From c5e020c68c008234bcbe73ec569d816eaf8f7f4e Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Mon, 15 Jun 2026 23:02:17 +0100 Subject: [PATCH] Work around problem with comments in heredocs --- .../security/cwe-089/ActiveRecordInjection.rb | 3 +- .../security/cwe-089/SqlInjection.expected | 372 +++++++++--------- .../UnsafeCodeConstruction.expected | 78 ++-- .../UnsafeCodeConstruction/impl/unsafeCode.rb | 3 +- 4 files changed, 229 insertions(+), 227 deletions(-) diff --git a/ruby/ql/test/query-tests/security/cwe-089/ActiveRecordInjection.rb b/ruby/ql/test/query-tests/security/cwe-089/ActiveRecordInjection.rb index e811b51e8ae..6696f578cbc 100644 --- a/ruby/ql/test/query-tests/security/cwe-089/ActiveRecordInjection.rb +++ b/ruby/ql/test/query-tests/security/cwe-089/ActiveRecordInjection.rb @@ -66,7 +66,8 @@ class FooController < ActionController::Base # BAD: executes `SELECT "users".* FROM "users" WHERE id BETWEEN '#{params[:min_id]}' AND 100000` # where `params[:min_id]` is unsanitized User.where(<<-SQL, MAX_USER_ID) # $ Alert - id BETWEEN '#{params[:min_id]}' AND ? # $ Source + id BETWEEN '#{params[:min_id]}' AND ? #{# $ Source + } SQL # BAD: chained method case diff --git a/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected b/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected index 069cb34810f..c8926f635c4 100644 --- a/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected +++ b/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected @@ -1,3 +1,52 @@ +#select +| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:78:23:78:28 | call to params | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:78:23:78:28 | call to params | user-provided value | +| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:78:38:78:43 | call to params | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:78:38:78:43 | call to params | user-provided value | +| ActiveRecordInjection.rb:12:31:12:65 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:78:23:78:28 | call to params | ActiveRecordInjection.rb:12:31:12:65 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:78:23:78:28 | call to params | user-provided value | +| ActiveRecordInjection.rb:12:31:12:65 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:78:38:78:43 | call to params | ActiveRecordInjection.rb:12:31:12:65 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:78:38:78:43 | call to params | user-provided value | +| ActiveRecordInjection.rb:16:13:16:26 | "name=#{...}" | ActiveRecordInjection.rb:78:23:78:28 | call to params | ActiveRecordInjection.rb:16:13:16:26 | "name=#{...}" | This SQL query depends on a $@. | ActiveRecordInjection.rb:78:23:78:28 | call to params | user-provided value | +| ActiveRecordInjection.rb:30:16:30:24 | condition | ActiveRecordInjection.rb:175:21:175:26 | call to params | ActiveRecordInjection.rb:30:16:30:24 | condition | This SQL query depends on a $@. | ActiveRecordInjection.rb:175:21:175:26 | call to params | user-provided value | +| ActiveRecordInjection.rb:42:30:42:44 | ...[...] | ActiveRecordInjection.rb:42:30:42:35 | call to params | ActiveRecordInjection.rb:42:30:42:44 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:42:30:42:35 | call to params | user-provided value | +| ActiveRecordInjection.rb:46:18:46:32 | ...[...] | ActiveRecordInjection.rb:46:18:46:23 | call to params | ActiveRecordInjection.rb:46:18:46:32 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:46:18:46:23 | call to params | user-provided value | +| ActiveRecordInjection.rb:50:20:50:42 | "id = '#{...}'" | ActiveRecordInjection.rb:50:29:50:34 | call to params | ActiveRecordInjection.rb:50:20:50:42 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:50:29:50:34 | call to params | user-provided value | +| ActiveRecordInjection.rb:55:21:55:43 | "id = '#{...}'" | ActiveRecordInjection.rb:55:30:55:35 | call to params | ActiveRecordInjection.rb:55:21:55:43 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:55:30:55:35 | call to params | user-provided value | +| ActiveRecordInjection.rb:59:21:59:45 | call to [] | ActiveRecordInjection.rb:59:31:59:36 | call to params | ActiveRecordInjection.rb:59:21:59:45 | call to [] | This SQL query depends on a $@. | ActiveRecordInjection.rb:59:31:59:36 | call to params | user-provided value | +| ActiveRecordInjection.rb:64:22:64:46 | call to [] | ActiveRecordInjection.rb:64:32:64:37 | call to params | ActiveRecordInjection.rb:64:22:64:46 | call to [] | This SQL query depends on a $@. | ActiveRecordInjection.rb:64:32:64:37 | call to params | user-provided value | +| ActiveRecordInjection.rb:68:16:68:21 | <<-SQL | ActiveRecordInjection.rb:69:21:69:26 | call to params | ActiveRecordInjection.rb:68:16:68:21 | <<-SQL | This SQL query depends on a $@. | ActiveRecordInjection.rb:69:21:69:26 | call to params | user-provided value | +| ActiveRecordInjection.rb:76:20:76:47 | "user.id = '#{...}'" | ActiveRecordInjection.rb:76:34:76:39 | call to params | ActiveRecordInjection.rb:76:20:76:47 | "user.id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:76:34:76:39 | call to params | user-provided value | +| ActiveRecordInjection.rb:82:32:82:54 | "id = '#{...}'" | ActiveRecordInjection.rb:82:41:82:46 | call to params | ActiveRecordInjection.rb:82:32:82:54 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:82:41:82:46 | call to params | user-provided value | +| ActiveRecordInjection.rb:87:23:87:35 | ...[...] | ActiveRecordInjection.rb:87:23:87:28 | call to params | ActiveRecordInjection.rb:87:23:87:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:87:23:87:28 | call to params | user-provided value | +| ActiveRecordInjection.rb:91:17:91:31 | ...[...] | ActiveRecordInjection.rb:91:17:91:22 | call to params | ActiveRecordInjection.rb:91:17:91:31 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:91:17:91:22 | call to params | user-provided value | +| ActiveRecordInjection.rb:92:19:92:33 | ...[...] | ActiveRecordInjection.rb:92:19:92:24 | call to params | ActiveRecordInjection.rb:92:19:92:33 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:92:19:92:24 | call to params | user-provided value | +| ActiveRecordInjection.rb:96:18:96:35 | ...[...] | ActiveRecordInjection.rb:96:18:96:23 | call to params | ActiveRecordInjection.rb:96:18:96:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:96:18:96:23 | call to params | user-provided value | +| ActiveRecordInjection.rb:100:21:100:35 | ...[...] | ActiveRecordInjection.rb:100:21:100:26 | call to params | ActiveRecordInjection.rb:100:21:100:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:100:21:100:26 | call to params | user-provided value | +| ActiveRecordInjection.rb:108:20:108:55 | "name = '#{...}'" | ActiveRecordInjection.rb:108:31:108:36 | call to params | ActiveRecordInjection.rb:108:20:108:55 | "name = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:108:31:108:36 | call to params | user-provided value | +| ActiveRecordInjection.rb:112:19:112:54 | "name = '#{...}'" | ActiveRecordInjection.rb:112:30:112:35 | call to params | ActiveRecordInjection.rb:112:19:112:54 | "name = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:112:30:112:35 | call to params | user-provided value | +| ActiveRecordInjection.rb:114:18:114:35 | ...[...] | ActiveRecordInjection.rb:114:18:114:23 | call to params | ActiveRecordInjection.rb:114:18:114:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:114:18:114:23 | call to params | user-provided value | +| ActiveRecordInjection.rb:116:26:116:40 | ...[...] | ActiveRecordInjection.rb:116:26:116:31 | call to params | ActiveRecordInjection.rb:116:26:116:40 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:116:26:116:31 | call to params | user-provided value | +| ActiveRecordInjection.rb:117:28:117:42 | ...[...] | ActiveRecordInjection.rb:117:28:117:33 | call to params | ActiveRecordInjection.rb:117:28:117:42 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:117:28:117:33 | call to params | user-provided value | +| ActiveRecordInjection.rb:118:25:118:49 | "b #{...}" | ActiveRecordInjection.rb:118:30:118:35 | call to params | ActiveRecordInjection.rb:118:25:118:49 | "b #{...}" | This SQL query depends on a $@. | ActiveRecordInjection.rb:118:30:118:35 | call to params | user-provided value | +| ActiveRecordInjection.rb:119:27:119:51 | "b #{...}" | ActiveRecordInjection.rb:119:32:119:37 | call to params | ActiveRecordInjection.rb:119:27:119:51 | "b #{...}" | This SQL query depends on a $@. | ActiveRecordInjection.rb:119:32:119:37 | call to params | user-provided value | +| ActiveRecordInjection.rb:120:21:120:35 | ...