add string concat as a sink for code-construction

2026-05-04 05:05:12 +02:00 · 2023-01-17 14:40:30 +01:00
parent 2e4f4c64fe
commit 8fc3b268e8
3 changed files with 43 additions and 0 deletions
--- a/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/impl/unsafeCode.rb
+++ b/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/impl/unsafeCode.rb
@@ -50,4 +50,9 @@ class Foobar
    HERE
    eval(foo) # NOT OK
  end
+
+  def string_concat(x)
+    foo = "foo = " + x
+    eval(foo) # NOT OK
+  end
 end