hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

make one ql file

Browse Source
This commit is contained in:
amammad
2023-06-26 20:55:11 +10:00
parent 9e33b47cbd
commit 9540c58c4a
7 changed files with 1 additions and 565 deletions
Download Patch File Download Diff File Expand all files Collapse all files

433
ruby/ql/src/experimental/CWE-522-DecompressionBombs/BombsV1.ql
View File

@@ -1,433 +0,0 @@
/**
* @name User-controlled file decompression
* @description User-controlled data that flows into decompression library APIs could be dangerous
* @kind path-problem
* @problem.severity error
* @security-severity 7.8
* @precision high
* @id rb/user-controlled-file-decompression
* @tags security
* experimental
* external/cwe/cwe-409
*/
import codeql.ruby.AST
import codeql.ruby.ApiGraphs
import codeql.ruby.DataFlow
import codeql.ruby.dataflow.RemoteFlowSources
import codeql.ruby.TaintTracking
import DataFlow::PathGraph
module Zip {
module InputStream {
/**
* `Zip::InputStream`
*/
private API::Node zipInputStream() {
result = [API::getTopLevelMember("Zip").getMember("InputStream")]
}
/**
* An input in following
* ```ruby
* input = ip::InputStream.open(path)
* Zip::InputStream.open(path) do |input|
* ...
* end
* ```
*/
private API::Node instance() {
result =
zipInputStream().getMethod("open").(GetReturnOrGetBlock).getReturnOrGetBlockParameter()
}
predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
exists(API::Node zipInputStreamOpen |
zipInputStreamOpen = zipInputStream().getMethod("open")
|
nodeFrom = zipInputStreamOpen.getParameter(0).asSink() and
nodeTo =
[
zipInputStreamOpen
.(GetReturnOrGetBlock)
.getReturnOrGetBlockParameter()
.getMethod(_)
.getReturn()
.asSource()
]
)
}
DataFlow::Node isSink() {
exists(string ioMethods | not ioMethods = "get_next_entry" |
result = instance().getMethod(ioMethods).getReturn().asSource()
)
}
}
class AdditionalGlobStep extends API::Node {
API::Node additionalGlobStepHelper() {
result = this
or
result = this.getMethod("glob").getReturn()
}
}
class GetReturnOrGetBlock extends API::Node {
API::Node getReturnOrGetBlockParameter() {
result = this.getBlock().getParameter(0) or
result = this.getReturn()
}
}
module File {
/**
* ```ruby
* Zip::File.open(path)
* # or
* Zip::File.new(path)
* ```
*/
module OpenAndNew {
/**
* myZip in following
*
* ```ruby
* myZip = Zip::File.open(path)
* # or
* myZip = Zip::File.new(path)
*
* Zip::File.open(path) do |myZip|
*
* end
* ```
*/
API::Node instance() {
result =
zipFile().getMethod(["open", "new"]).(GetReturnOrGetBlock).getReturnOrGetBlockParameter()
}
/**
* `extract` and `read` can be sink
* ```ruby
* ```
*/
DataFlow::Node isSink() {
result =
instance()
.getMethod(["each", "each_entry", "first"])
.getBlock()
.getParameter(0)
.getMethod(["extract", "read", "first"])
.getReturn()
.asSource()
or
result =
instance()
.getMethod(["each", "each_entry", "first"])
.getBlock()
.getParameter(0)
.getMethod("get_input_stream")
.getReturn()
.asSource()
or
exists(string ioMethods | not ioMethods = ["each", "each_entry", "glob", "first"] |
result = instance().getAMethodCall(ioMethods)
)
}
predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
exists(API::Node zipFileOpen, API::Node zipFileOpenGlob |
zipFileOpen = zipFile().getMethod(["open", "new"])
|
nodeFrom = zipFileOpen.getParameter(0).asSink() and
zipFileOpenGlob = zipFileOpen.(GetReturnOrGetBlock).getReturnOrGetBlockParameter() and
nodeTo =
[
zipFileOpen
.(GetReturnOrGetBlock)
.getReturnOrGetBlockParameter()
.(AdditionalGlobStep)
.additionalGlobStepHelper()
.asSource(),
zipFileOpen
.(GetReturnOrGetBlock)
.getReturnOrGetBlockParameter()
.(AdditionalGlobStep)
.additionalGlobStepHelper()
.getMethod(["read", "extract"])