[...] | ActiveRecordInjection.rb:120:21:120:26 | call to params | ActiveRecordInjection.rb:120:21:120:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:120:21:120:26 | call to params | user-provided value | +| ActiveRecordInjection.rb:121:21:121:35 | ...[...] | ActiveRecordInjection.rb:121:21:121:26 | call to params | ActiveRecordInjection.rb:121:21:121:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:121:21:121:26 | call to params | user-provided value | +| ActiveRecordInjection.rb:122:20:122:34 | ...[...] | ActiveRecordInjection.rb:122:20:122:25 | call to params | ActiveRecordInjection.rb:122:20:122:34 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:122:20:122:25 | call to params | user-provided value | +| ActiveRecordInjection.rb:124:23:124:47 | ...[...] | ActiveRecordInjection.rb:124:23:124:28 | call to params | ActiveRecordInjection.rb:124:23:124:47 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:124:23:124:28 | call to params | user-provided value | +| ActiveRecordInjection.rb:128:19:128:30 | ...[...] | ActiveRecordInjection.rb:128:19:128:24 | call to params | ActiveRecordInjection.rb:128:19:128:30 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:128:19:128:24 | call to params | user-provided value | +| ActiveRecordInjection.rb:130:29:130:39 | ...[...] | ActiveRecordInjection.rb:130:29:130:34 | call to params | ActiveRecordInjection.rb:130:29:130:39 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:130:29:130:34 | call to params | user-provided value | +| ActiveRecordInjection.rb:142:20:142:32 | ... + ... | ActiveRecordInjection.rb:136:10:136:15 | call to params | ActiveRecordInjection.rb:142:20:142:32 | ... + ... | This SQL query depends on a $@. | ActiveRecordInjection.rb:136:10:136:15 | call to params | user-provided value | +| ActiveRecordInjection.rb:175:21:175:44 | ...[...] | ActiveRecordInjection.rb:175:21:175:26 | call to params | ActiveRecordInjection.rb:175:21:175:44 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:175:21:175:26 | call to params | user-provided value | +| ActiveRecordInjection.rb:189:27:189:76 | "this is an unsafe annotation:..." | ActiveRecordInjection.rb:189:59:189:64 | call to params | ActiveRecordInjection.rb:189:27:189:76 | "this is an unsafe annotation:..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:189:59:189:64 | call to params | user-provided value | +| ActiveRecordInjection.rb:202:37:202:41 | query | ActiveRecordInjection.rb:207:5:207:10 | call to params | ActiveRecordInjection.rb:202:37:202:41 | query | This SQL query depends on a $@. | ActiveRecordInjection.rb:207:5:207:10 | call to params | user-provided value | +| ActiveRecordInjection.rb:211:43:211:104 | "SELECT * FROM users WHERE id ..." | ActiveRecordInjection.rb:207:5:207:10 | call to params | ActiveRecordInjection.rb:211:43:211:104 | "SELECT * FROM users WHERE id ..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:207:5:207:10 | call to params | user-provided value | +| ActiveRecordInjection.rb:212:35:212:96 | "SELECT * FROM users WHERE id ..." | ActiveRecordInjection.rb:207:5:207:10 | call to params | ActiveRecordInjection.rb:212:35:212:96 | "SELECT * FROM users WHERE id ..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:207:5:207:10 | call to params | user-provided value | +| ActiveRecordInjection.rb:217:38:217:53 | "role = #{...}" | ActiveRecordInjection.rb:223:29:223:34 | call to params | ActiveRecordInjection.rb:217:38:217:53 | "role = #{...}" | This SQL query depends on a $@. | ActiveRecordInjection.rb:223:29:223:34 | call to params | user-provided value | +| ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | ArelInjection.rb:4:12:4:17 | call to params | ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | This SQL query depends on a $@. | ArelInjection.rb:4:12:4:17 | call to params | user-provided value | +| ArelInjection.rb:7:39:7:80 | "SELECT * FROM users WHERE nam..." | ArelInjection.rb:4:12:4:17 | call to params | ArelInjection.rb:7:39:7:80 | "SELECT * FROM users WHERE nam..." | This SQL query depends on a $@. | ArelInjection.rb:4:12:4:17 | call to params | user-provided value | +| PgInjection.rb:14:15:14:18 | qry1 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:14:15:14:18 | qry1 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value | +| PgInjection.rb:15:21:15:24 | qry1 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:15:21:15:24 | qry1 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value | +| PgInjection.rb:20:22:20:25 | qry2 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:20:22:20:25 | qry2 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value | +| PgInjection.rb:21:28:21:31 | qry2 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:21:28:21:31 | qry2 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value | +| PgInjection.rb:32:29:32:32 | qry3 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:32:29:32:32 | qry3 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value | +| PgInjection.rb:44:29:44:32 | qry3 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:44:29:44:32 | qry3 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value | edges | ActiveRecordInjection.rb:8:25:8:28 | name | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:8:25:8:28 | name | ActiveRecordInjection.rb:12:31:12:65 | "name='#{...}' and pass='#{...}'" | provenance | AdditionalTaintStep | @@ -19,64 +68,64 @@ edges | ActiveRecordInjection.rb:64:32:64:42 | ...[...] | ActiveRecordInjection.rb:64:23:64:45 | "id = '#{...}'" : String | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:69:21:69:26 | call to params | ActiveRecordInjection.rb:69:21:69:35 | ...[...] | provenance | | | ActiveRecordInjection.rb:69:21:69:35 | ...[...] | ActiveRecordInjection.rb:68:16:68:21 | <<-SQL | provenance | AdditionalTaintStep | -| ActiveRecordInjection.rb:75:34:75:39 | call to params | ActiveRecordInjection.rb:75:34:75:44 | ...[...] | provenance | | -| ActiveRecordInjection.rb:75:34:75:44 | ...[...] | ActiveRecordInjection.rb:75:20:75:47 | "user.id = '#{...}'" | provenance | AdditionalTaintStep | -| ActiveRecordInjection.rb:77:23:77:28 | call to params | ActiveRecordInjection.rb:77:23:77:35 | ...[...] | provenance | | -| ActiveRecordInjection.rb:77:23:77:35 | ...[...] | ActiveRecordInjection.rb:8:25:8:28 | name | provenance | | -| ActiveRecordInjection.rb:77:38:77:43 | call to params | ActiveRecordInjection.rb:77:38:77:50 | ...[...] | provenance | | -| ActiveRecordInjection.rb:77:38:77:50 | ...[...] | ActiveRecordInjection.rb:8:31:8:34 | pass | provenance | | -| ActiveRecordInjection.rb:81:41:81:46 | call to params | ActiveRecordInjection.rb:81:41:81:51 | ...[...] | provenance | | -| ActiveRecordInjection.rb:81:41:81:51 | ...[...] | ActiveRecordInjection.rb:81:32:81:54 | "id = '#{...}'" | provenance | AdditionalTaintStep | -| ActiveRecordInjection.rb:86:23:86:28 | call to params | ActiveRecordInjection.rb:86:23:86:35 | ...[...] | provenance | | -| ActiveRecordInjection.rb:90:17:90:22 | call to params | ActiveRecordInjection.rb:90:17:90:31 | ...[...] | provenance | | -| ActiveRecordInjection.rb:91:19:91:24 | call to params | ActiveRecordInjection.rb:91:19:91:33 | ...[...] | provenance | | -| ActiveRecordInjection.rb:95:18:95:23 | call to params | ActiveRecordInjection.rb:95:18:95:35 | ...[...] | provenance | | -| ActiveRecordInjection.rb:99:21:99:26 | call to params | ActiveRecordInjection.rb:99:21:99:35 | ...[...] | provenance | | -| ActiveRecordInjection.rb:107:31:107:36 | call to params | ActiveRecordInjection.rb:107:31:107:52 | ...[...] | provenance | | -| ActiveRecordInjection.rb:107:31:107:52 | ...[...] | ActiveRecordInjection.rb:107:20:107:55 | "name = '#{...}'" | provenance | AdditionalTaintStep | -| ActiveRecordInjection.rb:111:30:111:35 | call to params | ActiveRecordInjection.rb:111:30:111:51 | ...[...] | provenance | | -| ActiveRecordInjection.rb:111:30:111:51 | ...[...] | ActiveRecordInjection.rb:111:19:111:54 | "name = '#{...}'" | provenance | AdditionalTaintStep | -| ActiveRecordInjection.rb:113:18:113:23 | call to params | ActiveRecordInjection.rb:113:18:113:35 | ...[...] | provenance | | -| ActiveRecordInjection.rb:115:26:115:31 | call to params | ActiveRecordInjection.rb:115:26:115:40 | ...[...] | provenance | | -| ActiveRecordInjection.rb:116:28:116:33 | call to params | ActiveRecordInjection.rb:116:28:116:42 | ...[...] | provenance | | -| ActiveRecordInjection.rb:117:30:117:35 | call to params | ActiveRecordInjection.rb:117:30:117:47 | ...[...] | provenance | | -| ActiveRecordInjection.rb:117:30:117:47 | ...[...] | ActiveRecordInjection.rb:117:25:117:49 | "b #{...