/users_controller.rb:16:19:16:29 | unsanitized | Log entry depends on a $@. | app/controllers/users_controller.rb:15:19:15:24 | call to params | user-provided value |
| app/controllers/users_controller.rb:17:19:17:41 | ... + ... | app/controllers/users_controller.rb:15:19:15:24 | call to params : | app/controllers/users_controller.rb:17:19:17:41 | ... + ... | Log entry depends on a $@. | app/controllers/users_controller.rb:15:19:15:24 | call to params | user-provided value |
| app/controllers/users_controller.rb:25:7:25:18 | unsanitized2 | app/controllers/users_controller.rb:15:19:15:24 | call to params : | app/controllers/users_controller.rb:25:7:25:18 | unsanitized2 | Log entry depends on a $@. | app/controllers/users_controller.rb:15:19:15:24 | call to params | user-provided value |
| app/controllers/users_controller.rb:27:16:27:39 | ... + ... | app/controllers/users_controller.rb:15:19:15:24 | call to params : | app/controllers/users_controller.rb:27:16:27:39 | ... + ... | Log entry depends on a $@. | app/controllers/users_controller.rb:15:19:15:24 | call to params | user-provided value |
| app/controllers/users_controller.rb:34:33:34:43 | unsanitized | app/controllers/users_controller.rb:33:19:33:25 | call to cookies : | app/controllers/users_controller.rb:34:33:34:43 | unsanitized | Log entry depends on a $@. | app/controllers/users_controller.rb:33:19:33:25 | call to cookies | user-provided value |
| app/controllers/users_controller.rb:35:33:35:55 | ... + ... | app/controllers/users_controller.rb:33:19:33:25 | call to cookies : | app/controllers/users_controller.rb:35:33:35:55 | ... + ... | Log entry depends on a $@. | app/controllers/users_controller.rb:33:19:33:25 | call to cookies | user-provided value |
| app/controllers/users_controller.rb:49:19:49:30 | ...[...] | app/controllers/users_controller.rb:49:19:49:24 | call to params : | app/controllers/users_controller.rb:49:19:49:30 | ...[...] | Log entry depends on a $@. | app/controllers/users_controller.rb:49:19:49:24 | call to params | user-provided value |
| app/controllers/users_controller.rb:16:19:16:29 | unsanitized | app/controllers/users_controller.rb:15:19:15:24 | call to params | app/controllers/users_controller.rb:16:19:16:29 | unsanitized | Log entry depends on a $@. | app/controllers/users_controller.rb:15:19:15:24 | call to params | user-provided value |
| app/controllers/users_controller.rb:17:19:17:41 | ... + ... | app/controllers/users_controller.rb:15:19:15:24 | call to params | app/controllers/users_controller.rb:17:19:17:41 | ... + ... | Log entry depends on a $@. | app/controllers/users_controller.rb:15:19:15:24 | call to params | user-provided value |
| app/controllers/users_controller.rb:25:7:25:18 | unsanitized2 | app/controllers/users_controller.rb:15:19:15:24 | call to params | app/controllers/users_controller.rb:25:7:25:18 | unsanitized2 | Log entry depends on a $@. | app/controllers/users_controller.rb:15:19:15:24 | call to params | user-provided value |
| app/controllers/users_controller.rb:27:16:27:39 | ... + ... | app/controllers/users_controller.rb:15:19:15:24 | call to params | app/controllers/users_controller.rb:27:16:27:39 | ... + ... | Log entry depends on a $@. | app/controllers/users_controller.rb:15:19:15:24 | call to params | user-provided value |
| app/controllers/users_controller.rb:34:33:34:43 | unsanitized | app/controllers/users_controller.rb:33:19:33:25 | call to cookies | app/controllers/users_controller.rb:34:33:34:43 | unsanitized | Log entry depends on a $@. | app/controllers/users_controller.rb:33:19:33:25 | call to cookies | user-provided value |
| app/controllers/users_controller.rb:35:33:35:55 | ... + ... | app/controllers/users_controller.rb:33:19:33:25 | call to cookies | app/controllers/users_controller.rb:35:33:35:55 | ... + ... | Log entry depends on a $@. | app/controllers/users_controller.rb:33:19:33:25 | call to cookies | user-provided value |
| app/controllers/users_controller.rb:49:19:49:30 | ...[...] | app/controllers/users_controller.rb:49:19:49:24 | call to params | app/controllers/users_controller.rb:49:19:49:30 | ...[...] | Log entry depends on a $@. | app/controllers/users_controller.rb:49:19:49:24 | call to params | user-provided value |

192
ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.expected
View File

@@ -1,52 +1,52 @@
edges
| PolynomialReDoS.rb:4:5:4:8 | name : | PolynomialReDoS.rb:10:5:10:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name : | PolynomialReDoS.rb:11:5:11:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name : | PolynomialReDoS.rb:12:5:12:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name : | PolynomialReDoS.rb:13:5:13:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name : | PolynomialReDoS.rb:14:5:14:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name : | PolynomialReDoS.rb:15:5:15:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name : | PolynomialReDoS.rb:16:5:16:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name : | PolynomialReDoS.rb:17:5:17:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name : | PolynomialReDoS.rb:18:5:18:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name : | PolynomialReDoS.rb:19:5:19:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name : | PolynomialReDoS.rb:20:5:20:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name : | PolynomialReDoS.rb:21:5:21:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name : | PolynomialReDoS.rb:22:5:22:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name : | PolynomialReDoS.rb:23:17:23:20 | name |
| PolynomialReDoS.rb:4:5:4:8 | name : | PolynomialReDoS.rb:24:18:24:21 | name |
| PolynomialReDoS.rb:4:5:4:8 | name : | PolynomialReDoS.rb:42:10:42:13 | name |
| PolynomialReDoS.rb:4:5:4:8 | name : | PolynomialReDoS.rb:47:10:47:13 | name |
| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:4:12:4:24 | ...[...] : |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:4:5:4:8 | name : |
| PolynomialReDoS.rb:27:5:27:5 | a : | PolynomialReDoS.rb:28:5:28:5 | a |
| PolynomialReDoS.rb:27:9:27:14 | call to params : | PolynomialReDoS.rb:27:9:27:18 | ...[...] : |
| PolynomialReDoS.rb:27:9:27:18 | ...[...] : | PolynomialReDoS.rb:27:5:27:5 | a : |
| PolynomialReDoS.rb:29:5:29:5 | b : | PolynomialReDoS.rb:30:5:30:5 | b |
| PolynomialReDoS.rb:29:9:29:14 | call to params : | PolynomialReDoS.rb:29:9:29:18 | ...[...] : |
| PolynomialReDoS.rb:29:9:29:18 | ...[...] : | PolynomialReDoS.rb:29:5:29:5 | b : |
| PolynomialReDoS.rb:31:5:31:5 | c : | PolynomialReDoS.rb:32:5:32:5 | c |
| PolynomialReDoS.rb:31:9:31:14 | call to params : | PolynomialReDoS.rb:31:9:31:18 | ...[...] : |
| PolynomialReDoS.rb:31:9:31:18 | ...[...] : | PolynomialReDoS.rb:31:5:31:5 | c : |
| PolynomialReDoS.rb:54:5:54:8 | name : | PolynomialReDoS.rb:56:38:56:41 | name : |
| PolynomialReDoS.rb:54:5:54:8 | name : | PolynomialReDoS.rb:58:37:58:40 | name : |
| PolynomialReDoS.rb:54:12:54:17 | call to params : | PolynomialReDoS.rb:54:12:54:24 | ...[...] : |
| PolynomialReDoS.rb:54:12:54:24 | ...[...] : | PolynomialReDoS.rb:54:5:54:8 | name : |
| PolynomialReDoS.rb:56:38:56:41 | name : | PolynomialReDoS.rb:61:33:61:37 | input : |
| PolynomialReDoS.rb:58:37:58:40 | name : | PolynomialReDoS.rb:65:42:65:46 | input : |
| PolynomialReDoS.rb:61:33:61:37 | input : | PolynomialReDoS.rb:62:5:62:9 | input |
| PolynomialReDoS.rb:65:42:65:46 | input : | PolynomialReDoS.rb:66:5:66:9 | input |
| PolynomialReDoS.rb:70:5:70:8 | name : | PolynomialReDoS.rb:73:32:73:35 | name : |
| PolynomialReDoS.rb:70:12:70:17 | call to params : | PolynomialReDoS.rb:70:12:70:24 | ...[...] : |
| PolynomialReDoS.rb:70:12:70:24 | ...[...] : | PolynomialReDoS.rb:70:5:70:8 | name : |
| PolynomialReDoS.rb:73:32:73:35 | name : | PolynomialReDoS.rb:76:35:76:39 | input : |
| PolynomialReDoS.rb:76:35:76:39 | input : | PolynomialReDoS.rb:77:5:77:9 | input |
| lib/index.rb:2:11:2:11 | x : | lib/index.rb:4:13:4:13 | x |
| lib/index.rb:8:13:8:13 | x : | lib/index.rb:9:15:9:15 | x |
| lib/index.rb:8:13:8:13 | x : | lib/index.rb:11:16:11:16 | x |
| PolynomialReDoS.rb:4:5:4:8 | name | PolynomialReDoS.rb:10:5:10:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name | PolynomialReDoS.rb:11:5:11:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name | PolynomialReDoS.rb:12:5:12:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name | PolynomialReDoS.rb:13:5:13:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name | PolynomialReDoS.rb:14:5:14:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name | PolynomialReDoS.rb:15:5:15:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name | PolynomialReDoS.rb:16:5:16:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name | PolynomialReDoS.rb:17:5:17:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name | PolynomialReDoS.rb:18:5:18:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name | PolynomialReDoS.rb:19:5:19:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name | PolynomialReDoS.rb:20:5:20:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name | PolynomialReDoS.rb:21:5:21:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name | PolynomialReDoS.rb:22:5:22:8 | name |
| PolynomialReDoS.rb:4:5:4:8 | name | PolynomialReDoS.rb:23:17:23:20 | name |
| PolynomialReDoS.rb:4:5:4:8 | name | PolynomialReDoS.rb:24:18:24:21 | name |
| PolynomialReDoS.rb:4:5:4:8 | name | PolynomialReDoS.rb:42:10:42:13 | name |
| PolynomialReDoS.rb:4:5:4:8 | name | PolynomialReDoS.rb:47:10:47:13 | name |
| PolynomialReDoS.rb:4:12:4:17 | call to params | PolynomialReDoS.rb:4:12:4:24 | ...[...] |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] | PolynomialReDoS.rb:4:5:4:8 | name |
| PolynomialReDoS.rb:27:5:27:5 | a | PolynomialReDoS.rb:28:5:28:5 | a |
| PolynomialReDoS.rb:27:9:27:14 | call to params | PolynomialReDoS.rb:27:9:27:18 | ...[...] |
| PolynomialReDoS.rb:27:9:27:18 | ...[...] | PolynomialReDoS.rb:27:5:27:5 | a |
| PolynomialReDoS.rb:29:5:29:5 | b | PolynomialReDoS.rb:30:5:30:5 | b |
| PolynomialReDoS.rb:29:9:29:14 | call to params | PolynomialReDoS.rb:29:9:29:18 | ...[...] |
| PolynomialReDoS.rb:29:9:29:18 | ...[...] | PolynomialReDoS.rb:29:5:29:5 | b |
| PolynomialReDoS.rb:31:5:31:5 | c | PolynomialReDoS.rb:32:5:32:5 | c |
| PolynomialReDoS.rb:31:9:31:14 | call to params | PolynomialReDoS.rb:31:9:31:18 | ...[...] |
| PolynomialReDoS.rb:31:9:31:18 | ...[...] | PolynomialReDoS.rb:31:5:31:5 | c |
| PolynomialReDoS.rb:54:5:54:8 | name | PolynomialReDoS.rb:56:38:56:41 | name |
| PolynomialReDoS.rb:54:5:54:8 | name | PolynomialReDoS.rb:58:37:58:40 | name |
| PolynomialReDoS.rb:54:12:54:17 | call to params | PolynomialReDoS.rb:54:12:54:24 | ...[...] |
| PolynomialReDoS.rb:54:12:54:24 | ...[...] | PolynomialReDoS.rb:54:5:54:8 | name |
| PolynomialReDoS.rb:56:38:56:41 | name | PolynomialReDoS.rb:61:33:61:37 | input |
| PolynomialReDoS.rb:58:37:58:40 | name | PolynomialReDoS.rb:65:42:65:46 | input |
| PolynomialReDoS.rb:61:33:61:37 | input | PolynomialReDoS.rb:62:5:62:9 | input |
| PolynomialReDoS.rb:65:42:65:46 | input | PolynomialReDoS.rb:66:5:66:9 | input |
| PolynomialReDoS.rb:70:5:70:8 | name | PolynomialReDoS.rb:73:32:73:35 | name |
| PolynomialReDoS.rb:70:12:70:17 | call to params | PolynomialReDoS.rb:70:12:70:24 | ...[...] |
| PolynomialReDoS.rb:70:12:70:24 | ...[...] | PolynomialReDoS.rb:70:5:70:8 | name |
| PolynomialReDoS.rb:73:32:73:35 | name | PolynomialReDoS.rb:76:35:76:39 | input |
| PolynomialReDoS.rb:76:35:76:39 | input | PolynomialReDoS.rb:77:5:77:9 | input |
| lib/index.rb:2:11:2:11 | x | lib/index.rb:4:13:4:13 | x |
| lib/index.rb:8:13:8:13 | x | lib/index.rb:9:15:9:15 | x |
| lib/index.rb:8:13:8:13 | x | lib/index.rb:11:16:11:16 | x |
nodes
| PolynomialReDoS.rb:4:5:4:8 | name : | semmle.label | name : |
| PolynomialReDoS.rb:4:12:4:17 | call to params : | semmle.label | call to params : |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | semmle.label | ...[...] : |
| PolynomialReDoS.rb:4:5:4:8 | name | semmle.label | name |
| PolynomialReDoS.rb:4:12:4:17 | call to params | semmle.label | call to params |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] | semmle.label | ...[...] |
| PolynomialReDoS.rb:10:5:10:8 | name | semmle.label | name |
| PolynomialReDoS.rb:11:5:11:8 | name | semmle.label | name |
| PolynomialReDoS.rb:12:5:12:8 | name | semmle.label | name |
@@ -62,65 +62,65 @@ nodes
| PolynomialReDoS.rb:22:5:22:8 | name | semmle.label | name |
| PolynomialReDoS.rb:23:17:23:20 | name | semmle.label | name |
| PolynomialReDoS.rb:24:18:24:21 | name | semmle.label | name |
| PolynomialReDoS.rb:27:5:27:5 | a : | semmle.label | a : |
| PolynomialReDoS.rb:27:9:27:14 | call to params : | semmle.label | call to params : |
| PolynomialReDoS.rb:27:9:27:18 | ...[...] : | semmle.label | ...[...] : |
| PolynomialReDoS.rb:27:5:27:5 | a | semmle.label | a |
| PolynomialReDoS.rb:27:9:27:14 | call to params | semmle.label | call to params |
| PolynomialReDoS.rb:27:9:27:18 | ...[...] | semmle.label | ...[...] |
| PolynomialReDoS.rb:28:5:28:5 | a | semmle.label | a |
| PolynomialReDoS.rb:29:5:29:5 | b : | semmle.label | b : |
| PolynomialReDoS.rb:29:9:29:14 | call to params : | semmle.label | call to params : |
| PolynomialReDoS.rb:29:9:29:18 | ...[...] : | semmle.label | ...[...] : |
| PolynomialReDoS.rb:29:5:29:5 | b | semmle.label | b |
| PolynomialReDoS.rb:29:9:29:14 | call to params | semmle.label | call to params |
| PolynomialReDoS.rb:29:9:29:18 | ...[...] | semmle.label | ...[...] |
| PolynomialReDoS.rb:30:5:30:5 | b | semmle.label | b |
| PolynomialReDoS.rb:31:5:31:5 | c : | semmle.label | c : |
| PolynomialReDoS.rb:31:9:31:14 | call to params : | semmle.label | call to params : |
| PolynomialReDoS.rb:31:9:31:18 | ...[...] : | semmle.label | ...[...] : |
| PolynomialReDoS.rb:31:5:31:5 | c | semmle.label | c |
| PolynomialReDoS.rb:31:9:31:14 | call to params | semmle.label | call to params |
| PolynomialReDoS.rb:31:9:31:18 | ...[...] | semmle.label | ...[...] |
| PolynomialReDoS.rb:32:5:32:5 | c | semmle.label | c |
| PolynomialReDoS.rb:42:10:42:13 | name | semmle.label | name |
| PolynomialReDoS.rb:47:10:47:13 | name | semmle.label | name |
| PolynomialReDoS.rb:54:5:54:8 | name : | semmle.label | name : |
| PolynomialReDoS.rb:54:12:54:17 | call to params : | semmle.label | call to params : |
| PolynomialReDoS.rb:54:12:54:24 | ...[...] : | semmle.label | ...[...] : |
| PolynomialReDoS.rb:56:38:56:41 | name : | semmle.label | name : |
| PolynomialReDoS.rb:58:37:58:40 | name : | semmle.label | name : |
| PolynomialReDoS.rb:61:33:61:37 | input : | semmle.label | input : |
| PolynomialReDoS.rb:54:5:54:8 | name | semmle.label | name |
| PolynomialReDoS.rb:54:12:54:17 | call to params | semmle.label | call to params |
| PolynomialReDoS.rb:54:12:54:24 | ...[...] | semmle.label | ...[...] |
| PolynomialReDoS.rb:56:38:56:41 | name | semmle.label | name |
| PolynomialReDoS.rb:58:37:58:40 | name | semmle.label | name |
| PolynomialReDoS.rb:61:33:61:37 | input | semmle.label | input |
| PolynomialReDoS.rb:62:5:62:9 | input | semmle.label | input |
| PolynomialReDoS.rb:65:42:65:46 | input : | semmle.label | input : |
| PolynomialReDoS.rb:65:42:65:46 | input | semmle.label | input |
| PolynomialReDoS.rb:66:5:66:9 | input | semmle.label | input |
| PolynomialReDoS.rb:70:5:70:8 | name : | semmle.label | name : |
| PolynomialReDoS.rb:70:12:70:17 | call to params : | semmle.label | call to params : |
| PolynomialReDoS.rb:70:12:70:24 | ...[...] : | semmle.label | ...[...] : |
| PolynomialReDoS.rb:73:32:73:35 | name : | semmle.label | name : |
| PolynomialReDoS.rb:76:35:76:39 | input : | semmle.label | input : |
| PolynomialReDoS.rb:70:5:70:8 | name | semmle.label | name |
| PolynomialReDoS.rb:70:12:70:17 | call to params | semmle.label | call to params |
| PolynomialReDoS.rb:70:12:70:24 | ...[...] | semmle.label | ...[...] |
| PolynomialReDoS.rb:73:32:73:35 | name | semmle.label | name |
| PolynomialReDoS.rb:76:35:76:39 | input | semmle.label | input |
| PolynomialReDoS.rb:77:5:77:9 | input | semmle.label | input |
| lib/index.rb:2:11:2:11 | x : | semmle.label | x : |
| lib/index.rb:2:11:2:11 | x | semmle.label | x |
| lib/index.rb:4:13:4:13 | x | semmle.label | x |
| lib/index.rb:8:13:8:13 | x : | semmle.label | x : |
| lib/index.rb:8:13:8:13 | x | semmle.label | x |
| lib/index.rb:9:15:9:15 | x | semmle.label | x |
| lib/index.rb:11:16:11:16 | x | semmle.label | x |
subpaths
#select
| PolynomialReDoS.rb:10:5:10:17 | ... =~ ... | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:10:5:10:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:11:5:11:17 | ... !~ ... | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:11:5:11:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:12:5:12:15 | ...[...] | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:12:5:12:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:13:5:13:23 | call to gsub | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:13:5:13:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:14:5:14:20 | call to index | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:14:5:14:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:15:5:15:20 | call to match | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:15:5:15:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:16:5:16:21 | call to match? | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:16:5:16:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:17:5:17:24 | call to partition | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:17:5:17:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:18:5:18:21 | call to rindex | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:18:5:18:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:19:5:19:25 | call to rpartition | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:19:5:19:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:20:5:20:19 | call to scan | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:20:5:20:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:21:5:21:20 | call to split | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:21:5:21:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:22:5:22:22 | call to sub | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:22:5:22:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:23:5:23:20 | call to match | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:23:17:23:20 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:24:5:24:21 | call to match? | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:24:18:24:21 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:28:5:28:21 | call to gsub! | PolynomialReDoS.rb:27:9:27:14 | call to params : | PolynomialReDoS.rb:28:5:28:5 | a | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:27:9:27:14 | call to params | user-provided value |
| PolynomialReDoS.rb:30:5:30:18 | call to slice! | PolynomialReDoS.rb:29:9:29:14 | call to params : | PolynomialReDoS.rb:30:5:30:5 | b | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:29:9:29:14 | call to params | user-provided value |
| PolynomialReDoS.rb:32:5:32:20 | call to sub! | PolynomialReDoS.rb:31:9:31:14 | call to params : | PolynomialReDoS.rb:32:5:32:5 | c | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:31:9:31:14 | call to params | user-provided value |
| PolynomialReDoS.rb:42:5:45:7 | case ... | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:42:10:42:13 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:47:5:50:7 | case ... | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:47:10:47:13 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:48:14:48:16 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:62:5:62:22 | call to gsub | PolynomialReDoS.rb:54:12:54:17 | call to params : | PolynomialReDoS.rb:62:5:62:9 | input | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:56:31:56:33 | \\s+ | regular expression | PolynomialReDoS.rb:54:12:54:17 | call to params | user-provided value |
| PolynomialReDoS.rb:66:5:66:34 | call to match? | PolynomialReDoS.rb:54:12:54:17 | call to params : | PolynomialReDoS.rb:66:5:66:9 | input | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:58:30:58:32 | \\s+ | regular expression | PolynomialReDoS.rb:54:12:54:17 | call to params | user-provided value |
| PolynomialReDoS.rb:77:5:77:22 | call to gsub | PolynomialReDoS.rb:70:12:70:17 | call to params : | PolynomialReDoS.rb:77:5:77:9 | input | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:72:28:72:30 | \\s+ | regular expression | PolynomialReDoS.rb:70:12:70:17 | call to params | user-provided value |
| lib/index.rb:4:13:4:26 | call to match | lib/index.rb:2:11:2:11 | x : | lib/index.rb:4:13:4:13 | x | This $@ that depends on a $@ may run slow on strings with many repetitions of 'a'. | lib/index.rb:4:22:4:23 | a+ | regular expression | lib/index.rb:2:11:2:11 | x | library input |
| lib/index.rb:9:15:9:28 | call to match | lib/index.rb:8:13:8:13 | x : | lib/index.rb:9:15:9:15 | x | This $@ that depends on a $@ may run slow on strings with many repetitions of 'a'. | lib/index.rb:9:24:9:25 | a+ | regular expression | lib/index.rb:8:13:8:13 | x | library input |
| lib/index.rb:11:16:11:276 | call to match | lib/index.rb:8:13:8:13 | x : | lib/index.rb:11:16:11:16 | x | This $@ that depends on a $@ may run slow on strings starting with 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC' and with many repetitions of 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC'. | lib/index.rb:11:271:11:272 | .* | regular expression | lib/index.rb:8:13:8:13 | x | library input |
| PolynomialReDoS.rb:10:5:10:17 | ... =~ ... | PolynomialReDoS.rb:4:12:4:17 | call to params | PolynomialReDoS.rb:10:5:10:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:11:5:11:17 | ... !~ ... | PolynomialReDoS.rb:4:12:4:17 | call to params | PolynomialReDoS.rb:11:5:11:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:12:5:12:15 | ...[...] | PolynomialReDoS.rb:4:12:4:17 | call to params | PolynomialReDoS.rb:12:5:12:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:13:5:13:23 | call to gsub | PolynomialReDoS.rb:4:12:4:17 | call to params | PolynomialReDoS.rb:13:5:13:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:14:5:14:20 | call to index | PolynomialReDoS.rb:4:12:4:17 | call to params | PolynomialReDoS.rb:14:5:14:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:15:5:15:20 | call to match | PolynomialReDoS.rb:4:12:4:17 | call to params | PolynomialReDoS.rb:15:5:15:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:16:5:16:21 | call to match? | PolynomialReDoS.rb:4:12:4:17 | call to params | PolynomialReDoS.rb:16:5:16:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:17:5:17:24 | call to partition | PolynomialReDoS.rb:4:12:4:17 | call to params | PolynomialReDoS.rb:17:5:17:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:18:5:18:21 | call to rindex | PolynomialReDoS.rb:4:12:4:17 | call to params | PolynomialReDoS.rb:18:5:18:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:19:5:19:25 | call to rpartition | PolynomialReDoS.rb:4:12:4:17 | call to params | PolynomialReDoS.rb:19:5:19:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:20:5:20:19 | call to scan | PolynomialReDoS.rb:4:12:4:17 | call to params | PolynomialReDoS.rb:20:5:20:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:21:5:21:20 | call to split | PolynomialReDoS.rb:4:12:4:17 | call to params | PolynomialReDoS.rb:21:5:21:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:22:5:22:22 | call to sub | PolynomialReDoS.rb:4:12:4:17 | call to params | PolynomialReDoS.rb:22:5:22:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:23:5:23:20 | call to match | PolynomialReDoS.rb:4:12:4:17 | call to params | PolynomialReDoS.rb:23:17:23:20 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:24:5:24:21 | call to match? | PolynomialReDoS.rb:4:12:4:17 | call to params | PolynomialReDoS.rb:24:18:24:21 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:28:5:28:21 | call to gsub! | PolynomialReDoS.rb:27:9:27:14 | call to params | PolynomialReDoS.rb:28:5:28:5 | a | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:27:9:27:14 | call to params | user-provided value |
| PolynomialReDoS.rb:30:5:30:18 | call to slice! | PolynomialReDoS.rb:29:9:29:14 | call to params | PolynomialReDoS.rb:30:5:30:5 | b | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:29:9:29:14 | call to params | user-provided value |
| PolynomialReDoS.rb:32:5:32:20 | call to sub! | PolynomialReDoS.rb:31:9:31:14 | call to params | PolynomialReDoS.rb:32:5:32:5 | c | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:31:9:31:14 | call to params | user-provided value |
| PolynomialReDoS.rb:42:5:45:7 | case ... | PolynomialReDoS.rb:4:12:4:17 | call to params | PolynomialReDoS.rb:42:10:42:13 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:47:5:50:7 | case ... | PolynomialReDoS.rb:4:12:4:17 | call to params | PolynomialReDoS.rb:47:10:47:13 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:48:14:48:16 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value |
| PolynomialReDoS.rb:62:5:62:22 | call to gsub | PolynomialReDoS.rb:54:12:54:17 | call to params | PolynomialReDoS.rb:62:5:62:9 | input | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:56:31:56:33 | \\s+ | regular expression | PolynomialReDoS.rb:54:12:54:17 | call to params | user-provided value |
| PolynomialReDoS.rb:66:5:66:34 | call to match? | PolynomialReDoS.rb:54:12:54:17 | call to params | PolynomialReDoS.rb:66:5:66:9 | input | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:58:30:58:32 | \\s+ | regular expression | PolynomialReDoS.rb:54:12:54:17 | call to params | user-provided value |
| PolynomialReDoS.rb:77:5:77:22 | call to gsub | PolynomialReDoS.rb:70:12:70:17 | call to params | PolynomialReDoS.rb:77:5:77:9 | input | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:72:28:72:30 | \\s+ | regular expression | PolynomialReDoS.rb:70:12:70:17 | call to params | user-provided value |
| lib/index.rb:4:13:4:26 | call to match | lib/index.rb:2:11:2:11 | x | lib/index.rb:4:13:4:13 | x | This $@ that depends on a $@ may run slow on strings with many repetitions of 'a'. | lib/index.rb:4:22:4:23 | a+ | regular expression | lib/index.rb:2:11:2:11 | x | library input |
| lib/index.rb:9:15:9:28 | call to match | lib/index.rb:8:13:8:13 | x | lib/index.rb:9:15:9:15 | x | This $@ that depends on a $@ may run slow on strings with many repetitions of 'a'. | lib/index.rb:9:24:9:25 | a+ | regular expression | lib/index.rb:8:13:8:13 | x | library input |
| lib/index.rb:11:16:11:276 | call to match | lib/index.rb:8:13:8:13 | x | lib/index.rb:11:16:11:16 | x | This $@ that depends on a $@ may run slow on strings starting with 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC' and with many repetitions of 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC'. | lib/index.rb:11:271:11:272 | .* | regular expression | lib/index.rb:8:13:8:13 | x | library input |

