hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 04:39:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into experimental-manually-check-request-verb

Browse Source
This commit is contained in:
thiggy1342
2022-07-11 10:20:07 -04:00
committed by GitHub
parent 6aab970a9e 93a4a32527
commit ad7c3e7217
1384 changed files with 85697 additions and 55744 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
ruby/ql/test/TestUtilities/InlineExpectationsTest.qll
View File

@@ -239,12 +239,24 @@ private string getColumnString(TColumn column) {
/**
* RegEx pattern to match a single expected result, not including the leading `$`. It consists of one or
* more comma-separated tags containing only letters, digits, `-` and `_` (note that the first character
* must not be a digit), optionally followed by `=` and the expected value.
* more comma-separated tags optionally followed by `=` and the expected value.
*
* Tags must be only letters, digits, `-` and `_` (note that the first character
* must not be a digit), but can contain anything enclosed in a single set of
* square brackets.
*
* Examples:
* - `tag`
* - `tag=value`
* - `tag,tag2=value`
* - `tag[foo bar]=value`
*
* Not allowed:
* - `tag[[[foo bar]`
*/
private string expectationPattern() {
exists(string tag, string tags, string value |
tag = "[A-Za-z-_][A-Za-z-_0-9]*" and
tag = "[A-Za-z-_](?:[A-Za-z-_0-9]|\\[[^\\]\\]]*\\])*" and
tags = "((?:" + tag + ")(?:\\s*,\\s*" + tag + ")*)" and
// In Python, we allow both `"` and `'` for strings, as well as the prefixes `bru`.
// For example, `b"foo"`.