.getReturn()
.asSource(),
zipFileOpen
.(GetReturnOrGetBlock)
.getReturnOrGetBlockParameter()
.(AdditionalGlobStep)
.additionalGlobStepHelper()
.getMethod(["each", "each_entry", "first"])
.getBlock()
.getParameter(0)
.asSource(),
isAdditionalTaintStepHelper(zipFileOpen
.(GetReturnOrGetBlock)
.getReturnOrGetBlockParameter()
.(AdditionalGlobStep)
.additionalGlobStepHelper()
.getMethod(["each", "each_entry", "first"])
.getBlock()
.getParameter(0))
]
)
}
}
/**
* # Find specific entry with Zip::File.open(zipfile_path).glob(pattern)
*/
module Glob {
/**
* `extract` and `read` can be sink
* ```ruby
* ```
*/
DataFlow::Node isSink() {
result =
zipFile()
.getMethod(["open", "new"])
.getReturn()
.getMethod("glob")
.getBlock()
.getParameter(0)
.getMethod("get_input_stream")
.getReturn()
.asSource()
or
result =
zipFile()
.getMethod(["open", "new"])
.getReturn()
.getMethod("glob")
.getReturn()
.getMethod("get_input_stream")
.getReturn()
.asSource()
or
result =
zipFile()
.getMethod(["open", "new"])
.getBlock()
.getParameter(0)
.getMethod("glob")
.getReturn()
.getMethod("first")
.getReturn()
.getMethod("get_input_stream")
.getReturn()
.asSource()
}
predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
exists(API::Node zipFileOpen | zipFileOpen = zipFile().getMethod(["open", "new"]) |
nodeFrom = zipFileOpen.getParameter(0).asSink() and
nodeTo =
isAdditionalTaintStepHelper(zipFileOpen
.(GetReturnOrGetBlock)
.getReturnOrGetBlockParameter()
.getMethod("glob")
.(GetReturnOrGetBlock)
.getReturnOrGetBlockParameter())
)
}
}
/**
* `Zip::File`
*/
private API::Node zipFile() { result = API::getTopLevelMember("Zip").getMember("File") }
DataFlow::Node isAdditionalTaintStepHelper(API::Node nodeMiddle) {
result = nodeMiddle.getMethod(_).getReturn().asSource() or
result = nodeMiddle.getMethod(_).getReturn().getMethod(_).getReturn().asSource()
}
}
DataFlow::Node isSink() {
result = [File::Glob::isSink(), File::OpenAndNew::isSink(), InputStream::isSink()]
}
predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
File::Glob::isAdditionalTaintStep(nodeFrom, nodeTo)
or
File::OpenAndNew::isAdditionalTaintStep(nodeFrom, nodeTo)
or
InputStream::isAdditionalTaintStep(nodeFrom, nodeTo)
}
}
module Zlib {
/**
* `zlib::GzipReader`
*/
API::Node gzipReaderInstance() { result = API::getTopLevelMember("Zlib").getMember("GzipReader") }
API::Node gzipReaderOpen() {
result =
[
gzipReaderInstance().getMethod("open").getReturn(),
gzipReaderInstance().getMethod("open").getBlock().getParameter(0)
]
}
API::Node gzipReaderNew() { result = gzipReaderInstance().getMethod("new").getReturn() }
/**
* `entry` and `read` can be sink
* ```ruby
*Zlib::GzipReader.open(gzip_path) do |uncompressedfile|
* uncompressedfile.each do |entry|
* entry
* end
*end
*
*uncompressedfile = Zlib::GzipReader.open(gzip_path)
*uncompressedfile.each do |entry|
* entry
*end
*
*Zlib::GzipReader.new(File.open(gzip_path, 'rb')).read
*Zlib::GzipReader.new(File.open(gzip_path, 'rb')).each do |entry|
* entry
*end
* ```
*/
DataFlow::Node isSink() {
result =
gzipReaderOpen()
.getMethod(["glob", "each", "each_entry"])
.getBlock()
.getParameter(0)
.asSource()
or
result =
gzipReaderNew()
.getMethod(["glob", "each", "each_entry"])
.getBlock()
.getParameter(0)
.asSource()
or
// _ is one of ["read", "readlines", "readpartial", "readline", "gets"] and more because gzipReader return an IO instance, there are a lot of methods and gzipReader is for reading gzip files, so there is low FP rate here if we use _ instead of exact IO method names
exists(string ioMethods | not ioMethods = ["glob", "each", "each_entry"] |
result = gzipReaderNew().getMethod(ioMethods).getReturn().asSource() or