70
ruby/ql/test/query-tests/security/cwe-1333-regexp-injection/RegExpInjection.expected
View File

@@ -1,44 +1,44 @@
edges
| RegExpInjection.rb:4:5:4:8 | name : | RegExpInjection.rb:5:13:5:21 | /#{...}/ |
| RegExpInjection.rb:4:12:4:17 | call to params : | RegExpInjection.rb:4:12:4:24 | ...[...] : |
| RegExpInjection.rb:4:12:4:24 | ...[...] : | RegExpInjection.rb:4:5:4:8 | name : |
| RegExpInjection.rb:10:5:10:8 | name : | RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ |
| RegExpInjection.rb:10:12:10:17 | call to params : | RegExpInjection.rb:10:12:10:24 | ...[...] : |
| RegExpInjection.rb:10:12:10:24 | ...[...] : | RegExpInjection.rb:10:5:10:8 | name : |
| RegExpInjection.rb:16:5:16:8 | name : | RegExpInjection.rb:17:24:17:27 | name |
| RegExpInjection.rb:16:12:16:17 | call to params : | RegExpInjection.rb:16:12:16:24 | ...[...] : |
| RegExpInjection.rb:16:12:16:24 | ...[...] : | RegExpInjection.rb:16:5:16:8 | name : |
| RegExpInjection.rb:22:5:22:8 | name : | RegExpInjection.rb:23:24:23:33 | ... + ... |
| RegExpInjection.rb:22:12:22:17 | call to params : | RegExpInjection.rb:22:12:22:24 | ...[...] : |
| RegExpInjection.rb:22:12:22:24 | ...[...] : | RegExpInjection.rb:22:5:22:8 | name : |
| RegExpInjection.rb:54:5:54:8 | name : | RegExpInjection.rb:55:28:55:37 | ... + ... |
| RegExpInjection.rb:54:12:54:17 | call to params : | RegExpInjection.rb:54:12:54:24 | ...[...] : |
| RegExpInjection.rb:54:12:54:24 | ...[...] : | RegExpInjection.rb:54:5:54:8 | name : |
| RegExpInjection.rb:4:5:4:8 | name | RegExpInjection.rb:5:13:5:21 | /#{...}/ |
| RegExpInjection.rb:4:12:4:17 | call to params | RegExpInjection.rb:4:12:4:24 | ...[...] |
| RegExpInjection.rb:4:12:4:24 | ...[...] | RegExpInjection.rb:4:5:4:8 | name |
| RegExpInjection.rb:10:5:10:8 | name | RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ |
| RegExpInjection.rb:10:12:10:17 | call to params | RegExpInjection.rb:10:12:10:24 | ...[...] |
| RegExpInjection.rb:10:12:10:24 | ...[...] | RegExpInjection.rb:10:5:10:8 | name |
| RegExpInjection.rb:16:5:16:8 | name | RegExpInjection.rb:17:24:17:27 | name |
| RegExpInjection.rb:16:12:16:17 | call to params | RegExpInjection.rb:16:12:16:24 | ...[...] |
| RegExpInjection.rb:16:12:16:24 | ...[...] | RegExpInjection.rb:16:5:16:8 | name |
| RegExpInjection.rb:22:5:22:8 | name | RegExpInjection.rb:23:24:23:33 | ... + ... |
| RegExpInjection.rb:22:12:22:17 | call to params | RegExpInjection.rb:22:12:22:24 | ...[...] |
| RegExpInjection.rb:22:12:22:24 | ...[...] | RegExpInjection.rb:22:5:22:8 | name |
| RegExpInjection.rb:54:5:54:8 | name | RegExpInjection.rb:55:28:55:37 | ... + ... |
| RegExpInjection.rb:54:12:54:17 | call to params | RegExpInjection.rb:54:12:54:24 | ...[...] |
| RegExpInjection.rb:54:12:54:24 | ...[...] | RegExpInjection.rb:54:5:54:8 | name |
nodes
| RegExpInjection.rb:4:5:4:8 | name : | semmle.label | name : |
| RegExpInjection.rb:4:12:4:17 | call to params : | semmle.label | call to params : |
| RegExpInjection.rb:4:12:4:24 | ...[...] : | semmle.label | ...[...] : |
| RegExpInjection.rb:4:5:4:8 | name | semmle.label | name |
| RegExpInjection.rb:4:12:4:17 | call to params | semmle.label | call to params |
| RegExpInjection.rb:4:12:4:24 | ...[...] | semmle.label | ...[...] |
| RegExpInjection.rb:5:13:5:21 | /#{...}/ | semmle.label | /#{...}/ |
| RegExpInjection.rb:10:5:10:8 | name : | semmle.label | name : |
| RegExpInjection.rb:10:12:10:17 | call to params : | semmle.label | call to params : |
| RegExpInjection.rb:10:12:10:24 | ...[...] : | semmle.label | ...[...] : |
| RegExpInjection.rb:10:5:10:8 | name | semmle.label | name |
| RegExpInjection.rb:10:12:10:17 | call to params | semmle.label | call to params |
| RegExpInjection.rb:10:12:10:24 | ...[...] | semmle.label | ...[...] |
| RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ | semmle.label | /foo#{...}bar/ |
| RegExpInjection.rb:16:5:16:8 | name : | semmle.label | name : |
| RegExpInjection.rb:16:12:16:17 | call to params : | semmle.label | call to params : |
| RegExpInjection.rb:16:12:16:24 | ...[...] : | semmle.label | ...[...] : |
| RegExpInjection.rb:16:5:16:8 | name | semmle.label | name |
| RegExpInjection.rb:16:12:16:17 | call to params | semmle.label | call to params |
| RegExpInjection.rb:16:12:16:24 | ...[...] | semmle.label | ...[...] |
| RegExpInjection.rb:17:24:17:27 | name | semmle.label | name |
| RegExpInjection.rb:22:5:22:8 | name : | semmle.label | name : |
| RegExpInjection.rb:22:12:22:17 | call to params : | semmle.label | call to params : |
| RegExpInjection.rb:22:12:22:24 | ...[...] : | semmle.label | ...[...] : |
| RegExpInjection.rb:22:5:22:8 | name | semmle.label | name |
| RegExpInjection.rb:22:12:22:17 | call to params | semmle.label | call to params |
| RegExpInjection.rb:22:12:22:24 | ...[...] | semmle.label | ...[...] |
| RegExpInjection.rb:23:24:23:33 | ... + ... | semmle.label | ... + ... |
| RegExpInjection.rb:54:5:54:8 | name : | semmle.label | name : |
| RegExpInjection.rb:54:12:54:17 | call to params : | semmle.label | call to params : |
| RegExpInjection.rb:54:12:54:24 | ...[...] : | semmle.label | ...[...] : |
| RegExpInjection.rb:54:5:54:8 | name | semmle.label | name |
| RegExpInjection.rb:54:12:54:17 | call to params | semmle.label | call to params |
| RegExpInjection.rb:54:12:54:24 | ...[...] | semmle.label | ...[...] |
| RegExpInjection.rb:55:28:55:37 | ... + ... | semmle.label | ... + ... |
subpaths
#select
| RegExpInjection.rb:5:13:5:21 | /#{...}/ | RegExpInjection.rb:4:12:4:17 | call to params : | RegExpInjection.rb:5:13:5:21 | /#{...}/ | This regular expression depends on a $@. | RegExpInjection.rb:4:12:4:17 | call to params | user-provided value |
| RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ | RegExpInjection.rb:10:12:10:17 | call to params : | RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ | This regular expression depends on a $@. | RegExpInjection.rb:10:12:10:17 | call to params | user-provided value |
| RegExpInjection.rb:17:24:17:27 | name | RegExpInjection.rb:16:12:16:17 | call to params : | RegExpInjection.rb:17:24:17:27 | name | This regular expression depends on a $@. | RegExpInjection.rb:16:12:16:17 | call to params | user-provided value |
| RegExpInjection.rb:23:24:23:33 | ... + ... | RegExpInjection.rb:22:12:22:17 | call to params : | RegExpInjection.rb:23:24:23:33 | ... + ... | This regular expression depends on a $@. | RegExpInjection.rb:22:12:22:17 | call to params | user-provided value |
| RegExpInjection.rb:55:28:55:37 | ... + ... | RegExpInjection.rb:54:12:54:17 | call to params : | RegExpInjection.rb:55:28:55:37 | ... + ... | This regular expression depends on a $@. | RegExpInjection.rb:54:12:54:17 | call to params | user-provided value |
| RegExpInjection.rb:5:13:5:21 | /#{...}/ | RegExpInjection.rb:4:12:4:17 | call to params | RegExpInjection.rb:5:13:5:21 | /#{...}/ | This regular expression depends on a $@. | RegExpInjection.rb:4:12:4:17 | call to params | user-provided value |
| RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ | RegExpInjection.rb:10:12:10:17 | call to params | RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ | This regular expression depends on a $@. | RegExpInjection.rb:10:12:10:17 | call to params | user-provided value |
| RegExpInjection.rb:17:24:17:27 | name | RegExpInjection.rb:16:12:16:17 | call to params | RegExpInjection.rb:17:24:17:27 | name | This regular expression depends on a $@. | RegExpInjection.rb:16:12:16:17 | call to params | user-provided value |
| RegExpInjection.rb:23:24:23:33 | ... + ... | RegExpInjection.rb:22:12:22:17 | call to params | RegExpInjection.rb:23:24:23:33 | ... + ... | This regular expression depends on a $@. | RegExpInjection.rb:22:12:22:17 | call to params | user-provided value |
| RegExpInjection.rb:55:28:55:37 | ... + ... | RegExpInjection.rb:54:12:54:17 | call to params | RegExpInjection.rb:55:28:55:37 | ... + ... | This regular expression depends on a $@. | RegExpInjection.rb:54:12:54:17 | call to params | user-provided value |

94
ruby/ql/test/query-tests/security/cwe-134/TaintedFormatString.expected
View File

@@ -1,64 +1,64 @@
edges
| tainted_format_string.rb:4:12:4:17 | call to params : | tainted_format_string.rb:4:12:4:26 | ...[...] |
| tainted_format_string.rb:5:19:5:24 | call to params : | tainted_format_string.rb:5:19:5:33 | ...[...] |
| tainted_format_string.rb:10:23:10:28 | call to params : | tainted_format_string.rb:10:23:10:37 | ...[...] |
| tainted_format_string.rb:11:30:11:35 | call to params : | tainted_format_string.rb:11:30:11:44 | ...[...] |
| tainted_format_string.rb:18:23:18:28 | call to params : | tainted_format_string.rb:18:23:18:37 | ...[...] |
| tainted_format_string.rb:19:30:19:35 | call to params : | tainted_format_string.rb:19:30:19:44 | ...[...] |
| tainted_format_string.rb:21:27:21:32 | call to params : | tainted_format_string.rb:21:27:21:41 | ...[...] |
| tainted_format_string.rb:22:20:22:25 | call to params : | tainted_format_string.rb:22:20:22:34 | ...[...] |
| tainted_format_string.rb:28:19:28:24 | call to params : | tainted_format_string.rb:28:19:28:33 | ...[...] |
| tainted_format_string.rb:33:32:33:37 | call to params : | tainted_format_string.rb:33:32:33:46 | ...[...] : |
| tainted_format_string.rb:33:32:33:46 | ...[...] : | tainted_format_string.rb:33:12:33:46 | ... + ... |
| tainted_format_string.rb:36:30:36:35 | call to params : | tainted_format_string.rb:36:30:36:44 | ...[...] : |
| tainted_format_string.rb:36:30:36:44 | ...[...] : | tainted_format_string.rb:36:12:36:46 | "A log message: #{...}" |
| tainted_format_string.rb:39:22:39:27 | call to params : | tainted_format_string.rb:39:22:39:36 | ...[...] : |
| tainted_format_string.rb:39:22:39:36 | ...[...] : | tainted_format_string.rb:39:5:39:45 | "A log message #{...} %{foo}" |
| tainted_format_string.rb:42:22:42:27 | call to params : | tainted_format_string.rb:42:22:42:36 | ...[...] : |
| tainted_format_string.rb:42:22:42:36 | ...[...] : | tainted_format_string.rb:42:5:42:43 | "A log message #{...} %08x" |
| tainted_format_string.rb:4:12:4:17 | call to params | tainted_format_string.rb:4:12:4:26 | ...[...] |
| tainted_format_string.rb:5:19:5:24 | call to params | tainted_format_string.rb:5:19:5:33 | ...[...] |
| tainted_format_string.rb:10:23:10:28 | call to params | tainted_format_string.rb:10:23:10:37 | ...[...] |
| tainted_format_string.rb:11:30:11:35 | call to params | tainted_format_string.rb:11:30:11:44 | ...[...] |
| tainted_format_string.rb:18:23:18:28 | call to params | tainted_format_string.rb:18:23:18:37 | ...[...] |
| tainted_format_string.rb:19:30:19:35 | call to params | tainted_format_string.rb:19:30:19:44 | ...[...] |
| tainted_format_string.rb:21:27:21:32 | call to params | tainted_format_string.rb:21:27:21:41 | ...[...] |
| tainted_format_string.rb:22:20:22:25 | call to params | tainted_format_string.rb:22:20:22:34 | ...[...] |
| tainted_format_string.rb:28:19:28:24 | call to params | tainted_format_string.rb:28:19:28:33 | ...[...] |
| tainted_format_string.rb:33:32:33:37 | call to params | tainted_format_string.rb:33:32:33:46 | ...[...] |
| tainted_format_string.rb:33:32:33:46 | ...[...] | tainted_format_string.rb:33:12:33:46 | ... + ... |
| tainted_format_string.rb:36:30:36:35 | call to params | tainted_format_string.rb:36:30:36:44 | ...[...] |
| tainted_format_string.rb:36:30:36:44 | ...[...] | tainted_format_string.rb:36:12:36:46 | "A log message: #{...}" |
| tainted_format_string.rb:39:22:39:27 | call to params | tainted_format_string.rb:39:22:39:36 | ...[...] |
| tainted_format_string.rb:39:22:39:36 | ...[...] | tainted_format_string.rb:39:5:39:45 | "A log message #{...} %{foo}" |
| tainted_format_string.rb:42:22:42:27 | call to params | tainted_format_string.rb:42:22:42:36 | ...[...] |
| tainted_format_string.rb:42:22:42:36 | ...[...] | tainted_format_string.rb:42:5:42:43 | "A log message #{...} %08x" |
nodes
| tainted_format_string.rb:4:12:4:17 | call to params : | semmle.label | call to params : |
| tainted_format_string.rb:4:12:4:17 | call to params | semmle.label | call to params |
| tainted_format_string.rb:4:12:4:26 | ...[...] | semmle.label | ...[...] |
| tainted_format_string.rb:5:19:5:24 | call to params : | semmle.label | call to params : |
| tainted_format_string.rb:5:19:5:24 | call to params | semmle.label | call to params |
| tainted_format_string.rb:5:19:5:33 | ...[...] | semmle.label | ...[...] |
| tainted_format_string.rb:10:23:10:28 | call to params : | semmle.label | call to params : |
| tainted_format_string.rb:10:23:10:28 | call to params | semmle.label | call to params |
| tainted_format_string.rb:10:23:10:37 | ...[...] | semmle.label | ...[...] |
| tainted_format_string.rb:11:30:11:35 | call to params : | semmle.label | call to params : |
| tainted_format_string.rb:11:30:11:35 | call to params | semmle.label | call to params |
| tainted_format_string.rb:11:30:11:44 | ...[...] | semmle.label | ...[...] |
| tainted_format_string.rb:18:23:18:28 | call to params : | semmle.label | call to params : |
| tainted_format_string.rb:18:23:18:28 | call to params | semmle.label | call to params |
| tainted_format_string.rb:18:23:18:37 | ...[...] | semmle.label | ...[...] |
| tainted_format_string.rb:19:30:19:35 | call to params : | semmle.label | call to params : |
| tainted_format_string.rb:19:30:19:35 | call to params | semmle.label | call to params |
| tainted_format_string.rb:19:30:19:44 | ...[...] | semmle.label | ...[...] |
| tainted_format_string.rb:21:27:21:32 | call to params : | semmle.label | call to params : |
| tainted_format_string.rb:21:27:21:32 | call to params | semmle.label | call to params |
| tainted_format_string.rb:21:27:21:41 | ...[...] | semmle.label | ...[...] |
| tainted_format_string.rb:22:20:22:25 | call to params : | semmle.label | call to params : |
| tainted_format_string.rb:22:20:22:25 | call to params | semmle.label | call to params |
| tainted_format_string.rb:22:20:22:34 | ...[...] | semmle.label | ...[...] |
| tainted_format_string.rb:28:19:28:24 | call to params : | semmle.label | call to params : |
| tainted_format_string.rb:28:19:28:24 | call to params | semmle.label | call to params |
| tainted_format_string.rb:28:19:28:33 | ...[...] | semmle.label | ...[...] |
| tainted_format_string.rb:33:12:33:46 | ... + ... | semmle.label | ... + ... |
| tainted_format_string.rb:33:32:33:37 | call to params : | semmle.label | call to params : |
| tainted_format_string.rb:33:32:33:46 | ...[...] : | semmle.label | ...[...] : |
| tainted_format_string.rb:33:32:33:37 | call to params | semmle.label | call to params |
| tainted_format_string.rb:33:32:33:46 | ...[...] | semmle.label | ...[...] |
| tainted_format_string.rb:36:12:36:46 | "A log message: #{...}" | semmle.label | "A log message: #{...}" |
| tainted_format_string.rb:36:30:36:35 | call to params : | semmle.label | call to params : |
| tainted_format_string.rb:36:30:36:44 | ...[...] : | semmle.label | ...[...] : |
| tainted_format_string.rb:36:30:36:35 | call to params | semmle.label | call to params |
| tainted_format_string.rb:36:30:36:44 | ...[...] | semmle.label | ...[...] |
| tainted_format_string.rb:39:5:39:45 | "A log message #{...} %{foo}" | semmle.label | "A log message #{...} %{foo}" |
| tainted_format_string.rb:39:22:39:27 | call to params : | semmle.label | call to params : |
| tainted_format_string.rb:39:22:39:36 | ...[...] : | semmle.label | ...[...] : |
| tainted_format_string.rb:39:22:39:27 | call to params | semmle.label | call to params |
| tainted_format_string.rb:39:22:39:36 | ...[...] | semmle.label | ...[...] |
| tainted_format_string.rb:42:5:42:43 | "A log message #{...} %08x" | semmle.label | "A log message #{...} %08x" |
| tainted_format_string.rb:42:22:42:27 | call to params : | semmle.label | call to params : |
| tainted_format_string.rb:42:22:42:36 | ...[...] : | semmle.label | ...[...] : |
| tainted_format_string.rb:42:22:42:27 | call to params | semmle.label | call to params |
| tainted_format_string.rb:42:22:42:36 | ...[...] | semmle.label | ...[...] |
subpaths
#select
| tainted_format_string.rb:4:12:4:26 | ...[...] | tainted_format_string.rb:4:12:4:17 | call to params : | tainted_format_string.rb:4:12:4:26 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:4:12:4:17 | call to params | user-provided value |
| tainted_format_string.rb:5:19:5:33 | ...[...] | tainted_format_string.rb:5:19:5:24 | call to params : | tainted_format_string.rb:5:19:5:33 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:5:19:5:24 | call to params | user-provided value |
| tainted_format_string.rb:10:23:10:37 | ...[...] | tainted_format_string.rb:10:23:10:28 | call to params : | tainted_format_string.rb:10:23:10:37 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:10:23:10:28 | call to params | user-provided value |
| tainted_format_string.rb:11:30:11:44 | ...[...] | tainted_format_string.rb:11:30:11:35 | call to params : | tainted_format_string.rb:11:30:11:44 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:11:30:11:35 | call to params | user-provided value |
| tainted_format_string.rb:18:23:18:37 | ...[...] | tainted_format_string.rb:18:23:18:28 | call to params : | tainted_format_string.rb:18:23:18:37 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:18:23:18:28 | call to params | user-provided value |
| tainted_format_string.rb:19:30:19:44 | ...[...] | tainted_format_string.rb:19:30:19:35 | call to params : | tainted_format_string.rb:19:30:19:44 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:19:30:19:35 | call to params | user-provided value |
| tainted_format_string.rb:21:27:21:41 | ...[...] | tainted_format_string.rb:21:27:21:32 | call to params : | tainted_format_string.rb:21:27:21:41 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:21:27:21:32 | call to params | user-provided value |
| tainted_format_string.rb:22:20:22:34 | ...[...] | tainted_format_string.rb:22:20:22:25 | call to params : | tainted_format_string.rb:22:20:22:34 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:22:20:22:25 | call to params | user-provided value |
| tainted_format_string.rb:28:19:28:33 | ...[...] | tainted_format_string.rb:28:19:28:24 | call to params : | tainted_format_string.rb:28:19:28:33 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:28:19:28:24 | call to params | user-provided value |
| tainted_format_string.rb:33:12:33:46 | ... + ... | tainted_format_string.rb:33:32:33:37 | call to params : | tainted_format_string.rb:33:12:33:46 | ... + ... | Format string depends on a $@. | tainted_format_string.rb:33:32:33:37 | call to params | user-provided value |
| tainted_format_string.rb:36:12:36:46 | "A log message: #{...}" | tainted_format_string.rb:36:30:36:35 | call to params : | tainted_format_string.rb:36:12:36:46 | "A log message: #{...}" | Format string depends on a $@. | tainted_format_string.rb:36:30:36:35 | call to params | user-provided value |
| tainted_format_string.rb:39:5:39:45 | "A log message #{...} %{foo}" | tainted_format_string.rb:39:22:39:27 | call to params : | tainted_format_string.rb:39:5:39:45 | "A log message #{...} %{foo}" | Format string depends on a $@. | tainted_format_string.rb:39:22:39:27 | call to params | user-provided value |
| tainted_format_string.rb:42:5:42:43 | "A log message #{...} %08x" | tainted_format_string.rb:42:22:42:27 | call to params : | tainted_format_string.rb:42:5:42:43 | "A log message #{...} %08x" | Format string depends on a $@. | tainted_format_string.rb:42:22:42:27 | call to params | user-provided value |
| tainted_format_string.rb:4:12:4:26 | ...[...] | tainted_format_string.rb:4:12:4:17 | call to params | tainted_format_string.rb:4:12:4:26 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:4:12:4:17 | call to params | user-provided value |
| tainted_format_string.rb:5:19:5:33 | ...[...] | tainted_format_string.rb:5:19:5:24 | call to params | tainted_format_string.rb:5:19:5:33 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:5:19:5:24 | call to params | user-provided value |
| tainted_format_string.rb:10:23:10:37 | ...[...] | tainted_format_string.rb:10:23:10:28 | call to params | tainted_format_string.rb:10:23:10:37 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:10:23:10:28 | call to params | user-provided value |
| tainted_format_string.rb:11:30:11:44 | ...[...] | tainted_format_string.rb:11:30:11:35 | call to params | tainted_format_string.rb:11:30:11:44 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:11:30:11:35 | call to params | user-provided value |
| tainted_format_string.rb:18:23:18:37 | ...[...] | tainted_format_string.rb:18:23:18:28 | call to params | tainted_format_string.rb:18:23:18:37 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:18:23:18:28 | call to params | user-provided value |
| tainted_format_string.rb:19:30:19:44 | ...[...] | tainted_format_string.rb:19:30:19:35 | call to params | tainted_format_string.rb:19:30:19:44 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:19:30:19:35 | call to params | user-provided value |
| tainted_format_string.rb:21:27:21:41 | ...[...] | tainted_format_string.rb:21:27:21:32 | call to params | tainted_format_string.rb:21:27:21:41 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:21:27:21:32 | call to params | user-provided value |
| tainted_format_string.rb:22:20:22:34 | ...[...] | tainted_format_string.rb:22:20:22:25 | call to params | tainted_format_string.rb:22:20:22:34 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:22:20:22:25 | call to params | user-provided value |
| tainted_format_string.rb:28:19:28:33 | ...[...] | tainted_format_string.rb:28:19:28:24 | call to params | tainted_format_string.rb:28:19:28:33 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:28:19:28:24 | call to params | user-provided value |
| tainted_format_string.rb:33:12:33:46 | ... + ... | tainted_format_string.rb:33:32:33:37 | call to params | tainted_format_string.rb:33:12:33:46 | ... + ... | Format string depends on a $@. | tainted_format_string.rb:33:32:33:37 | call to params | user-provided value |
| tainted_format_string.rb:36:12:36:46 | "A log message: #{...}" | tainted_format_string.rb:36:30:36:35 | call to params | tainted_format_string.rb:36:12:36:46 | "A log message: #{...}" | Format string depends on a $@. | tainted_format_string.rb:36:30:36:35 | call to params | user-provided value |
| tainted_format_string.rb:39:5:39:45 | "A log message #{...} %{foo}" | tainted_format_string.rb:39:22:39:27 | call to params | tainted_format_string.rb:39:5:39:45 | "A log message #{...} %{foo}" | Format string depends on a $@. | tainted_format_string.rb:39:22:39:27 | call to params | user-provided value |
| tainted_format_string.rb:42:5:42:43 | "A log message #{...} %08x" | tainted_format_string.rb:42:22:42:27 | call to params | tainted_format_string.rb:42:5:42:43 | "A log message #{...} %08x" | Format string depends on a $@. | tainted_format_string.rb:42:22:42:27 | call to params | user-provided value |