118
ruby/ql/test/library-tests/ast/erb/Erb.expected
View File

@@ -3,27 +3,31 @@ erbFiles
erbAstNodes
| template.html.erb:1:1:1:9 | <%graphql |
| template.html.erb:1:1:17:2 | <%graphql\n fragment Foo on Bar {\n ...%> |
| template.html.erb:1:1:32:6 | erb template |
| template.html.erb:1:1:38:1 | erb template |
| template.html.erb:1:10:16:4 | \n fragment Foo on Bar {\n ... |
| template.html.erb:1:10:16:4 | \n fragment Foo on Bar {\n ... |
| template.html.erb:17:1:17:2 | %> |
| template.html.erb:17:3:19:3 | \n\n<%= |
| template.html.erb:17:3:19:20 | <%= "hello world" %> |
| template.html.erb:17:3:18:1 | \n\n |
| template.html.erb:19:1:19:3 | <%= |
| template.html.erb:19:1:19:20 | <%= "hello world" %> |
| template.html.erb:19:4:19:18 | "hello world" |
| template.html.erb:19:4:19:18 | "hello world" |
| template.html.erb:19:19:19:20 | %> |
| template.html.erb:19:21:21:3 | \n\n<%# |
| template.html.erb:19:21:21:31 | <%#= "this is commented out" %> |
| template.html.erb:19:21:20:1 | \n\n |
| template.html.erb:21:1:21:3 | <%# |
| template.html.erb:21:1:21:31 | <%#= "this is commented out" %> |
| template.html.erb:21:4:21:29 | = "this is commented out" |
| template.html.erb:21:4:21:29 | = "this is commented out" |
| template.html.erb:21:30:21:31 | %> |
| template.html.erb:21:32:23:3 | \n\n<%# |
| template.html.erb:21:32:23:35 | <%# "this is also commented out" %> |
| template.html.erb:21:32:22:1 | \n\n |
| template.html.erb:23:1:23:3 | <%# |
| template.html.erb:23:1:23:35 | <%# "this is also commented out" %> |
| template.html.erb:23:4:23:33 | "this is also commented out" |
| template.html.erb:23:4:23:33 | "this is also commented out" |
| template.html.erb:23:34:23:35 | %> |
| template.html.erb:23:36:25:2 | \n\n<% |
| template.html.erb:23:36:25:13 | <% xs = "" %> |
| template.html.erb:23:36:24:1 | \n\n |
| template.html.erb:25:1:25:2 | <% |
| template.html.erb:25:1:25:13 | <% xs = "" %> |
| template.html.erb:25:3:25:11 | xs = "" |
| template.html.erb:25:3:25:11 | xs = "" |
| template.html.erb:25:12:25:13 | %> |
@@ -45,65 +49,94 @@ erbAstNodes
| template.html.erb:31:5:31:9 | end |
| template.html.erb:31:5:31:9 | end |
| template.html.erb:31:10:31:11 | %> |
| template.html.erb:31:12:32:6 | \n</ul>\n |
| template.html.erb:31:12:33:5 | \n</ul>\n<%%>\n |
| template.html.erb:33:1:33:3 | <%% |
| template.html.erb:34:1:34:3 | <%- |
| template.html.erb:34:1:34:5 | <%=%> |
| template.html.erb:34:4:34:5 | %> |
| template.html.erb:34:6:34:6 | \n |
| template.html.erb:35:1:35:3 | <%# |
| template.html.erb:35:1:35:5 | <%#%> |
| template.html.erb:35:4:35:5 | %> |
| template.html.erb:35:6:35:6 | \n |
| template.html.erb:36:1:36:9 | <%graphql |
| template.html.erb:36:1:36:11 | <%graphql%> |
| template.html.erb:36:10:36:11 | %> |
| template.html.erb:36:12:36:12 | \n |
| template.html.erb:37:1:37:3 | <%= |
| template.html.erb:37:1:37:5 | <%=%> |
| template.html.erb:37:4:37:5 | %> |
| template.html.erb:37:6:38:1 | \n\n |
erbTemplates
| template.html.erb:1:1:32:6 | erb template |
| template.html.erb:1:1:38:1 | erb template |
erbDirectives
| template.html.erb:1:1:17:2 | <%graphql\n fragment Foo on Bar {\n ...%> |
| template.html.erb:17:3:19:20 | <%= "hello world" %> |
| template.html.erb:19:21:21:31 | <%#= "this is commented out" %> |
| template.html.erb:21:32:23:35 | <%# "this is also commented out" %> |
| template.html.erb:23:36:25:13 | <% xs = "" %> |
| template.html.erb:19:1:19:20 | <%= "hello world" %> |
| template.html.erb:21:1:21:31 | <%#= "this is commented out" %> |
| template.html.erb:23:1:23:35 | <%# "this is also commented out" %> |
| template.html.erb:25:1:25:13 | <% xs = "" %> |
| template.html.erb:27:3:27:41 | <% for x in ["foo", "bar", "baz...%> |
| template.html.erb:28:7:30:12 | <%= xs += x\n xs\n %> |
| template.html.erb:31:3:31:11 | <% end %> |
| template.html.erb:34:1:34:5 | <%=%> |
| template.html.erb:35:1:35:5 | <%#%> |
| template.html.erb:36:1:36:11 | <%graphql%> |
| template.html.erb:37:1:37:5 | <%=%> |
erbCommentDirectives
| template.html.erb:19:21:21:31 | <%#= "this is commented out" %> |
| template.html.erb:21:32:23:35 | <%# "this is also commented out" %> |
| template.html.erb:21:1:21:31 | <%#= "this is commented out" %> |
| template.html.erb:23:1:23:35 | <%# "this is also commented out" %> |
| template.html.erb:35:1:35:5 | <%#%> |
erbGraphqlDirectives
| template.html.erb:1:1:17:2 | <%graphql\n fragment Foo on Bar {\n ...%> |
| template.html.erb:36:1:36:11 | <%graphql%> |
erbOutputDirectives
| template.html.erb:17:3:19:20 | <%= "hello world" %> |
| template.html.erb:19:1:19:20 | <%= "hello world" %> |
| template.html.erb:28:7:30:12 | <%= xs += x\n xs\n %> |
| template.html.erb:34:1:34:5 | <%=%> |
| template.html.erb:37:1:37:5 | <%=%> |
erbExecutionDirectives
| template.html.erb:23:36:25:13 | <% xs = "" %> |
| template.html.erb:25:1:25:13 | <% xs = "" %> |
| template.html.erb:27:3:27:41 | <% for x in ["foo", "bar", "baz...%> |
| template.html.erb:31:3:31:11 | <% end %> |
childStmts
| template.html.erb:17:3:19:20 | <%= "hello world" %> | template.html.erb:19:5:19:17 | "hello world" |