result = gzipReaderOpen().getMethod(ioMethods).getReturn().asSource()
)
or
// no need for any other methods after opening gzip with zcat method
result = gzipReaderInstance().getMethod("zcat").getParameter(0).asSink()
}
predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
isAdditionalTaintStepCustomizeMiddleNode(nodeFrom, nodeTo, gzipReaderOpen()) or
isAdditionalTaintStepCustomizeBeginningNode(nodeFrom, nodeTo, "open", gzipReaderInstance()) or
isAdditionalTaintStepCustomizeMiddleNode(nodeFrom, nodeTo, gzipReaderNew()) or
isAdditionalTaintStepCustomizeBeginningNode(nodeFrom, nodeTo, "new", gzipReaderInstance()) or
isAdditionalTaintStepCustomizeBeginningNode(nodeFrom, nodeTo, "zcat", gzipReaderInstance())
}
/**
* `uncompressedfile` is nodeFrom/nodeMiddle
*
* `entry` is nodeTo
*
* ```ruby
* Zlib::GzipReader.open(gzip_path) do |uncompressedfile|
* uncompressedfile.each do |entry|
* entry.bytes
* end
*end
*uncompressedfile = Zlib::GzipReader.open(gzip_path)
*uncompressedfile.each do |entry|
* entry.read
*end
* ```
*/
predicate isAdditionalTaintStepCustomizeMiddleNode(
DataFlow::Node nodeFrom, DataFlow::Node nodeTo, API::Node nodeMiddle
) {
nodeFrom = nodeMiddle.asSource() and
nodeTo =
nodeMiddle.getMethod(["glob", "each", "each_entry"]).getBlock().getParameter(0).asSource()
}
/**
* `gzip_path` is nodeFrom
*
* `compressed_file`/`Zlib::GzipReader.open(gzip_path)` are nodeTo
*
* `Zlib::GzipReader` is nodeInstance
*
* `open` is beginMethodName
* ```ruby
*Zlib::GzipReader.open(gzip_path) do |compressed_file|
* compressed_file.each do |entry|
* entry.bytes
* end
*end
*```
*/
predicate isAdditionalTaintStepCustomizeBeginningNode(
DataFlow::Node nodeFrom, DataFlow::Node nodeTo, string beginMethodName, API::Node nodeInstance
) {
nodeFrom = nodeInstance.getMethod(beginMethodName).getParameter(0).asSink() and
nodeTo =
[
nodeInstance.getMethod(beginMethodName).getBlock().getParameter(0).asSource(),
nodeInstance
.getMethod(beginMethodName)
.getBlock()
.getParameter(0)
.getMethod(_)
.getReturn()
.asSource(), nodeInstance.getMethod(beginMethodName).getReturn().asSource(),
nodeInstance.getMethod(beginMethodName).getReturn().getMethod(_).getReturn().asSource()
]
}
}
class Bombs extends TaintTracking::Configuration {
Bombs() { this = "Decompression Bombs" }
override predicate isSource(DataFlow::Node source) {
source instanceof RemoteFlowSource or
source instanceof DataFlow::LocalSourceNode
}
override predicate isSink(DataFlow::Node sink) { sink = [Zip::isSink(), Zlib::isSink()] }
override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
Zip::isAdditionalTaintStep(nodeFrom, nodeTo)
or
Zlib::isAdditionalTaintStep(nodeFrom, nodeTo)
or
exists(API::Node n | n = API::root().getMember("File").getMethod("open") |
nodeFrom = n.getParameter(0).asSink() and
nodeTo = n.getReturn().asSource()
)
or
exists(API::Node n | n = API::root().getMember("StringIO").getMethod("new") |
nodeFrom = n.getParameter(0).asSink() and
nodeTo = n.getReturn().asSource()
)
or
// following can be a global additional step
exists(DataFlow::CallNode cn |
cn.getMethodName() = "open" and cn.getReceiver().toString() = "self"
|
nodeFrom = cn.getArgument(0) and
nodeTo = cn
)
}
}
from Bombs cfg, DataFlow::PathNode source, DataFlow::PathNode sink
where cfg.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "This file extraction depends on a $@.", source.getNode(),
"potentially untrusted source"

0
ruby/ql/src/experimental/CWE-522-DecompressionBombs/BombsV2.ql → ruby/ql/src/experimental/CWE-522-DecompressionBombs/DecompressionBombs.ql
View File

0
ruby/ql/test/query-tests/experimental/CWE-522-DecompressionBombs/DecompressionBombsV2.expected → ruby/ql/test/query-tests/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected
