mirror of
https://github.com/github/codeql.git
synced 2026-05-01 11:45:14 +02:00
use select placeholder correctly
This commit is contained in:
thiggy1342
@@ -54,4 +54,4 @@ class Configuration extends TaintTracking::Configuration {
|
||||
from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where
|
||||
config.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, "This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source."
|
||||
select sink.getNode(), source, sink, "This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source.", sink.getNode().asExpr().getExpr().getParent().toString(), sink.getNode().asExpr().getExpr().getParent().toString()
|
||||
|
||||
@@ -11,6 +11,6 @@ nodes
|
||||
| decompression_api.rb:17:24:17:37 | ...[...] | semmle.label | ...[...] |
|
||||
subpaths
|
||||
#select
|
||||
| decompression_api.rb:3:31:3:44 | ...[...] | decompression_api.rb:3:31:3:36 | call to params : | decompression_api.rb:3:31:3:44 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. |
|
||||
| decompression_api.rb:13:44:13:57 | ...[...] | decompression_api.rb:13:44:13:49 | call to params : | decompression_api.rb:13:44:13:57 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. |
|
||||
| decompression_api.rb:17:24:17:37 | ...[...] | decompression_api.rb:17:24:17:29 | call to params : | decompression_api.rb:17:24:17:37 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. |
|
||||
| decompression_api.rb:3:31:3:44 | ...[...] | decompression_api.rb:3:31:3:36 | call to params : | decompression_api.rb:3:31:3:44 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | call to inflate | decompression_api.rb:3:9:3:45 | call to inflate |
|
||||
| decompression_api.rb:13:44:13:57 | ...[...] | decompression_api.rb:13:44:13:49 | call to params : | decompression_api.rb:13:44:13:57 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | call to inflate | decompression_api.rb:13:9:13:58 | call to inflate |
|
||||
| decompression_api.rb:17:24:17:37 | ...[...] | decompression_api.rb:17:24:17:29 | call to params : | decompression_api.rb:17:24:17:37 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | call to open | decompression_api.rb:17:9:21:11 | call to open |
|
||||
|
||||
Reference in New Issue
Block a user