| template.html.erb:23:36:25:13 | <% xs = "" %> | template.html.erb:25:4:25:10 | ... = ... |
| template.html.erb:19:1:19:20 | <%= "hello world" %> | template.html.erb:19:5:19:17 | "hello world" |
| template.html.erb:25:1:25:13 | <% xs = "" %> | template.html.erb:25:4:25:10 | ... = ... |
| template.html.erb:27:3:27:41 | <% for x in ["foo", "bar", "baz...%> | template.html.erb:27:6:31:8 | for ... in ... |
| template.html.erb:28:7:30:12 | <%= xs += x\n xs\n %> | template.html.erb:28:11:28:17 | ... += ... |
| template.html.erb:28:7:30:12 | <%= xs += x\n xs\n %> | template.html.erb:29:11:29:12 | xs |
terminalStatements
| template.html.erb:17:3:19:20 | <%= "hello world" %> | template.html.erb:19:5:19:17 | "hello world" |
| template.html.erb:23:36:25:13 | <% xs = "" %> | template.html.erb:25:4:25:10 | ... = ... |
| template.html.erb:19:1:19:20 | <%= "hello world" %> | template.html.erb:19:5:19:17 | "hello world" |
| template.html.erb:25:1:25:13 | <% xs = "" %> | template.html.erb:25:4:25:10 | ... = ... |
| template.html.erb:27:3:27:41 | <% for x in ["foo", "bar", "baz...%> | template.html.erb:27:6:31:8 | for ... in ... |
| template.html.erb:28:7:30:12 | <%= xs += x\n xs\n %> | template.html.erb:29:11:29:12 | xs |
primaryQlClasses
| template.html.erb:1:1:1:9 | <%graphql | ErbToken |
| template.html.erb:1:1:17:2 | <%graphql\n fragment Foo on Bar {\n ...%> | ErbGraphqlDirective |
| template.html.erb:1:1:32:6 | erb template | ErbTemplate |
| template.html.erb:1:1:38:1 | erb template | ErbTemplate |
| template.html.erb:1:10:16:4 | \n fragment Foo on Bar {\n ... | ErbCode |
| template.html.erb:1:10:16:4 | \n fragment Foo on Bar {\n ... | ErbToken |
| template.html.erb:17:1:17:2 | %> | ErbToken |
| template.html.erb:17:3:19:3 | \n\n<%= | ErbToken |
| template.html.erb:17:3:19:20 | <%= "hello world" %> | ErbOutputDirective |
| template.html.erb:17:3:18:1 | \n\n | ErbToken |
| template.html.erb:19:1:19:3 | <%= | ErbToken |
| template.html.erb:19:1:19:20 | <%= "hello world" %> | ErbOutputDirective |
| template.html.erb:19:4:19:18 | "hello world" | ErbCode |
| template.html.erb:19:4:19:18 | "hello world" | ErbToken |
| template.html.erb:19:19:19:20 | %> | ErbToken |
| template.html.erb:19:21:21:3 | \n\n<%# | ErbToken |
| template.html.erb:19:21:21:31 | <%#= "this is commented out" %> | ErbCommentDirective |
| template.html.erb:19:21:20:1 | \n\n | ErbToken |
| template.html.erb:21:1:21:3 | <%# | ErbToken |
| template.html.erb:21:1:21:31 | <%#= "this is commented out" %> | ErbCommentDirective |
| template.html.erb:21:4:21:29 | = "this is commented out" | ErbComment |
| template.html.erb:21:4:21:29 | = "this is commented out" | ErbToken |
| template.html.erb:21:30:21:31 | %> | ErbToken |
| template.html.erb:21:32:23:3 | \n\n<%# | ErbToken |
| template.html.erb:21:32:23:35 | <%# "this is also commented out" %> | ErbCommentDirective |
| template.html.erb:21:32:22:1 | \n\n | ErbToken |
| template.html.erb:23:1:23:3 | <%# | ErbToken |
| template.html.erb:23:1:23:35 | <%# "this is also commented out" %> | ErbCommentDirective |
| template.html.erb:23:4:23:33 | "this is also commented out" | ErbComment |
| template.html.erb:23:4:23:33 | "this is also commented out" | ErbToken |
| template.html.erb:23:34:23:35 | %> | ErbToken |
| template.html.erb:23:36:25:2 | \n\n<% | ErbToken |
| template.html.erb:23:36:25:13 | <% xs = "" %> | ErbExecutionDirective |
| template.html.erb:23:36:24:1 | \n\n | ErbToken |
| template.html.erb:25:1:25:2 | <% | ErbToken |
| template.html.erb:25:1:25:13 | <% xs = "" %> | ErbExecutionDirective |
| template.html.erb:25:3:25:11 | xs = "" | ErbCode |
| template.html.erb:25:3:25:11 | xs = "" | ErbToken |
| template.html.erb:25:12:25:13 | %> | ErbToken |
@@ -125,6 +158,23 @@ primaryQlClasses
| template.html.erb:31:5:31:9 | end | ErbCode |
| template.html.erb:31:5:31:9 | end | ErbToken |
| template.html.erb:31:10:31:11 | %> | ErbToken |
| template.html.erb:31:12:32:6 | \n</ul>\n | ErbToken |
| template.html.erb:31:12:33:5 | \n</ul>\n<%%>\n | ErbToken |
| template.html.erb:33:1:33:3 | <%% | ErbToken |
| template.html.erb:34:1:34:3 | <%- | ErbToken |
| template.html.erb:34:1:34:5 | <%=%> | ErbOutputDirective |
| template.html.erb:34:4:34:5 | %> | ErbToken |
| template.html.erb:34:6:34:6 | \n | ErbToken |
| template.html.erb:35:1:35:3 | <%# | ErbToken |
| template.html.erb:35:1:35:5 | <%#%> | ErbCommentDirective |
| template.html.erb:35:4:35:5 | %> | ErbToken |
| template.html.erb:35:6:35:6 | \n | ErbToken |
| template.html.erb:36:1:36:9 | <%graphql | ErbToken |
| template.html.erb:36:1:36:11 | <%graphql%> | ErbGraphqlDirective |
| template.html.erb:36:10:36:11 | %> | ErbToken |
| template.html.erb:36:12:36:12 | \n | ErbToken |
| template.html.erb:37:1:37:3 | <%= | ErbToken |
| template.html.erb:37:1:37:5 | <%=%> | ErbOutputDirective |
| template.html.erb:37:4:37:5 | %> | ErbToken |
| template.html.erb:37:6:38:1 | \n\n | ErbToken |
erbFileTemplates
| template.html.erb:0:0:0:0 | template.html.erb | template.html.erb:1:1:32:6 | erb template |
| template.html.erb:0:0:0:0 | template.html.erb | template.html.erb:1:1:38:1 | erb template |