View File

1
ruby/ql/test/query-tests/experimental/CWE-522-DecompressionBombs/DecompressionBombs.qlref Normal file
View File

@@ -0,0 +1 @@
experimental/CWE-522-DecompressionBombs/DecompressionBombs.ql

130
ruby/ql/test/query-tests/experimental/CWE-522-DecompressionBombs/DecompressionBombsV1.expected
View File

@@ -1,130 +0,0 @@
WARNING: Unused predicate instance (/home/am/CodeQL-home/codeql-repo/ruby/ql/src/experimental/CWE-522-DecompressionBombs/BombsV1.ql:192,17-25)
WARNING: Unused predicate oneBlockParameter (/home/am/CodeQL-home/codeql-repo/ruby/ql/src/experimental/CWE-522-DecompressionBombs/BombsV1.ql:270,15-32)
WARNING: Unused predicate twoBlockParameter (/home/am/CodeQL-home/codeql-repo/ruby/ql/src/experimental/CWE-522-DecompressionBombs/BombsV1.ql:284,15-32)
edges
| file://:0:0:0:0 | [summary param] self in each(0) | gzipBombs.rb:8:29:8:33 | entry |
| file://:0:0:0:0 | [summary param] self in each(0) | gzipBombs.rb:13:27:13:31 | entry |
| file://:0:0:0:0 | [summary param] self in each(0) | gzipBombs.rb:18:59:18:63 | entry |
| gzipBombs.rb:2:1:2:9 | gzip_path | gzipBombs.rb:3:1:3:37 | call to read |
| gzipBombs.rb:2:1:2:9 | gzip_path | gzipBombs.rb:4:23:4:31 | gzip_path |
| gzipBombs.rb:2:1:2:9 | gzip_path | gzipBombs.rb:7:23:7:31 | gzip_path |
| gzipBombs.rb:2:1:2:9 | gzip_path | gzipBombs.rb:12:1:12:16 | uncompressedfile |
| gzipBombs.rb:2:1:2:9 | gzip_path | gzipBombs.rb:12:20:12:51 | call to open |
| gzipBombs.rb:2:1:2:9 | gzip_path | gzipBombs.rb:17:1:17:53 | call to read |
| gzipBombs.rb:2:1:2:9 | gzip_path | gzipBombs.rb:18:1:18:48 | call to new |
| gzipBombs.rb:2:1:2:9 | gzip_path | gzipBombs.rb:22:23:22:37 | call to open |
| gzipBombs.rb:2:13:2:29 | "Path/To/bomb.gz" | gzipBombs.rb:2:1:2:9 | gzip_path |
| gzipBombs.rb:4:23:4:31 | gzip_path | gzipBombs.rb:5:8:5:28 | call to read |
| gzipBombs.rb:7:23:7:31 | gzip_path | gzipBombs.rb:7:38:7:53 | uncompressedfile |
| gzipBombs.rb:7:38:7:53 | uncompressedfile | gzipBombs.rb:8:3:8:18 | uncompressedfile |
| gzipBombs.rb:7:38:7:53 | uncompressedfile | gzipBombs.rb:8:29:8:33 | entry |
| gzipBombs.rb:8:3:8:18 | uncompressedfile | gzipBombs.rb:8:29:8:33 | entry |
| gzipBombs.rb:12:1:12:16 | uncompressedfile | gzipBombs.rb:13:1:13:16 | uncompressedfile |
| gzipBombs.rb:12:20:12:51 | call to open | gzipBombs.rb:12:1:12:16 | uncompressedfile |
| gzipBombs.rb:12:20:12:51 | call to open | gzipBombs.rb:13:27:13:31 | entry |
| gzipBombs.rb:13:1:13:16 | uncompressedfile | gzipBombs.rb:13:27:13:31 | entry |
| gzipBombs.rb:17:22:17:47 | call to open | gzipBombs.rb:17:1:17:53 | call to read |
| gzipBombs.rb:18:1:18:48 | call to new | gzipBombs.rb:18:59:18:63 | entry |
| gzipBombs.rb:18:22:18:47 | call to open | gzipBombs.rb:18:1:18:48 | call to new |
| zipBombs.rb:2:1:2:12 | zipfile_path | zipBombs.rb:9:23:9:34 | zipfile_path |
| zipBombs.rb:2:1:2:12 | zipfile_path | zipBombs.rb:14:1:14:40 | call to read |
| zipBombs.rb:2:1:2:12 | zipfile_path | zipBombs.rb:15:1:15:49 | call to extract |
| zipBombs.rb:2:1:2:12 | zipfile_path | zipBombs.rb:17:16:17:27 | zipfile_path |
| zipBombs.rb:2:1:2:12 | zipfile_path | zipBombs.rb:29:27:29:38 | zipfile_path |
| zipBombs.rb:2:1:2:12 | zipfile_path | zipBombs.rb:36:16:36:27 | zipfile_path |
| zipBombs.rb:2:1:2:12 | zipfile_path | zipBombs.rb:48:6:48:27 | call to get_input_stream |
| zipBombs.rb:2:1:2:12 | zipfile_path | zipBombs.rb:50:27:50:38 | zipfile_path |
| zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | zipBombs.rb:2:1:2:12 | zipfile_path |
| zipBombs.rb:9:23:9:34 | zipfile_path | zipBombs.rb:10:3:10:12 | call to read |
| zipBombs.rb:17:16:17:27 | zipfile_path | zipBombs.rb:23:5:23:17 | call to extract |