}" | provenance | AdditionalTaintStep | -| ActiveRecordInjection.rb:118:32:118:37 | call to params | ActiveRecordInjection.rb:118:32:118:49 | ...[...] | provenance | | -| ActiveRecordInjection.rb:118:32:118:49 | ...[...] | ActiveRecordInjection.rb:118:27:118:51 | "b #{...}" | provenance | AdditionalTaintStep | -| ActiveRecordInjection.rb:119:21:119:26 | call to params | ActiveRecordInjection.rb:119:21:119:35 | ...[...] | provenance | | +| ActiveRecordInjection.rb:76:34:76:39 | call to params | ActiveRecordInjection.rb:76:34:76:44 | ...[...] | provenance | | +| ActiveRecordInjection.rb:76:34:76:44 | ...[...] | ActiveRecordInjection.rb:76:20:76:47 | "user.id = '#{...}'" | provenance | AdditionalTaintStep | +| ActiveRecordInjection.rb:78:23:78:28 | call to params | ActiveRecordInjection.rb:78:23:78:35 | ...[...] | provenance | | +| ActiveRecordInjection.rb:78:23:78:35 | ...[...] | ActiveRecordInjection.rb:8:25:8:28 | name | provenance | | +| ActiveRecordInjection.rb:78:38:78:43 | call to params | ActiveRecordInjection.rb:78:38:78:50 | ...[...] | provenance | | +| ActiveRecordInjection.rb:78:38:78:50 | ...[...] | ActiveRecordInjection.rb:8:31:8:34 | pass | provenance | | +| ActiveRecordInjection.rb:82:41:82:46 | call to params | ActiveRecordInjection.rb:82:41:82:51 | ...[...] | provenance | | +| ActiveRecordInjection.rb:82:41:82:51 | ...[...] | ActiveRecordInjection.rb:82:32:82:54 | "id = '#{...}'" | provenance | AdditionalTaintStep | +| ActiveRecordInjection.rb:87:23:87:28 | call to params | ActiveRecordInjection.rb:87:23:87:35 | ...[...] | provenance | | +| ActiveRecordInjection.rb:91:17:91:22 | call to params | ActiveRecordInjection.rb:91:17:91:31 | ...[...] | provenance | | +| ActiveRecordInjection.rb:92:19:92:24 | call to params | ActiveRecordInjection.rb:92:19:92:33 | ...[...] | provenance | | +| ActiveRecordInjection.rb:96:18:96:23 | call to params | ActiveRecordInjection.rb:96:18:96:35 | ...[...] | provenance | | +| ActiveRecordInjection.rb:100:21:100:26 | call to params | ActiveRecordInjection.rb:100:21:100:35 | ...[...] | provenance | | +| ActiveRecordInjection.rb:108:31:108:36 | call to params | ActiveRecordInjection.rb:108:31:108:52 | ...[...] | provenance | | +| ActiveRecordInjection.rb:108:31:108:52 | ...[...] | ActiveRecordInjection.rb:108:20:108:55 | "name = '#{...}'" | provenance | AdditionalTaintStep | +| ActiveRecordInjection.rb:112:30:112:35 | call to params | ActiveRecordInjection.rb:112:30:112:51 | ...[...] | provenance | | +| ActiveRecordInjection.rb:112:30:112:51 | ...[...] | ActiveRecordInjection.rb:112:19:112:54 | "name = '#{...}'" | provenance | AdditionalTaintStep | +| ActiveRecordInjection.rb:114:18:114:23 | call to params | ActiveRecordInjection.rb:114:18:114:35 | ...[...] | provenance | | +| ActiveRecordInjection.rb:116:26:116:31 | call to params | ActiveRecordInjection.rb:116:26:116:40 | ...[...] | provenance | | +| ActiveRecordInjection.rb:117:28:117:33 | call to params | ActiveRecordInjection.rb:117:28:117:42 | ...[...] | provenance | | +| ActiveRecordInjection.rb:118:30:118:35 | call to params | ActiveRecordInjection.rb:118:30:118:47 | ...[...] | provenance | | +| ActiveRecordInjection.rb:118:30:118:47 | ...[...] | ActiveRecordInjection.rb:118:25:118:49 | "b #{...}" | provenance | AdditionalTaintStep | +| ActiveRecordInjection.rb:119:32:119:37 | call to params | ActiveRecordInjection.rb:119:32:119:49 | ...[...] | provenance | | +| ActiveRecordInjection.rb:119:32:119:49 | ...[...] | ActiveRecordInjection.rb:119:27:119:51 | "b #{...}" | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:120:21:120:26 | call to params | ActiveRecordInjection.rb:120:21:120:35 | ...[...] | provenance | | -| ActiveRecordInjection.rb:121:20:121:25 | call to params | ActiveRecordInjection.rb:121:20:121:34 | ...[...] | provenance | | -| ActiveRecordInjection.rb:123:23:123:28 | call to params | ActiveRecordInjection.rb:123:23:123:47 | ...[...] | provenance | | -| ActiveRecordInjection.rb:127:19:127:24 | call to params | ActiveRecordInjection.rb:127:19:127:30 | ...[...] | provenance | | -| ActiveRecordInjection.rb:129:29:129:34 | call to params | ActiveRecordInjection.rb:129:29:129:39 | ...[...] | provenance | | -| ActiveRecordInjection.rb:135:5:135:6 | ps | ActiveRecordInjection.rb:136:11:136:12 | ps | provenance | | -| ActiveRecordInjection.rb:135:10:135:15 | call to params | ActiveRecordInjection.rb:135:5:135:6 | ps | provenance | | -| ActiveRecordInjection.rb:136:5:136:7 | uid | ActiveRecordInjection.rb:137:5:137:9 | uidEq : String | provenance | AdditionalTaintStep | -| ActiveRecordInjection.rb:136:11:136:12 | ps | ActiveRecordInjection.rb:136:11:136:17 | ...[...] | provenance | | -| ActiveRecordInjection.rb:136:11:136:17 | ...[...] | ActiveRecordInjection.rb:136:5:136:7 | uid | provenance | | -| ActiveRecordInjection.rb:137:5:137:9 | uidEq : String | ActiveRecordInjection.rb:141:20:141:32 | ... + ... | provenance | | -| ActiveRecordInjection.rb:174:21:174:26 | call to params | ActiveRecordInjection.rb:174:21:174:44 | ...[...] | provenance | | -| ActiveRecordInjection.rb:174:21:174:26 | call to params | ActiveRecordInjection.rb:174:21:174:44 | ...[...] | provenance | | -| ActiveRecordInjection.rb:174:21:174:44 | ...[...] | ActiveRecordInjection.rb:27:22:27:30 | condition | provenance | | -| ActiveRecordInjection.rb:188:59:188:64 | call to params | ActiveRecordInjection.rb:188:59:188:74 | ...[...] | provenance | | -| ActiveRecordInjection.rb:188:59:188:74 | ...[...] | ActiveRecordInjection.rb:188:27:188:76 | "this is an unsafe annotation:..." | provenance | AdditionalTaintStep | -| ActiveRecordInjection.rb:199:5:199:13 | my_params | ActiveRecordInjection.rb:200:47:200:55 | my_params | provenance | | -| ActiveRecordInjection.rb:199:17:199:32 | call to permitted_params | ActiveRecordInjection.rb:199:5:199:13 | my_params | provenance | | -| ActiveRecordInjection.rb:200:5:200:9 | query : String | ActiveRecordInjection.rb:201:37:201:41 | query | provenance | | -| ActiveRecordInjection.rb:200:47:200:55 | my_params | ActiveRecordInjection.rb:200:47:200:65 | ...[...] | provenance | | -| ActiveRecordInjection.rb:200:47:200:65 | ...[...] | ActiveRecordInjection.rb:200:5:200:9 | query : String | provenance | AdditionalTaintStep | -| ActiveRecordInjection.rb:206:5:206:10 | call to params | ActiveRecordInjection.rb:206:5:206:27 | call to require | provenance | | -| ActiveRecordInjection.rb:206:5:206:27 | call to require | ActiveRecordInjection.rb:206:5:206:59 | call to permit | provenance | | -| ActiveRecordInjection.rb:206:5:206:59 | call to permit | ActiveRecordInjection.rb:199:17:199:32 | call to permitted_params | provenance | | -| ActiveRecordInjection.rb:206:5:206:59 | call to permit | ActiveRecordInjection.rb:210:77:210:92 | call to permitted_params | provenance | | -| ActiveRecordInjection.rb:206:5:206:59 | call to permit | ActiveRecordInjection.rb:211:69:211:84 | call to permitted_params | provenance | | -| ActiveRecordInjection.rb:210:77:210:92 | call to permitted_params | ActiveRecordInjection.rb:210:77:210:102 | ...[...] | provenance | | -| ActiveRecordInjection.rb:210:77:210:102 | ...[...] | ActiveRecordInjection.rb:210:43:210:104 | "SELECT * FROM users WHERE id ..." | provenance | AdditionalTaintStep | -| ActiveRecordInjection.rb:211:69:211:84 | call to permitted_params | ActiveRecordInjection.rb:211:69:211:94 | ...[...] | provenance | | -| ActiveRecordInjection.rb:211:69:211:94 | ...[...] | ActiveRecordInjection.rb:211:35:211:96 | "SELECT * FROM users WHERE id ..." | provenance | AdditionalTaintStep | -| ActiveRecordInjection.rb:216:24:216:27 | role | ActiveRecordInjection.rb:216:38:216:53 | "role = #{...}" | provenance | AdditionalTaintStep | -| ActiveRecordInjection.rb:222:29:222:34 | call to params | ActiveRecordInjection.rb:222:29:222:41 | ...[...] | provenance | | -| ActiveRecordInjection.rb:222:29:222:41 | ...[...] | ActiveRecordInjection.rb:216:24:216:27 | role | provenance | | +| ActiveRecordInjection.rb:121:21:121:26 | call to params | ActiveRecordInjection.rb:121:21:121:35 | ...[...] | provenance | | +| ActiveRecordInjection.rb:122:20:122:25 | call to params | ActiveRecordInjection.rb:122:20:122:34 | ...[...] | provenance | | +| ActiveRecordInjection.rb:124:23:124:28 | call to params | ActiveRecordInjection.rb:124:23:124:47 | ...[...] | provenance | | +| ActiveRecordInjection.rb:128:19:128:24 | call to params | ActiveRecordInjection.rb:128:19:128:30 | ...[...] | provenance | | +| ActiveRecordInjection.rb:130:29:130:34 | call to params | ActiveRecordInjection.rb:130:29:130:39 | ...