6
ruby/ql/test/library-tests/ast/erb/template.html.erb
View File

@@ -30,3 +30,9 @@
%></li>
<% end %>
</ul>
<%%>
<%-%>
<%#%>
<%graphql%>
<%=%>

1
ruby/ql/test/library-tests/concepts/PersistentWriteAccess.expected
View File

@@ -14,6 +14,7 @@
| app/controllers/users_controller.rb:20:7:20:57 | call to update_attributes | app/controllers/users_controller.rb:20:49:20:55 | call to get_uid |
| app/controllers/users_controller.rb:23:7:23:42 | call to update_attribute | app/controllers/users_controller.rb:23:37:23:41 | "U13" |
| app/controllers/users_controller.rb:26:19:26:23 | ... = ... | app/controllers/users_controller.rb:26:19:26:23 | "U14" |
| app/controllers/users_controller.rb:31:7:31:32 | call to touch_all | app/controllers/users_controller.rb:31:28:31:31 | call to time |
| app/models/user.rb:4:5:4:28 | call to update | app/models/user.rb:4:23:4:27 | "U15" |
| app/models/user.rb:5:5:5:23 | call to update | app/models/user.rb:5:18:5:22 | "U16" |
| app/models/user.rb:6:5:6:56 | call to update_attributes | app/models/user.rb:6:35:6:39 | "U17" |

4
ruby/ql/test/library-tests/concepts/app/controllers/users_controller.rb
View File

@@ -25,6 +25,10 @@ module Users
# AssignAttributeCall
user.name = "U14"
user.save
# TouchAllCall
User.touch_all
User.touch_all(time: time)
end
def get_uid

4
ruby/ql/test/library-tests/dataflow/api-graphs/use.ql
View File

@@ -26,10 +26,10 @@ class ApiUseTest extends InlineExpectationsTest {
l = n.getLocation() and
(
tag = "use" and
n = a.getAUse()
n = a.getAValueReachableFromSource()
or
tag = "def" and
n = a.getARhs()
n = a.asSink()
or
tag = "call" and
n = a.(API::MethodAccessNode).getCallNode()

7
ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.expected
View File

@@ -1,7 +0,0 @@
| barrier-guards.rb:3:4:3:15 | ... == ... | barrier-guards.rb:4:5:4:7 | foo | barrier-guards.rb:3:4:3:6 | foo | true |
| barrier-guards.rb:9:4:9:24 | call to include? | barrier-guards.rb:10:5:10:7 | foo | barrier-guards.rb:9:21:9:23 | foo | true |
| barrier-guards.rb:15:4:15:15 | ... != ... | barrier-guards.rb:18:5:18:7 | foo | barrier-guards.rb:15:4:15:6 | foo | false |
| barrier-guards.rb:21:8:21:19 | ... == ... | barrier-guards.rb:24:5:24:7 | foo | barrier-guards.rb:21:8:21:10 | foo | true |
| barrier-guards.rb:27:8:27:19 | ... != ... | barrier-guards.rb:28:5:28:7 | foo | barrier-guards.rb:27:8:27:10 | foo | false |
| barrier-guards.rb:37:4:37:20 | call to include? | barrier-guards.rb:38:5:38:7 | foo | barrier-guards.rb:37:17:37:19 | foo | true |
| barrier-guards.rb:43:4:43:15 | ... == ... | barrier-guards.rb:45:9:45:11 | foo | barrier-guards.rb:43:4:43:6 | foo | true |