| zipBombs.rb:17:16:17:27 | zipfile_path | zipBombs.rb:25:5:25:26 | call to get_input_stream |
| zipBombs.rb:29:27:29:38 | zipfile_path | zipBombs.rb:31:3:31:15 | call to extract |
| zipBombs.rb:29:27:29:38 | zipfile_path | zipBombs.rb:32:3:32:24 | call to get_input_stream |
| zipBombs.rb:36:16:36:27 | zipfile_path | zipBombs.rb:38:5:38:29 | call to read |
| zipBombs.rb:36:16:36:27 | zipfile_path | zipBombs.rb:43:8:43:29 | call to get_input_stream |
| zipBombs.rb:50:27:50:38 | zipfile_path | zipBombs.rb:52:3:52:24 | call to get_input_stream |
nodes
| file://:0:0:0:0 | [summary param] self in each(0) | semmle.label | [summary param] self in each(0) |
| gzipBombs.rb:2:1:2:9 | gzip_path | semmle.label | gzip_path |
| gzipBombs.rb:2:13:2:29 | "Path/To/bomb.gz" | semmle.label | "Path/To/bomb.gz" |
| gzipBombs.rb:3:1:3:37 | call to read | semmle.label | call to read |
| gzipBombs.rb:4:23:4:31 | gzip_path | semmle.label | gzip_path |
| gzipBombs.rb:5:8:5:28 | call to read | semmle.label | call to read |
| gzipBombs.rb:7:23:7:31 | gzip_path | semmle.label | gzip_path |
| gzipBombs.rb:7:38:7:53 | uncompressedfile | semmle.label | uncompressedfile |
| gzipBombs.rb:8:3:8:18 | uncompressedfile | semmle.label | uncompressedfile |
| gzipBombs.rb:8:29:8:33 | entry | semmle.label | entry |
| gzipBombs.rb:12:1:12:16 | uncompressedfile | semmle.label | uncompressedfile |
| gzipBombs.rb:12:20:12:51 | call to open | semmle.label | call to open |
| gzipBombs.rb:13:1:13:16 | uncompressedfile | semmle.label | uncompressedfile |
| gzipBombs.rb:13:27:13:31 | entry | semmle.label | entry |
| gzipBombs.rb:17:1:17:53 | call to read | semmle.label | call to read |
| gzipBombs.rb:17:22:17:47 | call to open | semmle.label | call to open |
| gzipBombs.rb:18:1:18:48 | call to new | semmle.label | call to new |
| gzipBombs.rb:18:22:18:47 | call to open | semmle.label | call to open |
| gzipBombs.rb:18:59:18:63 | entry | semmle.label | entry |
| gzipBombs.rb:22:23:22:37 | call to open | semmle.label | call to open |
| zipBombs.rb:2:1:2:12 | zipfile_path | semmle.label | zipfile_path |
| zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | semmle.label | "Path/To/bomb.zip" |
| zipBombs.rb:9:23:9:34 | zipfile_path | semmle.label | zipfile_path |
| zipBombs.rb:10:3:10:12 | call to read | semmle.label | call to read |
| zipBombs.rb:14:1:14:40 | call to read | semmle.label | call to read |
| zipBombs.rb:15:1:15:49 | call to extract | semmle.label | call to extract |
| zipBombs.rb:17:16:17:27 | zipfile_path | semmle.label | zipfile_path |
| zipBombs.rb:23:5:23:17 | call to extract | semmle.label | call to extract |
| zipBombs.rb:25:5:25:26 | call to get_input_stream | semmle.label | call to get_input_stream |
| zipBombs.rb:29:27:29:38 | zipfile_path | semmle.label | zipfile_path |
| zipBombs.rb:31:3:31:15 | call to extract | semmle.label | call to extract |
| zipBombs.rb:32:3:32:24 | call to get_input_stream | semmle.label | call to get_input_stream |
| zipBombs.rb:36:16:36:27 | zipfile_path | semmle.label | zipfile_path |
| zipBombs.rb:38:5:38:29 | call to read | semmle.label | call to read |
| zipBombs.rb:43:8:43:29 | call to get_input_stream | semmle.label | call to get_input_stream |
| zipBombs.rb:48:6:48:27 | call to get_input_stream | semmle.label | call to get_input_stream |
| zipBombs.rb:50:27:50:38 | zipfile_path | semmle.label | zipfile_path |
| zipBombs.rb:52:3:52:24 | call to get_input_stream | semmle.label | call to get_input_stream |
subpaths
#select
| gzipBombs.rb:3:1:3:37 | call to read | gzipBombs.rb:2:13:2:29 | "Path/To/bomb.gz" | gzipBombs.rb:3:1:3:37 | call to read | This file extraction depends on a $@. | gzipBombs.rb:2:13:2:29 | "Path/To/bomb.gz" | potentially untrusted source |