[...] | provenance | | +| ActiveRecordInjection.rb:136:5:136:6 | ps | ActiveRecordInjection.rb:137:11:137:12 | ps | provenance | | +| ActiveRecordInjection.rb:136:10:136:15 | call to params | ActiveRecordInjection.rb:136:5:136:6 | ps | provenance | | +| ActiveRecordInjection.rb:137:5:137:7 | uid | ActiveRecordInjection.rb:138:5:138:9 | uidEq : String | provenance | AdditionalTaintStep | +| ActiveRecordInjection.rb:137:11:137:12 | ps | ActiveRecordInjection.rb:137:11:137:17 | ...[...] | provenance | | +| ActiveRecordInjection.rb:137:11:137:17 | ...[...] | ActiveRecordInjection.rb:137:5:137:7 | uid | provenance | | +| ActiveRecordInjection.rb:138:5:138:9 | uidEq : String | ActiveRecordInjection.rb:142:20:142:32 | ... + ... | provenance | | +| ActiveRecordInjection.rb:175:21:175:26 | call to params | ActiveRecordInjection.rb:175:21:175:44 | ...[...] | provenance | | +| ActiveRecordInjection.rb:175:21:175:26 | call to params | ActiveRecordInjection.rb:175:21:175:44 | ...[...] | provenance | | +| ActiveRecordInjection.rb:175:21:175:44 | ...[...] | ActiveRecordInjection.rb:27:22:27:30 | condition | provenance | | +| ActiveRecordInjection.rb:189:59:189:64 | call to params | ActiveRecordInjection.rb:189:59:189:74 | ...[...] | provenance | | +| ActiveRecordInjection.rb:189:59:189:74 | ...[...] | ActiveRecordInjection.rb:189:27:189:76 | "this is an unsafe annotation:..." | provenance | AdditionalTaintStep | +| ActiveRecordInjection.rb:200:5:200:13 | my_params | ActiveRecordInjection.rb:201:47:201:55 | my_params | provenance | | +| ActiveRecordInjection.rb:200:17:200:32 | call to permitted_params | ActiveRecordInjection.rb:200:5:200:13 | my_params | provenance | | +| ActiveRecordInjection.rb:201:5:201:9 | query : String | ActiveRecordInjection.rb:202:37:202:41 | query | provenance | | +| ActiveRecordInjection.rb:201:47:201:55 | my_params | ActiveRecordInjection.rb:201:47:201:65 | ...[...] | provenance | | +| ActiveRecordInjection.rb:201:47:201:65 | ...[...] | ActiveRecordInjection.rb:201:5:201:9 | query : String | provenance | AdditionalTaintStep | +| ActiveRecordInjection.rb:207:5:207:10 | call to params | ActiveRecordInjection.rb:207:5:207:27 | call to require | provenance | | +| ActiveRecordInjection.rb:207:5:207:27 | call to require | ActiveRecordInjection.rb:207:5:207:59 | call to permit | provenance | | +| ActiveRecordInjection.rb:207:5:207:59 | call to permit | ActiveRecordInjection.rb:200:17:200:32 | call to permitted_params | provenance | | +| ActiveRecordInjection.rb:207:5:207:59 | call to permit | ActiveRecordInjection.rb:211:77:211:92 | call to permitted_params | provenance | | +| ActiveRecordInjection.rb:207:5:207:59 | call to permit | ActiveRecordInjection.rb:212:69:212:84 | call to permitted_params | provenance | | +| ActiveRecordInjection.rb:211:77:211:92 | call to permitted_params | ActiveRecordInjection.rb:211:77:211:102 | ...[...] | provenance | | +| ActiveRecordInjection.rb:211:77:211:102 | ...[...] | ActiveRecordInjection.rb:211:43:211:104 | "SELECT * FROM users WHERE id ..." | provenance | AdditionalTaintStep | +| ActiveRecordInjection.rb:212:69:212:84 | call to permitted_params | ActiveRecordInjection.rb:212:69:212:94 | ...[...] | provenance | | +| ActiveRecordInjection.rb:212:69:212:94 | ...[...] | ActiveRecordInjection.rb:212:35:212:96 | "SELECT * FROM users WHERE id ..." | provenance | AdditionalTaintStep | +| ActiveRecordInjection.rb:217:24:217:27 | role | ActiveRecordInjection.rb:217:38:217:53 | "role = #{...}" | provenance | AdditionalTaintStep | +| ActiveRecordInjection.rb:223:29:223:34 | call to params | ActiveRecordInjection.rb:223:29:223:41 | ...[...] | provenance | | +| ActiveRecordInjection.rb:223:29:223:41 | ...[...] | ActiveRecordInjection.rb:217:24:217:27 | role | provenance | | | ArelInjection.rb:4:5:4:8 | name | ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | provenance | AdditionalTaintStep | | ArelInjection.rb:4:5:4:8 | name | ArelInjection.rb:7:39:7:80 | "SELECT * FROM users WHERE nam..." | provenance | AdditionalTaintStep | | ArelInjection.rb:4:12:4:17 | call to params | ArelInjection.rb:4:12:4:29 | ...[...] | provenance | | @@ -122,88 +171,88 @@ nodes | ActiveRecordInjection.rb:68:16:68:21 | <<-SQL | semmle.label | <<-SQL | | ActiveRecordInjection.rb:69:21:69:26 | call to params | semmle.label | call to params | | ActiveRecordInjection.rb:69:21:69:35 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:75:20:75:47 | "user.id = '#{...}'" | semmle.label | "user.id = '#{...}'" | -| ActiveRecordInjection.rb:75:34:75:39 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:75:34:75:44 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:77:23:77:28 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:77:23:77:35 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:77:38:77:43 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:77:38:77:50 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:81:32:81:54 | "id = '#{...}'" | semmle.label | "id = '#{...}'" | -| ActiveRecordInjection.rb:81:41:81:46 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:81:41:81:51 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:86:23:86:28 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:86:23:86:35 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:90:17:90:22 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:90:17:90:31 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:91:19:91:24 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:91:19:91:33 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:95:18:95:23 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:95:18:95:35 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:99:21:99:26 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:99:21:99:35 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:107:20:107:55 | "name = '#{...}'" | semmle.label | "name = '#{...}'" | -| ActiveRecordInjection.rb:107:31:107:36 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:107:31:107:52 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:111:19:111:54 | "name = '#{...}'" | semmle.label | "name = '#{...}'" | -| ActiveRecordInjection.rb:111:30:111:35 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:111:30:111:51 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:113:18:113:23 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:113:18:113:35 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:115:26:115:31 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:115:26:115:40 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:116:28:116:33 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:116:28:116:42 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:117:25:117:49 | "b #{...}" | semmle.label | "b #{...}" | -| ActiveRecordInjection.rb:117:30:117:35 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:117:30:117:47 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:118:27:118:51 | "b #{...}" | semmle.label | "b #{...}" | -| ActiveRecordInjection.rb:118:32:118:37 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:118:32:118:49 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:119:21:119:26 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:119:21:119:35 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:76:20:76:47 | "user.id = '#{...}'" | semmle.label | "user.id = '#{...}'" | +| ActiveRecordInjection.rb:76:34:76:39 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:76:34:76:44 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:78:23:78:28 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:78:23:78:35 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:78:38:78:43 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:78:38:78:50 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:82:32:82:54 | "id = '#{...}'" | semmle.label | "id = '#{...}'" | +| ActiveRecordInjection.rb:82:41:82:46 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:82:41:82:51 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:87:23:87:28 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:87:23:87:35 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:91:17:91:22 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:91:17:91:31 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:92:19:92:24 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:92:19:92:33 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:96:18:96:23 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:96:18:96:35 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:100:21:100:26 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:100:21:100:35 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:108:20:108:55 | "name = '#{...