7
ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.ql
View File

@@ -1,7 +0,0 @@
import codeql.ruby.dataflow.internal.DataFlowPublic
import codeql.ruby.dataflow.BarrierGuards
import codeql.ruby.controlflow.CfgNodes
from BarrierGuard g, boolean branch, ExprCfgNode expr
where g.checks(expr, branch)
select g, g.getAGuardedNode(), expr, branch

64
ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.rb
View File

@@ -1,64 +0,0 @@
foo = "foo"
if foo == "foo"
foo
else
foo
end
if ["foo"].include?(foo)
foo
else
foo
end
if foo != "foo"
foo
else
foo
end
unless foo == "foo"
foo
else
foo
end
unless foo != "foo"
foo
else
foo
end
foo
FOO = ["foo"]
if FOO.include?(foo)
foo
else
foo
end
if foo == "foo"
capture {
foo # guarded
}
end
if foo == "foo"
capture {
foo = "bar"
foo # not guarded
}
end
if foo == "foo"
my_lambda = -> () {
foo # not guarded
}
foo = "bar"
my_lambda()
end

4
ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql
View File

@@ -132,7 +132,7 @@ class CustomValueSink extends DefaultValueFlowConf {
override predicate isSink(DataFlow::Node sink) {
super.isSink(sink)
or
sink = ModelOutput::getASinkNode("test-sink").getARhs()
sink = ModelOutput::getASinkNode("test-sink").asSink()
}
}
@@ -140,7 +140,7 @@ class CustomTaintSink extends DefaultTaintFlowConf {
override predicate isSink(DataFlow::Node sink) {
super.isSink(sink)
or
sink = ModelOutput::getASinkNode("test-sink").getARhs()
sink = ModelOutput::getASinkNode("test-sink").asSink()
}
}

14
ruby/ql/test/library-tests/frameworks/ActionController.expected
View File

@@ -3,7 +3,7 @@ actionControllerControllerClasses
| ActiveRecord.rb:41:1:64:3 | BarController |
| ActiveRecord.rb:66:1:70:3 | BazController |
| app/controllers/comments_controller.rb:1:1:7:3 | CommentsController |
| app/controllers/foo/bars_controller.rb:3:1:31:3 | BarsController |
| app/controllers/foo/bars_controller.rb:3:1:39:3 | BarsController |
| app/controllers/photos_controller.rb:1:1:4:3 | PhotosController |
| app/controllers/posts_controller.rb:1:1:10:3 | PostsController |
| app/controllers/users/notifications_controller.rb:2:3:5:5 | NotificationsController |
@@ -17,6 +17,8 @@ actionControllerActionMethods
| app/controllers/foo/bars_controller.rb:5:3:7:5 | index |
| app/controllers/foo/bars_controller.rb:9:3:18:5 | show_debug |
| app/controllers/foo/bars_controller.rb:20:3:24:5 | show |
| app/controllers/foo/bars_controller.rb:26:3:28:5 | go_back |
| app/controllers/foo/bars_controller.rb:30:3:32:5 | go_back_2 |
| app/controllers/photos_controller.rb:2:3:3:5 | show |
| app/controllers/posts_controller.rb:2:3:3:5 | index |
| app/controllers/posts_controller.rb:5:3:6:5 | show |
@@ -66,10 +68,12 @@ cookiesSources
| app/controllers/foo/bars_controller.rb:10:27:10:33 | call to cookies |
redirectToCalls
| app/controllers/foo/bars_controller.rb:17:5:17:30 | call to redirect_to |
| app/controllers/foo/bars_controller.rb:27:5:27:39 | call to redirect_back_or_to |
| app/controllers/foo/bars_controller.rb:31:5:31:56 | call to redirect_back |
actionControllerHelperMethods
getAssociatedControllerClasses
| app/controllers/foo/bars_controller.rb:3:1:31:3 | BarsController | app/views/foo/bars/_widget.html.erb:0:0:0:0 | app/views/foo/bars/_widget.html.erb |
| app/controllers/foo/bars_controller.rb:3:1:31:3 | BarsController | app/views/foo/bars/show.html.erb:0:0:0:0 | app/views/foo/bars/show.html.erb |
| app/controllers/foo/bars_controller.rb:3:1:39:3 | BarsController | app/views/foo/bars/_widget.html.erb:0:0:0:0 | app/views/foo/bars/_widget.html.erb |
| app/controllers/foo/bars_controller.rb:3:1:39:3 | BarsController | app/views/foo/bars/show.html.erb:0:0:0:0 | app/views/foo/bars/show.html.erb |
controllerTemplateFiles
| app/controllers/foo/bars_controller.rb:3:1:31:3 | BarsController | app/views/foo/bars/_widget.html.erb:0:0:0:0 | app/views/foo/bars/_widget.html.erb |
| app/controllers/foo/bars_controller.rb:3:1:31:3 | BarsController | app/views/foo/bars/show.html.erb:0:0:0:0 | app/views/foo/bars/show.html.erb |
| app/controllers/foo/bars_controller.rb:3:1:39:3 | BarsController | app/views/foo/bars/_widget.html.erb:0:0:0:0 | app/views/foo/bars/_widget.html.erb |
| app/controllers/foo/bars_controller.rb:3:1:39:3 | BarsController | app/views/foo/bars/show.html.erb:0:0:0:0 | app/views/foo/bars/show.html.erb |