| gzipBombs.rb:3:1:3:37 | call to read | gzipBombs.rb:3:1:3:37 | call to read | gzipBombs.rb:3:1:3:37 | call to read | This file extraction depends on a $@. | gzipBombs.rb:3:1:3:37 | call to read | potentially untrusted source |
| gzipBombs.rb:5:8:5:28 | call to read | gzipBombs.rb:2:13:2:29 | "Path/To/bomb.gz" | gzipBombs.rb:5:8:5:28 | call to read | This file extraction depends on a $@. | gzipBombs.rb:2:13:2:29 | "Path/To/bomb.gz" | potentially untrusted source |
| gzipBombs.rb:5:8:5:28 | call to read | gzipBombs.rb:5:8:5:28 | call to read | gzipBombs.rb:5:8:5:28 | call to read | This file extraction depends on a $@. | gzipBombs.rb:5:8:5:28 | call to read | potentially untrusted source |
| gzipBombs.rb:8:29:8:33 | entry | file://:0:0:0:0 | [summary param] self in each(0) | gzipBombs.rb:8:29:8:33 | entry | This file extraction depends on a $@. | file://:0:0:0:0 | [summary param] self in each(0) | potentially untrusted source |
| gzipBombs.rb:8:29:8:33 | entry | gzipBombs.rb:2:13:2:29 | "Path/To/bomb.gz" | gzipBombs.rb:8:29:8:33 | entry | This file extraction depends on a $@. | gzipBombs.rb:2:13:2:29 | "Path/To/bomb.gz" | potentially untrusted source |
| gzipBombs.rb:8:29:8:33 | entry | gzipBombs.rb:7:38:7:53 | uncompressedfile | gzipBombs.rb:8:29:8:33 | entry | This file extraction depends on a $@. | gzipBombs.rb:7:38:7:53 | uncompressedfile | potentially untrusted source |
| gzipBombs.rb:8:29:8:33 | entry | gzipBombs.rb:8:29:8:33 | entry | gzipBombs.rb:8:29:8:33 | entry | This file extraction depends on a $@. | gzipBombs.rb:8:29:8:33 | entry | potentially untrusted source |
| gzipBombs.rb:13:27:13:31 | entry | file://:0:0:0:0 | [summary param] self in each(0) | gzipBombs.rb:13:27:13:31 | entry | This file extraction depends on a $@. | file://:0:0:0:0 | [summary param] self in each(0) | potentially untrusted source |
| gzipBombs.rb:13:27:13:31 | entry | gzipBombs.rb:2:13:2:29 | "Path/To/bomb.gz" | gzipBombs.rb:13:27:13:31 | entry | This file extraction depends on a $@. | gzipBombs.rb:2:13:2:29 | "Path/To/bomb.gz" | potentially untrusted source |
| gzipBombs.rb:13:27:13:31 | entry | gzipBombs.rb:12:20:12:51 | call to open | gzipBombs.rb:13:27:13:31 | entry | This file extraction depends on a $@. | gzipBombs.rb:12:20:12:51 | call to open | potentially untrusted source |
| gzipBombs.rb:13:27:13:31 | entry | gzipBombs.rb:13:27:13:31 | entry | gzipBombs.rb:13:27:13:31 | entry | This file extraction depends on a $@. | gzipBombs.rb:13:27:13:31 | entry | potentially untrusted source |
| gzipBombs.rb:17:1:17:53 | call to read | gzipBombs.rb:2:13:2:29 | "Path/To/bomb.gz" | gzipBombs.rb:17:1:17:53 | call to read | This file extraction depends on a $@. | gzipBombs.rb:2:13:2:29 | "Path/To/bomb.gz" | potentially untrusted source |
| gzipBombs.rb:17:1:17:53 | call to read | gzipBombs.rb:17:1:17:53 | call to read | gzipBombs.rb:17:1:17:53 | call to read | This file extraction depends on a $@. | gzipBombs.rb:17:1:17:53 | call to read | potentially untrusted source |
| gzipBombs.rb:17:1:17:53 | call to read | gzipBombs.rb:17:22:17:47 | call to open | gzipBombs.rb:17:1:17:53 | call to read | This file extraction depends on a $@. | gzipBombs.rb:17:22:17:47 | call to open | potentially untrusted source |
| gzipBombs.rb:18:59:18:63 | entry | file://:0:0:0:0 | [summary param] self in each(0) | gzipBombs.rb:18:59:18:63 | entry | This file extraction depends on a $@. | file://:0:0:0:0 | [summary param] self in each(0) | potentially untrusted source |
| gzipBombs.rb:18:59:18:63 | entry | gzipBombs.rb:2:13:2:29 | "Path/To/bomb.gz" | gzipBombs.rb:18:59:18:63 | entry | This file extraction depends on a $@. | gzipBombs.rb:2:13:2:29 | "Path/To/bomb.gz" | potentially untrusted source |