}'" | semmle.label | "name = '#{...}'" | +| ActiveRecordInjection.rb:108:31:108:36 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:108:31:108:52 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:112:19:112:54 | "name = '#{...}'" | semmle.label | "name = '#{...}'" | +| ActiveRecordInjection.rb:112:30:112:35 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:112:30:112:51 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:114:18:114:23 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:114:18:114:35 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:116:26:116:31 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:116:26:116:40 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:117:28:117:33 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:117:28:117:42 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:118:25:118:49 | "b #{...}" | semmle.label | "b #{...}" | +| ActiveRecordInjection.rb:118:30:118:35 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:118:30:118:47 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:119:27:119:51 | "b #{...}" | semmle.label | "b #{...}" | +| ActiveRecordInjection.rb:119:32:119:37 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:119:32:119:49 | ...[...] | semmle.label | ...[...] | | ActiveRecordInjection.rb:120:21:120:26 | call to params | semmle.label | call to params | | ActiveRecordInjection.rb:120:21:120:35 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:121:20:121:25 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:121:20:121:34 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:123:23:123:28 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:123:23:123:47 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:127:19:127:24 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:127:19:127:30 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:129:29:129:34 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:129:29:129:39 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:135:5:135:6 | ps | semmle.label | ps | -| ActiveRecordInjection.rb:135:10:135:15 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:136:5:136:7 | uid | semmle.label | uid | -| ActiveRecordInjection.rb:136:11:136:12 | ps | semmle.label | ps | -| ActiveRecordInjection.rb:136:11:136:17 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:137:5:137:9 | uidEq : String | semmle.label | uidEq : String | -| ActiveRecordInjection.rb:141:20:141:32 | ... + ... | semmle.label | ... + ... | -| ActiveRecordInjection.rb:174:21:174:26 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:174:21:174:44 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:174:21:174:44 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:188:27:188:76 | "this is an unsafe annotation:..." | semmle.label | "this is an unsafe annotation:..." | -| ActiveRecordInjection.rb:188:59:188:64 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:188:59:188:74 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:199:5:199:13 | my_params | semmle.label | my_params | -| ActiveRecordInjection.rb:199:17:199:32 | call to permitted_params | semmle.label | call to permitted_params | -| ActiveRecordInjection.rb:200:5:200:9 | query : String | semmle.label | query : String | -| ActiveRecordInjection.rb:200:47:200:55 | my_params | semmle.label | my_params | -| ActiveRecordInjection.rb:200:47:200:65 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:201:37:201:41 | query | semmle.label | query | -| ActiveRecordInjection.rb:206:5:206:10 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:206:5:206:27 | call to require | semmle.label | call to require | -| ActiveRecordInjection.rb:206:5:206:59 | call to permit | semmle.label | call to permit | -| ActiveRecordInjection.rb:210:43:210:104 | "SELECT * FROM users WHERE id ..." | semmle.label | "SELECT * FROM users WHERE id ..." | -| ActiveRecordInjection.rb:210:77:210:92 | call to permitted_params | semmle.label | call to permitted_params | -| ActiveRecordInjection.rb:210:77:210:102 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:211:35:211:96 | "SELECT * FROM users WHERE id ..." | semmle.label | "SELECT * FROM users WHERE id ..." | -| ActiveRecordInjection.rb:211:69:211:84 | call to permitted_params | semmle.label | call to permitted_params | -| ActiveRecordInjection.rb:211:69:211:94 | ...[...] | semmle.label | ...[...] | -| ActiveRecordInjection.rb:216:24:216:27 | role | semmle.label | role | -| ActiveRecordInjection.rb:216:38:216:53 | "role = #{...}" | semmle.label | "role = #{...}" | -| ActiveRecordInjection.rb:222:29:222:34 | call to params | semmle.label | call to params | -| ActiveRecordInjection.rb:222:29:222:41 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:121:21:121:26 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:121:21:121:35 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:122:20:122:25 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:122:20:122:34 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:124:23:124:28 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:124:23:124:47 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:128:19:128:24 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:128:19:128:30 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:130:29:130:34 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:130:29:130:39 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:136:5:136:6 | ps | semmle.label | ps | +| ActiveRecordInjection.rb:136:10:136:15 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:137:5:137:7 | uid | semmle.label | uid | +| ActiveRecordInjection.rb:137:11:137:12 | ps | semmle.label | ps | +| ActiveRecordInjection.rb:137:11:137:17 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:138:5:138:9 | uidEq : String | semmle.label | uidEq : String | +| ActiveRecordInjection.rb:142:20:142:32 | ... + ... | semmle.label | ... + ... | +| ActiveRecordInjection.rb:175:21:175:26 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:175:21:175:44 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:175:21:175:44 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:189:27:189:76 | "this is an unsafe annotation:..." | semmle.label | "this is an unsafe annotation:..." | +| ActiveRecordInjection.rb:189:59:189:64 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:189:59:189:74 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:200:5:200:13 | my_params | semmle.label | my_params | +| ActiveRecordInjection.rb:200:17:200:32 | call to permitted_params | semmle.label | call to permitted_params | +| ActiveRecordInjection.rb:201:5:201:9 | query : String | semmle.label | query : String | +| ActiveRecordInjection.rb:201:47:201:55 | my_params | semmle.label | my_params | +| ActiveRecordInjection.rb:201:47:201:65 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:202:37:202:41 | query | semmle.label | query | +| ActiveRecordInjection.rb:207:5:207:10 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:207:5:207:27 | call to require | semmle.label | call to require | +| ActiveRecordInjection.rb:207:5:207:59 | call to permit | semmle.label | call to permit | +| ActiveRecordInjection.rb:211:43:211:104 | "SELECT * FROM users WHERE id ..." | semmle.label | "SELECT * FROM users WHERE id ..." | +| ActiveRecordInjection.rb:211:77:211:92 | call to permitted_params | semmle.label | call to permitted_params | +| ActiveRecordInjection.rb:211:77:211:102 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:212:35:212:96 | "SELECT * FROM users WHERE id ..." | semmle.label | "SELECT * FROM users WHERE id ..." | +| ActiveRecordInjection.rb:212:69:212:84 | call to permitted_params | semmle.label | call to permitted_params | +| ActiveRecordInjection.rb:212:69:212:94 | ...[...] | semmle.label | ...[...] | +| ActiveRecordInjection.rb:217:24:217:27 | role | semmle.label | role | +| ActiveRecordInjection.rb:217:38:217:53 | "role = #{...}" | semmle.label | "role = #{...}" | +| ActiveRecordInjection.rb:223:29:223:34 | call to params | semmle.label | call to params | +| ActiveRecordInjection.rb:223:29:223:41 | ...[...] | semmle.label | ...[...] | | ArelInjection.rb:4:5:4:8 | name | semmle.label | name | | ArelInjection.rb:4:12:4:17 | call to params | semmle.label | call to params | | ArelInjection.rb:4:12:4:29 | ...[...] | semmle.label | ...