10
ruby/ql/test/query-tests/security/cwe-209/StackTraceExposure.expected
View File

@@ -1,14 +1,14 @@
edges
| StackTraceExposure.rb:11:5:11:6 | bt : | StackTraceExposure.rb:12:18:12:19 | bt |
| StackTraceExposure.rb:11:10:11:17 | call to caller : | StackTraceExposure.rb:11:5:11:6 | bt : |
| StackTraceExposure.rb:11:5:11:6 | bt | StackTraceExposure.rb:12:18:12:19 | bt |
| StackTraceExposure.rb:11:10:11:17 | call to caller | StackTraceExposure.rb:11:5:11:6 | bt |
nodes
| StackTraceExposure.rb:6:18:6:28 | call to backtrace | semmle.label | call to backtrace |
| StackTraceExposure.rb:11:5:11:6 | bt : | semmle.label | bt : |
| StackTraceExposure.rb:11:10:11:17 | call to caller : | semmle.label | call to caller : |
| StackTraceExposure.rb:11:5:11:6 | bt | semmle.label | bt |
| StackTraceExposure.rb:11:10:11:17 | call to caller | semmle.label | call to caller |
| StackTraceExposure.rb:12:18:12:19 | bt | semmle.label | bt |
| StackTraceExposure.rb:18:18:18:28 | call to backtrace | semmle.label | call to backtrace |
subpaths
#select
| StackTraceExposure.rb:6:18:6:28 | call to backtrace | StackTraceExposure.rb:6:18:6:28 | call to backtrace | StackTraceExposure.rb:6:18:6:28 | call to backtrace | $@ can be exposed to an external user. | StackTraceExposure.rb:6:18:6:28 | call to backtrace | Error information |
| StackTraceExposure.rb:12:18:12:19 | bt | StackTraceExposure.rb:11:10:11:17 | call to caller : | StackTraceExposure.rb:12:18:12:19 | bt | $@ can be exposed to an external user. | StackTraceExposure.rb:11:10:11:17 | call to caller | Error information |
| StackTraceExposure.rb:12:18:12:19 | bt | StackTraceExposure.rb:11:10:11:17 | call to caller | StackTraceExposure.rb:12:18:12:19 | bt | $@ can be exposed to an external user. | StackTraceExposure.rb:11:10:11:17 | call to caller | Error information |
| StackTraceExposure.rb:18:18:18:28 | call to backtrace | StackTraceExposure.rb:18:18:18:28 | call to backtrace | StackTraceExposure.rb:18:18:18:28 | call to backtrace | $@ can be exposed to an external user. | StackTraceExposure.rb:18:18:18:28 | call to backtrace | Error information |

176
ruby/ql/test/query-tests/security/cwe-312/CleartextLogging.expected
View File

@@ -1,46 +1,46 @@
edges
| logging.rb:3:1:3:8 | password : | logging.rb:6:20:6:27 | password |
| logging.rb:3:1:3:8 | password : | logging.rb:8:21:8:28 | password |
| logging.rb:3:1:3:8 | password : | logging.rb:10:21:10:28 | password |
| logging.rb:3:1:3:8 | password : | logging.rb:12:21:12:28 | password |
| logging.rb:3:1:3:8 | password : | logging.rb:14:23:14:30 | password |
| logging.rb:3:1:3:8 | password : | logging.rb:16:20:16:27 | password |
| logging.rb:3:1:3:8 | password : | logging.rb:19:33:19:40 | password |
| logging.rb:3:1:3:8 | password : | logging.rb:21:44:21:51 | password |
| logging.rb:3:1:3:8 | password : | logging.rb:23:33:23:40 | password |
| logging.rb:3:1:3:8 | password : | logging.rb:26:18:26:34 | "pw: #{...}" |
| logging.rb:3:1:3:8 | password : | logging.rb:28:26:28:33 | password |
| logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" : | logging.rb:3:1:3:8 | password : |
| logging.rb:30:1:30:4 | hsh1 [element :password] : | logging.rb:38:20:38:23 | hsh1 [element :password] : |
| logging.rb:30:20:30:53 | "aec5058e61f7f122998b1a30ee2c66b6" : | logging.rb:30:1:30:4 | hsh1 [element :password] : |
| logging.rb:34:1:34:4 | [post] hsh2 [element :password] : | logging.rb:35:1:35:4 | hsh3 [element :password] : |
| logging.rb:34:1:34:4 | [post] hsh2 [element :password] : | logging.rb:40:20:40:23 | hsh2 [element :password] : |
| logging.rb:34:19:34:52 | "beeda625d7306b45784d91ea0336e201" : | logging.rb:34:1:34:4 | [post] hsh2 [element :password] : |
| logging.rb:35:1:35:4 | hsh3 [element :password] : | logging.rb:42:20:42:23 | hsh3 [element :password] : |
| logging.rb:38:20:38:23 | hsh1 [element :password] : | logging.rb:38:20:38:34 | ...[...] |
| logging.rb:40:20:40:23 | hsh2 [element :password] : | logging.rb:40:20:40:34 | ...[...] |
| logging.rb:42:20:42:23 | hsh3 [element :password] : | logging.rb:42:20:42:34 | ...[...] |
| logging.rb:64:1:64:31 | password_masked_ineffective_sub : | logging.rb:68:35:68:65 | password_masked_ineffective_sub : |
| logging.rb:64:35:64:68 | "ca497451f5e883662fb1a37bc9ec7838" : | logging.rb:64:1:64:31 | password_masked_ineffective_sub : |
| logging.rb:65:1:65:34 | password_masked_ineffective_sub_ex : | logging.rb:78:20:78:53 | password_masked_ineffective_sub_ex |
| logging.rb:65:38:65:71 | "ca497451f5e883662fb1a37bc9ec7838" : | logging.rb:65:1:65:34 | password_masked_ineffective_sub_ex : |
| logging.rb:66:1:66:32 | password_masked_ineffective_gsub : | logging.rb:70:36:70:67 | password_masked_ineffective_gsub : |
| logging.rb:66:36:66:69 | "a7e3747b19930d4f4b8181047194832f" : | logging.rb:66:1:66:32 | password_masked_ineffective_gsub : |
| logging.rb:67:1:67:35 | password_masked_ineffective_gsub_ex : | logging.rb:80:20:80:54 | password_masked_ineffective_gsub_ex |
| logging.rb:67:39:67:72 | "a7e3747b19930d4f4b8181047194832f" : | logging.rb:67:1:67:35 | password_masked_ineffective_gsub_ex : |
| logging.rb:68:1:68:31 | password_masked_ineffective_sub : | logging.rb:74:20:74:50 | password_masked_ineffective_sub |
| logging.rb:68:35:68:65 | password_masked_ineffective_sub : | logging.rb:68:35:68:88 | call to sub : |
| logging.rb:68:35:68:88 | call to sub : | logging.rb:68:1:68:31 | password_masked_ineffective_sub : |
| logging.rb:70:1:70:32 | password_masked_ineffective_gsub : | logging.rb:76:20:76:51 | password_masked_ineffective_gsub |
| logging.rb:70:36:70:67 | password_masked_ineffective_gsub : | logging.rb:70:36:70:86 | call to gsub : |
| logging.rb:70:36:70:86 | call to gsub : | logging.rb:70:1:70:32 | password_masked_ineffective_gsub : |
| logging.rb:82:9:82:16 | password : | logging.rb:84:15:84:22 | password |
| logging.rb:87:1:87:12 | password_arg : | logging.rb:88:5:88:16 | password_arg : |
| logging.rb:87:16:87:49 | "65f2950df2f0e2c38d7ba2ccca767291" : | logging.rb:87:1:87:12 | password_arg : |
| logging.rb:88:5:88:16 | password_arg : | logging.rb:82:9:82:16 | password : |
| logging.rb:3:1:3:8 | password | logging.rb:6:20:6:27 | password |
| logging.rb:3:1:3:8 | password | logging.rb:8:21:8:28 | password |
| logging.rb:3:1:3:8 | password | logging.rb:10:21:10:28 | password |
| logging.rb:3:1:3:8 | password | logging.rb:12:21:12:28 | password |
| logging.rb:3:1:3:8 | password | logging.rb:14:23:14:30 | password |
| logging.rb:3:1:3:8 | password | logging.rb:16:20:16:27 | password |
| logging.rb:3:1:3:8 | password | logging.rb:19:33:19:40 | password |
| logging.rb:3:1:3:8 | password | logging.rb:21:44:21:51 | password |
| logging.rb:3:1:3:8 | password | logging.rb:23:33:23:40 | password |
| logging.rb:3:1:3:8 | password | logging.rb:26:18:26:34 | "pw: #{...}" |
| logging.rb:3:1:3:8 | password | logging.rb:28:26:28:33 | password |
| logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | logging.rb:3:1:3:8 | password |
| logging.rb:30:1:30:4 | hsh1 [element :password] | logging.rb:38:20:38:23 | hsh1 [element :password] |
| logging.rb:30:20:30:53 | "aec5058e61f7f122998b1a30ee2c66b6" | logging.rb:30:1:30:4 | hsh1 [element :password] |
| logging.rb:34:1:34:4 | [post] hsh2 [element :password] | logging.rb:35:1:35:4 | hsh3 [element :password] |
| logging.rb:34:1:34:4 | [post] hsh2 [element :password] | logging.rb:40:20:40:23 | hsh2 [element :password] |
| logging.rb:34:19:34:52 | "beeda625d7306b45784d91ea0336e201" | logging.rb:34:1:34:4 | [post] hsh2 [element :password] |
| logging.rb:35:1:35:4 | hsh3 [element :password] | logging.rb:42:20:42:23 | hsh3 [element :password] |
| logging.rb:38:20:38:23 | hsh1 [element :password] | logging.rb:38:20:38:34 | ...[...] |
| logging.rb:40:20:40:23 | hsh2 [element :password] | logging.rb:40:20:40:34 | ...[...] |
| logging.rb:42:20:42:23 | hsh3 [element :password] | logging.rb:42:20:42:34 | ...[...] |
| logging.rb:64:1:64:31 | password_masked_ineffective_sub | logging.rb:68:35:68:65 | password_masked_ineffective_sub |
| logging.rb:64:35:64:68 | "ca497451f5e883662fb1a37bc9ec7838" | logging.rb:64:1:64:31 | password_masked_ineffective_sub |
| logging.rb:65:1:65:34 | password_masked_ineffective_sub_ex | logging.rb:78:20:78:53 | password_masked_ineffective_sub_ex |
| logging.rb:65:38:65:71 | "ca497451f5e883662fb1a37bc9ec7838" | logging.rb:65:1:65:34 | password_masked_ineffective_sub_ex |
| logging.rb:66:1:66:32 | password_masked_ineffective_gsub | logging.rb:70:36:70:67 | password_masked_ineffective_gsub |
| logging.rb:66:36:66:69 | "a7e3747b19930d4f4b8181047194832f" | logging.rb:66:1:66:32 | password_masked_ineffective_gsub |
| logging.rb:67:1:67:35 | password_masked_ineffective_gsub_ex | logging.rb:80:20:80:54 | password_masked_ineffective_gsub_ex |
| logging.rb:67:39:67:72 | "a7e3747b19930d4f4b8181047194832f" | logging.rb:67:1:67:35 | password_masked_ineffective_gsub_ex |
| logging.rb:68:1:68:31 | password_masked_ineffective_sub | logging.rb:74:20:74:50 | password_masked_ineffective_sub |
| logging.rb:68:35:68:65 | password_masked_ineffective_sub | logging.rb:68:35:68:88 | call to sub |
| logging.rb:68:35:68:88 | call to sub | logging.rb:68:1:68:31 | password_masked_ineffective_sub |
| logging.rb:70:1:70:32 | password_masked_ineffective_gsub | logging.rb:76:20:76:51 | password_masked_ineffective_gsub |
| logging.rb:70:36:70:67 | password_masked_ineffective_gsub | logging.rb:70:36:70:86 | call to gsub |
| logging.rb:70:36:70:86 | call to gsub | logging.rb:70:1:70:32 | password_masked_ineffective_gsub |
| logging.rb:82:9:82:16 | password | logging.rb:84:15:84:22 | password |
| logging.rb:87:1:87:12 | password_arg | logging.rb:88:5:88:16 | password_arg |
| logging.rb:87:16:87:49 | "65f2950df2f0e2c38d7ba2ccca767291" | logging.rb:87:1:87:12 | password_arg |
| logging.rb:88:5:88:16 | password_arg | logging.rb:82:9:82:16 | password |
nodes
| logging.rb:3:1:3:8 | password : | semmle.label | password : |
| logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" : | semmle.label | "043697b96909e03ca907599d6420555f" : |
| logging.rb:3:1:3:8 | password | semmle.label | password |
| logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | semmle.label | "043697b96909e03ca907599d6420555f" |
| logging.rb:6:20:6:27 | password | semmle.label | password |
| logging.rb:8:21:8:28 | password | semmle.label | password |
| logging.rb:10:21:10:28 | password | semmle.label | password |
@@ -52,61 +52,61 @@ nodes
| logging.rb:23:33:23:40 | password | semmle.label | password |
| logging.rb:26:18:26:34 | "pw: #{...}" | semmle.label | "pw: #{...}" |
| logging.rb:28:26:28:33 | password | semmle.label | password |
| logging.rb:30:1:30:4 | hsh1 [element :password] : | semmle.label | hsh1 [element :password] : |
| logging.rb:30:20:30:53 | "aec5058e61f7f122998b1a30ee2c66b6" : | semmle.label | "aec5058e61f7f122998b1a30ee2c66b6" : |
| logging.rb:34:1:34:4 | [post] hsh2 [element :password] : | semmle.label | [post] hsh2 [element :password] : |
| logging.rb:34:19:34:52 | "beeda625d7306b45784d91ea0336e201" : | semmle.label | "beeda625d7306b45784d91ea0336e201" : |
| logging.rb:35:1:35:4 | hsh3 [element :password] : | semmle.label | hsh3 [element :password] : |
| logging.rb:38:20:38:23 | hsh1 [element :password] : | semmle.label | hsh1 [element :password] : |
| logging.rb:30:1:30:4 | hsh1 [element :password] | semmle.label | hsh1 [element :password] |
| logging.rb:30:20:30:53 | "aec5058e61f7f122998b1a30ee2c66b6" | semmle.label | "aec5058e61f7f122998b1a30ee2c66b6" |
| logging.rb:34:1:34:4 | [post] hsh2 [element :password] | semmle.label | [post] hsh2 [element :password] |
| logging.rb:34:19:34:52 | "beeda625d7306b45784d91ea0336e201" | semmle.label | "beeda625d7306b45784d91ea0336e201" |
| logging.rb:35:1:35:4 | hsh3 [element :password] | semmle.label | hsh3 [element :password] |
| logging.rb:38:20:38:23 | hsh1 [element :password] | semmle.label | hsh1 [element :password] |
| logging.rb:38:20:38:34 | ...[...] | semmle.label | ...[...] |
| logging.rb:40:20:40:23 | hsh2 [element :password] : | semmle.label | hsh2 [element :password] : |
| logging.rb:40:20:40:23 | hsh2 [element :password] | semmle.label | hsh2 [element :password] |
| logging.rb:40:20:40:34 | ...[...] | semmle.label | ...[...] |
| logging.rb:42:20:42:23 | hsh3 [element :password] : | semmle.label | hsh3 [element :password] : |
| logging.rb:42:20:42:23 | hsh3 [element :password] | semmle.label | hsh3 [element :password] |
| logging.rb:42:20:42:34 | ...[...] | semmle.label | ...[...] |
| logging.rb:64:1:64:31 | password_masked_ineffective_sub : | semmle.label | password_masked_ineffective_sub : |
| logging.rb:64:35:64:68 | "ca497451f5e883662fb1a37bc9ec7838" : | semmle.label | "ca497451f5e883662fb1a37bc9ec7838" : |
| logging.rb:65:1:65:34 | password_masked_ineffective_sub_ex : | semmle.label | password_masked_ineffective_sub_ex : |
| logging.rb:65:38:65:71 | "ca497451f5e883662fb1a37bc9ec7838" : | semmle.label | "ca497451f5e883662fb1a37bc9ec7838" : |
| logging.rb:66:1:66:32 | password_masked_ineffective_gsub : | semmle.label | password_masked_ineffective_gsub : |
| logging.rb:66:36:66:69 | "a7e3747b19930d4f4b8181047194832f" : | semmle.label | "a7e3747b19930d4f4b8181047194832f" : |
| logging.rb:67:1:67:35 | password_masked_ineffective_gsub_ex : | semmle.label | password_masked_ineffective_gsub_ex : |
| logging.rb:67:39:67:72 | "a7e3747b19930d4f4b8181047194832f" : | semmle.label | "a7e3747b19930d4f4b8181047194832f" : |
| logging.rb:68:1:68:31 | password_masked_ineffective_sub : | semmle.label | password_masked_ineffective_sub : |
| logging.rb:68:35:68:65 | password_masked_ineffective_sub : | semmle.label | password_masked_ineffective_sub : |
| logging.rb:68:35:68:88 | call to sub : | semmle.label | call to sub : |
| logging.rb:70:1:70:32 | password_masked_ineffective_gsub : | semmle.label | password_masked_ineffective_gsub : |
| logging.rb:70:36:70:67 | password_masked_ineffective_gsub : | semmle.label | password_masked_ineffective_gsub : |
| logging.rb:70:36:70:86 | call to gsub : | semmle.label | call to gsub : |
| logging.rb:64:1:64:31 | password_masked_ineffective_sub | semmle.label | password_masked_ineffective_sub |
| logging.rb:64:35:64:68 | "ca497451f5e883662fb1a37bc9ec7838" | semmle.label | "ca497451f5e883662fb1a37bc9ec7838" |
| logging.rb:65:1:65:34 | password_masked_ineffective_sub_ex | semmle.label | password_masked_ineffective_sub_ex |
| logging.rb:65:38:65:71 | "ca497451f5e883662fb1a37bc9ec7838" | semmle.label | "ca497451f5e883662fb1a37bc9ec7838" |
| logging.rb:66:1:66:32 | password_masked_ineffective_gsub | semmle.label | password_masked_ineffective_gsub |
| logging.rb:66:36:66:69 | "a7e3747b19930d4f4b8181047194832f" | semmle.label | "a7e3747b19930d4f4b8181047194832f" |
| logging.rb:67:1:67:35 | password_masked_ineffective_gsub_ex | semmle.label | password_masked_ineffective_gsub_ex |
| logging.rb:67:39:67:72 | "a7e3747b19930d4f4b8181047194832f" | semmle.label | "a7e3747b19930d4f4b8181047194832f" |
| logging.rb:68:1:68:31 | password_masked_ineffective_sub | semmle.label | password_masked_ineffective_sub |
| logging.rb:68:35:68:65 | password_masked_ineffective_sub | semmle.label | password_masked_ineffective_sub |
| logging.rb:68:35:68:88 | call to sub | semmle.label | call to sub |
| logging.rb:70:1:70:32 | password_masked_ineffective_gsub | semmle.label | password_masked_ineffective_gsub |
| logging.rb:70:36:70:67 | password_masked_ineffective_gsub | semmle.label | password_masked_ineffective_gsub |
| logging.rb:70:36:70:86 | call to gsub | semmle.label | call to gsub |
| logging.rb:74:20:74:50 | password_masked_ineffective_sub | semmle.label | password_masked_ineffective_sub |
| logging.rb:76:20:76:51 | password_masked_ineffective_gsub | semmle.label | password_masked_ineffective_gsub |
| logging.rb:78:20:78:53 | password_masked_ineffective_sub_ex | semmle.label | password_masked_ineffective_sub_ex |
| logging.rb:80:20:80:54 | password_masked_ineffective_gsub_ex | semmle.label | password_masked_ineffective_gsub_ex |
| logging.rb:82:9:82:16 | password : | semmle.label | password : |
| logging.rb:82:9:82:16 | password | semmle.label | password |
| logging.rb:84:15:84:22 | password | semmle.label | password |
| logging.rb:87:1:87:12 | password_arg : | semmle.label | password_arg : |
| logging.rb:87:16:87:49 | "65f2950df2f0e2c38d7ba2ccca767291" : | semmle.label | "65f2950df2f0e2c38d7ba2ccca767291" : |
| logging.rb:88:5:88:16 | password_arg : | semmle.label | password_arg : |
| logging.rb:87:1:87:12 | password_arg | semmle.label | password_arg |
| logging.rb:87:16:87:49 | "65f2950df2f0e2c38d7ba2ccca767291" | semmle.label | "65f2950df2f0e2c38d7ba2ccca767291" |
| logging.rb:88:5:88:16 | password_arg | semmle.label | password_arg |
subpaths
#select
| logging.rb:6:20:6:27 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" : | logging.rb:6:20:6:27 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:8:21:8:28 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" : | logging.rb:8:21:8:28 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:10:21:10:28 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" : | logging.rb:10:21:10:28 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:12:21:12:28 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" : | logging.rb:12:21:12:28 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:14:23:14:30 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" : | logging.rb:14:23:14:30 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:16:20:16:27 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" : | logging.rb:16:20:16:27 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:19:33:19:40 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" : | logging.rb:19:33:19:40 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:21:44:21:51 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" : | logging.rb:21:44:21:51 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:23:33:23:40 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" : | logging.rb:23:33:23:40 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:26:18:26:34 | "pw: #{...}" | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" : | logging.rb:26:18:26:34 | "pw: #{...}" | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:28:26:28:33 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" : | logging.rb:28:26:28:33 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:38:20:38:34 | ...[...] | logging.rb:30:20:30:53 | "aec5058e61f7f122998b1a30ee2c66b6" : | logging.rb:38:20:38:34 | ...[...] | This logs sensitive data returned by $@ as clear text. | logging.rb:30:20:30:53 | "aec5058e61f7f122998b1a30ee2c66b6" | a write to password |
| logging.rb:40:20:40:34 | ...[...] | logging.rb:34:19:34:52 | "beeda625d7306b45784d91ea0336e201" : | logging.rb:40:20:40:34 | ...[...] | This logs sensitive data returned by $@ as clear text. | logging.rb:34:19:34:52 | "beeda625d7306b45784d91ea0336e201" | a write to password |
| logging.rb:42:20:42:34 | ...[...] | logging.rb:34:19:34:52 | "beeda625d7306b45784d91ea0336e201" : | logging.rb:42:20:42:34 | ...[...] | This logs sensitive data returned by $@ as clear text. | logging.rb:34:19:34:52 | "beeda625d7306b45784d91ea0336e201" | a write to password |
| logging.rb:74:20:74:50 | password_masked_ineffective_sub | logging.rb:64:35:64:68 | "ca497451f5e883662fb1a37bc9ec7838" : | logging.rb:74:20:74:50 | password_masked_ineffective_sub | This logs sensitive data returned by $@ as clear text. | logging.rb:64:35:64:68 | "ca497451f5e883662fb1a37bc9ec7838" | an assignment to password_masked_ineffective_sub |
| logging.rb:74:20:74:50 | password_masked_ineffective_sub | logging.rb:68:35:68:88 | call to sub : | logging.rb:74:20:74:50 | password_masked_ineffective_sub | This logs sensitive data returned by $@ as clear text. | logging.rb:68:35:68:88 | call to sub | an assignment to password_masked_ineffective_sub |
| logging.rb:76:20:76:51 | password_masked_ineffective_gsub | logging.rb:66:36:66:69 | "a7e3747b19930d4f4b8181047194832f" : | logging.rb:76:20:76:51 | password_masked_ineffective_gsub | This logs sensitive data returned by $@ as clear text. | logging.rb:66:36:66:69 | "a7e3747b19930d4f4b8181047194832f" | an assignment to password_masked_ineffective_gsub |
| logging.rb:76:20:76:51 | password_masked_ineffective_gsub | logging.rb:70:36:70:86 | call to gsub : | logging.rb:76:20:76:51 | password_masked_ineffective_gsub | This logs sensitive data returned by $@ as clear text. | logging.rb:70:36:70:86 | call to gsub | an assignment to password_masked_ineffective_gsub |
| logging.rb:78:20:78:53 | password_masked_ineffective_sub_ex | logging.rb:65:38:65:71 | "ca497451f5e883662fb1a37bc9ec7838" : | logging.rb:78:20:78:53 | password_masked_ineffective_sub_ex | This logs sensitive data returned by $@ as clear text. | logging.rb:65:38:65:71 | "ca497451f5e883662fb1a37bc9ec7838" | an assignment to password_masked_ineffective_sub_ex |
| logging.rb:80:20:80:54 | password_masked_ineffective_gsub_ex | logging.rb:67:39:67:72 | "a7e3747b19930d4f4b8181047194832f" : | logging.rb:80:20:80:54 | password_masked_ineffective_gsub_ex | This logs sensitive data returned by $@ as clear text. | logging.rb:67:39:67:72 | "a7e3747b19930d4f4b8181047194832f" | an assignment to password_masked_ineffective_gsub_ex |
| logging.rb:6:20:6:27 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | logging.rb:6:20:6:27 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:8:21:8:28 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | logging.rb:8:21:8:28 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:10:21:10:28 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | logging.rb:10:21:10:28 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:12:21:12:28 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | logging.rb:12:21:12:28 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:14:23:14:30 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | logging.rb:14:23:14:30 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:16:20:16:27 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | logging.rb:16:20:16:27 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:19:33:19:40 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | logging.rb:19:33:19:40 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:21:44:21:51 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | logging.rb:21:44:21:51 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:23:33:23:40 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | logging.rb:23:33:23:40 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:26:18:26:34 | "pw: #{...}" | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | logging.rb:26:18:26:34 | "pw: #{...}" | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:28:26:28:33 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | logging.rb:28:26:28:33 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:38:20:38:34 | ...[...] | logging.rb:30:20:30:53 | "aec5058e61f7f122998b1a30ee2c66b6" | logging.rb:38:20:38:34 | ...[...] | This logs sensitive data returned by $@ as clear text. | logging.rb:30:20:30:53 | "aec5058e61f7f122998b1a30ee2c66b6" | a write to password |
| logging.rb:40:20:40:34 | ...[...] | logging.rb:34:19:34:52 | "beeda625d7306b45784d91ea0336e201" | logging.rb:40:20:40:34 | ...[...] | This logs sensitive data returned by $@ as clear text. | logging.rb:34:19:34:52 | "beeda625d7306b45784d91ea0336e201" | a write to password |
| logging.rb:42:20:42:34 | ...[...] | logging.rb:34:19:34:52 | "beeda625d7306b45784d91ea0336e201" | logging.rb:42:20:42:34 | ...[...] | This logs sensitive data returned by $@ as clear text. | logging.rb:34:19:34:52 | "beeda625d7306b45784d91ea0336e201" | a write to password |
| logging.rb:74:20:74:50 | password_masked_ineffective_sub | logging.rb:64:35:64:68 | "ca497451f5e883662fb1a37bc9ec7838" | logging.rb:74:20:74:50 | password_masked_ineffective_sub | This logs sensitive data returned by $@ as clear text. | logging.rb:64:35:64:68 | "ca497451f5e883662fb1a37bc9ec7838" | an assignment to password_masked_ineffective_sub |
| logging.rb:74:20:74:50 | password_masked_ineffective_sub | logging.rb:68:35:68:88 | call to sub | logging.rb:74:20:74:50 | password_masked_ineffective_sub | This logs sensitive data returned by $@ as clear text. | logging.rb:68:35:68:88 | call to sub | an assignment to password_masked_ineffective_sub |
| logging.rb:76:20:76:51 | password_masked_ineffective_gsub | logging.rb:66:36:66:69 | "a7e3747b19930d4f4b8181047194832f" | logging.rb:76:20:76:51 | password_masked_ineffective_gsub | This logs sensitive data returned by $@ as clear text. | logging.rb:66:36:66:69 | "a7e3747b19930d4f4b8181047194832f" | an assignment to password_masked_ineffective_gsub |
| logging.rb:76:20:76:51 | password_masked_ineffective_gsub | logging.rb:70:36:70:86 | call to gsub | logging.rb:76:20:76:51 | password_masked_ineffective_gsub | This logs sensitive data returned by $@ as clear text. | logging.rb:70:36:70:86 | call to gsub | an assignment to password_masked_ineffective_gsub |
| logging.rb:78:20:78:53 | password_masked_ineffective_sub_ex | logging.rb:65:38:65:71 | "ca497451f5e883662fb1a37bc9ec7838" | logging.rb:78:20:78:53 | password_masked_ineffective_sub_ex | This logs sensitive data returned by $@ as clear text. | logging.rb:65:38:65:71 | "ca497451f5e883662fb1a37bc9ec7838" | an assignment to password_masked_ineffective_sub_ex |
| logging.rb:80:20:80:54 | password_masked_ineffective_gsub_ex | logging.rb:67:39:67:72 | "a7e3747b19930d4f4b8181047194832f" | logging.rb:80:20:80:54 | password_masked_ineffective_gsub_ex | This logs sensitive data returned by $@ as clear text. | logging.rb:67:39:67:72 | "a7e3747b19930d4f4b8181047194832f" | an assignment to password_masked_ineffective_gsub_ex |
| logging.rb:84:15:84:22 | password | logging.rb:84:15:84:22 | password | logging.rb:84:15:84:22 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:84:15:84:22 | password | a parameter password |
| logging.rb:84:15:84:22 | password | logging.rb:87:16:87:49 | "65f2950df2f0e2c38d7ba2ccca767291" : | logging.rb:84:15:84:22 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:87:16:87:49 | "65f2950df2f0e2c38d7ba2ccca767291" | an assignment to password_arg |
| logging.rb:84:15:84:22 | password | logging.rb:87:16:87:49 | "65f2950df2f0e2c38d7ba2ccca767291" | logging.rb:84:15:84:22 | password | This logs sensitive data returned by $@ as clear text. | logging.rb:87:16:87:49 | "65f2950df2f0e2c38d7ba2ccca767291" | an assignment to password_arg |

