Ruby: Add InsecureDownload query

This query finds cases where a potentially unsafe file is downloaded over an unsecured connection.
2026-04-26 09:15:12 +02:00 · 2022-04-05 10:07:56 +12:00
parent ce7675ef43
commit bb3fb0325b
9 changed files with 404 additions and 0 deletions
--- a/ruby/ql/test/query-tests/security/cwe-829/InsecureDownload.ql
+++ b/ruby/ql/test/query-tests/security/cwe-829/InsecureDownload.ql
@@ -0,0 +1,22 @@
+import ruby
+import codeql.ruby.DataFlow
+import PathGraph
+import TestUtilities.InlineFlowTest
+import codeql.ruby.security.InsecureDownloadQuery
+
+class FlowTest extends InlineFlowTest {
+  override DataFlow::Configuration getValueFlowConfig() { result = any(Configuration config) }
+
+  override DataFlow::Configuration getTaintFlowConfig() { none() }
+
+  override string getARelevantTag() { result = "BAD" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "BAD" and
+    super.hasActualResult(location, element, "hasValueFlow", value)
+  }
+}
+
+from DataFlow::PathNode source, DataFlow::PathNode sink, Configuration conf
+where conf.hasFlowPath(source, sink)
+select sink, source, sink, "$@", source, source.toString()