[...] | @@ -223,52 +272,3 @@ nodes | PgInjection.rb:43:5:43:8 | qry3 : String | semmle.label | qry3 : String | | PgInjection.rb:44:29:44:32 | qry3 | semmle.label | qry3 | subpaths -#select -| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:77:23:77:28 | call to params | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:77:23:77:28 | call to params | user-provided value | -| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:77:38:77:43 | call to params | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:77:38:77:43 | call to params | user-provided value | -| ActiveRecordInjection.rb:12:31:12:65 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:77:23:77:28 | call to params | ActiveRecordInjection.rb:12:31:12:65 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:77:23:77:28 | call to params | user-provided value | -| ActiveRecordInjection.rb:12:31:12:65 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:77:38:77:43 | call to params | ActiveRecordInjection.rb:12:31:12:65 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:77:38:77:43 | call to params | user-provided value | -| ActiveRecordInjection.rb:16:13:16:26 | "name=#{...}" | ActiveRecordInjection.rb:77:23:77:28 | call to params | ActiveRecordInjection.rb:16:13:16:26 | "name=#{...}" | This SQL query depends on a $@. | ActiveRecordInjection.rb:77:23:77:28 | call to params | user-provided value | -| ActiveRecordInjection.rb:30:16:30:24 | condition | ActiveRecordInjection.rb:174:21:174:26 | call to params | ActiveRecordInjection.rb:30:16:30:24 | condition | This SQL query depends on a $@. | ActiveRecordInjection.rb:174:21:174:26 | call to params | user-provided value | -| ActiveRecordInjection.rb:42:30:42:44 | ...[...] | ActiveRecordInjection.rb:42:30:42:35 | call to params | ActiveRecordInjection.rb:42:30:42:44 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:42:30:42:35 | call to params | user-provided value | -| ActiveRecordInjection.rb:46:18:46:32 | ...[...] | ActiveRecordInjection.rb:46:18:46:23 | call to params | ActiveRecordInjection.rb:46:18:46:32 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:46:18:46:23 | call to params | user-provided value | -| ActiveRecordInjection.rb:50:20:50:42 | "id = '#{...}'" | ActiveRecordInjection.rb:50:29:50:34 | call to params | ActiveRecordInjection.rb:50:20:50:42 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:50:29:50:34 | call to params | user-provided value | -| ActiveRecordInjection.rb:55:21:55:43 | "id = '#{...}'" | ActiveRecordInjection.rb:55:30:55:35 | call to params | ActiveRecordInjection.rb:55:21:55:43 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:55:30:55:35 | call to params | user-provided value | -| ActiveRecordInjection.rb:59:21:59:45 | call to [] | ActiveRecordInjection.rb:59:31:59:36 | call to params | ActiveRecordInjection.rb:59:21:59:45 | call to [] | This SQL query depends on a $@. | ActiveRecordInjection.rb:59:31:59:36 | call to params | user-provided value | -| ActiveRecordInjection.rb:64:22:64:46 | call to [] | ActiveRecordInjection.rb:64:32:64:37 | call to params | ActiveRecordInjection.rb:64:22:64:46 | call to [] | This SQL query depends on a $@. | ActiveRecordInjection.rb:64:32:64:37 | call to params | user-provided value | -| ActiveRecordInjection.rb:68:16:68:21 | <<-SQL | ActiveRecordInjection.rb:69:21:69:26 | call to params | ActiveRecordInjection.rb:68:16:68:21 | <<-SQL | This SQL query depends on a $@. | ActiveRecordInjection.rb:69:21:69:26 | call to params | user-provided value | -| ActiveRecordInjection.rb:75:20:75:47 | "user.id = '#{...}'" | ActiveRecordInjection.rb:75:34:75:39 | call to params | ActiveRecordInjection.rb:75:20:75:47 | "user.id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:75:34:75:39 | call to params | user-provided value | -| ActiveRecordInjection.rb:81:32:81:54 | "id = '#{...}'" | ActiveRecordInjection.rb:81:41:81:46 | call to params | ActiveRecordInjection.rb:81:32:81:54 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:81:41:81:46 | call to params | user-provided value | -| ActiveRecordInjection.rb:86:23:86:35 | ...[...] | ActiveRecordInjection.rb:86:23:86:28 | call to params | ActiveRecordInjection.rb:86:23:86:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:86:23:86:28 | call to params | user-provided value | -| ActiveRecordInjection.rb:90:17:90:31 | ...[...] | ActiveRecordInjection.rb:90:17:90:22 | call to params | ActiveRecordInjection.rb:90:17:90:31 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:90:17:90:22 | call to params | user-provided value | -| ActiveRecordInjection.rb:91:19:91:33 | ...[...] | ActiveRecordInjection.rb:91:19:91:24 | call to params | ActiveRecordInjection.rb:91:19:91:33 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:91:19:91:24 | call to params | user-provided value | -| ActiveRecordInjection.rb:95:18:95:35 | ...[...] | ActiveRecordInjection.rb:95:18:95:23 | call to params | ActiveRecordInjection.rb:95:18:95:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:95:18:95:23 | call to params | user-provided value | -| ActiveRecordInjection.rb:99:21:99:35 | ...[...] | ActiveRecordInjection.rb:99:21:99:26 | call to params | ActiveRecordInjection.rb:99:21:99:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:99:21:99:26 | call to params | user-provided value | -| ActiveRecordInjection.rb:107:20:107:55 | "name = '#{...}'" | ActiveRecordInjection.rb:107:31:107:36 | call to params | ActiveRecordInjection.rb:107:20:107:55 | "name = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:107:31:107:36 | call to params | user-provided value | -| ActiveRecordInjection.rb:111:19:111:54 | "name = '#{...}'" | ActiveRecordInjection.rb:111:30:111:35 | call to params | ActiveRecordInjection.rb:111:19:111:54 | "name = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:111:30:111:35 | call to params | user-provided value | -| ActiveRecordInjection.rb:113:18:113:35 | ...[...] | ActiveRecordInjection.rb:113:18:113:23 | call to params | ActiveRecordInjection.rb:113:18:113:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:113:18:113:23 | call to params | user-provided value | -| ActiveRecordInjection.rb:115:26:115:40 | ...[...] | ActiveRecordInjection.rb:115:26:115:31 | call to params | ActiveRecordInjection.rb:115:26:115:40 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:115:26:115:31 | call to params | user-provided value | -| ActiveRecordInjection.rb:116:28:116:42 | ...[...] | ActiveRecordInjection.rb:116:28:116:33 | call to params | ActiveRecordInjection.rb:116:28:116:42 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:116:28:116:33 | call to params | user-provided value | -| ActiveRecordInjection.rb:117:25:117:49 | "b #{...}" | ActiveRecordInjection.rb:117:30:117:35 | call to params | ActiveRecordInjection.rb:117:25:117:49 | "b #{...}" | This SQL query depends on a $@. | ActiveRecordInjection.rb:117:30:117:35 | call to params | user-provided value | -| ActiveRecordInjection.rb:118:27:118:51 | "b #{...}" | ActiveRecordInjection.rb:118:32:118:37 | call to params | ActiveRecordInjection.rb:118:27:118:51 | "b #{...}" | This SQL query depends on a $@. | ActiveRecordInjection.rb:118:32:118:37 | call to params | user-provided value | -| ActiveRecordInjection.rb:119:21:119:35 | ...[...] | ActiveRecordInjection.rb:119:21:119:26 | call to params | ActiveRecordInjection.rb:119:21:119:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:119:21:119:26 | call to params | user-provided value | -| ActiveRecordInjection.rb:120:21:120:35 | ...[...] | ActiveRecordInjection.rb:120:21:120:26 | call to params | ActiveRecordInjection.rb:120:21:120:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:120:21:120:26 | call to params | user-provided value | -| ActiveRecordInjection.rb:121:20:121:34 | ...[...] | ActiveRecordInjection.rb:121:20:121:25 | call to params | ActiveRecordInjection.rb:121:20:121:34 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:121:20:121:25 | call to params | user-provided value | -| ActiveRecordInjection.rb:123:23:123:47 | ...[...] | ActiveRecordInjection.rb:123:23:123:28 | call to params | ActiveRecordInjection.rb:123:23:123:47 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:123:23:123:28 | call to params | user-provided value | -| ActiveRecordInjection.rb:127:19:127:30 | ...[...] | ActiveRecordInjection.rb:127:19:127:24 | call to params | ActiveRecordInjection.rb:127:19:127:30 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:127:19:127:24 | call to params | user-provided value | -| ActiveRecordInjection.rb:129:29:129:39 | ...[...] | ActiveRecordInjection.rb:129:29:129:34 | call to params | ActiveRecordInjection.rb:129:29:129:39 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:129:29:129:34 | call to params | user-provided value | -| ActiveRecordInjection.rb:141:20:141:32 | ... + ... | ActiveRecordInjection.rb:135:10:135:15 | call to params | ActiveRecordInjection.rb:141:20:141:32 | ... + ... | This SQL query depends on a $@. | ActiveRecordInjection.rb:135:10:135:15 | call to params | user-provided value | -| ActiveRecordInjection.rb:174:21:174:44 | ...