140
ruby/ql/test/query-tests/security/cwe-312/CleartextStorage.expected
View File

@@ -1,96 +1,96 @@
edges
| app/controllers/users_controller.rb:3:5:3:16 | new_password : | app/controllers/users_controller.rb:5:39:5:50 | new_password |
| app/controllers/users_controller.rb:3:5:3:16 | new_password : | app/controllers/users_controller.rb:7:41:7:52 | new_password |
| app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" : | app/controllers/users_controller.rb:3:5:3:16 | new_password : |
| app/controllers/users_controller.rb:11:5:11:16 | new_password : | app/controllers/users_controller.rb:13:42:13:53 | new_password |
| app/controllers/users_controller.rb:11:5:11:16 | new_password : | app/controllers/users_controller.rb:15:49:15:60 | new_password |
| app/controllers/users_controller.rb:11:5:11:16 | new_password : | app/controllers/users_controller.rb:15:49:15:60 | new_password : |
| app/controllers/users_controller.rb:11:5:11:16 | new_password : | app/controllers/users_controller.rb:15:87:15:98 | new_password |
| app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" : | app/controllers/users_controller.rb:11:5:11:16 | new_password : |
| app/controllers/users_controller.rb:15:49:15:60 | new_password : | app/controllers/users_controller.rb:15:87:15:98 | new_password |
| app/controllers/users_controller.rb:19:5:19:16 | new_password : | app/controllers/users_controller.rb:21:45:21:56 | new_password |
| app/controllers/users_controller.rb:19:5:19:16 | new_password : | app/controllers/users_controller.rb:21:45:21:56 | new_password : |
| app/controllers/users_controller.rb:19:5:19:16 | new_password : | app/controllers/users_controller.rb:21:83:21:94 | new_password |
| app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" : | app/controllers/users_controller.rb:19:5:19:16 | new_password : |
| app/controllers/users_controller.rb:21:45:21:56 | new_password : | app/controllers/users_controller.rb:21:83:21:94 | new_password |
| app/controllers/users_controller.rb:26:5:26:16 | new_password : | app/controllers/users_controller.rb:28:27:28:38 | new_password |
| app/controllers/users_controller.rb:26:5:26:16 | new_password : | app/controllers/users_controller.rb:30:28:30:39 | new_password |
| app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" : | app/controllers/users_controller.rb:26:5:26:16 | new_password : |
| app/controllers/users_controller.rb:35:5:35:16 | new_password : | app/controllers/users_controller.rb:37:39:37:50 | new_password |
| app/controllers/users_controller.rb:35:20:35:53 | "ff295f8648a406c37fbe378377320e4c" : | app/controllers/users_controller.rb:35:5:35:16 | new_password : |
| app/controllers/users_controller.rb:42:5:42:16 | new_password : | app/controllers/users_controller.rb:44:21:44:32 | new_password |
| app/controllers/users_controller.rb:42:20:42:53 | "78ffbec583b546bd073efd898f833184" : | app/controllers/users_controller.rb:42:5:42:16 | new_password : |
| app/controllers/users_controller.rb:58:5:58:16 | new_password : | app/controllers/users_controller.rb:61:25:61:53 | "password: #{...}\\n" |
| app/controllers/users_controller.rb:58:5:58:16 | new_password : | app/controllers/users_controller.rb:64:35:64:61 | "password: #{...}" |
| app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" : | app/controllers/users_controller.rb:58:5:58:16 | new_password : |
| app/models/user.rb:3:5:3:16 | new_password : | app/models/user.rb:5:27:5:38 | new_password |
| app/models/user.rb:3:20:3:53 | "06c38c6a8a9c11a9d3b209a3193047b4" : | app/models/user.rb:3:5:3:16 | new_password : |
| app/models/user.rb:9:5:9:16 | new_password : | app/models/user.rb:11:22:11:33 | new_password |
| app/models/user.rb:9:20:9:53 | "52652fb5c709fb6b9b5a0194af7c6067" : | app/models/user.rb:9:5:9:16 | new_password : |
| app/models/user.rb:15:5:15:16 | new_password : | app/models/user.rb:17:21:17:32 | new_password |
| app/models/user.rb:15:20:15:53 | "f982bf2531c149a8a1444a951b12e830" : | app/models/user.rb:15:5:15:16 | new_password : |
| app/controllers/users_controller.rb:3:5:3:16 | new_password | app/controllers/users_controller.rb:5:39:5:50 | new_password |
| app/controllers/users_controller.rb:3:5:3:16 | new_password | app/controllers/users_controller.rb:7:41:7:52 | new_password |
| app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" | app/controllers/users_controller.rb:3:5:3:16 | new_password |
| app/controllers/users_controller.rb:11:5:11:16 | new_password | app/controllers/users_controller.rb:13:42:13:53 | new_password |
| app/controllers/users_controller.rb:11:5:11:16 | new_password | app/controllers/users_controller.rb:15:49:15:60 | new_password |
| app/controllers/users_controller.rb:11:5:11:16 | new_password | app/controllers/users_controller.rb:15:49:15:60 | new_password |
| app/controllers/users_controller.rb:11:5:11:16 | new_password | app/controllers/users_controller.rb:15:87:15:98 | new_password |
| app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | app/controllers/users_controller.rb:11:5:11:16 | new_password |
| app/controllers/users_controller.rb:15:49:15:60 | new_password | app/controllers/users_controller.rb:15:87:15:98 | new_password |
| app/controllers/users_controller.rb:19:5:19:16 | new_password | app/controllers/users_controller.rb:21:45:21:56 | new_password |
| app/controllers/users_controller.rb:19:5:19:16 | new_password | app/controllers/users_controller.rb:21:45:21:56 | new_password |
| app/controllers/users_controller.rb:19:5:19:16 | new_password | app/controllers/users_controller.rb:21:83:21:94 | new_password |
| app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" | app/controllers/users_controller.rb:19:5:19:16 | new_password |
| app/controllers/users_controller.rb:21:45:21:56 | new_password | app/controllers/users_controller.rb:21:83:21:94 | new_password |
| app/controllers/users_controller.rb:26:5:26:16 | new_password | app/controllers/users_controller.rb:28:27:28:38 | new_password |
| app/controllers/users_controller.rb:26:5:26:16 | new_password | app/controllers/users_controller.rb:30:28:30:39 | new_password |
| app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" | app/controllers/users_controller.rb:26:5:26:16 | new_password |
| app/controllers/users_controller.rb:35:5:35:16 | new_password | app/controllers/users_controller.rb:37:39:37:50 | new_password |
| app/controllers/users_controller.rb:35:20:35:53 | "ff295f8648a406c37fbe378377320e4c" | app/controllers/users_controller.rb:35:5:35:16 | new_password |
| app/controllers/users_controller.rb:42:5:42:16 | new_password | app/controllers/users_controller.rb:44:21:44:32 | new_password |
| app/controllers/users_controller.rb:42:20:42:53 | "78ffbec583b546bd073efd898f833184" | app/controllers/users_controller.rb:42:5:42:16 | new_password |
| app/controllers/users_controller.rb:58:5:58:16 | new_password | app/controllers/users_controller.rb:61:25:61:53 | "password: #{...}\\n" |
| app/controllers/users_controller.rb:58:5:58:16 | new_password | app/controllers/users_controller.rb:64:35:64:61 | "password: #{...}" |
| app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" | app/controllers/users_controller.rb:58:5:58:16 | new_password |
| app/models/user.rb:3:5:3:16 | new_password | app/models/user.rb:5:27:5:38 | new_password |
| app/models/user.rb:3:20:3:53 | "06c38c6a8a9c11a9d3b209a3193047b4" | app/models/user.rb:3:5:3:16 | new_password |
| app/models/user.rb:9:5:9:16 | new_password | app/models/user.rb:11:22:11:33 | new_password |
| app/models/user.rb:9:20:9:53 | "52652fb5c709fb6b9b5a0194af7c6067" | app/models/user.rb:9:5:9:16 | new_password |
| app/models/user.rb:15:5:15:16 | new_password | app/models/user.rb:17:21:17:32 | new_password |
| app/models/user.rb:15:20:15:53 | "f982bf2531c149a8a1444a951b12e830" | app/models/user.rb:15:5:15:16 | new_password |
nodes
| app/controllers/users_controller.rb:3:5:3:16 | new_password : | semmle.label | new_password : |
| app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" : | semmle.label | "043697b96909e03ca907599d6420555f" : |
| app/controllers/users_controller.rb:3:5:3:16 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" | semmle.label | "043697b96909e03ca907599d6420555f" |
| app/controllers/users_controller.rb:5:39:5:50 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:7:41:7:52 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:11:5:11:16 | new_password : | semmle.label | new_password : |
| app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" : | semmle.label | "083c9e1da4cc0c2f5480bb4dbe6ff141" : |
| app/controllers/users_controller.rb:11:5:11:16 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | semmle.label | "083c9e1da4cc0c2f5480bb4dbe6ff141" |
| app/controllers/users_controller.rb:13:42:13:53 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:15:49:15:60 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:15:49:15:60 | new_password : | semmle.label | new_password : |
| app/controllers/users_controller.rb:15:49:15:60 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:15:87:15:98 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:19:5:19:16 | new_password : | semmle.label | new_password : |
| app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" : | semmle.label | "504d224a806cf8073cd14ef08242d422" : |
| app/controllers/users_controller.rb:19:5:19:16 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" | semmle.label | "504d224a806cf8073cd14ef08242d422" |
| app/controllers/users_controller.rb:21:45:21:56 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:21:45:21:56 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:21:45:21:56 | new_password : | semmle.label | new_password : |
| app/controllers/users_controller.rb:21:83:21:94 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:26:5:26:16 | new_password : | semmle.label | new_password : |
| app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" : | semmle.label | "7d6ae08394c3f284506dca70f05995f6" : |
| app/controllers/users_controller.rb:26:5:26:16 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" | semmle.label | "7d6ae08394c3f284506dca70f05995f6" |
| app/controllers/users_controller.rb:28:27:28:38 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:30:28:30:39 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:35:5:35:16 | new_password : | semmle.label | new_password : |
| app/controllers/users_controller.rb:35:20:35:53 | "ff295f8648a406c37fbe378377320e4c" : | semmle.label | "ff295f8648a406c37fbe378377320e4c" : |
| app/controllers/users_controller.rb:35:5:35:16 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:35:20:35:53 | "ff295f8648a406c37fbe378377320e4c" | semmle.label | "ff295f8648a406c37fbe378377320e4c" |
| app/controllers/users_controller.rb:37:39:37:50 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:42:5:42:16 | new_password : | semmle.label | new_password : |
| app/controllers/users_controller.rb:42:20:42:53 | "78ffbec583b546bd073efd898f833184" : | semmle.label | "78ffbec583b546bd073efd898f833184" : |
| app/controllers/users_controller.rb:42:5:42:16 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:42:20:42:53 | "78ffbec583b546bd073efd898f833184" | semmle.label | "78ffbec583b546bd073efd898f833184" |
| app/controllers/users_controller.rb:44:21:44:32 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:58:5:58:16 | new_password : | semmle.label | new_password : |
| app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" : | semmle.label | "0157af7c38cbdd24f1616de4e5321861" : |
| app/controllers/users_controller.rb:58:5:58:16 | new_password | semmle.label | new_password |
| app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" | semmle.label | "0157af7c38cbdd24f1616de4e5321861" |
| app/controllers/users_controller.rb:61:25:61:53 | "password: #{...}\\n" | semmle.label | "password: #{...}\\n" |
| app/controllers/users_controller.rb:64:35:64:61 | "password: #{...}" | semmle.label | "password: #{...}" |
| app/models/user.rb:3:5:3:16 | new_password : | semmle.label | new_password : |
| app/models/user.rb:3:20:3:53 | "06c38c6a8a9c11a9d3b209a3193047b4" : | semmle.label | "06c38c6a8a9c11a9d3b209a3193047b4" : |
| app/models/user.rb:3:5:3:16 | new_password | semmle.label | new_password |
| app/models/user.rb:3:20:3:53 | "06c38c6a8a9c11a9d3b209a3193047b4" | semmle.label | "06c38c6a8a9c11a9d3b209a3193047b4" |
| app/models/user.rb:5:27:5:38 | new_password | semmle.label | new_password |
| app/models/user.rb:9:5:9:16 | new_password : | semmle.label | new_password : |
| app/models/user.rb:9:20:9:53 | "52652fb5c709fb6b9b5a0194af7c6067" : | semmle.label | "52652fb5c709fb6b9b5a0194af7c6067" : |
| app/models/user.rb:9:5:9:16 | new_password | semmle.label | new_password |
| app/models/user.rb:9:20:9:53 | "52652fb5c709fb6b9b5a0194af7c6067" | semmle.label | "52652fb5c709fb6b9b5a0194af7c6067" |
| app/models/user.rb:11:22:11:33 | new_password | semmle.label | new_password |
| app/models/user.rb:15:5:15:16 | new_password : | semmle.label | new_password : |
| app/models/user.rb:15:20:15:53 | "f982bf2531c149a8a1444a951b12e830" : | semmle.label | "f982bf2531c149a8a1444a951b12e830" : |
| app/models/user.rb:15:5:15:16 | new_password | semmle.label | new_password |
| app/models/user.rb:15:20:15:53 | "f982bf2531c149a8a1444a951b12e830" | semmle.label | "f982bf2531c149a8a1444a951b12e830" |
| app/models/user.rb:17:21:17:32 | new_password | semmle.label | new_password |
subpaths
#select
| app/controllers/users_controller.rb:5:39:5:50 | new_password | app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" : | app/controllers/users_controller.rb:5:39:5:50 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" | an assignment to new_password |
| app/controllers/users_controller.rb:7:41:7:52 | new_password | app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" : | app/controllers/users_controller.rb:7:41:7:52 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" | an assignment to new_password |
| app/controllers/users_controller.rb:5:39:5:50 | new_password | app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" | app/controllers/users_controller.rb:5:39:5:50 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" | an assignment to new_password |
| app/controllers/users_controller.rb:7:41:7:52 | new_password | app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" | app/controllers/users_controller.rb:7:41:7:52 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" | an assignment to new_password |
| app/controllers/users_controller.rb:7:41:7:52 | new_password | app/controllers/users_controller.rb:7:41:7:52 | new_password | app/controllers/users_controller.rb:7:41:7:52 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:7:41:7:52 | new_password | a write to password |
| app/controllers/users_controller.rb:13:42:13:53 | new_password | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" : | app/controllers/users_controller.rb:13:42:13:53 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | an assignment to new_password |
| app/controllers/users_controller.rb:15:49:15:60 | new_password | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" : | app/controllers/users_controller.rb:15:49:15:60 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | an assignment to new_password |
| app/controllers/users_controller.rb:13:42:13:53 | new_password | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | app/controllers/users_controller.rb:13:42:13:53 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | an assignment to new_password |
| app/controllers/users_controller.rb:15:49:15:60 | new_password | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | app/controllers/users_controller.rb:15:49:15:60 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | an assignment to new_password |
| app/controllers/users_controller.rb:15:49:15:60 | new_password | app/controllers/users_controller.rb:15:49:15:60 | new_password | app/controllers/users_controller.rb:15:49:15:60 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:15:49:15:60 | new_password | a write to password |
| app/controllers/users_controller.rb:15:87:15:98 | new_password | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" : | app/controllers/users_controller.rb:15:87:15:98 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | an assignment to new_password |
| app/controllers/users_controller.rb:15:87:15:98 | new_password | app/controllers/users_controller.rb:15:49:15:60 | new_password : | app/controllers/users_controller.rb:15:87:15:98 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:15:49:15:60 | new_password | a write to password |
| app/controllers/users_controller.rb:15:87:15:98 | new_password | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | app/controllers/users_controller.rb:15:87:15:98 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | an assignment to new_password |
| app/controllers/users_controller.rb:15:87:15:98 | new_password | app/controllers/users_controller.rb:15:49:15:60 | new_password | app/controllers/users_controller.rb:15:87:15:98 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:15:49:15:60 | new_password | a write to password |
| app/controllers/users_controller.rb:15:87:15:98 | new_password | app/controllers/users_controller.rb:15:87:15:98 | new_password | app/controllers/users_controller.rb:15:87:15:98 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:15:87:15:98 | new_password | a write to password |
| app/controllers/users_controller.rb:21:45:21:56 | new_password | app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" : | app/controllers/users_controller.rb:21:45:21:56 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" | an assignment to new_password |
| app/controllers/users_controller.rb:21:45:21:56 | new_password | app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" | app/controllers/users_controller.rb:21:45:21:56 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" | an assignment to new_password |
| app/controllers/users_controller.rb:21:45:21:56 | new_password | app/controllers/users_controller.rb:21:45:21:56 | new_password | app/controllers/users_controller.rb:21:45:21:56 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:21:45:21:56 | new_password | a write to password |
| app/controllers/users_controller.rb:21:83:21:94 | new_password | app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" : | app/controllers/users_controller.rb:21:83:21:94 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" | an assignment to new_password |
| app/controllers/users_controller.rb:21:83:21:94 | new_password | app/controllers/users_controller.rb:21:45:21:56 | new_password : | app/controllers/users_controller.rb:21:83:21:94 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:21:45:21:56 | new_password | a write to password |
| app/controllers/users_controller.rb:21:83:21:94 | new_password | app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" | app/controllers/users_controller.rb:21:83:21:94 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" | an assignment to new_password |
| app/controllers/users_controller.rb:21:83:21:94 | new_password | app/controllers/users_controller.rb:21:45:21:56 | new_password | app/controllers/users_controller.rb:21:83:21:94 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:21:45:21:56 | new_password | a write to password |
| app/controllers/users_controller.rb:21:83:21:94 | new_password | app/controllers/users_controller.rb:21:83:21:94 | new_password | app/controllers/users_controller.rb:21:83:21:94 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:21:83:21:94 | new_password | a write to password |
| app/controllers/users_controller.rb:28:27:28:38 | new_password | app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" : | app/controllers/users_controller.rb:28:27:28:38 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" | an assignment to new_password |
| app/controllers/users_controller.rb:30:28:30:39 | new_password | app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" : | app/controllers/users_controller.rb:30:28:30:39 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" | an assignment to new_password |
| app/controllers/users_controller.rb:28:27:28:38 | new_password | app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" | app/controllers/users_controller.rb:28:27:28:38 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" | an assignment to new_password |
| app/controllers/users_controller.rb:30:28:30:39 | new_password | app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" | app/controllers/users_controller.rb:30:28:30:39 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" | an assignment to new_password |
| app/controllers/users_controller.rb:30:28:30:39 | new_password | app/controllers/users_controller.rb:30:28:30:39 | new_password | app/controllers/users_controller.rb:30:28:30:39 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:30:28:30:39 | new_password | a write to password |
| app/controllers/users_controller.rb:37:39:37:50 | new_password | app/controllers/users_controller.rb:35:20:35:53 | "ff295f8648a406c37fbe378377320e4c" : | app/controllers/users_controller.rb:37:39:37:50 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:35:20:35:53 | "ff295f8648a406c37fbe378377320e4c" | an assignment to new_password |
| app/controllers/users_controller.rb:44:21:44:32 | new_password | app/controllers/users_controller.rb:42:20:42:53 | "78ffbec583b546bd073efd898f833184" : | app/controllers/users_controller.rb:44:21:44:32 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:42:20:42:53 | "78ffbec583b546bd073efd898f833184" | an assignment to new_password |
| app/controllers/users_controller.rb:61:25:61:53 | "password: #{...}\\n" | app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" : | app/controllers/users_controller.rb:61:25:61:53 | "password: #{...}\\n" | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" | an assignment to new_password |
| app/controllers/users_controller.rb:64:35:64:61 | "password: #{...}" | app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" : | app/controllers/users_controller.rb:64:35:64:61 | "password: #{...}" | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" | an assignment to new_password |
| app/models/user.rb:5:27:5:38 | new_password | app/models/user.rb:3:20:3:53 | "06c38c6a8a9c11a9d3b209a3193047b4" : | app/models/user.rb:5:27:5:38 | new_password | This stores sensitive data returned by $@ as clear text. | app/models/user.rb:3:20:3:53 | "06c38c6a8a9c11a9d3b209a3193047b4" | an assignment to new_password |
| app/models/user.rb:11:22:11:33 | new_password | app/models/user.rb:9:20:9:53 | "52652fb5c709fb6b9b5a0194af7c6067" : | app/models/user.rb:11:22:11:33 | new_password | This stores sensitive data returned by $@ as clear text. | app/models/user.rb:9:20:9:53 | "52652fb5c709fb6b9b5a0194af7c6067" | an assignment to new_password |
| app/models/user.rb:17:21:17:32 | new_password | app/models/user.rb:15:20:15:53 | "f982bf2531c149a8a1444a951b12e830" : | app/models/user.rb:17:21:17:32 | new_password | This stores sensitive data returned by $@ as clear text. | app/models/user.rb:15:20:15:53 | "f982bf2531c149a8a1444a951b12e830" | an assignment to new_password |
| app/controllers/users_controller.rb:37:39:37:50 | new_password | app/controllers/users_controller.rb:35:20:35:53 | "ff295f8648a406c37fbe378377320e4c" | app/controllers/users_controller.rb:37:39:37:50 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:35:20:35:53 | "ff295f8648a406c37fbe378377320e4c" | an assignment to new_password |
| app/controllers/users_controller.rb:44:21:44:32 | new_password | app/controllers/users_controller.rb:42:20:42:53 | "78ffbec583b546bd073efd898f833184" | app/controllers/users_controller.rb:44:21:44:32 | new_password | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:42:20:42:53 | "78ffbec583b546bd073efd898f833184" | an assignment to new_password |
| app/controllers/users_controller.rb:61:25:61:53 | "password: #{...}\\n" | app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" | app/controllers/users_controller.rb:61:25:61:53 | "password: #{...}\\n" | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" | an assignment to new_password |
| app/controllers/users_controller.rb:64:35:64:61 | "password: #{...}" | app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" | app/controllers/users_controller.rb:64:35:64:61 | "password: #{...}" | This stores sensitive data returned by $@ as clear text. | app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" | an assignment to new_password |
| app/models/user.rb:5:27:5:38 | new_password | app/models/user.rb:3:20:3:53 | "06c38c6a8a9c11a9d3b209a3193047b4" | app/models/user.rb:5:27:5:38 | new_password | This stores sensitive data returned by $@ as clear text. | app/models/user.rb:3:20:3:53 | "06c38c6a8a9c11a9d3b209a3193047b4" | an assignment to new_password |
| app/models/user.rb:11:22:11:33 | new_password | app/models/user.rb:9:20:9:53 | "52652fb5c709fb6b9b5a0194af7c6067" | app/models/user.rb:11:22:11:33 | new_password | This stores sensitive data returned by $@ as clear text. | app/models/user.rb:9:20:9:53 | "52652fb5c709fb6b9b5a0194af7c6067" | an assignment to new_password |
| app/models/user.rb:17:21:17:32 | new_password | app/models/user.rb:15:20:15:53 | "f982bf2531c149a8a1444a951b12e830" | app/models/user.rb:17:21:17:32 | new_password | This stores sensitive data returned by $@ as clear text. | app/models/user.rb:15:20:15:53 | "f982bf2531c149a8a1444a951b12e830" | an assignment to new_password |