2
ruby/ql/test/library-tests/frameworks/ActionView.expected
View File

@@ -14,7 +14,7 @@ rawCalls
renderCalls
| app/controllers/foo/bars_controller.rb:6:5:6:37 | call to render |
| app/controllers/foo/bars_controller.rb:23:5:23:76 | call to render |
| app/controllers/foo/bars_controller.rb:29:5:29:17 | call to render |
| app/controllers/foo/bars_controller.rb:37:5:37:17 | call to render |
| app/views/foo/bars/show.html.erb:31:5:31:89 | call to render |
renderToCalls
| app/controllers/foo/bars_controller.rb:15:16:15:97 | call to render_to_string |

1
ruby/ql/test/library-tests/frameworks/action_cable/ActionCable.expected Normal file
View File

@@ -0,0 +1 @@
| action_cable.rb:1:1:1:54 | call to new |

4
ruby/ql/test/library-tests/frameworks/action_cable/ActionCable.ql Normal file
View File

@@ -0,0 +1,4 @@
import codeql.ruby.frameworks.ActionCable
import codeql.ruby.frameworks.stdlib.Logger
query predicate loggerInstantiations(Logger::LoggerInstantiation l) { any() }

1
ruby/ql/test/library-tests/frameworks/action_cable/action_cable.rb Normal file
View File

@@ -0,0 +1 @@
ActionCable::Connection::TaggedLoggerProxy.new(logger)

8
ruby/ql/test/library-tests/frameworks/app/controllers/foo/bars_controller.rb
View File

@@ -23,6 +23,14 @@ class BarsController < ApplicationController
render "foo/bars/show", locals: { display_text: dt, safe_text: "hello" }
end
def go_back
redirect_back_or_to action: "index"
end
def go_back_2
redirect_back fallback_location: { action: "index" }
end
private
def unreachable_action

6
ruby/ql/test/library-tests/frameworks/files/Files.expected
View File

@@ -76,6 +76,8 @@ fileSystemAccesses
| Files.rb:41:1:41:26 | call to open |
| Files.rb:41:1:41:43 | call to write |
| Files.rb:48:1:48:40 | call to printf |
| Files.rb:49:1:49:30 | call to write |
| Files.rb:50:1:50:37 | call to atomic_write |
fileNameSources
| Files.rb:10:6:10:18 | call to path |
| Files.rb:11:6:11:21 | call to to_path |
@@ -86,7 +88,11 @@ fileWriters
| Files.rb:40:1:40:22 | call to puts |
| Files.rb:41:1:41:43 | call to write |
| Files.rb:48:1:48:40 | call to printf |
| Files.rb:49:1:49:30 | call to write |
| Files.rb:50:1:50:37 | call to atomic_write |
fileSystemWriteAccesses
| Files.rb:40:1:40:22 | call to puts |
| Files.rb:41:1:41:43 | call to write |
| Files.rb:48:1:48:40 | call to printf |
| Files.rb:49:1:49:30 | call to write |
| Files.rb:50:1:50:37 | call to atomic_write |

2
ruby/ql/test/library-tests/frameworks/files/Files.rb
View File

@@ -46,3 +46,5 @@ str_1 = "hello"
int_1 = 123
# File/IO write
io_file.printf("%s: %d\n", str_1, int_1)
File.write("foo.txt", "hello")
File.atomic_write("foo.txt", "hello")

5
ruby/ql/test/library-tests/frameworks/railties/Railties.expected Normal file
View File

@@ -0,0 +1,5 @@
| Railties.rb:5:5:5:34 | call to execute_command |
| Railties.rb:6:5:6:37 | call to execute_command |
| Railties.rb:8:5:8:16 | call to rake |
| Railties.rb:10:5:10:27 | call to rails_command |
| Railties.rb:12:5:12:17 | call to git |

5
ruby/ql/test/library-tests/frameworks/railties/Railties.ql Normal file
View File

@@ -0,0 +1,5 @@
private import ruby
private import codeql.ruby.Concepts
private import codeql.ruby.frameworks.Railties
query predicate systemCommandExecutions(SystemCommandExecution e) { any() }