| gzipBombs.rb:18:59:18:63 | entry | gzipBombs.rb:18:1:18:48 | call to new | gzipBombs.rb:18:59:18:63 | entry | This file extraction depends on a $@. | gzipBombs.rb:18:1:18:48 | call to new | potentially untrusted source |
| gzipBombs.rb:18:59:18:63 | entry | gzipBombs.rb:18:22:18:47 | call to open | gzipBombs.rb:18:59:18:63 | entry | This file extraction depends on a $@. | gzipBombs.rb:18:22:18:47 | call to open | potentially untrusted source |
| gzipBombs.rb:18:59:18:63 | entry | gzipBombs.rb:18:59:18:63 | entry | gzipBombs.rb:18:59:18:63 | entry | This file extraction depends on a $@. | gzipBombs.rb:18:59:18:63 | entry | potentially untrusted source |
| gzipBombs.rb:22:23:22:37 | call to open | gzipBombs.rb:2:13:2:29 | "Path/To/bomb.gz" | gzipBombs.rb:22:23:22:37 | call to open | This file extraction depends on a $@. | gzipBombs.rb:2:13:2:29 | "Path/To/bomb.gz" | potentially untrusted source |
| gzipBombs.rb:22:23:22:37 | call to open | gzipBombs.rb:22:23:22:37 | call to open | gzipBombs.rb:22:23:22:37 | call to open | This file extraction depends on a $@. | gzipBombs.rb:22:23:22:37 | call to open | potentially untrusted source |
| zipBombs.rb:10:3:10:12 | call to read | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | zipBombs.rb:10:3:10:12 | call to read | This file extraction depends on a $@. | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | potentially untrusted source |
| zipBombs.rb:10:3:10:12 | call to read | zipBombs.rb:10:3:10:12 | call to read | zipBombs.rb:10:3:10:12 | call to read | This file extraction depends on a $@. | zipBombs.rb:10:3:10:12 | call to read | potentially untrusted source |
| zipBombs.rb:14:1:14:40 | call to read | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | zipBombs.rb:14:1:14:40 | call to read | This file extraction depends on a $@. | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | potentially untrusted source |
| zipBombs.rb:14:1:14:40 | call to read | zipBombs.rb:14:1:14:40 | call to read | zipBombs.rb:14:1:14:40 | call to read | This file extraction depends on a $@. | zipBombs.rb:14:1:14:40 | call to read | potentially untrusted source |
| zipBombs.rb:15:1:15:49 | call to extract | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | zipBombs.rb:15:1:15:49 | call to extract | This file extraction depends on a $@. | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | potentially untrusted source |
| zipBombs.rb:15:1:15:49 | call to extract | zipBombs.rb:15:1:15:49 | call to extract | zipBombs.rb:15:1:15:49 | call to extract | This file extraction depends on a $@. | zipBombs.rb:15:1:15:49 | call to extract | potentially untrusted source |
| zipBombs.rb:23:5:23:17 | call to extract | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | zipBombs.rb:23:5:23:17 | call to extract | This file extraction depends on a $@. | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | potentially untrusted source |
| zipBombs.rb:23:5:23:17 | call to extract | zipBombs.rb:23:5:23:17 | call to extract | zipBombs.rb:23:5:23:17 | call to extract | This file extraction depends on a $@. | zipBombs.rb:23:5:23:17 | call to extract | potentially untrusted source |
| zipBombs.rb:25:5:25:26 | call to get_input_stream | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | zipBombs.rb:25:5:25:26 | call to get_input_stream | This file extraction depends on a $@. | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | potentially untrusted source |
| zipBombs.rb:25:5:25:26 | call to get_input_stream | zipBombs.rb:25:5:25:26 | call to get_input_stream | zipBombs.rb:25:5:25:26 | call to get_input_stream | This file extraction depends on a $@. | zipBombs.rb:25:5:25:26 | call to get_input_stream | potentially untrusted source |