14
ruby/ql/test/query-tests/security/cwe-502/oj-global-options/UnsafeDeserialization.expected
View File

@@ -1,12 +1,12 @@
edges
| OjGlobalOptions.rb:13:5:13:13 | json_data : | OjGlobalOptions.rb:14:22:14:30 | json_data |
| OjGlobalOptions.rb:13:17:13:22 | call to params : | OjGlobalOptions.rb:13:17:13:28 | ...[...] : |
| OjGlobalOptions.rb:13:17:13:28 | ...[...] : | OjGlobalOptions.rb:13:5:13:13 | json_data : |
| OjGlobalOptions.rb:13:5:13:13 | json_data | OjGlobalOptions.rb:14:22:14:30 | json_data |
| OjGlobalOptions.rb:13:17:13:22 | call to params | OjGlobalOptions.rb:13:17:13:28 | ...[...] |
| OjGlobalOptions.rb:13:17:13:28 | ...[...] | OjGlobalOptions.rb:13:5:13:13 | json_data |
nodes
| OjGlobalOptions.rb:13:5:13:13 | json_data : | semmle.label | json_data : |
| OjGlobalOptions.rb:13:17:13:22 | call to params : | semmle.label | call to params : |
| OjGlobalOptions.rb:13:17:13:28 | ...[...] : | semmle.label | ...[...] : |
| OjGlobalOptions.rb:13:5:13:13 | json_data | semmle.label | json_data |
| OjGlobalOptions.rb:13:17:13:22 | call to params | semmle.label | call to params |
| OjGlobalOptions.rb:13:17:13:28 | ...[...] | semmle.label | ...[...] |
| OjGlobalOptions.rb:14:22:14:30 | json_data | semmle.label | json_data |
subpaths
#select
| OjGlobalOptions.rb:14:22:14:30 | json_data | OjGlobalOptions.rb:13:17:13:22 | call to params : | OjGlobalOptions.rb:14:22:14:30 | json_data | Unsafe deserialization depends on a $@. | OjGlobalOptions.rb:13:17:13:22 | call to params | user-provided value |
| OjGlobalOptions.rb:14:22:14:30 | json_data | OjGlobalOptions.rb:13:17:13:22 | call to params | OjGlobalOptions.rb:14:22:14:30 | json_data | Unsafe deserialization depends on a $@. | OjGlobalOptions.rb:13:17:13:22 | call to params | user-provided value |

138
ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.expected
View File

@@ -1,73 +1,73 @@
edges
| UnsafeDeserialization.rb:10:5:10:19 | serialized_data : | UnsafeDeserialization.rb:11:27:11:41 | serialized_data |
| UnsafeDeserialization.rb:10:23:10:50 | call to decode64 : | UnsafeDeserialization.rb:10:5:10:19 | serialized_data : |
| UnsafeDeserialization.rb:10:39:10:44 | call to params : | UnsafeDeserialization.rb:10:39:10:50 | ...[...] : |
| UnsafeDeserialization.rb:10:39:10:50 | ...[...] : | UnsafeDeserialization.rb:10:23:10:50 | call to decode64 : |
| UnsafeDeserialization.rb:16:5:16:19 | serialized_data : | UnsafeDeserialization.rb:17:30:17:44 | serialized_data |
| UnsafeDeserialization.rb:16:23:16:50 | call to decode64 : | UnsafeDeserialization.rb:16:5:16:19 | serialized_data : |
| UnsafeDeserialization.rb:16:39:16:44 | call to params : | UnsafeDeserialization.rb:16:39:16:50 | ...[...] : |
| UnsafeDeserialization.rb:16:39:16:50 | ...[...] : | UnsafeDeserialization.rb:16:23:16:50 | call to decode64 : |
| UnsafeDeserialization.rb:22:5:22:13 | json_data : | UnsafeDeserialization.rb:23:24:23:32 | json_data |
| UnsafeDeserialization.rb:22:17:22:22 | call to params : | UnsafeDeserialization.rb:22:17:22:28 | ...[...] : |
| UnsafeDeserialization.rb:22:17:22:28 | ...[...] : | UnsafeDeserialization.rb:22:5:22:13 | json_data : |
| UnsafeDeserialization.rb:28:5:28:13 | json_data : | UnsafeDeserialization.rb:29:27:29:35 | json_data |
| UnsafeDeserialization.rb:28:17:28:22 | call to params : | UnsafeDeserialization.rb:28:17:28:28 | ...[...] : |
| UnsafeDeserialization.rb:28:17:28:28 | ...[...] : | UnsafeDeserialization.rb:28:5:28:13 | json_data : |
| UnsafeDeserialization.rb:40:5:40:13 | yaml_data : | UnsafeDeserialization.rb:41:24:41:32 | yaml_data |
| UnsafeDeserialization.rb:40:17:40:22 | call to params : | UnsafeDeserialization.rb:40:17:40:28 | ...[...] : |
| UnsafeDeserialization.rb:40:17:40:28 | ...[...] : | UnsafeDeserialization.rb:40:5:40:13 | yaml_data : |
| UnsafeDeserialization.rb:52:5:52:13 | json_data : | UnsafeDeserialization.rb:53:22:53:30 | json_data |
| UnsafeDeserialization.rb:52:5:52:13 | json_data : | UnsafeDeserialization.rb:54:22:54:30 | json_data |
| UnsafeDeserialization.rb:52:17:52:22 | call to params : | UnsafeDeserialization.rb:52:17:52:28 | ...[...] : |
| UnsafeDeserialization.rb:52:17:52:28 | ...[...] : | UnsafeDeserialization.rb:52:5:52:13 | json_data : |
| UnsafeDeserialization.rb:59:5:59:13 | json_data : | UnsafeDeserialization.rb:69:23:69:31 | json_data |
| UnsafeDeserialization.rb:59:17:59:22 | call to params : | UnsafeDeserialization.rb:59:17:59:28 | ...[...] : |
| UnsafeDeserialization.rb:59:17:59:28 | ...[...] : | UnsafeDeserialization.rb:59:5:59:13 | json_data : |
| UnsafeDeserialization.rb:81:5:81:7 | xml : | UnsafeDeserialization.rb:82:34:82:36 | xml |
| UnsafeDeserialization.rb:81:11:81:16 | call to params : | UnsafeDeserialization.rb:81:11:81:22 | ...[...] : |
| UnsafeDeserialization.rb:81:11:81:22 | ...[...] : | UnsafeDeserialization.rb:81:5:81:7 | xml : |
| UnsafeDeserialization.rb:87:5:87:13 | yaml_data : | UnsafeDeserialization.rb:88:25:88:33 | yaml_data |
| UnsafeDeserialization.rb:87:17:87:22 | call to params : | UnsafeDeserialization.rb:87:17:87:28 | ...[...] : |
| UnsafeDeserialization.rb:87:17:87:28 | ...[...] : | UnsafeDeserialization.rb:87:5:87:13 | yaml_data : |
| UnsafeDeserialization.rb:10:5:10:19 | serialized_data | UnsafeDeserialization.rb:11:27:11:41 | serialized_data |
| UnsafeDeserialization.rb:10:23:10:50 | call to decode64 | UnsafeDeserialization.rb:10:5:10:19 | serialized_data |
| UnsafeDeserialization.rb:10:39:10:44 | call to params | UnsafeDeserialization.rb:10:39:10:50 | ...[...] |
| UnsafeDeserialization.rb:10:39:10:50 | ...[...] | UnsafeDeserialization.rb:10:23:10:50 | call to decode64 |
| UnsafeDeserialization.rb:16:5:16:19 | serialized_data | UnsafeDeserialization.rb:17:30:17:44 | serialized_data |
| UnsafeDeserialization.rb:16:23:16:50 | call to decode64 | UnsafeDeserialization.rb:16:5:16:19 | serialized_data |
| UnsafeDeserialization.rb:16:39:16:44 | call to params | UnsafeDeserialization.rb:16:39:16:50 | ...[...] |
| UnsafeDeserialization.rb:16:39:16:50 | ...[...] | UnsafeDeserialization.rb:16:23:16:50 | call to decode64 |
| UnsafeDeserialization.rb:22:5:22:13 | json_data | UnsafeDeserialization.rb:23:24:23:32 | json_data |
| UnsafeDeserialization.rb:22:17:22:22 | call to params | UnsafeDeserialization.rb:22:17:22:28 | ...[...] |
| UnsafeDeserialization.rb:22:17:22:28 | ...[...] | UnsafeDeserialization.rb:22:5:22:13 | json_data |
| UnsafeDeserialization.rb:28:5:28:13 | json_data | UnsafeDeserialization.rb:29:27:29:35 | json_data |
| UnsafeDeserialization.rb:28:17:28:22 | call to params | UnsafeDeserialization.rb:28:17:28:28 | ...[...] |
| UnsafeDeserialization.rb:28:17:28:28 | ...[...] | UnsafeDeserialization.rb:28:5:28:13 | json_data |
| UnsafeDeserialization.rb:40:5:40:13 | yaml_data | UnsafeDeserialization.rb:41:24:41:32 | yaml_data |
| UnsafeDeserialization.rb:40:17:40:22 | call to params | UnsafeDeserialization.rb:40:17:40:28 | ...[...] |
| UnsafeDeserialization.rb:40:17:40:28 | ...[...] | UnsafeDeserialization.rb:40:5:40:13 | yaml_data |
| UnsafeDeserialization.rb:52:5:52:13 | json_data | UnsafeDeserialization.rb:53:22:53:30 | json_data |
| UnsafeDeserialization.rb:52:5:52:13 | json_data | UnsafeDeserialization.rb:54:22:54:30 | json_data |
| UnsafeDeserialization.rb:52:17:52:22 | call to params | UnsafeDeserialization.rb:52:17:52:28 | ...[...] |
| UnsafeDeserialization.rb:52:17:52:28 | ...[...] | UnsafeDeserialization.rb:52:5:52:13 | json_data |
| UnsafeDeserialization.rb:59:5:59:13 | json_data | UnsafeDeserialization.rb:69:23:69:31 | json_data |
| UnsafeDeserialization.rb:59:17:59:22 | call to params | UnsafeDeserialization.rb:59:17:59:28 | ...[...] |
| UnsafeDeserialization.rb:59:17:59:28 | ...[...] | UnsafeDeserialization.rb:59:5:59:13 | json_data |
| UnsafeDeserialization.rb:81:5:81:7 | xml | UnsafeDeserialization.rb:82:34:82:36 | xml |
| UnsafeDeserialization.rb:81:11:81:16 | call to params | UnsafeDeserialization.rb:81:11:81:22 | ...[...] |
| UnsafeDeserialization.rb:81:11:81:22 | ...[...] | UnsafeDeserialization.rb:81:5:81:7 | xml |
| UnsafeDeserialization.rb:87:5:87:13 | yaml_data | UnsafeDeserialization.rb:88:25:88:33 | yaml_data |
| UnsafeDeserialization.rb:87:17:87:22 | call to params | UnsafeDeserialization.rb:87:17:87:28 | ...[...] |
| UnsafeDeserialization.rb:87:17:87:28 | ...[...] | UnsafeDeserialization.rb:87:5:87:13 | yaml_data |
nodes
| UnsafeDeserialization.rb:10:5:10:19 | serialized_data : | semmle.label | serialized_data : |
| UnsafeDeserialization.rb:10:23:10:50 | call to decode64 : | semmle.label | call to decode64 : |
| UnsafeDeserialization.rb:10:39:10:44 | call to params : | semmle.label | call to params : |
| UnsafeDeserialization.rb:10:39:10:50 | ...[...] : | semmle.label | ...[...] : |
| UnsafeDeserialization.rb:10:5:10:19 | serialized_data | semmle.label | serialized_data |
| UnsafeDeserialization.rb:10:23:10:50 | call to decode64 | semmle.label | call to decode64 |
| UnsafeDeserialization.rb:10:39:10:44 | call to params | semmle.label | call to params |
| UnsafeDeserialization.rb:10:39:10:50 | ...[...] | semmle.label | ...[...] |
| UnsafeDeserialization.rb:11:27:11:41 | serialized_data | semmle.label | serialized_data |
| UnsafeDeserialization.rb:16:5:16:19 | serialized_data : | semmle.label | serialized_data : |
| UnsafeDeserialization.rb:16:23:16:50 | call to decode64 : | semmle.label | call to decode64 : |
| UnsafeDeserialization.rb:16:39:16:44 | call to params : | semmle.label | call to params : |
| UnsafeDeserialization.rb:16:39:16:50 | ...[...] : | semmle.label | ...[...] : |
| UnsafeDeserialization.rb:16:5:16:19 | serialized_data | semmle.label | serialized_data |
| UnsafeDeserialization.rb:16:23:16:50 | call to decode64 | semmle.label | call to decode64 |
| UnsafeDeserialization.rb:16:39:16:44 | call to params | semmle.label | call to params |
| UnsafeDeserialization.rb:16:39:16:50 | ...[...] | semmle.label | ...[...] |
| UnsafeDeserialization.rb:17:30:17:44 | serialized_data | semmle.label | serialized_data |
| UnsafeDeserialization.rb:22:5:22:13 | json_data : | semmle.label | json_data : |
| UnsafeDeserialization.rb:22:17:22:22 | call to params : | semmle.label | call to params : |
| UnsafeDeserialization.rb:22:17:22:28 | ...[...] : | semmle.label | ...[...] : |
| UnsafeDeserialization.rb:22:5:22:13 | json_data | semmle.label | json_data |
| UnsafeDeserialization.rb:22:17:22:22 | call to params | semmle.label | call to params |
| UnsafeDeserialization.rb:22:17:22:28 | ...[...] | semmle.label | ...[...] |
| UnsafeDeserialization.rb:23:24:23:32 | json_data | semmle.label | json_data |
| UnsafeDeserialization.rb:28:5:28:13 | json_data : | semmle.label | json_data : |
| UnsafeDeserialization.rb:28:17:28:22 | call to params : | semmle.label | call to params : |
| UnsafeDeserialization.rb:28:17:28:28 | ...[...] : | semmle.label | ...[...] : |
| UnsafeDeserialization.rb:28:5:28:13 | json_data | semmle.label | json_data |
| UnsafeDeserialization.rb:28:17:28:22 | call to params | semmle.label | call to params |
| UnsafeDeserialization.rb:28:17:28:28 | ...[...] | semmle.label | ...[...] |
| UnsafeDeserialization.rb:29:27:29:35 | json_data | semmle.label | json_data |
| UnsafeDeserialization.rb:40:5:40:13 | yaml_data : | semmle.label | yaml_data : |
| UnsafeDeserialization.rb:40:17:40:22 | call to params : | semmle.label | call to params : |
| UnsafeDeserialization.rb:40:17:40:28 | ...[...] : | semmle.label | ...[...] : |
| UnsafeDeserialization.rb:40:5:40:13 | yaml_data | semmle.label | yaml_data |
| UnsafeDeserialization.rb:40:17:40:22 | call to params | semmle.label | call to params |
| UnsafeDeserialization.rb:40:17:40:28 | ...[...] | semmle.label | ...[...] |
| UnsafeDeserialization.rb:41:24:41:32 | yaml_data | semmle.label | yaml_data |
| UnsafeDeserialization.rb:52:5:52:13 | json_data : | semmle.label | json_data : |
| UnsafeDeserialization.rb:52:17:52:22 | call to params : | semmle.label | call to params : |
| UnsafeDeserialization.rb:52:17:52:28 | ...[...] : | semmle.label | ...[...] : |
| UnsafeDeserialization.rb:52:5:52:13 | json_data | semmle.label | json_data |
| UnsafeDeserialization.rb:52:17:52:22 | call to params | semmle.label | call to params |
| UnsafeDeserialization.rb:52:17:52:28 | ...[...] | semmle.label | ...[...] |
| UnsafeDeserialization.rb:53:22:53:30 | json_data | semmle.label | json_data |
| UnsafeDeserialization.rb:54:22:54:30 | json_data | semmle.label | json_data |
| UnsafeDeserialization.rb:59:5:59:13 | json_data : | semmle.label | json_data : |
| UnsafeDeserialization.rb:59:17:59:22 | call to params : | semmle.label | call to params : |
| UnsafeDeserialization.rb:59:17:59:28 | ...[...] : | semmle.label | ...[...] : |
| UnsafeDeserialization.rb:59:5:59:13 | json_data | semmle.label | json_data |
| UnsafeDeserialization.rb:59:17:59:22 | call to params | semmle.label | call to params |
| UnsafeDeserialization.rb:59:17:59:28 | ...[...] | semmle.label | ...[...] |
| UnsafeDeserialization.rb:69:23:69:31 | json_data | semmle.label | json_data |
| UnsafeDeserialization.rb:81:5:81:7 | xml : | semmle.label | xml : |
| UnsafeDeserialization.rb:81:11:81:16 | call to params : | semmle.label | call to params : |
| UnsafeDeserialization.rb:81:11:81:22 | ...[...] : | semmle.label | ...[...] : |
| UnsafeDeserialization.rb:81:5:81:7 | xml | semmle.label | xml |
| UnsafeDeserialization.rb:81:11:81:16 | call to params | semmle.label | call to params |
| UnsafeDeserialization.rb:81:11:81:22 | ...[...] | semmle.label | ...[...] |
| UnsafeDeserialization.rb:82:34:82:36 | xml | semmle.label | xml |
| UnsafeDeserialization.rb:87:5:87:13 | yaml_data : | semmle.label | yaml_data : |
| UnsafeDeserialization.rb:87:17:87:22 | call to params : | semmle.label | call to params : |
| UnsafeDeserialization.rb:87:17:87:28 | ...[...] : | semmle.label | ...[...] : |
| UnsafeDeserialization.rb:87:5:87:13 | yaml_data | semmle.label | yaml_data |
| UnsafeDeserialization.rb:87:17:87:22 | call to params | semmle.label | call to params |
| UnsafeDeserialization.rb:87:17:87:28 | ...[...] | semmle.label | ...[...] |
| UnsafeDeserialization.rb:88:25:88:33 | yaml_data | semmle.label | yaml_data |
| UnsafeDeserialization.rb:92:24:92:34 | call to read | semmle.label | call to read |
| UnsafeDeserialization.rb:95:24:95:33 | call to gets | semmle.label | call to gets |
@@ -76,16 +76,16 @@ nodes
| UnsafeDeserialization.rb:104:24:104:32 | call to readlines | semmle.label | call to readlines |
subpaths
#select
| UnsafeDeserialization.rb:11:27:11:41 | serialized_data | UnsafeDeserialization.rb:10:39:10:44 | call to params : | UnsafeDeserialization.rb:11:27:11:41 | serialized_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:10:39:10:44 | call to params | user-provided value |
| UnsafeDeserialization.rb:17:30:17:44 | serialized_data | UnsafeDeserialization.rb:16:39:16:44 | call to params : | UnsafeDeserialization.rb:17:30:17:44 | serialized_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:16:39:16:44 | call to params | user-provided value |
| UnsafeDeserialization.rb:23:24:23:32 | json_data | UnsafeDeserialization.rb:22:17:22:22 | call to params : | UnsafeDeserialization.rb:23:24:23:32 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:22:17:22:22 | call to params | user-provided value |
| UnsafeDeserialization.rb:29:27:29:35 | json_data | UnsafeDeserialization.rb:28:17:28:22 | call to params : | UnsafeDeserialization.rb:29:27:29:35 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:28:17:28:22 | call to params | user-provided value |
| UnsafeDeserialization.rb:41:24:41:32 | yaml_data | UnsafeDeserialization.rb:40:17:40:22 | call to params : | UnsafeDeserialization.rb:41:24:41:32 | yaml_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:40:17:40:22 | call to params | user-provided value |
| UnsafeDeserialization.rb:53:22:53:30 | json_data | UnsafeDeserialization.rb:52:17:52:22 | call to params : | UnsafeDeserialization.rb:53:22:53:30 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:52:17:52:22 | call to params | user-provided value |
| UnsafeDeserialization.rb:54:22:54:30 | json_data | UnsafeDeserialization.rb:52:17:52:22 | call to params : | UnsafeDeserialization.rb:54:22:54:30 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:52:17:52:22 | call to params | user-provided value |
| UnsafeDeserialization.rb:69:23:69:31 | json_data | UnsafeDeserialization.rb:59:17:59:22 | call to params : | UnsafeDeserialization.rb:69:23:69:31 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:59:17:59:22 | call to params | user-provided value |
| UnsafeDeserialization.rb:82:34:82:36 | xml | UnsafeDeserialization.rb:81:11:81:16 | call to params : | UnsafeDeserialization.rb:82:34:82:36 | xml | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:81:11:81:16 | call to params | user-provided value |
| UnsafeDeserialization.rb:88:25:88:33 | yaml_data | UnsafeDeserialization.rb:87:17:87:22 | call to params : | UnsafeDeserialization.rb:88:25:88:33 | yaml_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:87:17:87:22 | call to params | user-provided value |
| UnsafeDeserialization.rb:11:27:11:41 | serialized_data | UnsafeDeserialization.rb:10:39:10:44 | call to params | UnsafeDeserialization.rb:11:27:11:41 | serialized_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:10:39:10:44 | call to params | user-provided value |
| UnsafeDeserialization.rb:17:30:17:44 | serialized_data | UnsafeDeserialization.rb:16:39:16:44 | call to params | UnsafeDeserialization.rb:17:30:17:44 | serialized_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:16:39:16:44 | call to params | user-provided value |
| UnsafeDeserialization.rb:23:24:23:32 | json_data | UnsafeDeserialization.rb:22:17:22:22 | call to params | UnsafeDeserialization.rb:23:24:23:32 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:22:17:22:22 | call to params | user-provided value |
| UnsafeDeserialization.rb:29:27:29:35 | json_data | UnsafeDeserialization.rb:28:17:28:22 | call to params | UnsafeDeserialization.rb:29:27:29:35 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:28:17:28:22 | call to params | user-provided value |
| UnsafeDeserialization.rb:41:24:41:32 | yaml_data | UnsafeDeserialization.rb:40:17:40:22 | call to params | UnsafeDeserialization.rb:41:24:41:32 | yaml_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:40:17:40:22 | call to params | user-provided value |
| UnsafeDeserialization.rb:53:22:53:30 | json_data | UnsafeDeserialization.rb:52:17:52:22 | call to params | UnsafeDeserialization.rb:53:22:53:30 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:52:17:52:22 | call to params | user-provided value |
| UnsafeDeserialization.rb:54:22:54:30 | json_data | UnsafeDeserialization.rb:52:17:52:22 | call to params | UnsafeDeserialization.rb:54:22:54:30 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:52:17:52:22 | call to params | user-provided value |
| UnsafeDeserialization.rb:69:23:69:31 | json_data | UnsafeDeserialization.rb:59:17:59:22 | call to params | UnsafeDeserialization.rb:69:23:69:31 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:59:17:59:22 | call to params | user-provided value |
| UnsafeDeserialization.rb:82:34:82:36 | xml | UnsafeDeserialization.rb:81:11:81:16 | call to params | UnsafeDeserialization.rb:82:34:82:36 | xml | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:81:11:81:16 | call to params | user-provided value |
| UnsafeDeserialization.rb:88:25:88:33 | yaml_data | UnsafeDeserialization.rb:87:17:87:22 | call to params | UnsafeDeserialization.rb:88:25:88:33 | yaml_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:87:17:87:22 | call to params | user-provided value |
| UnsafeDeserialization.rb:92:24:92:34 | call to read | UnsafeDeserialization.rb:92:24:92:34 | call to read | UnsafeDeserialization.rb:92:24:92:34 | call to read | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:92:24:92:34 | call to read | value from stdin |
| UnsafeDeserialization.rb:95:24:95:33 | call to gets | UnsafeDeserialization.rb:95:24:95:33 | call to gets | UnsafeDeserialization.rb:95:24:95:33 | call to gets | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:95:24:95:33 | call to gets | value from stdin |
| UnsafeDeserialization.rb:98:24:98:32 | call to read | UnsafeDeserialization.rb:98:24:98:32 | call to read | UnsafeDeserialization.rb:98:24:98:32 | call to read | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:98:24:98:32 | call to read | value from stdin |

52
ruby/ql/test/query-tests/security/cwe-506/HardcodedDataInterpretedAsCode.expected
View File