[...] | ActiveRecordInjection.rb:174:21:174:26 | call to params | ActiveRecordInjection.rb:174:21:174:44 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:174:21:174:26 | call to params | user-provided value | -| ActiveRecordInjection.rb:188:27:188:76 | "this is an unsafe annotation:..." | ActiveRecordInjection.rb:188:59:188:64 | call to params | ActiveRecordInjection.rb:188:27:188:76 | "this is an unsafe annotation:..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:188:59:188:64 | call to params | user-provided value | -| ActiveRecordInjection.rb:201:37:201:41 | query | ActiveRecordInjection.rb:206:5:206:10 | call to params | ActiveRecordInjection.rb:201:37:201:41 | query | This SQL query depends on a $@. | ActiveRecordInjection.rb:206:5:206:10 | call to params | user-provided value | -| ActiveRecordInjection.rb:210:43:210:104 | "SELECT * FROM users WHERE id ..." | ActiveRecordInjection.rb:206:5:206:10 | call to params | ActiveRecordInjection.rb:210:43:210:104 | "SELECT * FROM users WHERE id ..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:206:5:206:10 | call to params | user-provided value | -| ActiveRecordInjection.rb:211:35:211:96 | "SELECT * FROM users WHERE id ..." | ActiveRecordInjection.rb:206:5:206:10 | call to params | ActiveRecordInjection.rb:211:35:211:96 | "SELECT * FROM users WHERE id ..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:206:5:206:10 | call to params | user-provided value | -| ActiveRecordInjection.rb:216:38:216:53 | "role = #{...}" | ActiveRecordInjection.rb:222:29:222:34 | call to params | ActiveRecordInjection.rb:216:38:216:53 | "role = #{...}" | This SQL query depends on a $@. | ActiveRecordInjection.rb:222:29:222:34 | call to params | user-provided value | -| ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | ArelInjection.rb:4:12:4:17 | call to params | ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | This SQL query depends on a $@. | ArelInjection.rb:4:12:4:17 | call to params | user-provided value | -| ArelInjection.rb:7:39:7:80 | "SELECT * FROM users WHERE nam..." | ArelInjection.rb:4:12:4:17 | call to params | ArelInjection.rb:7:39:7:80 | "SELECT * FROM users WHERE nam..." | This SQL query depends on a $@. | ArelInjection.rb:4:12:4:17 | call to params | user-provided value | -| PgInjection.rb:14:15:14:18 | qry1 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:14:15:14:18 | qry1 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value | -| PgInjection.rb:15:21:15:24 | qry1 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:15:21:15:24 | qry1 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value | -| PgInjection.rb:20:22:20:25 | qry2 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:20:22:20:25 | qry2 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value | -| PgInjection.rb:21:28:21:31 | qry2 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:21:28:21:31 | qry2 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value | -| PgInjection.rb:32:29:32:32 | qry3 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:32:29:32:32 | qry3 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value | -| PgInjection.rb:44:29:44:32 | qry3 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:44:29:44:32 | qry3 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value | diff --git a/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/UnsafeCodeConstruction.expected b/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/UnsafeCodeConstruction.expected index eae7c03a716..001b42c0caf 100644 --- a/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/UnsafeCodeConstruction.expected +++ b/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/UnsafeCodeConstruction.expected @@ -1,3 +1,15 @@ +#select +| impl/unsafeCode.rb:3:17:3:25 | #{...} | impl/unsafeCode.rb:2:12:2:17 | target | impl/unsafeCode.rb:3:17:3:25 | #{...} | This string interpolation which depends on $@ is later $@. | impl/unsafeCode.rb:2:12:2:17 | target | library input | impl/unsafeCode.rb:3:5:3:27 | call to eval | interpreted as code | +| impl/unsafeCode.rb:8:30:8:30 | x | impl/unsafeCode.rb:7:12:7:12 | x | impl/unsafeCode.rb:8:30:8:30 | x | This string format which depends on $@ is later $@. | impl/unsafeCode.rb:7:12:7:12 | x | library input | impl/unsafeCode.rb:8:5:8:32 | call to eval | interpreted as code | +| impl/unsafeCode.rb:13:33:13:33 | x | impl/unsafeCode.rb:12:12:12:12 | x | impl/unsafeCode.rb:13:33:13:33 | x | This string format which depends on $@ is later $@. | impl/unsafeCode.rb:12:12:12:12 | x | library input | impl/unsafeCode.rb:13:5:13:35 | call to eval | interpreted as code | +| impl/unsafeCode.rb:29:10:29:15 | my_arr | impl/unsafeCode.rb:28:17:28:22 | my_arr | impl/unsafeCode.rb:29:10:29:15 | my_arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:28:17:28:22 | my_arr | library input | impl/unsafeCode.rb:29:5:29:27 | call to eval | interpreted as code | +| impl/unsafeCode.rb:34:10:34:12 | arr | impl/unsafeCode.rb:32:21:32:21 | x | impl/unsafeCode.rb:34:10:34:12 | arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:32:21:32:21 | x | library input | impl/unsafeCode.rb:34:5:34:24 | call to eval | interpreted as code | +| impl/unsafeCode.rb:40:10:40:12 | arr | impl/unsafeCode.rb:37:15:37:15 | x | impl/unsafeCode.rb:40:10:40:12 | arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:37:15:37:15 | x | library input | impl/unsafeCode.rb:40:5:40:24 | call to eval | interpreted as code | +| impl/unsafeCode.rb:44:10:44:12 | arr | impl/unsafeCode.rb:37:15:37:15 | x | impl/unsafeCode.rb:44:10:44:12 | arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:37:15:37:15 | x | library input | impl/unsafeCode.rb:44:5:44:24 | call to eval | interpreted as code | +| impl/unsafeCode.rb:49:9:49:12 | #{...} | impl/unsafeCode.rb:47:15:47:15 | x | impl/unsafeCode.rb:49:9:49:12 | #{...} | This string interpolation which depends on $@ is later $@. | impl/unsafeCode.rb:47:15:47:15 | x | library input | impl/unsafeCode.rb:52:5:52:13 | call to eval | interpreted as code | +| impl/unsafeCode.rb:56:22:56:22 | x | impl/unsafeCode.rb:55:21:55:21 | x | impl/unsafeCode.rb:56:22:56:22 | x | This string concatenation which depends on $@ is later $@. | impl/unsafeCode.rb:55:21:55:21 | x | library input | impl/unsafeCode.rb:57:5:57:13 | call to eval | interpreted as code | +| impl/unsafeCode.rb:62:10:62:12 | arr | impl/unsafeCode.rb:60:21:60:21 | x | impl/unsafeCode.rb:62:10:62:12 | arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:60:21:60:21 | x | library input | impl/unsafeCode.rb:62:5:62:23 | call to eval | interpreted as code | +| impl/unsafeCode.rb:65:10:65:13 | arr2 | impl/unsafeCode.rb:60:24:60:24 | y | impl/unsafeCode.rb:65:10:65:13 | arr2 | This array which depends on $@ is later $@. | impl/unsafeCode.rb:60:24:60:24 | y | library input | impl/unsafeCode.rb:65:5:65:25 | call to eval | interpreted as code | edges | impl/unsafeCode.rb:2:12:2:17 | target | impl/unsafeCode.rb:3:17:3:25 | #{...} | provenance | | | impl/unsafeCode.rb:7:12:7:12 | x | impl/unsafeCode.rb:8:30:8:30 | x | provenance | | @@ -12,18 +24,18 @@ edges | impl/unsafeCode.rb:39:5:39:7 | [post] arr : [collection] [element] | impl/unsafeCode.rb:44:10:44:12 | arr | provenance | | | impl/unsafeCode.rb:39:14:39:14 | x | impl/unsafeCode.rb:39:5:39:7 | [post] arr : [collection] [element] | provenance | | | impl/unsafeCode.rb:47:15:47:15 | x | impl/unsafeCode.rb:49:9:49:12 | #{...