14
ruby/ql/test/library-tests/frameworks/railties/Railties.rb Normal file
View File

@@ -0,0 +1,14 @@
class Foo
include Rails::Generators::Actions
def foo
execute_command(:rake, "test")
execute_command(:rails, "server")
rake("test")
rails_command("server")
git("status")
end
end

22
ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.expected
View File

@@ -3,11 +3,14 @@ edges
| UrlRedirect.rb:14:17:14:22 | call to params : | UrlRedirect.rb:14:17:14:43 | call to fetch |
| UrlRedirect.rb:19:17:19:22 | call to params : | UrlRedirect.rb:19:17:19:37 | call to to_unsafe_hash |
| UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:24:17:24:37 | call to filter_params |
| UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:63:21:63:32 | input_params : |
| UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:88:21:88:32 | input_params : |
| UrlRedirect.rb:34:20:34:25 | call to params : | UrlRedirect.rb:34:20:34:31 | ...[...] : |
| UrlRedirect.rb:34:20:34:31 | ...[...] : | UrlRedirect.rb:34:17:34:37 | "#{...}/foo" |
| UrlRedirect.rb:58:17:58:22 | call to params : | UrlRedirect.rb:58:17:58:28 | ...[...] |
| UrlRedirect.rb:63:21:63:32 | input_params : | UrlRedirect.rb:64:5:64:29 | call to permit : |
| UrlRedirect.rb:63:38:63:43 | call to params : | UrlRedirect.rb:63:38:63:49 | ...[...] |
| UrlRedirect.rb:68:38:68:43 | call to params : | UrlRedirect.rb:68:38:68:49 | ...[...] |
| UrlRedirect.rb:73:25:73:30 | call to params : | UrlRedirect.rb:73:25:73:36 | ...[...] |
| UrlRedirect.rb:88:21:88:32 | input_params : | UrlRedirect.rb:89:5:89:29 | call to permit : |
nodes
| UrlRedirect.rb:4:17:4:22 | call to params | semmle.label | call to params |
| UrlRedirect.rb:9:17:9:22 | call to params : | semmle.label | call to params : |
@@ -23,10 +26,16 @@ nodes
| UrlRedirect.rb:34:20:34:31 | ...[...] : | semmle.label | ...[...] : |
| UrlRedirect.rb:58:17:58:22 | call to params : | semmle.label | call to params : |
| UrlRedirect.rb:58:17:58:28 | ...[...] | semmle.label | ...[...] |
| UrlRedirect.rb:63:21:63:32 | input_params : | semmle.label | input_params : |
| UrlRedirect.rb:64:5:64:29 | call to permit : | semmle.label | call to permit : |
| UrlRedirect.rb:63:38:63:43 | call to params : | semmle.label | call to params : |
| UrlRedirect.rb:63:38:63:49 | ...[...] | semmle.label | ...[...] |
| UrlRedirect.rb:68:38:68:43 | call to params : | semmle.label | call to params : |
| UrlRedirect.rb:68:38:68:49 | ...[...] | semmle.label | ...[...] |
| UrlRedirect.rb:73:25:73:30 | call to params : | semmle.label | call to params : |
| UrlRedirect.rb:73:25:73:36 | ...[...] | semmle.label | ...[...] |
| UrlRedirect.rb:88:21:88:32 | input_params : | semmle.label | input_params : |
| UrlRedirect.rb:89:5:89:29 | call to permit : | semmle.label | call to permit : |
subpaths
| UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:63:21:63:32 | input_params : | UrlRedirect.rb:64:5:64:29 | call to permit : | UrlRedirect.rb:24:17:24:37 | call to filter_params |
| UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:88:21:88:32 | input_params : | UrlRedirect.rb:89:5:89:29 | call to permit : | UrlRedirect.rb:24:17:24:37 | call to filter_params |
#select
| UrlRedirect.rb:4:17:4:22 | call to params | UrlRedirect.rb:4:17:4:22 | call to params | UrlRedirect.rb:4:17:4:22 | call to params | Untrusted URL redirection due to $@. | UrlRedirect.rb:4:17:4:22 | call to params | a user-provided value |
| UrlRedirect.rb:9:17:9:28 | ...[...] | UrlRedirect.rb:9:17:9:22 | call to params : | UrlRedirect.rb:9:17:9:28 | ...[...] | Untrusted URL redirection due to $@. | UrlRedirect.rb:9:17:9:22 | call to params | a user-provided value |
@@ -35,3 +44,6 @@ subpaths
| UrlRedirect.rb:24:17:24:37 | call to filter_params | UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:24:17:24:37 | call to filter_params | Untrusted URL redirection due to $@. | UrlRedirect.rb:24:31:24:36 | call to params | a user-provided value |
| UrlRedirect.rb:34:17:34:37 | "#{...}/foo" | UrlRedirect.rb:34:20:34:25 | call to params : | UrlRedirect.rb:34:17:34:37 | "#{...}/foo" | Untrusted URL redirection due to $@. | UrlRedirect.rb:34:20:34:25 | call to params | a user-provided value |
| UrlRedirect.rb:58:17:58:28 | ...[...] | UrlRedirect.rb:58:17:58:22 | call to params : | UrlRedirect.rb:58:17:58:28 | ...[...] | Untrusted URL redirection due to $@. | UrlRedirect.rb:58:17:58:22 | call to params | a user-provided value |
| UrlRedirect.rb:63:38:63:49 | ...[...] | UrlRedirect.rb:63:38:63:43 | call to params : | UrlRedirect.rb:63:38:63:49 | ...[...] | Untrusted URL redirection due to $@. | UrlRedirect.rb:63:38:63:43 | call to params | a user-provided value |
| UrlRedirect.rb:68:38:68:49 | ...[...] | UrlRedirect.rb:68:38:68:43 | call to params : | UrlRedirect.rb:68:38:68:49 | ...[...] | Untrusted URL redirection due to $@. | UrlRedirect.rb:68:38:68:43 | call to params | a user-provided value |
| UrlRedirect.rb:73:25:73:36 | ...[...] | UrlRedirect.rb:73:25:73:30 | call to params : | UrlRedirect.rb:73:25:73:36 | ...[...] | Untrusted URL redirection due to $@. | UrlRedirect.rb:73:25:73:30 | call to params | a user-provided value |