@@ -1,33 +1,33 @@
edges
| tst.rb:1:7:1:7 | r : | tst.rb:2:4:2:4 | r : |
| tst.rb:2:4:2:4 | r : | tst.rb:2:3:2:15 | call to pack : |
| tst.rb:5:1:5:23 | totally_harmless_string : | tst.rb:7:8:7:30 | totally_harmless_string : |
| tst.rb:5:27:5:72 | "707574732822636f646520696e6a6..." : | tst.rb:5:1:5:23 | totally_harmless_string : |
| tst.rb:7:8:7:30 | totally_harmless_string : | tst.rb:1:7:1:7 | r : |
| tst.rb:7:8:7:30 | totally_harmless_string : | tst.rb:7:6:7:31 | call to e |
| tst.rb:10:11:10:24 | "666f6f626172" : | tst.rb:1:7:1:7 | r : |
| tst.rb:10:11:10:24 | "666f6f626172" : | tst.rb:10:9:10:25 | call to e |
| tst.rb:16:1:16:27 | another_questionable_string : | tst.rb:17:6:17:32 | another_questionable_string : |
| tst.rb:16:31:16:84 | "\\x70\\x75\\x74\\x73\\x28\\x27\\x68\\..." : | tst.rb:16:1:16:27 | another_questionable_string : |
| tst.rb:17:6:17:32 | another_questionable_string : | tst.rb:17:6:17:38 | call to strip |
| tst.rb:1:7:1:7 | r | tst.rb:2:4:2:4 | r |
| tst.rb:2:4:2:4 | r | tst.rb:2:3:2:15 | call to pack |
| tst.rb:5:1:5:23 | totally_harmless_string | tst.rb:7:8:7:30 | totally_harmless_string |
| tst.rb:5:27:5:72 | "707574732822636f646520696e6a6..." | tst.rb:5:1:5:23 | totally_harmless_string |
| tst.rb:7:8:7:30 | totally_harmless_string | tst.rb:1:7:1:7 | r |
| tst.rb:7:8:7:30 | totally_harmless_string | tst.rb:7:6:7:31 | call to e |
| tst.rb:10:11:10:24 | "666f6f626172" | tst.rb:1:7:1:7 | r |
| tst.rb:10:11:10:24 | "666f6f626172" | tst.rb:10:9:10:25 | call to e |
| tst.rb:16:1:16:27 | another_questionable_string | tst.rb:17:6:17:32 | another_questionable_string |
| tst.rb:16:31:16:84 | "\\x70\\x75\\x74\\x73\\x28\\x27\\x68\\..." | tst.rb:16:1:16:27 | another_questionable_string |
| tst.rb:17:6:17:32 | another_questionable_string | tst.rb:17:6:17:38 | call to strip |
nodes
| tst.rb:1:7:1:7 | r : | semmle.label | r : |
| tst.rb:2:3:2:15 | call to pack : | semmle.label | call to pack : |
| tst.rb:2:4:2:4 | r : | semmle.label | r : |
| tst.rb:5:1:5:23 | totally_harmless_string : | semmle.label | totally_harmless_string : |
| tst.rb:5:27:5:72 | "707574732822636f646520696e6a6..." : | semmle.label | "707574732822636f646520696e6a6..." : |
| tst.rb:1:7:1:7 | r | semmle.label | r |
| tst.rb:2:3:2:15 | call to pack | semmle.label | call to pack |
| tst.rb:2:4:2:4 | r | semmle.label | r |
| tst.rb:5:1:5:23 | totally_harmless_string | semmle.label | totally_harmless_string |
| tst.rb:5:27:5:72 | "707574732822636f646520696e6a6..." | semmle.label | "707574732822636f646520696e6a6..." |
| tst.rb:7:6:7:31 | call to e | semmle.label | call to e |
| tst.rb:7:8:7:30 | totally_harmless_string : | semmle.label | totally_harmless_string : |
| tst.rb:7:8:7:30 | totally_harmless_string | semmle.label | totally_harmless_string |
| tst.rb:10:9:10:25 | call to e | semmle.label | call to e |
| tst.rb:10:11:10:24 | "666f6f626172" : | semmle.label | "666f6f626172" : |
| tst.rb:16:1:16:27 | another_questionable_string : | semmle.label | another_questionable_string : |
| tst.rb:16:31:16:84 | "\\x70\\x75\\x74\\x73\\x28\\x27\\x68\\..." : | semmle.label | "\\x70\\x75\\x74\\x73\\x28\\x27\\x68\\..." : |
| tst.rb:17:6:17:32 | another_questionable_string : | semmle.label | another_questionable_string : |
| tst.rb:10:11:10:24 | "666f6f626172" | semmle.label | "666f6f626172" |
| tst.rb:16:1:16:27 | another_questionable_string | semmle.label | another_questionable_string |
| tst.rb:16:31:16:84 | "\\x70\\x75\\x74\\x73\\x28\\x27\\x68\\..." | semmle.label | "\\x70\\x75\\x74\\x73\\x28\\x27\\x68\\..." |
| tst.rb:17:6:17:32 | another_questionable_string | semmle.label | another_questionable_string |
| tst.rb:17:6:17:38 | call to strip | semmle.label | call to strip |
subpaths
| tst.rb:7:8:7:30 | totally_harmless_string : | tst.rb:1:7:1:7 | r : | tst.rb:2:3:2:15 | call to pack : | tst.rb:7:6:7:31 | call to e |
| tst.rb:10:11:10:24 | "666f6f626172" : | tst.rb:1:7:1:7 | r : | tst.rb:2:3:2:15 | call to pack : | tst.rb:10:9:10:25 | call to e |
| tst.rb:7:8:7:30 | totally_harmless_string | tst.rb:1:7:1:7 | r | tst.rb:2:3:2:15 | call to pack | tst.rb:7:6:7:31 | call to e |
| tst.rb:10:11:10:24 | "666f6f626172" | tst.rb:1:7:1:7 | r | tst.rb:2:3:2:15 | call to pack | tst.rb:10:9:10:25 | call to e |
#select
| tst.rb:7:6:7:31 | call to e | tst.rb:5:27:5:72 | "707574732822636f646520696e6a6..." : | tst.rb:7:6:7:31 | call to e | $@ is interpreted as code. | tst.rb:5:27:5:72 | "707574732822636f646520696e6a6..." | Hard-coded data |
| tst.rb:10:9:10:25 | call to e | tst.rb:10:11:10:24 | "666f6f626172" : | tst.rb:10:9:10:25 | call to e | $@ is interpreted as an import path. | tst.rb:10:11:10:24 | "666f6f626172" | Hard-coded data |
| tst.rb:17:6:17:38 | call to strip | tst.rb:16:31:16:84 | "\\x70\\x75\\x74\\x73\\x28\\x27\\x68\\..." : | tst.rb:17:6:17:38 | call to strip | $@ is interpreted as code. | tst.rb:16:31:16:84 | "\\x70\\x75\\x74\\x73\\x28\\x27\\x68\\..." | Hard-coded data |
| tst.rb:7:6:7:31 | call to e | tst.rb:5:27:5:72 | "707574732822636f646520696e6a6..." | tst.rb:7:6:7:31 | call to e | $@ is interpreted as code. | tst.rb:5:27:5:72 | "707574732822636f646520696e6a6..." | Hard-coded data |
| tst.rb:10:9:10:25 | call to e | tst.rb:10:11:10:24 | "666f6f626172" | tst.rb:10:9:10:25 | call to e | $@ is interpreted as an import path. | tst.rb:10:11:10:24 | "666f6f626172" | Hard-coded data |
| tst.rb:17:6:17:38 | call to strip | tst.rb:16:31:16:84 | "\\x70\\x75\\x74\\x73\\x28\\x27\\x68\\..." | tst.rb:17:6:17:38 | call to strip | $@ is interpreted as code. | tst.rb:16:31:16:84 | "\\x70\\x75\\x74\\x73\\x28\\x27\\x68\\..." | Hard-coded data |

68
ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.expected
View File

@@ -1,49 +1,49 @@
edges
| UrlRedirect.rb:9:17:9:22 | call to params : | UrlRedirect.rb:9:17:9:28 | ...[...] |
| UrlRedirect.rb:14:17:14:22 | call to params : | UrlRedirect.rb:14:17:14:43 | call to fetch |
| UrlRedirect.rb:19:17:19:22 | call to params : | UrlRedirect.rb:19:17:19:37 | call to to_unsafe_hash |
| UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:24:17:24:37 | call to filter_params |
| UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:93:21:93:32 | input_params : |
| UrlRedirect.rb:34:20:34:25 | call to params : | UrlRedirect.rb:34:20:34:31 | ...[...] : |
| UrlRedirect.rb:34:20:34:31 | ...[...] : | UrlRedirect.rb:34:17:34:37 | "#{...}/foo" |
| UrlRedirect.rb:58:17:58:22 | call to params : | UrlRedirect.rb:58:17:58:28 | ...[...] |
| UrlRedirect.rb:63:38:63:43 | call to params : | UrlRedirect.rb:63:38:63:49 | ...[...] |
| UrlRedirect.rb:68:38:68:43 | call to params : | UrlRedirect.rb:68:38:68:49 | ...[...] |
| UrlRedirect.rb:73:25:73:30 | call to params : | UrlRedirect.rb:73:25:73:36 | ...[...] |
| UrlRedirect.rb:93:21:93:32 | input_params : | UrlRedirect.rb:94:5:94:29 | call to permit : |
| UrlRedirect.rb:9:17:9:22 | call to params | UrlRedirect.rb:9:17:9:28 | ...[...] |
| UrlRedirect.rb:14:17:14:22 | call to params | UrlRedirect.rb:14:17:14:43 | call to fetch |
| UrlRedirect.rb:19:17:19:22 | call to params | UrlRedirect.rb:19:17:19:37 | call to to_unsafe_hash |
| UrlRedirect.rb:24:31:24:36 | call to params | UrlRedirect.rb:24:17:24:37 | call to filter_params |
| UrlRedirect.rb:24:31:24:36 | call to params | UrlRedirect.rb:93:21:93:32 | input_params |
| UrlRedirect.rb:34:20:34:25 | call to params | UrlRedirect.rb:34:20:34:31 | ...[...] |
| UrlRedirect.rb:34:20:34:31 | ...[...] | UrlRedirect.rb:34:17:34:37 | "#{...}/foo" |
| UrlRedirect.rb:58:17:58:22 | call to params | UrlRedirect.rb:58:17:58:28 | ...[...] |
| UrlRedirect.rb:63:38:63:43 | call to params | UrlRedirect.rb:63:38:63:49 | ...[...] |
| UrlRedirect.rb:68:38:68:43 | call to params | UrlRedirect.rb:68:38:68:49 | ...[...] |
| UrlRedirect.rb:73:25:73:30 | call to params | UrlRedirect.rb:73:25:73:36 | ...[...] |
| UrlRedirect.rb:93:21:93:32 | input_params | UrlRedirect.rb:94:5:94:29 | call to permit |
nodes
| UrlRedirect.rb:4:17:4:22 | call to params | semmle.label | call to params |
| UrlRedirect.rb:9:17:9:22 | call to params : | semmle.label | call to params : |
| UrlRedirect.rb:9:17:9:22 | call to params | semmle.label | call to params |
| UrlRedirect.rb:9:17:9:28 | ...[...] | semmle.label | ...[...] |
| UrlRedirect.rb:14:17:14:22 | call to params : | semmle.label | call to params : |
| UrlRedirect.rb:14:17:14:22 | call to params | semmle.label | call to params |
| UrlRedirect.rb:14:17:14:43 | call to fetch | semmle.label | call to fetch |
| UrlRedirect.rb:19:17:19:22 | call to params : | semmle.label | call to params : |
| UrlRedirect.rb:19:17:19:22 | call to params | semmle.label | call to params |
| UrlRedirect.rb:19:17:19:37 | call to to_unsafe_hash | semmle.label | call to to_unsafe_hash |
| UrlRedirect.rb:24:17:24:37 | call to filter_params | semmle.label | call to filter_params |
| UrlRedirect.rb:24:31:24:36 | call to params : | semmle.label | call to params : |
| UrlRedirect.rb:24:31:24:36 | call to params | semmle.label | call to params |
| UrlRedirect.rb:34:17:34:37 | "#{...}/foo" | semmle.label | "#{...}/foo" |
| UrlRedirect.rb:34:20:34:25 | call to params : | semmle.label | call to params : |
| UrlRedirect.rb:34:20:34:31 | ...[...] : | semmle.label | ...[...] : |
| UrlRedirect.rb:58:17:58:22 | call to params : | semmle.label | call to params : |
| UrlRedirect.rb:34:20:34:25 | call to params | semmle.label | call to params |
| UrlRedirect.rb:34:20:34:31 | ...[...] | semmle.label | ...[...] |
| UrlRedirect.rb:58:17:58:22 | call to params | semmle.label | call to params |
| UrlRedirect.rb:58:17:58:28 | ...[...] | semmle.label | ...[...] |
| UrlRedirect.rb:63:38:63:43 | call to params : | semmle.label | call to params : |
| UrlRedirect.rb:63:38:63:43 | call to params | semmle.label | call to params |
| UrlRedirect.rb:63:38:63:49 | ...[...] | semmle.label | ...[...] |
| UrlRedirect.rb:68:38:68:43 | call to params : | semmle.label | call to params : |
| UrlRedirect.rb:68:38:68:43 | call to params | semmle.label | call to params |
| UrlRedirect.rb:68:38:68:49 | ...[...] | semmle.label | ...[...] |
| UrlRedirect.rb:73:25:73:30 | call to params : | semmle.label | call to params : |
| UrlRedirect.rb:73:25:73:30 | call to params | semmle.label | call to params |
| UrlRedirect.rb:73:25:73:36 | ...[...] | semmle.label | ...[...] |
| UrlRedirect.rb:93:21:93:32 | input_params : | semmle.label | input_params : |
| UrlRedirect.rb:94:5:94:29 | call to permit : | semmle.label | call to permit : |
| UrlRedirect.rb:93:21:93:32 | input_params | semmle.label | input_params |
| UrlRedirect.rb:94:5:94:29 | call to permit | semmle.label | call to permit |
subpaths
| UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:93:21:93:32 | input_params : | UrlRedirect.rb:94:5:94:29 | call to permit : | UrlRedirect.rb:24:17:24:37 | call to filter_params |
| UrlRedirect.rb:24:31:24:36 | call to params | UrlRedirect.rb:93:21:93:32 | input_params | UrlRedirect.rb:94:5:94:29 | call to permit | UrlRedirect.rb:24:17:24:37 | call to filter_params |
#select
| UrlRedirect.rb:4:17:4:22 | call to params | UrlRedirect.rb:4:17:4:22 | call to params | UrlRedirect.rb:4:17:4:22 | call to params | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:4:17:4:22 | call to params | user-provided value |
| UrlRedirect.rb:9:17:9:28 | ...[...] | UrlRedirect.rb:9:17:9:22 | call to params : | UrlRedirect.rb:9:17:9:28 | ...[...] | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:9:17:9:22 | call to params | user-provided value |
| UrlRedirect.rb:14:17:14:43 | call to fetch | UrlRedirect.rb:14:17:14:22 | call to params : | UrlRedirect.rb:14:17:14:43 | call to fetch | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:14:17:14:22 | call to params | user-provided value |
| UrlRedirect.rb:19:17:19:37 | call to to_unsafe_hash | UrlRedirect.rb:19:17:19:22 | call to params : | UrlRedirect.rb:19:17:19:37 | call to to_unsafe_hash | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:19:17:19:22 | call to params | user-provided value |
| UrlRedirect.rb:24:17:24:37 | call to filter_params | UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:24:17:24:37 | call to filter_params | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:24:31:24:36 | call to params | user-provided value |
| UrlRedirect.rb:34:17:34:37 | "#{...}/foo" | UrlRedirect.rb:34:20:34:25 | call to params : | UrlRedirect.rb:34:17:34:37 | "#{...}/foo" | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:34:20:34:25 | call to params | user-provided value |
| UrlRedirect.rb:58:17:58:28 | ...[...] | UrlRedirect.rb:58:17:58:22 | call to params : | UrlRedirect.rb:58:17:58:28 | ...[...] | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:58:17:58:22 | call to params | user-provided value |
| UrlRedirect.rb:63:38:63:49 | ...[...] | UrlRedirect.rb:63:38:63:43 | call to params : | UrlRedirect.rb:63:38:63:49 | ...[...] | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:63:38:63:43 | call to params | user-provided value |
| UrlRedirect.rb:68:38:68:49 | ...[...] | UrlRedirect.rb:68:38:68:43 | call to params : | UrlRedirect.rb:68:38:68:49 | ...[...] | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:68:38:68:43 | call to params | user-provided value |
| UrlRedirect.rb:73:25:73:36 | ...[...] | UrlRedirect.rb:73:25:73:30 | call to params : | UrlRedirect.rb:73:25:73:36 | ...[...] | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:73:25:73:30 | call to params | user-provided value |
| UrlRedirect.rb:9:17:9:28 | ...[...] | UrlRedirect.rb:9:17:9:22 | call to params | UrlRedirect.rb:9:17:9:28 | ...[...] | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:9:17:9:22 | call to params | user-provided value |
| UrlRedirect.rb:14:17:14:43 | call to fetch | UrlRedirect.rb:14:17:14:22 | call to params | UrlRedirect.rb:14:17:14:43 | call to fetch | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:14:17:14:22 | call to params | user-provided value |
| UrlRedirect.rb:19:17:19:37 | call to to_unsafe_hash | UrlRedirect.rb:19:17:19:22 | call to params | UrlRedirect.rb:19:17:19:37 | call to to_unsafe_hash | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:19:17:19:22 | call to params | user-provided value |
| UrlRedirect.rb:24:17:24:37 | call to filter_params | UrlRedirect.rb:24:31:24:36 | call to params | UrlRedirect.rb:24:17:24:37 | call to filter_params | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:24:31:24:36 | call to params | user-provided value |
| UrlRedirect.rb:34:17:34:37 | "#{...}/foo" | UrlRedirect.rb:34:20:34:25 | call to params | UrlRedirect.rb:34:17:34:37 | "#{...}/foo" | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:34:20:34:25 | call to params | user-provided value |
| UrlRedirect.rb:58:17:58:28 | ...[...] | UrlRedirect.rb:58:17:58:22 | call to params | UrlRedirect.rb:58:17:58:28 | ...[...] | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:58:17:58:22 | call to params | user-provided value |
| UrlRedirect.rb:63:38:63:49 | ...[...] | UrlRedirect.rb:63:38:63:43 | call to params | UrlRedirect.rb:63:38:63:49 | ...[...] | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:63:38:63:43 | call to params | user-provided value |
| UrlRedirect.rb:68:38:68:49 | ...[...] | UrlRedirect.rb:68:38:68:43 | call to params | UrlRedirect.rb:68:38:68:49 | ...[...] | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:68:38:68:43 | call to params | user-provided value |
| UrlRedirect.rb:73:25:73:36 | ...[...] | UrlRedirect.rb:73:25:73:30 | call to params | UrlRedirect.rb:73:25:73:36 | ...[...] | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:73:25:73:30 | call to params | user-provided value |

26
ruby/ql/test/query-tests/security/cwe-611/libxml-backend/Xxe.expected
View File

@@ -1,21 +1,21 @@
edges
| LibXmlBackend.rb:16:5:16:11 | content : | LibXmlBackend.rb:18:30:18:36 | content |
| LibXmlBackend.rb:16:5:16:11 | content : | LibXmlBackend.rb:19:19:19:25 | content |
| LibXmlBackend.rb:16:5:16:11 | content : | LibXmlBackend.rb:20:27:20:33 | content |
| LibXmlBackend.rb:16:5:16:11 | content : | LibXmlBackend.rb:21:34:21:40 | content |
| LibXmlBackend.rb:16:15:16:20 | call to params : | LibXmlBackend.rb:16:15:16:26 | ...[...] : |
| LibXmlBackend.rb:16:15:16:26 | ...[...] : | LibXmlBackend.rb:16:5:16:11 | content : |
| LibXmlBackend.rb:16:5:16:11 | content | LibXmlBackend.rb:18:30:18:36 | content |
| LibXmlBackend.rb:16:5:16:11 | content | LibXmlBackend.rb:19:19:19:25 | content |
| LibXmlBackend.rb:16:5:16:11 | content | LibXmlBackend.rb:20:27:20:33 | content |
| LibXmlBackend.rb:16:5:16:11 | content | LibXmlBackend.rb:21:34:21:40 | content |
| LibXmlBackend.rb:16:15:16:20 | call to params | LibXmlBackend.rb:16:15:16:26 | ...[...] |
| LibXmlBackend.rb:16:15:16:26 | ...[...] | LibXmlBackend.rb:16:5:16:11 | content |
nodes
| LibXmlBackend.rb:16:5:16:11 | content : | semmle.label | content : |
| LibXmlBackend.rb:16:15:16:20 | call to params : | semmle.label | call to params : |
| LibXmlBackend.rb:16:15:16:26 | ...[...] : | semmle.label | ...[...] : |
| LibXmlBackend.rb:16:5:16:11 | content | semmle.label | content |
| LibXmlBackend.rb:16:15:16:20 | call to params | semmle.label | call to params |
| LibXmlBackend.rb:16:15:16:26 | ...[...] | semmle.label | ...[...] |
| LibXmlBackend.rb:18:30:18:36 | content | semmle.label | content |
| LibXmlBackend.rb:19:19:19:25 | content | semmle.label | content |
| LibXmlBackend.rb:20:27:20:33 | content | semmle.label | content |
| LibXmlBackend.rb:21:34:21:40 | content | semmle.label | content |
subpaths
#select
| LibXmlBackend.rb:18:30:18:36 | content | LibXmlBackend.rb:16:15:16:20 | call to params : | LibXmlBackend.rb:18:30:18:36 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlBackend.rb:16:15:16:20 | call to params | user-provided value |
| LibXmlBackend.rb:19:19:19:25 | content | LibXmlBackend.rb:16:15:16:20 | call to params : | LibXmlBackend.rb:19:19:19:25 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlBackend.rb:16:15:16:20 | call to params | user-provided value |
| LibXmlBackend.rb:20:27:20:33 | content | LibXmlBackend.rb:16:15:16:20 | call to params : | LibXmlBackend.rb:20:27:20:33 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlBackend.rb:16:15:16:20 | call to params | user-provided value |
| LibXmlBackend.rb:21:34:21:40 | content | LibXmlBackend.rb:16:15:16:20 | call to params : | LibXmlBackend.rb:21:34:21:40 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlBackend.rb:16:15:16:20 | call to params | user-provided value |
| LibXmlBackend.rb:18:30:18:36 | content | LibXmlBackend.rb:16:15:16:20 | call to params | LibXmlBackend.rb:18:30:18:36 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlBackend.rb:16:15:16:20 | call to params | user-provided value |
| LibXmlBackend.rb:19:19:19:25 | content | LibXmlBackend.rb:16:15:16:20 | call to params | LibXmlBackend.rb:19:19:19:25 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlBackend.rb:16:15:16:20 | call to params | user-provided value |
| LibXmlBackend.rb:20:27:20:33 | content | LibXmlBackend.rb:16:15:16:20 | call to params | LibXmlBackend.rb:20:27:20:33 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlBackend.rb:16:15:16:20 | call to params | user-provided value |
| LibXmlBackend.rb:21:34:21:40 | content | LibXmlBackend.rb:16:15:16:20 | call to params | LibXmlBackend.rb:21:34:21:40 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlBackend.rb:16:15:16:20 | call to params | user-provided value |

