hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update CLI injection tests

Browse Source 
Cover more cases, like sinks after (but not guarded by) barrier guards.
This commit is contained in:
Harry Maclean
2021-09-08 13:18:40 +01:00
parent d046fb0591
commit c8e9a592f0
2 changed files with 44 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
ql/test/query-tests/security/cwe-078/CommandInjection.expected
View File

@@ -1,19 +1,32 @@
edges
| CommandInjection.rb:5:15:5:20 | call to params : | CommandInjection.rb:6:10:6:15 | #{...} |
| CommandInjection.rb:5:15:5:20 | call to params : | CommandInjection.rb:7:16:7:18 | cmd |
| CommandInjection.rb:5:15:5:20 | call to params : | CommandInjection.rb:8:14:8:16 | cmd |
| CommandInjection.rb:5:15:5:20 | call to params : | CommandInjection.rb:9:17:9:22 | #{...} |
| CommandInjection.rb:5:15:5:20 | call to params : | CommandInjection.rb:11:9:11:14 | #{...} |
| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:7:10:7:15 | #{...} |
| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:8:16:8:18 | cmd |
| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:9:14:9:16 | cmd |
| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:10:17:10:22 | #{...} |
| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:12:9:12:14 | #{...} |
| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:25:19:25:24 | #{...} |
| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:29:24:29:36 | "echo #{...}" |
| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:30:39:30:51 | "grep #{...}" |
| CommandInjection.rb:41:15:41:20 | call to params : | CommandInjection.rb:45:24:45:36 | "echo #{...}" |
nodes
| CommandInjection.rb:5:15:5:20 | call to params : | semmle.label | call to params : |
| CommandInjection.rb:6:10:6:15 | #{...} | semmle.label | #{...} |
| CommandInjection.rb:7:16:7:18 | cmd | semmle.label | cmd |
| CommandInjection.rb:8:14:8:16 | cmd | semmle.label | cmd |
| CommandInjection.rb:9:17:9:22 | #{...} | semmle.label | #{...} |
| CommandInjection.rb:11:9:11:14 | #{...} | semmle.label | #{...} |
| CommandInjection.rb:6:15:6:20 | call to params : | semmle.label | call to params : |
| CommandInjection.rb:7:10:7:15 | #{...} | semmle.label | #{...} |
| CommandInjection.rb:8:16:8:18 | cmd | semmle.label | cmd |
| CommandInjection.rb:9:14:9:16 | cmd | semmle.label | cmd |
| CommandInjection.rb:10:17:10:22 | #{...} | semmle.label | #{...} |
| CommandInjection.rb:12:9:12:14 | #{...} | semmle.label | #{...} |
| CommandInjection.rb:25:19:25:24 | #{...} | semmle.label | #{...} |
| CommandInjection.rb:29:24:29:36 | "echo #{...}" | semmle.label | "echo #{...}" |
| CommandInjection.rb:30:39:30:51 | "grep #{...}" | semmle.label | "grep #{...}" |
| CommandInjection.rb:41:15:41:20 | call to params : | semmle.label | call to params : |
| CommandInjection.rb:45:24:45:36 | "echo #{...}" | semmle.label | "echo #{...}" |
#select
| CommandInjection.rb:6:10:6:15 | #{...} | CommandInjection.rb:5:15:5:20 | call to params : | CommandInjection.rb:6:10:6:15 | #{...} | This command depends on $@. | CommandInjection.rb:5:15:5:20 | call to params | a user-provided value |
| CommandInjection.rb:7:16:7:18 | cmd | CommandInjection.rb:5:15:5:20 | call to params : | CommandInjection.rb:7:16:7:18 | cmd | This command depends on $@. | CommandInjection.rb:5:15:5:20 | call to params | a user-provided value |
| CommandInjection.rb:8:14:8:16 | cmd | CommandInjection.rb:5:15:5:20 | call to params : | CommandInjection.rb:8:14:8:16 | cmd | This command depends on $@. | CommandInjection.rb:5:15:5:20 | call to params | a user-provided value |
| CommandInjection.rb:9:17:9:22 | #{...} | CommandInjection.rb:5:15:5:20 | call to params : | CommandInjection.rb:9:17:9:22 | #{...} | This command depends on $@. | CommandInjection.rb:5:15:5:20 | call to params | a user-provided value |
| CommandInjection.rb:11:9:11:14 | #{...} | CommandInjection.rb:5:15:5:20 | call to params : | CommandInjection.rb:11:9:11:14 | #{...} | This command depends on $@. | CommandInjection.rb:5:15:5:20 | call to params | a user-provided value |
| CommandInjection.rb:7:10:7:15 | #{...} | CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:7:10:7:15 | #{...} | This command depends on $@. | CommandInjection.rb:6:15:6:20 | call to params | a user-provided value |
| CommandInjection.rb:8:16:8:18 | cmd | CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:8:16:8:18 | cmd | This command depends on $@. | CommandInjection.rb:6:15:6:20 | call to params | a user-provided value |
| CommandInjection.rb:9:14:9:16 | cmd | CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:9:14:9:16 | cmd | This command depends on $@. | CommandInjection.rb:6:15:6:20 | call to params | a user-provided value |
| CommandInjection.rb:10:17:10:22 | #{...} | CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:10:17:10:22 | #{...} | This command depends on $@. | CommandInjection.rb:6:15:6:20 | call to params | a user-provided value |
| CommandInjection.rb:12:9:12:14 | #{...} | CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:12:9:12:14 | #{...} | This command depends on $@. | CommandInjection.rb:6:15:6:20 | call to params | a user-provided value |
| CommandInjection.rb:25:19:25:24 | #{...} | CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:25:19:25:24 | #{...} | This command depends on $@. | CommandInjection.rb:6:15:6:20 | call to params | a user-provided value |
| CommandInjection.rb:29:24:29:36 | "echo #{...}" | CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:29:24:29:36 | "echo #{...}" | This command depends on $@. | CommandInjection.rb:6:15:6:20 | call to params | a user-provided value |
| CommandInjection.rb:30:39:30:51 | "grep #{...}" | CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:30:39:30:51 | "grep #{...}" | This command depends on $@. | CommandInjection.rb:6:15:6:20 | call to params | a user-provided value |
| CommandInjection.rb:45:24:45:36 | "echo #{...}" | CommandInjection.rb:41:15:41:20 | call to params : | CommandInjection.rb:45:24:45:36 | "echo #{...}" | This command depends on $@. | CommandInjection.rb:41:15:41:20 | call to params | a user-provided value |

15
ql/test/query-tests/security/cwe-078/CommandInjection.rb
View File

@@ -1,4 +1,5 @@
require "shellwords"
require "open3"
class UsersController < ActionController::Base
def create
@@ -20,7 +21,13 @@ EOF
if %w(foo bar).include? cmd
`echo #{cmd}`
else
`echo #{cmd}`
end
# Open3 methods
Open3.capture2("echo #{cmd}")
Open3.pipeline("cat foo.txt", "grep #{cmd}")
end
def show
@@ -29,4 +36,12 @@ EOF
exec("ls")
%x(ls)
end
def index
cmd = params[:key]
if %w(foo bar).include? cmd
`echo #{cmd}`
end
Open3.capture2("echo #{cmd}")
end
end