27
ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.rb
View File

@@ -53,11 +53,36 @@ class UsersController < ActionController::Base
# BAD
# The same as `create1` but this is reachable via a GET request, as configured
# by the routes at the top of this file.
# by the routes at the bottom of this file.
def route9
redirect_to params[:key]
end
# BAD
def route10
redirect_back fallback_location: params[:key]
end
# BAD
def route11
redirect_back fallback_location: params[:key], allow_other_host: true
end
# BAD
def route12
redirect_back_or_to params[:key]
end
# GOOD
def route13
redirect_back fallback_location: params[:key], allow_other_host: false
end
# GOOD
def route14
redirect_back_or_to params[:key], allow_other_host: false
end
private
def filter_params(input_params)

14
ruby/ql/test/query-tests/security/decompression-api/DecompressionApi.expected Normal file
View File

@@ -0,0 +1,14 @@
edges
| decompression_api.rb:4:16:4:21 | call to params : | decompression_api.rb:4:16:4:28 | ...[...] : |
| decompression_api.rb:4:16:4:28 | ...[...] : | decompression_api.rb:5:31:5:34 | path |
| decompression_api.rb:15:31:15:36 | call to params : | decompression_api.rb:15:31:15:43 | ...[...] |
nodes
| decompression_api.rb:4:16:4:21 | call to params : | semmle.label | call to params : |
| decompression_api.rb:4:16:4:28 | ...[...] : | semmle.label | ...[...] : |
| decompression_api.rb:5:31:5:34 | path | semmle.label | path |
| decompression_api.rb:15:31:15:36 | call to params : | semmle.label | call to params : |
| decompression_api.rb:15:31:15:43 | ...[...] | semmle.label | ...[...] |
subpaths
#select
| decompression_api.rb:5:31:5:34 | path | decompression_api.rb:4:16:4:21 | call to params : | decompression_api.rb:5:31:5:34 | path | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | decompression_api.rb:5:9:5:35 | call to inflate | inflate |
| decompression_api.rb:15:31:15:43 | ...[...] | decompression_api.rb:15:31:15:36 | call to params : | decompression_api.rb:15:31:15:43 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | decompression_api.rb:15:9:15:44 | call to open_buffer | open_buffer |

1
ruby/ql/test/query-tests/security/decompression-api/DecompressionApi.qlref Normal file
View File

@@ -0,0 +1 @@
experimental/decompression-api/DecompressionApi.ql

22
ruby/ql/test/query-tests/security/decompression-api/decompression_api.rb Normal file
View File

@@ -0,0 +1,22 @@
class TestController < ActionController::Base
# this should get picked up
def unsafe_zlib_unzip
path = params[:file]
Zlib::Inflate.inflate(path)
end
# this should not get picked up
def safe_zlib_unzip
Zlib::Inflate.inflate(file)
end
# this should get picked up
def unsafe_zlib_unzip
Zip::File.open_buffer(params[:file])
end
# this should not get picked up
def safe_zlib_unzip
Zip::File.open_buffer(file)
end
end