} | provenance | | -| impl/unsafeCode.rb:54:21:54:21 | x | impl/unsafeCode.rb:55:22:55:22 | x | provenance | | -| impl/unsafeCode.rb:59:21:59:21 | x | impl/unsafeCode.rb:60:17:60:17 | x | provenance | | -| impl/unsafeCode.rb:59:24:59:24 | y | impl/unsafeCode.rb:63:30:63:30 | y | provenance | | -| impl/unsafeCode.rb:60:5:60:7 | arr : [collection] [element 0] | impl/unsafeCode.rb:61:10:61:12 | arr | provenance | | -| impl/unsafeCode.rb:60:11:60:18 | call to Array : [collection] [element 0] | impl/unsafeCode.rb:60:5:60:7 | arr : [collection] [element 0] | provenance | | -| impl/unsafeCode.rb:60:17:60:17 | x | impl/unsafeCode.rb:60:11:60:18 | call to Array : [collection] [element 0] | provenance | | -| impl/unsafeCode.rb:63:5:63:8 | arr2 : Array [element 0] | impl/unsafeCode.rb:64:10:64:13 | arr2 | provenance | | -| impl/unsafeCode.rb:63:12:63:43 | call to [] : Array [element 0] | impl/unsafeCode.rb:63:5:63:8 | arr2 : Array [element 0] | provenance | | -| impl/unsafeCode.rb:63:13:63:32 | call to Array : Array [element 1] | impl/unsafeCode.rb:63:13:63:42 | call to join | provenance | | -| impl/unsafeCode.rb:63:13:63:42 | call to join | impl/unsafeCode.rb:63:12:63:43 | call to [] : Array [element 0] | provenance | | -| impl/unsafeCode.rb:63:19:63:31 | call to [] : Array [element 1] | impl/unsafeCode.rb:63:13:63:32 | call to Array : Array [element 1] | provenance | | -| impl/unsafeCode.rb:63:30:63:30 | y | impl/unsafeCode.rb:63:19:63:31 | call to [] : Array [element 1] | provenance | | +| impl/unsafeCode.rb:55:21:55:21 | x | impl/unsafeCode.rb:56:22:56:22 | x | provenance | | +| impl/unsafeCode.rb:60:21:60:21 | x | impl/unsafeCode.rb:61:17:61:17 | x | provenance | | +| impl/unsafeCode.rb:60:24:60:24 | y | impl/unsafeCode.rb:64:30:64:30 | y | provenance | | +| impl/unsafeCode.rb:61:5:61:7 | arr : [collection] [element 0] | impl/unsafeCode.rb:62:10:62:12 | arr | provenance | | +| impl/unsafeCode.rb:61:11:61:18 | call to Array : [collection] [element 0] | impl/unsafeCode.rb:61:5:61:7 | arr : [collection] [element 0] | provenance | | +| impl/unsafeCode.rb:61:17:61:17 | x | impl/unsafeCode.rb:61:11:61:18 | call to Array : [collection] [element 0] | provenance | | +| impl/unsafeCode.rb:64:5:64:8 | arr2 : Array [element 0] | impl/unsafeCode.rb:65:10:65:13 | arr2 | provenance | | +| impl/unsafeCode.rb:64:12:64:43 | call to [] : Array [element 0] | impl/unsafeCode.rb:64:5:64:8 | arr2 : Array [element 0] | provenance | | +| impl/unsafeCode.rb:64:13:64:32 | call to Array : Array [element 1] | impl/unsafeCode.rb:64:13:64:42 | call to join | provenance | | +| impl/unsafeCode.rb:64:13:64:42 | call to join | impl/unsafeCode.rb:64:12:64:43 | call to [] : Array [element 0] | provenance | | +| impl/unsafeCode.rb:64:19:64:31 | call to [] : Array [element 1] | impl/unsafeCode.rb:64:13:64:32 | call to Array : Array [element 1] | provenance | | +| impl/unsafeCode.rb:64:30:64:30 | y | impl/unsafeCode.rb:64:19:64:31 | call to [] : Array [element 1] | provenance | | nodes | impl/unsafeCode.rb:2:12:2:17 | target | semmle.label | target | | impl/unsafeCode.rb:3:17:3:25 | #{...} | semmle.label | #{...} | @@ -45,31 +57,19 @@ nodes | impl/unsafeCode.rb:44:10:44:12 | arr | semmle.label | arr | | impl/unsafeCode.rb:47:15:47:15 | x | semmle.label | x | | impl/unsafeCode.rb:49:9:49:12 | #{...} | semmle.label | #{...} | -| impl/unsafeCode.rb:54:21:54:21 | x | semmle.label | x | -| impl/unsafeCode.rb:55:22:55:22 | x | semmle.label | x | -| impl/unsafeCode.rb:59:21:59:21 | x | semmle.label | x | -| impl/unsafeCode.rb:59:24:59:24 | y | semmle.label | y | -| impl/unsafeCode.rb:60:5:60:7 | arr : [collection] [element 0] | semmle.label | arr : [collection] [element 0] | -| impl/unsafeCode.rb:60:11:60:18 | call to Array : [collection] [element 0] | semmle.label | call to Array : [collection] [element 0] | -| impl/unsafeCode.rb:60:17:60:17 | x | semmle.label | x | -| impl/unsafeCode.rb:61:10:61:12 | arr | semmle.label | arr | -| impl/unsafeCode.rb:63:5:63:8 | arr2 : Array [element 0] | semmle.label | arr2 : Array [element 0] | -| impl/unsafeCode.rb:63:12:63:43 | call to [] : Array [element 0] | semmle.label | call to [] : Array [element 0] | -| impl/unsafeCode.rb:63:13:63:32 | call to Array : Array [element 1] | semmle.label | call to Array : Array [element 1] | -| impl/unsafeCode.rb:63:13:63:42 | call to join | semmle.label | call to join | -| impl/unsafeCode.rb:63:19:63:31 | call to [] : Array [element 1] | semmle.label | call to [] : Array [element 1] | -| impl/unsafeCode.rb:63:30:63:30 | y | semmle.label | y | -| impl/unsafeCode.rb:64:10:64:13 | arr2 | semmle.label | arr2 | +| impl/unsafeCode.rb:55:21:55:21 | x | semmle.label | x | +| impl/unsafeCode.rb:56:22:56:22 | x | semmle.label | x | +| impl/unsafeCode.rb:60:21:60:21 | x | semmle.label | x | +| impl/unsafeCode.rb:60:24:60:24 | y | semmle.label | y | +| impl/unsafeCode.rb:61:5:61:7 | arr : [collection] [element 0] | semmle.label | arr : [collection] [element 0] | +| impl/unsafeCode.rb:61:11:61:18 | call to Array : [collection] [element 0] | semmle.label | call to Array : [collection] [element 0] | +| impl/unsafeCode.rb:61:17:61:17 | x | semmle.label | x | +| impl/unsafeCode.rb:62:10:62:12 | arr | semmle.label | arr | +| impl/unsafeCode.rb:64:5:64:8 | arr2 : Array [element 0] | semmle.label | arr2 : Array [element 0] | +| impl/unsafeCode.rb:64:12:64:43 | call to [] : Array [element 0] | semmle.label | call to [] : Array [element 0] | +| impl/unsafeCode.rb:64:13:64:32 | call to Array : Array [element 1] | semmle.label | call to Array : Array [element 1] | +| impl/unsafeCode.rb:64:13:64:42 | call to join | semmle.label | call to join | +| impl/unsafeCode.rb:64:19:64:31 | call to [] : Array [element 1] | semmle.label | call to [] : Array [element 1] | +| impl/unsafeCode.rb:64:30:64:30 | y | semmle.label | y | +| impl/unsafeCode.rb:65:10:65:13 | arr2 | semmle.label | arr2 | subpaths -#select -| impl/unsafeCode.rb:3:17:3:25 | #{...} | impl/unsafeCode.rb:2:12:2:17 | target | impl/unsafeCode.rb:3:17:3:25 | #{...} | This string interpolation which depends on $@ is later $@. | impl/unsafeCode.rb:2:12:2:17 | target | library input | impl/unsafeCode.rb:3:5:3:27 | call to eval | interpreted as code | -| impl/unsafeCode.rb:8:30:8:30 | x | impl/unsafeCode.rb:7:12:7:12 | x | impl/unsafeCode.rb:8:30:8:30 | x | This string format which depends on $@ is later $@. | impl/unsafeCode.rb:7:12:7:12 | x | library input | impl/unsafeCode.rb:8:5:8:32 | call to eval | interpreted as code | -| impl/unsafeCode.rb:13:33:13:33 | x | impl/unsafeCode.rb:12:12:12:12 | x | impl/unsafeCode.rb:13:33:13:33 | x | This string format which depends on $@ is later $@. | impl/unsafeCode.rb:12:12:12:12 | x | library input | impl/unsafeCode.rb:13:5:13:35 | call to eval | interpreted as code | -| impl/unsafeCode.rb:29:10:29:15 | my_arr | impl/unsafeCode.rb:28:17:28:22 | my_arr | impl/unsafeCode.rb:29:10:29:15 | my_arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:28:17:28:22 | my_arr | library input | impl/unsafeCode.rb:29:5:29:27 | call to eval | interpreted as code | -| impl/unsafeCode.rb:34:10:34:12 | arr | impl/unsafeCode.rb:32:21:32:21 | x | impl/unsafeCode.rb:34:10:34:12 | arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:32:21:32:21 | x | library input | impl/unsafeCode.rb:34:5:34:24 | call to eval | interpreted as code | -| impl/unsafeCode.rb:40:10:40:12 | arr | impl/unsafeCode.rb:37:15:37:15 | x | impl/unsafeCode.rb:40:10:40:12 | arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:37:15:37:15 | x | library input | impl/unsafeCode.rb:40:5:40:24 | call to eval | interpreted as code | -| impl/unsafeCode.rb:44:10:44:12 | arr | impl/unsafeCode.rb:37:15:37:15 | x | impl/unsafeCode.rb:44:10:44:12 | arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:37:15:37:15 | x | library input | impl/unsafeCode.rb:44:5:44:24 | call to eval | interpreted as code | -| impl/unsafeCode.rb:49:9:49:12 | #{...} | impl/unsafeCode.rb:47:15:47:15 | x | impl/unsafeCode.rb:49:9:49:12 | #{...} | This string interpolation which depends on $@ is later $@. | impl/unsafeCode.rb:47:15:47:15 | x | library input | impl/unsafeCode.rb:51:5:51:13 | call to eval | interpreted as code | -| impl/unsafeCode.rb:55:22:55:22 | x | impl/unsafeCode.rb:54:21:54:21 | x | impl/unsafeCode.rb:55:22:55:22 | x | This string concatenation which depends on $@ is later $@. | impl/unsafeCode.rb:54:21:54:21 | x | library input | impl/unsafeCode.rb:56:5:56:13 | call to eval | interpreted as code | -| impl/unsafeCode.rb:61:10:61:12 | arr | impl/unsafeCode.rb:59:21:59:21 | x | impl/unsafeCode.rb:61:10:61:12 | arr | This array which depends on $@ is later $@. | impl/unsafeCode.rb:59:21:59:21 | x | library input | impl/unsafeCode.rb:61:5:61:23 | call to eval | interpreted as code | -| impl/unsafeCode.rb:64:10:64:13 | arr2 | impl/unsafeCode.rb:59:24:59:24 | y | impl/unsafeCode.rb:64:10:64:13 | arr2 | This array which depends on $@ is later $@. | impl/unsafeCode.rb:59:24:59:24 | y | library input | impl/unsafeCode.rb:64:5:64:25 | call to eval | interpreted as code | diff --git a/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/impl/unsafeCode.rb b/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/impl/unsafeCode.rb index 38a042bf7f4..b0f623c4224 100644 --- a/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/impl/unsafeCode.rb +++ b/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/impl/unsafeCode.rb @@ -46,7 +46,8 @@ class Foobar def hereDoc(x) # $ Source foo = <<~HERE - #{x} # $ Alert + #{x} #{# $ Alert +} HERE eval(foo) # NOT OK end