112
ruby/ql/test/query-tests/security/cwe-611/xxe/Xxe.expected
View File

@@ -1,35 +1,35 @@
edges
| LibXmlRuby.rb:3:5:3:11 | content : | LibXmlRuby.rb:4:34:4:40 | content |
| LibXmlRuby.rb:3:5:3:11 | content : | LibXmlRuby.rb:5:32:5:38 | content |
| LibXmlRuby.rb:3:5:3:11 | content : | LibXmlRuby.rb:6:30:6:36 | content |
| LibXmlRuby.rb:3:5:3:11 | content : | LibXmlRuby.rb:7:32:7:38 | content |
| LibXmlRuby.rb:3:5:3:11 | content : | LibXmlRuby.rb:8:30:8:36 | content |
| LibXmlRuby.rb:3:5:3:11 | content : | LibXmlRuby.rb:9:28:9:34 | content |
| LibXmlRuby.rb:3:5:3:11 | content : | LibXmlRuby.rb:11:26:11:32 | content |
| LibXmlRuby.rb:3:5:3:11 | content : | LibXmlRuby.rb:12:24:12:30 | content |
| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:3:15:3:26 | ...[...] : |
| LibXmlRuby.rb:3:15:3:26 | ...[...] : | LibXmlRuby.rb:3:5:3:11 | content : |
| Nokogiri.rb:3:5:3:11 | content : | Nokogiri.rb:5:26:5:32 | content |
| Nokogiri.rb:3:5:3:11 | content : | Nokogiri.rb:6:26:6:32 | content |
| Nokogiri.rb:3:5:3:11 | content : | Nokogiri.rb:7:26:7:32 | content |
| Nokogiri.rb:3:5:3:11 | content : | Nokogiri.rb:8:26:8:32 | content |
| Nokogiri.rb:3:5:3:11 | content : | Nokogiri.rb:9:26:9:32 | content |
| Nokogiri.rb:3:5:3:11 | content : | Nokogiri.rb:11:26:11:32 | content |
| Nokogiri.rb:3:5:3:11 | content : | Nokogiri.rb:12:26:12:32 | content |
| Nokogiri.rb:3:5:3:11 | content : | Nokogiri.rb:15:26:15:32 | content |
| Nokogiri.rb:3:5:3:11 | content : | Nokogiri.rb:16:26:16:32 | content |
| Nokogiri.rb:3:5:3:11 | content : | Nokogiri.rb:18:26:18:32 | content |
| Nokogiri.rb:3:5:3:11 | content : | Nokogiri.rb:19:26:19:32 | content |
| Nokogiri.rb:3:5:3:11 | content : | Nokogiri.rb:22:26:22:32 | content |
| Nokogiri.rb:3:5:3:11 | content : | Nokogiri.rb:25:26:25:32 | content |
| Nokogiri.rb:3:5:3:11 | content : | Nokogiri.rb:27:26:27:32 | content |
| Nokogiri.rb:3:5:3:11 | content : | Nokogiri.rb:28:26:28:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:3:15:3:26 | ...[...] : |
| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:3:5:3:11 | content : |
| LibXmlRuby.rb:3:5:3:11 | content | LibXmlRuby.rb:4:34:4:40 | content |
| LibXmlRuby.rb:3:5:3:11 | content | LibXmlRuby.rb:5:32:5:38 | content |
| LibXmlRuby.rb:3:5:3:11 | content | LibXmlRuby.rb:6:30:6:36 | content |
| LibXmlRuby.rb:3:5:3:11 | content | LibXmlRuby.rb:7:32:7:38 | content |
| LibXmlRuby.rb:3:5:3:11 | content | LibXmlRuby.rb:8:30:8:36 | content |
| LibXmlRuby.rb:3:5:3:11 | content | LibXmlRuby.rb:9:28:9:34 | content |
| LibXmlRuby.rb:3:5:3:11 | content | LibXmlRuby.rb:11:26:11:32 | content |
| LibXmlRuby.rb:3:5:3:11 | content | LibXmlRuby.rb:12:24:12:30 | content |
| LibXmlRuby.rb:3:15:3:20 | call to params | LibXmlRuby.rb:3:15:3:26 | ...[...] |
| LibXmlRuby.rb:3:15:3:26 | ...[...] | LibXmlRuby.rb:3:5:3:11 | content |
| Nokogiri.rb:3:5:3:11 | content | Nokogiri.rb:5:26:5:32 | content |
| Nokogiri.rb:3:5:3:11 | content | Nokogiri.rb:6:26:6:32 | content |
| Nokogiri.rb:3:5:3:11 | content | Nokogiri.rb:7:26:7:32 | content |
| Nokogiri.rb:3:5:3:11 | content | Nokogiri.rb:8:26:8:32 | content |
| Nokogiri.rb:3:5:3:11 | content | Nokogiri.rb:9:26:9:32 | content |
| Nokogiri.rb:3:5:3:11 | content | Nokogiri.rb:11:26:11:32 | content |
| Nokogiri.rb:3:5:3:11 | content | Nokogiri.rb:12:26:12:32 | content |
| Nokogiri.rb:3:5:3:11 | content | Nokogiri.rb:15:26:15:32 | content |
| Nokogiri.rb:3:5:3:11 | content | Nokogiri.rb:16:26:16:32 | content |
| Nokogiri.rb:3:5:3:11 | content | Nokogiri.rb:18:26:18:32 | content |
| Nokogiri.rb:3:5:3:11 | content | Nokogiri.rb:19:26:19:32 | content |
| Nokogiri.rb:3:5:3:11 | content | Nokogiri.rb:22:26:22:32 | content |
| Nokogiri.rb:3:5:3:11 | content | Nokogiri.rb:25:26:25:32 | content |
| Nokogiri.rb:3:5:3:11 | content | Nokogiri.rb:27:26:27:32 | content |
| Nokogiri.rb:3:5:3:11 | content | Nokogiri.rb:28:26:28:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params | Nokogiri.rb:3:15:3:26 | ...[...] |
| Nokogiri.rb:3:15:3:26 | ...[...] | Nokogiri.rb:3:5:3:11 | content |
nodes
| LibXmlRuby.rb:3:5:3:11 | content : | semmle.label | content : |
| LibXmlRuby.rb:3:15:3:20 | call to params : | semmle.label | call to params : |
| LibXmlRuby.rb:3:15:3:26 | ...[...] : | semmle.label | ...[...] : |
| LibXmlRuby.rb:3:5:3:11 | content | semmle.label | content |
| LibXmlRuby.rb:3:15:3:20 | call to params | semmle.label | call to params |
| LibXmlRuby.rb:3:15:3:26 | ...[...] | semmle.label | ...[...] |
| LibXmlRuby.rb:4:34:4:40 | content | semmle.label | content |
| LibXmlRuby.rb:5:32:5:38 | content | semmle.label | content |
| LibXmlRuby.rb:6:30:6:36 | content | semmle.label | content |
@@ -38,9 +38,9 @@ nodes
| LibXmlRuby.rb:9:28:9:34 | content | semmle.label | content |
| LibXmlRuby.rb:11:26:11:32 | content | semmle.label | content |
| LibXmlRuby.rb:12:24:12:30 | content | semmle.label | content |
| Nokogiri.rb:3:5:3:11 | content : | semmle.label | content : |
| Nokogiri.rb:3:15:3:20 | call to params : | semmle.label | call to params : |
| Nokogiri.rb:3:15:3:26 | ...[...] : | semmle.label | ...[...] : |
| Nokogiri.rb:3:5:3:11 | content | semmle.label | content |
| Nokogiri.rb:3:15:3:20 | call to params | semmle.label | call to params |
| Nokogiri.rb:3:15:3:26 | ...[...] | semmle.label | ...[...] |
| Nokogiri.rb:5:26:5:32 | content | semmle.label | content |
| Nokogiri.rb:6:26:6:32 | content | semmle.label | content |
| Nokogiri.rb:7:26:7:32 | content | semmle.label | content |
@@ -58,26 +58,26 @@ nodes
| Nokogiri.rb:28:26:28:32 | content | semmle.label | content |
subpaths
#select
| LibXmlRuby.rb:4:34:4:40 | content | LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:4:34:4:40 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
| LibXmlRuby.rb:5:32:5:38 | content | LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:5:32:5:38 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
| LibXmlRuby.rb:6:30:6:36 | content | LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:6:30:6:36 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
| LibXmlRuby.rb:7:32:7:38 | content | LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:7:32:7:38 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
| LibXmlRuby.rb:8:30:8:36 | content | LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:8:30:8:36 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
| LibXmlRuby.rb:9:28:9:34 | content | LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:9:28:9:34 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
| LibXmlRuby.rb:11:26:11:32 | content | LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:11:26:11:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
| LibXmlRuby.rb:12:24:12:30 | content | LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:12:24:12:30 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:5:26:5:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:5:26:5:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:6:26:6:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:6:26:6:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:7:26:7:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:7:26:7:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:8:26:8:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:8:26:8:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:9:26:9:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:9:26:9:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:11:26:11:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:11:26:11:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:12:26:12:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:12:26:12:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:15:26:15:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:15:26:15:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:16:26:16:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:16:26:16:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:18:26:18:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:18:26:18:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:19:26:19:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:19:26:19:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:22:26:22:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:22:26:22:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:25:26:25:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:25:26:25:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:27:26:27:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:27:26:27:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:28:26:28:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:28:26:28:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| LibXmlRuby.rb:4:34:4:40 | content | LibXmlRuby.rb:3:15:3:20 | call to params | LibXmlRuby.rb:4:34:4:40 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
| LibXmlRuby.rb:5:32:5:38 | content | LibXmlRuby.rb:3:15:3:20 | call to params | LibXmlRuby.rb:5:32:5:38 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
| LibXmlRuby.rb:6:30:6:36 | content | LibXmlRuby.rb:3:15:3:20 | call to params | LibXmlRuby.rb:6:30:6:36 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
| LibXmlRuby.rb:7:32:7:38 | content | LibXmlRuby.rb:3:15:3:20 | call to params | LibXmlRuby.rb:7:32:7:38 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
| LibXmlRuby.rb:8:30:8:36 | content | LibXmlRuby.rb:3:15:3:20 | call to params | LibXmlRuby.rb:8:30:8:36 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
| LibXmlRuby.rb:9:28:9:34 | content | LibXmlRuby.rb:3:15:3:20 | call to params | LibXmlRuby.rb:9:28:9:34 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
| LibXmlRuby.rb:11:26:11:32 | content | LibXmlRuby.rb:3:15:3:20 | call to params | LibXmlRuby.rb:11:26:11:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
| LibXmlRuby.rb:12:24:12:30 | content | LibXmlRuby.rb:3:15:3:20 | call to params | LibXmlRuby.rb:12:24:12:30 | content | XML parsing depends on a $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:5:26:5:32 | content | Nokogiri.rb:3:15:3:20 | call to params | Nokogiri.rb:5:26:5:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:6:26:6:32 | content | Nokogiri.rb:3:15:3:20 | call to params | Nokogiri.rb:6:26:6:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:7:26:7:32 | content | Nokogiri.rb:3:15:3:20 | call to params | Nokogiri.rb:7:26:7:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:8:26:8:32 | content | Nokogiri.rb:3:15:3:20 | call to params | Nokogiri.rb:8:26:8:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:9:26:9:32 | content | Nokogiri.rb:3:15:3:20 | call to params | Nokogiri.rb:9:26:9:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:11:26:11:32 | content | Nokogiri.rb:3:15:3:20 | call to params | Nokogiri.rb:11:26:11:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:12:26:12:32 | content | Nokogiri.rb:3:15:3:20 | call to params | Nokogiri.rb:12:26:12:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:15:26:15:32 | content | Nokogiri.rb:3:15:3:20 | call to params | Nokogiri.rb:15:26:15:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:16:26:16:32 | content | Nokogiri.rb:3:15:3:20 | call to params | Nokogiri.rb:16:26:16:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:18:26:18:32 | content | Nokogiri.rb:3:15:3:20 | call to params | Nokogiri.rb:18:26:18:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:19:26:19:32 | content | Nokogiri.rb:3:15:3:20 | call to params | Nokogiri.rb:19:26:19:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:22:26:22:32 | content | Nokogiri.rb:3:15:3:20 | call to params | Nokogiri.rb:22:26:22:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:25:26:25:32 | content | Nokogiri.rb:3:15:3:20 | call to params | Nokogiri.rb:25:26:25:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:27:26:27:32 | content | Nokogiri.rb:3:15:3:20 | call to params | Nokogiri.rb:27:26:27:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
| Nokogiri.rb:28:26:28:32 | content | Nokogiri.rb:3:15:3:20 | call to params | Nokogiri.rb:28:26:28:32 | content | XML parsing depends on a $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |

32
ruby/ql/test/query-tests/security/cwe-732/WeakFilePermissions.expected
View File

@@ -1,25 +1,25 @@
edges
| FilePermissions.rb:51:3:51:6 | perm : | FilePermissions.rb:53:19:53:22 | perm |
| FilePermissions.rb:51:3:51:6 | perm : | FilePermissions.rb:54:3:54:7 | perm2 : |
| FilePermissions.rb:51:10:51:13 | 0777 : | FilePermissions.rb:51:3:51:6 | perm : |
| FilePermissions.rb:54:3:54:7 | perm2 : | FilePermissions.rb:56:19:56:23 | perm2 |
| FilePermissions.rb:58:3:58:6 | perm : | FilePermissions.rb:59:3:59:7 | perm2 : |
| FilePermissions.rb:58:10:58:26 | "u=wrx,g=rwx,o=x" : | FilePermissions.rb:58:3:58:6 | perm : |
| FilePermissions.rb:59:3:59:7 | perm2 : | FilePermissions.rb:61:19:61:23 | perm2 |
| FilePermissions.rb:51:3:51:6 | perm | FilePermissions.rb:53:19:53:22 | perm |
| FilePermissions.rb:51:3:51:6 | perm | FilePermissions.rb:54:3:54:7 | perm2 |
| FilePermissions.rb:51:10:51:13 | 0777 | FilePermissions.rb:51:3:51:6 | perm |
| FilePermissions.rb:54:3:54:7 | perm2 | FilePermissions.rb:56:19:56:23 | perm2 |
| FilePermissions.rb:58:3:58:6 | perm | FilePermissions.rb:59:3:59:7 | perm2 |
| FilePermissions.rb:58:10:58:26 | "u=wrx,g=rwx,o=x" | FilePermissions.rb:58:3:58:6 | perm |
| FilePermissions.rb:59:3:59:7 | perm2 | FilePermissions.rb:61:19:61:23 | perm2 |
nodes
| FilePermissions.rb:5:19:5:22 | 0222 | semmle.label | 0222 |
| FilePermissions.rb:7:19:7:22 | 0622 | semmle.label | 0622 |
| FilePermissions.rb:9:19:9:22 | 0755 | semmle.label | 0755 |
| FilePermissions.rb:11:19:11:22 | 0777 | semmle.label | 0777 |
| FilePermissions.rb:28:13:28:16 | 0755 | semmle.label | 0755 |
| FilePermissions.rb:51:3:51:6 | perm : | semmle.label | perm : |
| FilePermissions.rb:51:10:51:13 | 0777 : | semmle.label | 0777 : |
| FilePermissions.rb:51:3:51:6 | perm | semmle.label | perm |
| FilePermissions.rb:51:10:51:13 | 0777 | semmle.label | 0777 |
| FilePermissions.rb:53:19:53:22 | perm | semmle.label | perm |
| FilePermissions.rb:54:3:54:7 | perm2 : | semmle.label | perm2 : |
| FilePermissions.rb:54:3:54:7 | perm2 | semmle.label | perm2 |
| FilePermissions.rb:56:19:56:23 | perm2 | semmle.label | perm2 |
| FilePermissions.rb:58:3:58:6 | perm : | semmle.label | perm : |
| FilePermissions.rb:58:10:58:26 | "u=wrx,g=rwx,o=x" : | semmle.label | "u=wrx,g=rwx,o=x" : |
| FilePermissions.rb:59:3:59:7 | perm2 : | semmle.label | perm2 : |
| FilePermissions.rb:58:3:58:6 | perm | semmle.label | perm |
| FilePermissions.rb:58:10:58:26 | "u=wrx,g=rwx,o=x" | semmle.label | "u=wrx,g=rwx,o=x" |
| FilePermissions.rb:59:3:59:7 | perm2 | semmle.label | perm2 |
| FilePermissions.rb:61:19:61:23 | perm2 | semmle.label | perm2 |
| FilePermissions.rb:63:19:63:29 | "u=rwx,o+r" | semmle.label | "u=rwx,o+r" |
| FilePermissions.rb:67:19:67:24 | "a+rw" | semmle.label | "a+rw" |
@@ -31,9 +31,9 @@ subpaths
| FilePermissions.rb:9:19:9:22 | 0755 | FilePermissions.rb:9:19:9:22 | 0755 | FilePermissions.rb:9:19:9:22 | 0755 | This overly permissive mask used in $@ allows read or write access to others. | FilePermissions.rb:9:3:9:32 | call to chmod | call to chmod |
| FilePermissions.rb:11:19:11:22 | 0777 | FilePermissions.rb:11:19:11:22 | 0777 | FilePermissions.rb:11:19:11:22 | 0777 | This overly permissive mask used in $@ allows read or write access to others. | FilePermissions.rb:11:3:11:32 | call to chmod | call to chmod |
| FilePermissions.rb:28:13:28:16 | 0755 | FilePermissions.rb:28:13:28:16 | 0755 | FilePermissions.rb:28:13:28:16 | 0755 | This overly permissive mask used in $@ allows read or write access to others. | FilePermissions.rb:28:3:28:26 | call to chmod | call to chmod |
| FilePermissions.rb:51:10:51:13 | 0777 | FilePermissions.rb:51:10:51:13 | 0777 : | FilePermissions.rb:53:19:53:22 | perm | This overly permissive mask used in $@ allows read or write access to others. | FilePermissions.rb:53:3:53:32 | call to chmod | call to chmod |
| FilePermissions.rb:51:10:51:13 | 0777 | FilePermissions.rb:51:10:51:13 | 0777 : | FilePermissions.rb:56:19:56:23 | perm2 | This overly permissive mask used in $@ allows read or write access to others. | FilePermissions.rb:56:3:56:33 | call to chmod | call to chmod |
| FilePermissions.rb:58:10:58:26 | "u=wrx,g=rwx,o=x" | FilePermissions.rb:58:10:58:26 | "u=wrx,g=rwx,o=x" : | FilePermissions.rb:61:19:61:23 | perm2 | This overly permissive mask used in $@ allows read or write access to others. | FilePermissions.rb:61:3:61:33 | call to chmod | call to chmod |
| FilePermissions.rb:51:10:51:13 | 0777 | FilePermissions.rb:51:10:51:13 | 0777 | FilePermissions.rb:53:19:53:22 | perm | This overly permissive mask used in $@ allows read or write access to others. | FilePermissions.rb:53:3:53:32 | call to chmod | call to chmod |
| FilePermissions.rb:51:10:51:13 | 0777 | FilePermissions.rb:51:10:51:13 | 0777 | FilePermissions.rb:56:19:56:23 | perm2 | This overly permissive mask used in $@ allows read or write access to others. | FilePermissions.rb:56:3:56:33 | call to chmod | call to chmod |
| FilePermissions.rb:58:10:58:26 | "u=wrx,g=rwx,o=x" | FilePermissions.rb:58:10:58:26 | "u=wrx,g=rwx,o=x" | FilePermissions.rb:61:19:61:23 | perm2 | This overly permissive mask used in $@ allows read or write access to others. | FilePermissions.rb:61:3:61:33 | call to chmod | call to chmod |
| FilePermissions.rb:63:19:63:29 | "u=rwx,o+r" | FilePermissions.rb:63:19:63:29 | "u=rwx,o+r" | FilePermissions.rb:63:19:63:29 | "u=rwx,o+r" | This overly permissive mask used in $@ allows read or write access to others. | FilePermissions.rb:63:3:63:39 | call to chmod | call to chmod |
| FilePermissions.rb:67:19:67:24 | "a+rw" | FilePermissions.rb:67:19:67:24 | "a+rw" | FilePermissions.rb:67:19:67:24 | "a+rw" | This overly permissive mask used in $@ allows read or write access to others. | FilePermissions.rb:67:3:67:34 | call to chmod | call to chmod |
| FilePermissions.rb:72:21:72:24 | 0755 | FilePermissions.rb:72:21:72:24 | 0755 | FilePermissions.rb:72:21:72:24 | 0755 | This overly permissive mask used in $@ allows read or write access to others. | FilePermissions.rb:72:3:72:34 | call to chmod_R | call to chmod_R |

68
ruby/ql/test/query-tests/security/cwe-798/HardcodedCredentials.expected
View File

@@ -1,49 +1,49 @@
edges
| HardcodedCredentials.rb:12:19:12:64 | "4NQX/CqB5Ae98zFUmwj1DMpF7azsh..." : | HardcodedCredentials.rb:1:23:1:30 | password |
| HardcodedCredentials.rb:15:30:15:75 | "WLC17dLQ9P8YlQvqm77qplOMm5pd1..." : | HardcodedCredentials.rb:1:33:1:36 | cert |
| HardcodedCredentials.rb:18:19:18:72 | ... + ... : | HardcodedCredentials.rb:1:23:1:30 | password |
| HardcodedCredentials.rb:18:27:18:72 | "ogH6qSYWGdbR/2WOGYa7eZ/tObL+G..." : | HardcodedCredentials.rb:18:19:18:72 | ... + ... : |
| HardcodedCredentials.rb:20:1:20:7 | pw_left : | HardcodedCredentials.rb:22:1:22:2 | pw : |
| HardcodedCredentials.rb:20:11:20:76 | "3jOe7sXKX6Tx52qHWUVqh2t9LNsE+..." : | HardcodedCredentials.rb:20:1:20:7 | pw_left : |
| HardcodedCredentials.rb:21:1:21:8 | pw_right : | HardcodedCredentials.rb:22:1:22:2 | pw : |
| HardcodedCredentials.rb:21:12:21:37 | "4fQuzXef4f2yow8KWvIJTA==" : | HardcodedCredentials.rb:21:1:21:8 | pw_right : |
| HardcodedCredentials.rb:22:1:22:2 | pw : | HardcodedCredentials.rb:23:19:23:20 | pw : |
| HardcodedCredentials.rb:23:19:23:20 | pw : | HardcodedCredentials.rb:1:23:1:30 | password |
| HardcodedCredentials.rb:38:40:38:85 | "kdW/xVhiv6y1fQQNevDpUaq+2rfPK..." : | HardcodedCredentials.rb:31:18:31:23 | passwd |
| HardcodedCredentials.rb:43:29:43:43 | "user@test.com" : | HardcodedCredentials.rb:43:18:43:25 | username |
| HardcodedCredentials.rb:43:57:43:70 | "abcdef123456" : | HardcodedCredentials.rb:43:46:43:53 | password |
| HardcodedCredentials.rb:12:19:12:64 | "4NQX/CqB5Ae98zFUmwj1DMpF7azsh..." | HardcodedCredentials.rb:1:23:1:30 | password |
| HardcodedCredentials.rb:15:30:15:75 | "WLC17dLQ9P8YlQvqm77qplOMm5pd1..." | HardcodedCredentials.rb:1:33:1:36 | cert |
| HardcodedCredentials.rb:18:19:18:72 | ... + ... | HardcodedCredentials.rb:1:23:1:30 | password |
| HardcodedCredentials.rb:18:27:18:72 | "ogH6qSYWGdbR/2WOGYa7eZ/tObL+G..." | HardcodedCredentials.rb:18:19:18:72 | ... + ... |
| HardcodedCredentials.rb:20:1:20:7 | pw_left | HardcodedCredentials.rb:22:1:22:2 | pw |
| HardcodedCredentials.rb:20:11:20:76 | "3jOe7sXKX6Tx52qHWUVqh2t9LNsE+..." | HardcodedCredentials.rb:20:1:20:7 | pw_left |
| HardcodedCredentials.rb:21:1:21:8 | pw_right | HardcodedCredentials.rb:22:1:22:2 | pw |
| HardcodedCredentials.rb:21:12:21:37 | "4fQuzXef4f2yow8KWvIJTA==" | HardcodedCredentials.rb:21:1:21:8 | pw_right |
| HardcodedCredentials.rb:22:1:22:2 | pw | HardcodedCredentials.rb:23:19:23:20 | pw |
| HardcodedCredentials.rb:23:19:23:20 | pw | HardcodedCredentials.rb:1:23:1:30 | password |
| HardcodedCredentials.rb:38:40:38:85 | "kdW/xVhiv6y1fQQNevDpUaq+2rfPK..." | HardcodedCredentials.rb:31:18:31:23 | passwd |
| HardcodedCredentials.rb:43:29:43:43 | "user@test.com" | HardcodedCredentials.rb:43:18:43:25 | username |
| HardcodedCredentials.rb:43:57:43:70 | "abcdef123456" | HardcodedCredentials.rb:43:46:43:53 | password |
nodes
| HardcodedCredentials.rb:1:23:1:30 | password | semmle.label | password |
| HardcodedCredentials.rb:1:33:1:36 | cert | semmle.label | cert |
| HardcodedCredentials.rb:4:20:4:65 | "xwjVWdfzfRlbcgKkbSfG/xSrUeHYq..." | semmle.label | "xwjVWdfzfRlbcgKkbSfG/xSrUeHYq..." |
| HardcodedCredentials.rb:8:30:8:75 | "X6BLgRWSAtAWG/GaHS+WGGW2K7zZF..." | semmle.label | "X6BLgRWSAtAWG/GaHS+WGGW2K7zZF..." |
| HardcodedCredentials.rb:12:19:12:64 | "4NQX/CqB5Ae98zFUmwj1DMpF7azsh..." : | semmle.label | "4NQX/CqB5Ae98zFUmwj1DMpF7azsh..." : |
| HardcodedCredentials.rb:12:19:12:64 | "4NQX/CqB5Ae98zFUmwj1DMpF7azsh..." | semmle.label | "4NQX/CqB5Ae98zFUmwj1DMpF7azsh..." |
| HardcodedCredentials.rb:15:30:15:75 | "WLC17dLQ9P8YlQvqm77qplOMm5pd1..." | semmle.label | "WLC17dLQ9P8YlQvqm77qplOMm5pd1..." |
| HardcodedCredentials.rb:15:30:15:75 | "WLC17dLQ9P8YlQvqm77qplOMm5pd1..." : | semmle.label | "WLC17dLQ9P8YlQvqm77qplOMm5pd1..." : |
| HardcodedCredentials.rb:18:19:18:72 | ... + ... : | semmle.label | ... + ... : |
| HardcodedCredentials.rb:18:27:18:72 | "ogH6qSYWGdbR/2WOGYa7eZ/tObL+G..." : | semmle.label | "ogH6qSYWGdbR/2WOGYa7eZ/tObL+G..." : |
| HardcodedCredentials.rb:20:1:20:7 | pw_left : | semmle.label | pw_left : |
| HardcodedCredentials.rb:20:11:20:76 | "3jOe7sXKX6Tx52qHWUVqh2t9LNsE+..." : | semmle.label | "3jOe7sXKX6Tx52qHWUVqh2t9LNsE+..." : |
| HardcodedCredentials.rb:21:1:21:8 | pw_right : | semmle.label | pw_right : |
| HardcodedCredentials.rb:21:12:21:37 | "4fQuzXef4f2yow8KWvIJTA==" : | semmle.label | "4fQuzXef4f2yow8KWvIJTA==" : |
| HardcodedCredentials.rb:22:1:22:2 | pw : | semmle.label | pw : |
| HardcodedCredentials.rb:23:19:23:20 | pw : | semmle.label | pw : |
| HardcodedCredentials.rb:15:30:15:75 | "WLC17dLQ9P8YlQvqm77qplOMm5pd1..." | semmle.label | "WLC17dLQ9P8YlQvqm77qplOMm5pd1..." |
| HardcodedCredentials.rb:18:19:18:72 | ... + ... | semmle.label | ... + ... |
| HardcodedCredentials.rb:18:27:18:72 | "ogH6qSYWGdbR/2WOGYa7eZ/tObL+G..." | semmle.label | "ogH6qSYWGdbR/2WOGYa7eZ/tObL+G..." |
| HardcodedCredentials.rb:20:1:20:7 | pw_left | semmle.label | pw_left |
| HardcodedCredentials.rb:20:11:20:76 | "3jOe7sXKX6Tx52qHWUVqh2t9LNsE+..." | semmle.label | "3jOe7sXKX6Tx52qHWUVqh2t9LNsE+..." |
| HardcodedCredentials.rb:21:1:21:8 | pw_right | semmle.label | pw_right |
| HardcodedCredentials.rb:21:12:21:37 | "4fQuzXef4f2yow8KWvIJTA==" | semmle.label | "4fQuzXef4f2yow8KWvIJTA==" |
| HardcodedCredentials.rb:22:1:22:2 | pw | semmle.label | pw |
| HardcodedCredentials.rb:23:19:23:20 | pw | semmle.label | pw |
| HardcodedCredentials.rb:31:18:31:23 | passwd | semmle.label | passwd |
| HardcodedCredentials.rb:38:40:38:85 | "kdW/xVhiv6y1fQQNevDpUaq+2rfPK..." : | semmle.label | "kdW/xVhiv6y1fQQNevDpUaq+2rfPK..." : |
| HardcodedCredentials.rb:38:40:38:85 | "kdW/xVhiv6y1fQQNevDpUaq+2rfPK..." | semmle.label | "kdW/xVhiv6y1fQQNevDpUaq+2rfPK..." |
| HardcodedCredentials.rb:43:18:43:25 | username | semmle.label | username |
| HardcodedCredentials.rb:43:29:43:43 | "user@test.com" : | semmle.label | "user@test.com" : |
| HardcodedCredentials.rb:43:29:43:43 | "user@test.com" | semmle.label | "user@test.com" |
| HardcodedCredentials.rb:43:46:43:53 | password | semmle.label | password |
| HardcodedCredentials.rb:43:57:43:70 | "abcdef123456" : | semmle.label | "abcdef123456" : |
| HardcodedCredentials.rb:43:57:43:70 | "abcdef123456" | semmle.label | "abcdef123456" |
subpaths
#select
| HardcodedCredentials.rb:4:20:4:65 | "xwjVWdfzfRlbcgKkbSfG/xSrUeHYq..." | HardcodedCredentials.rb:4:20:4:65 | "xwjVWdfzfRlbcgKkbSfG/xSrUeHYq..." | HardcodedCredentials.rb:4:20:4:65 | "xwjVWdfzfRlbcgKkbSfG/xSrUeHYq..." | This hardcoded value is $@. | HardcodedCredentials.rb:4:20:4:65 | "xwjVWdfzfRlbcgKkbSfG/xSrUeHYq..." | used as credentials |
| HardcodedCredentials.rb:8:30:8:75 | "X6BLgRWSAtAWG/GaHS+WGGW2K7zZF..." | HardcodedCredentials.rb:8:30:8:75 | "X6BLgRWSAtAWG/GaHS+WGGW2K7zZF..." | HardcodedCredentials.rb:8:30:8:75 | "X6BLgRWSAtAWG/GaHS+WGGW2K7zZF..." | This hardcoded value is $@. | HardcodedCredentials.rb:8:30:8:75 | "X6BLgRWSAtAWG/GaHS+WGGW2K7zZF..." | used as credentials |
| HardcodedCredentials.rb:12:19:12:64 | "4NQX/CqB5Ae98zFUmwj1DMpF7azsh..." | HardcodedCredentials.rb:12:19:12:64 | "4NQX/CqB5Ae98zFUmwj1DMpF7azsh..." : | HardcodedCredentials.rb:1:23:1:30 | password | This hardcoded value is $@. | HardcodedCredentials.rb:1:23:1:30 | password | used as credentials |
| HardcodedCredentials.rb:12:19:12:64 | "4NQX/CqB5Ae98zFUmwj1DMpF7azsh..." | HardcodedCredentials.rb:12:19:12:64 | "4NQX/CqB5Ae98zFUmwj1DMpF7azsh..." | HardcodedCredentials.rb:1:23:1:30 | password | This hardcoded value is $@. | HardcodedCredentials.rb:1:23:1:30 | password | used as credentials |
| HardcodedCredentials.rb:15:30:15:75 | "WLC17dLQ9P8YlQvqm77qplOMm5pd1..." | HardcodedCredentials.rb:15:30:15:75 | "WLC17dLQ9P8YlQvqm77qplOMm5pd1..." | HardcodedCredentials.rb:1:33:1:36 | cert | This hardcoded value is $@. | HardcodedCredentials.rb:1:33:1:36 | cert | used as credentials |
| HardcodedCredentials.rb:15:30:15:75 | "WLC17dLQ9P8YlQvqm77qplOMm5pd1..." | HardcodedCredentials.rb:15:30:15:75 | "WLC17dLQ9P8YlQvqm77qplOMm5pd1..." | HardcodedCredentials.rb:15:30:15:75 | "WLC17dLQ9P8YlQvqm77qplOMm5pd1..." | This hardcoded value is $@. | HardcodedCredentials.rb:15:30:15:75 | "WLC17dLQ9P8YlQvqm77qplOMm5pd1..." | used as credentials |
| HardcodedCredentials.rb:15:30:15:75 | "WLC17dLQ9P8YlQvqm77qplOMm5pd1..." | HardcodedCredentials.rb:15:30:15:75 | "WLC17dLQ9P8YlQvqm77qplOMm5pd1..." : | HardcodedCredentials.rb:1:33:1:36 | cert | This hardcoded value is $@. | HardcodedCredentials.rb:1:33:1:36 | cert | used as credentials |
| HardcodedCredentials.rb:18:27:18:72 | "ogH6qSYWGdbR/2WOGYa7eZ/tObL+G..." | HardcodedCredentials.rb:18:27:18:72 | "ogH6qSYWGdbR/2WOGYa7eZ/tObL+G..." : | HardcodedCredentials.rb:1:23:1:30 | password | This hardcoded value is $@. | HardcodedCredentials.rb:1:23:1:30 | password | used as credentials |
| HardcodedCredentials.rb:20:11:20:76 | "3jOe7sXKX6Tx52qHWUVqh2t9LNsE+..." | HardcodedCredentials.rb:20:11:20:76 | "3jOe7sXKX6Tx52qHWUVqh2t9LNsE+..." : | HardcodedCredentials.rb:1:23:1:30 | password | This hardcoded value is $@. | HardcodedCredentials.rb:1:23:1:30 | password | used as credentials |
| HardcodedCredentials.rb:21:12:21:37 | "4fQuzXef4f2yow8KWvIJTA==" | HardcodedCredentials.rb:21:12:21:37 | "4fQuzXef4f2yow8KWvIJTA==" : | HardcodedCredentials.rb:1:23:1:30 | password | This hardcoded value is $@. | HardcodedCredentials.rb:1:23:1:30 | password | used as credentials |
| HardcodedCredentials.rb:38:40:38:85 | "kdW/xVhiv6y1fQQNevDpUaq+2rfPK..." | HardcodedCredentials.rb:38:40:38:85 | "kdW/xVhiv6y1fQQNevDpUaq+2rfPK..." : | HardcodedCredentials.rb:31:18:31:23 | passwd | This hardcoded value is $@. | HardcodedCredentials.rb:31:18:31:23 | passwd | used as credentials |
| HardcodedCredentials.rb:43:29:43:43 | "user@test.com" | HardcodedCredentials.rb:43:29:43:43 | "user@test.com" : | HardcodedCredentials.rb:43:18:43:25 | username | This hardcoded value is $@. | HardcodedCredentials.rb:43:18:43:25 | username | used as credentials |
| HardcodedCredentials.rb:43:57:43:70 | "abcdef123456" | HardcodedCredentials.rb:43:57:43:70 | "abcdef123456" : | HardcodedCredentials.rb:43:46:43:53 | password | This hardcoded value is $@. | HardcodedCredentials.rb:43:46:43:53 | password | used as credentials |
| HardcodedCredentials.rb:18:27:18:72 | "ogH6qSYWGdbR/2WOGYa7eZ/tObL+G..." | HardcodedCredentials.rb:18:27:18:72 | "ogH6qSYWGdbR/2WOGYa7eZ/tObL+G..." | HardcodedCredentials.rb:1:23:1:30 | password | This hardcoded value is $@. | HardcodedCredentials.rb:1:23:1:30 | password | used as credentials |
| HardcodedCredentials.rb:20:11:20:76 | "3jOe7sXKX6Tx52qHWUVqh2t9LNsE+..." | HardcodedCredentials.rb:20:11:20:76 | "3jOe7sXKX6Tx52qHWUVqh2t9LNsE+..." | HardcodedCredentials.rb:1:23:1:30 | password | This hardcoded value is $@. | HardcodedCredentials.rb:1:23:1:30 | password | used as credentials |
| HardcodedCredentials.rb:21:12:21:37 | "4fQuzXef4f2yow8KWvIJTA==" | HardcodedCredentials.rb:21:12:21:37 | "4fQuzXef4f2yow8KWvIJTA==" | HardcodedCredentials.rb:1:23:1:30 | password | This hardcoded value is $@. | HardcodedCredentials.rb:1:23:1:30 | password | used as credentials |
| HardcodedCredentials.rb:38:40:38:85 | "kdW/xVhiv6y1fQQNevDpUaq+2rfPK..." | HardcodedCredentials.rb:38:40:38:85 | "kdW/xVhiv6y1fQQNevDpUaq+2rfPK..." | HardcodedCredentials.rb:31:18:31:23 | passwd | This hardcoded value is $@. | HardcodedCredentials.rb:31:18:31:23 | passwd | used as credentials |
| HardcodedCredentials.rb:43:29:43:43 | "user@test.com" | HardcodedCredentials.rb:43:29:43:43 | "user@test.com" | HardcodedCredentials.rb:43:18:43:25 | username | This hardcoded value is $@. | HardcodedCredentials.rb:43:18:43:25 | username | used as credentials |
| HardcodedCredentials.rb:43:57:43:70 | "abcdef123456" | HardcodedCredentials.rb:43:57:43:70 | "abcdef123456" | HardcodedCredentials.rb:43:46:43:53 | password | This hardcoded value is $@. | HardcodedCredentials.rb:43:46:43:53 | password | used as credentials |