| zipBombs.rb:31:3:31:15 | call to extract | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | zipBombs.rb:31:3:31:15 | call to extract | This file extraction depends on a $@. | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | potentially untrusted source |
| zipBombs.rb:31:3:31:15 | call to extract | zipBombs.rb:31:3:31:15 | call to extract | zipBombs.rb:31:3:31:15 | call to extract | This file extraction depends on a $@. | zipBombs.rb:31:3:31:15 | call to extract | potentially untrusted source |
| zipBombs.rb:32:3:32:24 | call to get_input_stream | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | zipBombs.rb:32:3:32:24 | call to get_input_stream | This file extraction depends on a $@. | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | potentially untrusted source |
| zipBombs.rb:32:3:32:24 | call to get_input_stream | zipBombs.rb:32:3:32:24 | call to get_input_stream | zipBombs.rb:32:3:32:24 | call to get_input_stream | This file extraction depends on a $@. | zipBombs.rb:32:3:32:24 | call to get_input_stream | potentially untrusted source |
| zipBombs.rb:38:5:38:29 | call to read | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | zipBombs.rb:38:5:38:29 | call to read | This file extraction depends on a $@. | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | potentially untrusted source |
| zipBombs.rb:38:5:38:29 | call to read | zipBombs.rb:38:5:38:29 | call to read | zipBombs.rb:38:5:38:29 | call to read | This file extraction depends on a $@. | zipBombs.rb:38:5:38:29 | call to read | potentially untrusted source |
| zipBombs.rb:43:8:43:29 | call to get_input_stream | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | zipBombs.rb:43:8:43:29 | call to get_input_stream | This file extraction depends on a $@. | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | potentially untrusted source |
| zipBombs.rb:43:8:43:29 | call to get_input_stream | zipBombs.rb:43:8:43:29 | call to get_input_stream | zipBombs.rb:43:8:43:29 | call to get_input_stream | This file extraction depends on a $@. | zipBombs.rb:43:8:43:29 | call to get_input_stream | potentially untrusted source |
| zipBombs.rb:48:6:48:27 | call to get_input_stream | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | zipBombs.rb:48:6:48:27 | call to get_input_stream | This file extraction depends on a $@. | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | potentially untrusted source |
| zipBombs.rb:48:6:48:27 | call to get_input_stream | zipBombs.rb:48:6:48:27 | call to get_input_stream | zipBombs.rb:48:6:48:27 | call to get_input_stream | This file extraction depends on a $@. | zipBombs.rb:48:6:48:27 | call to get_input_stream | potentially untrusted source |
| zipBombs.rb:52:3:52:24 | call to get_input_stream | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | zipBombs.rb:52:3:52:24 | call to get_input_stream | This file extraction depends on a $@. | zipBombs.rb:2:16:2:33 | "Path/To/bomb.zip" | potentially untrusted source |
| zipBombs.rb:52:3:52:24 | call to get_input_stream | zipBombs.rb:52:3:52:24 | call to get_input_stream | zipBombs.rb:52:3:52:24 | call to get_input_stream | This file extraction depends on a $@. | zipBombs.rb:52:3:52:24 | call to get_input_stream | potentially untrusted source |

1
ruby/ql/test/query-tests/experimental/CWE-522-DecompressionBombs/DecompressionBombsV1.qlref
View File

@@ -1 +0,0 @@
experimental/CWE-522-DecompressionBombs/BombsV1.ql

1
ruby/ql/test/query-tests/experimental/CWE-522-DecompressionBombs/DecompressionBombsV2.qlref
View File

@@ -1 +0,0 @@
experimental/CWE-522-DecompressionBombs/BombsV2.ql