36
ruby/ql/test/query-tests/security/cwe-807-user-controlled-bypass/ConditionalBypass.expected
View File

@@ -1,26 +1,26 @@
edges
| ConditionalBypass.rb:3:5:3:9 | check : | ConditionalBypass.rb:6:8:6:12 | check |
| ConditionalBypass.rb:3:13:3:18 | call to params : | ConditionalBypass.rb:3:13:3:26 | ...[...] : |
| ConditionalBypass.rb:3:13:3:26 | ...[...] : | ConditionalBypass.rb:3:5:3:9 | check : |
| ConditionalBypass.rb:14:14:14:19 | call to params : | ConditionalBypass.rb:14:14:14:27 | ...[...] |
| ConditionalBypass.rb:25:5:25:5 | p : | ConditionalBypass.rb:27:8:27:8 | p |
| ConditionalBypass.rb:25:10:25:15 | call to params : | ConditionalBypass.rb:25:10:25:22 | ...[...] |
| ConditionalBypass.rb:25:10:25:15 | call to params : | ConditionalBypass.rb:25:10:25:22 | ...[...] : |
| ConditionalBypass.rb:25:10:25:22 | ...[...] : | ConditionalBypass.rb:25:5:25:5 | p : |
| ConditionalBypass.rb:3:5:3:9 | check | ConditionalBypass.rb:6:8:6:12 | check |
| ConditionalBypass.rb:3:13:3:18 | call to params | ConditionalBypass.rb:3:13:3:26 | ...[...] |
| ConditionalBypass.rb:3:13:3:26 | ...[...] | ConditionalBypass.rb:3:5:3:9 | check |
| ConditionalBypass.rb:14:14:14:19 | call to params | ConditionalBypass.rb:14:14:14:27 | ...[...] |
| ConditionalBypass.rb:25:5:25:5 | p | ConditionalBypass.rb:27:8:27:8 | p |
| ConditionalBypass.rb:25:10:25:15 | call to params | ConditionalBypass.rb:25:10:25:22 | ...[...] |
| ConditionalBypass.rb:25:10:25:15 | call to params | ConditionalBypass.rb:25:10:25:22 | ...[...] |
| ConditionalBypass.rb:25:10:25:22 | ...[...] | ConditionalBypass.rb:25:5:25:5 | p |
nodes
| ConditionalBypass.rb:3:5:3:9 | check : | semmle.label | check : |
| ConditionalBypass.rb:3:13:3:18 | call to params : | semmle.label | call to params : |
| ConditionalBypass.rb:3:13:3:26 | ...[...] : | semmle.label | ...[...] : |
| ConditionalBypass.rb:3:5:3:9 | check | semmle.label | check |
| ConditionalBypass.rb:3:13:3:18 | call to params | semmle.label | call to params |
| ConditionalBypass.rb:3:13:3:26 | ...[...] | semmle.label | ...[...] |
| ConditionalBypass.rb:6:8:6:12 | check | semmle.label | check |
| ConditionalBypass.rb:14:14:14:19 | call to params : | semmle.label | call to params : |
| ConditionalBypass.rb:14:14:14:19 | call to params | semmle.label | call to params |
| ConditionalBypass.rb:14:14:14:27 | ...[...] | semmle.label | ...[...] |
| ConditionalBypass.rb:25:5:25:5 | p : | semmle.label | p : |
| ConditionalBypass.rb:25:10:25:15 | call to params : | semmle.label | call to params : |
| ConditionalBypass.rb:25:5:25:5 | p | semmle.label | p |
| ConditionalBypass.rb:25:10:25:15 | call to params | semmle.label | call to params |
| ConditionalBypass.rb:25:10:25:22 | ...[...] | semmle.label | ...[...] |
| ConditionalBypass.rb:25:10:25:22 | ...[...] | semmle.label | ...[...] |
| ConditionalBypass.rb:25:10:25:22 | ...[...] : | semmle.label | ...[...] : |
| ConditionalBypass.rb:27:8:27:8 | p | semmle.label | p |
subpaths
#select
| ConditionalBypass.rb:6:8:6:12 | check | ConditionalBypass.rb:3:13:3:18 | call to params : | ConditionalBypass.rb:6:8:6:12 | check | This condition guards a sensitive $@, but a $@ controls it. | ConditionalBypass.rb:8:7:8:29 | call to authenticate_user! | action | ConditionalBypass.rb:3:13:3:18 | call to params | user-provided value |
| ConditionalBypass.rb:14:14:14:27 | ...[...] | ConditionalBypass.rb:14:14:14:19 | call to params : | ConditionalBypass.rb:14:14:14:27 | ...[...] | This condition guards a sensitive $@, but a $@ controls it. | ConditionalBypass.rb:14:5:14:9 | call to login | action | ConditionalBypass.rb:14:14:14:19 | call to params | user-provided value |
| ConditionalBypass.rb:27:8:27:8 | p | ConditionalBypass.rb:25:10:25:15 | call to params : | ConditionalBypass.rb:27:8:27:8 | p | This condition guards a sensitive $@, but a $@ controls it. | ConditionalBypass.rb:28:7:28:13 | call to verify! | action | ConditionalBypass.rb:25:10:25:15 | call to params | user-provided value |
| ConditionalBypass.rb:6:8:6:12 | check | ConditionalBypass.rb:3:13:3:18 | call to params | ConditionalBypass.rb:6:8:6:12 | check | This condition guards a sensitive $@, but a $@ controls it. | ConditionalBypass.rb:8:7:8:29 | call to authenticate_user! | action | ConditionalBypass.rb:3:13:3:18 | call to params | user-provided value |
| ConditionalBypass.rb:14:14:14:27 | ...[...] | ConditionalBypass.rb:14:14:14:19 | call to params | ConditionalBypass.rb:14:14:14:27 | ...[...] | This condition guards a sensitive $@, but a $@ controls it. | ConditionalBypass.rb:14:5:14:9 | call to login | action | ConditionalBypass.rb:14:14:14:19 | call to params | user-provided value |
| ConditionalBypass.rb:27:8:27:8 | p | ConditionalBypass.rb:25:10:25:15 | call to params | ConditionalBypass.rb:27:8:27:8 | p | This condition guards a sensitive $@, but a $@ controls it. | ConditionalBypass.rb:28:7:28:13 | call to verify! | action | ConditionalBypass.rb:25:10:25:15 | call to params | user-provided value |

20
ruby/ql/test/query-tests/security/cwe-829/InsecureDownload.expected
View File

@@ -1,16 +1,16 @@
failures
edges
| insecure_download.rb:31:5:31:7 | url : | insecure_download.rb:33:15:33:17 | url |
| insecure_download.rb:31:5:31:7 | url : | insecure_download.rb:33:15:33:17 | url |
| insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : | insecure_download.rb:31:5:31:7 | url : |
| insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : | insecure_download.rb:31:5:31:7 | url : |
| insecure_download.rb:31:5:31:7 | url | insecure_download.rb:33:15:33:17 | url |
| insecure_download.rb:31:5:31:7 | url | insecure_download.rb:33:15:33:17 | url |
| insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" | insecure_download.rb:31:5:31:7 | url |
| insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" | insecure_download.rb:31:5:31:7 | url |
nodes
| insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | semmle.label | "http://example.org/unsafe.APK" |
| insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | semmle.label | "http://example.org/unsafe.APK" |
| insecure_download.rb:31:5:31:7 | url : | semmle.label | url : |
| insecure_download.rb:31:5:31:7 | url : | semmle.label | url : |
| insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : | semmle.label | "http://example.org/unsafe.APK" : |
| insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : | semmle.label | "http://example.org/unsafe.APK" : |
| insecure_download.rb:31:5:31:7 | url | semmle.label | url |
| insecure_download.rb:31:5:31:7 | url | semmle.label | url |
| insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" | semmle.label | "http://example.org/unsafe.APK" |
| insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" | semmle.label | "http://example.org/unsafe.APK" |
| insecure_download.rb:33:15:33:17 | url | semmle.label | url |
| insecure_download.rb:33:15:33:17 | url | semmle.label | url |
| insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | semmle.label | "http://example.org/unsafe" |
@@ -21,8 +21,8 @@ subpaths
#select
| insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | $@ | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | "http://example.org/unsafe.APK" |
| insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | $@ | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | "http://example.org/unsafe.APK" |
| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : | insecure_download.rb:33:15:33:17 | url | $@ | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : | "http://example.org/unsafe.APK" : |
| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : | insecure_download.rb:33:15:33:17 | url | $@ | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : | "http://example.org/unsafe.APK" : |
| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" | insecure_download.rb:33:15:33:17 | url | $@ | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" | "http://example.org/unsafe.APK" |
| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" | insecure_download.rb:33:15:33:17 | url | $@ | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" | "http://example.org/unsafe.APK" |
| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | $@ | insecure_download.rb:33:15:33:17 | url | url |
| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | $@ | insecure_download.rb:33:15:33:17 | url | url |
| insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | $@ | insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | "http://example.org/unsafe" |

24
ruby/ql/test/query-tests/security/cwe-912/HttpToFileAccess.expected
View File

@@ -1,18 +1,18 @@
edges
| http_to_file_access.rb:3:1:3:4 | resp : | http_to_file_access.rb:5:12:5:15 | resp |
| http_to_file_access.rb:3:8:3:52 | call to body : | http_to_file_access.rb:3:1:3:4 | resp : |
| http_to_file_access.rb:9:7:9:12 | script : | http_to_file_access.rb:11:18:11:23 | script |
| http_to_file_access.rb:9:16:9:21 | call to params : | http_to_file_access.rb:9:16:9:30 | ...[...] : |
| http_to_file_access.rb:9:16:9:30 | ...[...] : | http_to_file_access.rb:9:7:9:12 | script : |
| http_to_file_access.rb:3:1:3:4 | resp | http_to_file_access.rb:5:12:5:15 | resp |
| http_to_file_access.rb:3:8:3:52 | call to body | http_to_file_access.rb:3:1:3:4 | resp |
| http_to_file_access.rb:9:7:9:12 | script | http_to_file_access.rb:11:18:11:23 | script |
| http_to_file_access.rb:9:16:9:21 | call to params | http_to_file_access.rb:9:16:9:30 | ...[...] |
| http_to_file_access.rb:9:16:9:30 | ...[...] | http_to_file_access.rb:9:7:9:12 | script |
nodes
| http_to_file_access.rb:3:1:3:4 | resp : | semmle.label | resp : |
| http_to_file_access.rb:3:8:3:52 | call to body : | semmle.label | call to body : |
| http_to_file_access.rb:3:1:3:4 | resp | semmle.label | resp |
| http_to_file_access.rb:3:8:3:52 | call to body | semmle.label | call to body |
| http_to_file_access.rb:5:12:5:15 | resp | semmle.label | resp |
| http_to_file_access.rb:9:7:9:12 | script : | semmle.label | script : |
| http_to_file_access.rb:9:16:9:21 | call to params : | semmle.label | call to params : |
| http_to_file_access.rb:9:16:9:30 | ...[...] : | semmle.label | ...[...] : |
| http_to_file_access.rb:9:7:9:12 | script | semmle.label | script |
| http_to_file_access.rb:9:16:9:21 | call to params | semmle.label | call to params |
| http_to_file_access.rb:9:16:9:30 | ...[...] | semmle.label | ...[...] |
| http_to_file_access.rb:11:18:11:23 | script | semmle.label | script |
subpaths
#select
| http_to_file_access.rb:5:12:5:15 | resp | http_to_file_access.rb:3:8:3:52 | call to body : | http_to_file_access.rb:5:12:5:15 | resp | Write to file system depends on $@. | http_to_file_access.rb:3:8:3:52 | call to body | untrusted data |
| http_to_file_access.rb:11:18:11:23 | script | http_to_file_access.rb:9:16:9:21 | call to params : | http_to_file_access.rb:11:18:11:23 | script | Write to file system depends on $@. | http_to_file_access.rb:9:16:9:21 | call to params | untrusted data |
| http_to_file_access.rb:5:12:5:15 | resp | http_to_file_access.rb:3:8:3:52 | call to body | http_to_file_access.rb:5:12:5:15 | resp | Write to file system depends on $@. | http_to_file_access.rb:3:8:3:52 | call to body | untrusted data |
| http_to_file_access.rb:11:18:11:23 | script | http_to_file_access.rb:9:16:9:21 | call to params | http_to_file_access.rb:11:18:11:23 | script | Write to file system depends on $@. | http_to_file_access.rb:9:16:9:21 | call to params | untrusted data |

26
ruby/ql/test/query-tests/security/cwe-918/ServerSideRequestForgery.expected
View File

@@ -1,20 +1,20 @@
edges
| ServerSideRequestForgery.rb:10:9:10:28 | users_service_domain : | ServerSideRequestForgery.rb:11:31:11:62 | "#{...}/logins" |
| ServerSideRequestForgery.rb:10:32:10:37 | call to params : | ServerSideRequestForgery.rb:10:32:10:60 | ...[...] : |
| ServerSideRequestForgery.rb:10:32:10:60 | ...[...] : | ServerSideRequestForgery.rb:10:9:10:28 | users_service_domain : |
| ServerSideRequestForgery.rb:15:33:15:38 | call to params : | ServerSideRequestForgery.rb:15:33:15:44 | ...[...] |
| ServerSideRequestForgery.rb:20:45:20:50 | call to params : | ServerSideRequestForgery.rb:20:45:20:56 | ...[...] |
| ServerSideRequestForgery.rb:10:9:10:28 | users_service_domain | ServerSideRequestForgery.rb:11:31:11:62 | "#{...}/logins" |
| ServerSideRequestForgery.rb:10:32:10:37 | call to params | ServerSideRequestForgery.rb:10:32:10:60 | ...[...] |
| ServerSideRequestForgery.rb:10:32:10:60 | ...[...] | ServerSideRequestForgery.rb:10:9:10:28 | users_service_domain |
| ServerSideRequestForgery.rb:15:33:15:38 | call to params | ServerSideRequestForgery.rb:15:33:15:44 | ...[...] |
| ServerSideRequestForgery.rb:20:45:20:50 | call to params | ServerSideRequestForgery.rb:20:45:20:56 | ...[...] |
nodes
| ServerSideRequestForgery.rb:10:9:10:28 | users_service_domain : | semmle.label | users_service_domain : |
| ServerSideRequestForgery.rb:10:32:10:37 | call to params : | semmle.label | call to params : |
| ServerSideRequestForgery.rb:10:32:10:60 | ...[...] : | semmle.label | ...[...] : |
| ServerSideRequestForgery.rb:10:9:10:28 | users_service_domain | semmle.label | users_service_domain |
| ServerSideRequestForgery.rb:10:32:10:37 | call to params | semmle.label | call to params |
| ServerSideRequestForgery.rb:10:32:10:60 | ...[...] | semmle.label | ...[...] |
| ServerSideRequestForgery.rb:11:31:11:62 | "#{...}/logins" | semmle.label | "#{...}/logins" |
| ServerSideRequestForgery.rb:15:33:15:38 | call to params : | semmle.label | call to params : |
| ServerSideRequestForgery.rb:15:33:15:38 | call to params | semmle.label | call to params |
| ServerSideRequestForgery.rb:15:33:15:44 | ...[...] | semmle.label | ...[...] |
| ServerSideRequestForgery.rb:20:45:20:50 | call to params : | semmle.label | call to params : |
| ServerSideRequestForgery.rb:20:45:20:50 | call to params | semmle.label | call to params |
| ServerSideRequestForgery.rb:20:45:20:56 | ...[...] | semmle.label | ...[...] |
subpaths
#select
| ServerSideRequestForgery.rb:11:31:11:62 | "#{...}/logins" | ServerSideRequestForgery.rb:10:32:10:37 | call to params : | ServerSideRequestForgery.rb:11:31:11:62 | "#{...}/logins" | The URL of this request depends on a $@. | ServerSideRequestForgery.rb:10:32:10:37 | call to params | user-provided value |
| ServerSideRequestForgery.rb:15:33:15:44 | ...[...] | ServerSideRequestForgery.rb:15:33:15:38 | call to params : | ServerSideRequestForgery.rb:15:33:15:44 | ...[...] | The URL of this request depends on a $@. | ServerSideRequestForgery.rb:15:33:15:38 | call to params | user-provided value |
| ServerSideRequestForgery.rb:20:45:20:56 | ...[...] | ServerSideRequestForgery.rb:20:45:20:50 | call to params : | ServerSideRequestForgery.rb:20:45:20:56 | ...[...] | The URL of this request depends on a $@. | ServerSideRequestForgery.rb:20:45:20:50 | call to params | user-provided value |
| ServerSideRequestForgery.rb:11:31:11:62 | "#{...}/logins" | ServerSideRequestForgery.rb:10:32:10:37 | call to params | ServerSideRequestForgery.rb:11:31:11:62 | "#{...}/logins" | The URL of this request depends on a $@. | ServerSideRequestForgery.rb:10:32:10:37 | call to params | user-provided value |
| ServerSideRequestForgery.rb:15:33:15:44 | ...[...] | ServerSideRequestForgery.rb:15:33:15:38 | call to params | ServerSideRequestForgery.rb:15:33:15:44 | ...[...] | The URL of this request depends on a $@. | ServerSideRequestForgery.rb:15:33:15:38 | call to params | user-provided value |
| ServerSideRequestForgery.rb:20:45:20:56 | ...[...] | ServerSideRequestForgery.rb:20:45:20:50 | call to params | ServerSideRequestForgery.rb:20:45:20:56 | ...[...] | The URL of this request depends on a $@. | ServerSideRequestForgery.rb:20:45:20:50 | call to params | user-provided value |

20
ruby/ql/test/query-tests/security/decompression-api/DecompressionApi.expected
View File

@@ -1,16 +1,16 @@
edges
| decompression_api.rb:4:9:4:12 | path : | decompression_api.rb:5:31:5:34 | path |
| decompression_api.rb:4:16:4:21 | call to params : | decompression_api.rb:4:16:4:28 | ...[...] : |
| decompression_api.rb:4:16:4:28 | ...[...] : | decompression_api.rb:4:9:4:12 | path : |
| decompression_api.rb:15:31:15:36 | call to params : | decompression_api.rb:15:31:15:43 | ...[...] |
| decompression_api.rb:4:9:4:12 | path | decompression_api.rb:5:31:5:34 | path |
| decompression_api.rb:4:16:4:21 | call to params | decompression_api.rb:4:16:4:28 | ...[...] |
| decompression_api.rb:4:16:4:28 | ...[...] | decompression_api.rb:4:9:4:12 | path |
| decompression_api.rb:15:31:15:36 | call to params | decompression_api.rb:15:31:15:43 | ...[...] |
nodes
| decompression_api.rb:4:9:4:12 | path : | semmle.label | path : |
| decompression_api.rb:4:16:4:21 | call to params : | semmle.label | call to params : |
| decompression_api.rb:4:16:4:28 | ...[...] : | semmle.label | ...[...] : |
| decompression_api.rb:4:9:4:12 | path | semmle.label | path |
| decompression_api.rb:4:16:4:21 | call to params | semmle.label | call to params |
| decompression_api.rb:4:16:4:28 | ...[...] | semmle.label | ...[...] |
| decompression_api.rb:5:31:5:34 | path | semmle.label | path |
| decompression_api.rb:15:31:15:36 | call to params : | semmle.label | call to params : |
| decompression_api.rb:15:31:15:36 | call to params | semmle.label | call to params |
| decompression_api.rb:15:31:15:43 | ...[...] | semmle.label | ...[...] |
subpaths
#select
| decompression_api.rb:5:31:5:34 | path | decompression_api.rb:4:16:4:21 | call to params : | decompression_api.rb:5:31:5:34 | path | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | decompression_api.rb:5:9:5:35 | call to inflate | inflate |
| decompression_api.rb:15:31:15:43 | ...[...] | decompression_api.rb:15:31:15:36 | call to params : | decompression_api.rb:15:31:15:43 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | decompression_api.rb:15:9:15:44 | call to open_buffer | open_buffer |
| decompression_api.rb:5:31:5:34 | path | decompression_api.rb:4:16:4:21 | call to params | decompression_api.rb:5:31:5:34 | path | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | decompression_api.rb:5:9:5:35 | call to inflate | inflate |
| decompression_api.rb:15:31:15:43 | ...[...] | decompression_api.rb:15:31:15:36 | call to params | decompression_api.rb:15:31:15:43 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | decompression_api.rb:15:9:15:44 | call to open_buffer | open_buffer |