hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12670 from alexrford/mergeback-rc/3.9

Browse Source 
Merge `rc/3.9` back into `main`
This commit is contained in:
Arthur Baars
2023-03-28 10:49:08 +02:00
committed by GitHub
parent 32bab0b8b2 181e5d588d
commit cd53c77e23
3 changed files with 12 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ruby/ql/src/change-notes/2023-03-24-sensitive-get-query-problem.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* `rb/sensitive-get-query` no longer reports flow paths from input parameters to sensitive use nodes. This avoids cases where many flow paths could be generated for a single parameter, which caused excessive paths to be generated.

12
ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.ql
View File

@@ -2,7 +2,7 @@
* @name Sensitive data read from GET request
* @description Placing sensitive data in a GET request increases the risk of
* the data being exposed to an attacker.
* @kind path-problem
* @kind problem
* @problem.severity warning
* @security-severity 6.5
* @precision high
@@ -12,12 +12,10 @@
*/
import ruby
import DataFlow::PathGraph
import codeql.ruby.security.SensitiveGetQueryQuery
import codeql.ruby.security.SensitiveActions
from DataFlow::PathNode source, DataFlow::PathNode sink, SensitiveGetQuery::Configuration config
where config.hasFlowPath(source, sink)
select source.getNode(), source, sink,
"$@ for GET requests uses query parameter as sensitive data.",
source.getNode().(SensitiveGetQuery::Source).getHandler(), "Route handler"
from DataFlow::Node source, DataFlow::Node sink, SensitiveGetQuery::Configuration config
where config.hasFlow(source, sink)
select source, "$@ for GET requests uses query parameter as sensitive data.",
source.(SensitiveGetQuery::Source).getHandler(), "Route handler"

29
ruby/ql/test/query-tests/security/cwe-598/SensitiveGetQuery.expected
View File

@@ -1,26 +1,3 @@
edges
| app/controllers/users_controller.rb:4:11:4:16 | call to params : | app/controllers/users_controller.rb:4:11:4:27 | ...[...] |
| app/controllers/users_controller.rb:9:5:9:12 | password : | app/controllers/users_controller.rb:10:42:10:49 | password |
| app/controllers/users_controller.rb:9:16:9:21 | call to params : | app/controllers/users_controller.rb:9:16:9:27 | ...[...] : |
| app/controllers/users_controller.rb:9:16:9:27 | ...[...] : | app/controllers/users_controller.rb:9:5:9:12 | password : |
| app/controllers/users_controller.rb:14:5:14:13 | [post] self [@password] : | app/controllers/users_controller.rb:15:42:15:50 | self [@password] : |
| app/controllers/users_controller.rb:14:17:14:22 | call to params : | app/controllers/users_controller.rb:14:17:14:28 | ...[...] : |
| app/controllers/users_controller.rb:14:17:14:28 | ...[...] : | app/controllers/users_controller.rb:14:5:14:13 | [post] self [@password] : |
| app/controllers/users_controller.rb:15:42:15:50 | self [@password] : | app/controllers/users_controller.rb:15:42:15:50 | @password |
nodes
| app/controllers/users_controller.rb:4:11:4:16 | call to params : | semmle.label | call to params : |
| app/controllers/users_controller.rb:4:11:4:27 | ...[...] | semmle.label | ...[...] |
| app/controllers/users_controller.rb:9:5:9:12 | password : | semmle.label | password : |
| app/controllers/users_controller.rb:9:16:9:21 | call to params : | semmle.label | call to params : |
| app/controllers/users_controller.rb:9:16:9:27 | ...[...] : | semmle.label | ...[...] : |
| app/controllers/users_controller.rb:10:42:10:49 | password | semmle.label | password |
| app/controllers/users_controller.rb:14:5:14:13 | [post] self [@password] : | semmle.label | [post] self [@password] : |
| app/controllers/users_controller.rb:14:17:14:22 | call to params : | semmle.label | call to params : |
| app/controllers/users_controller.rb:14:17:14:28 | ...[...] : | semmle.label | ...[...] : |
| app/controllers/users_controller.rb:15:42:15:50 | @password | semmle.label | @password |
| app/controllers/users_controller.rb:15:42:15:50 | self [@password] : | semmle.label | self [@password] : |
subpaths
#select
| app/controllers/users_controller.rb:4:11:4:16 | call to params | app/controllers/users_controller.rb:4:11:4:16 | call to params : | app/controllers/users_controller.rb:4:11:4:27 | ...[...] | $@ for GET requests uses query parameter as sensitive data. | app/controllers/users_controller.rb:3:3:6:5 | login_get_1 | Route handler |
| app/controllers/users_controller.rb:9:16:9:21 | call to params | app/controllers/users_controller.rb:9:16:9:21 | call to params : | app/controllers/users_controller.rb:10:42:10:49 | password | $@ for GET requests uses query parameter as sensitive data. | app/controllers/users_controller.rb:8:3:11:5 | login_get_2 | Route handler |
| app/controllers/users_controller.rb:14:17:14:22 | call to params | app/controllers/users_controller.rb:14:17:14:22 | call to params : | app/controllers/users_controller.rb:15:42:15:50 | @password | $@ for GET requests uses query parameter as sensitive data. | app/controllers/users_controller.rb:13:3:16:5 | login_get_3 | Route handler |
| app/controllers/users_controller.rb:4:11:4:16 | call to params | $@ for GET requests uses query parameter as sensitive data. | app/controllers/users_controller.rb:3:3:6:5 | login_get_1 | Route handler |
| app/controllers/users_controller.rb:9:16:9:21 | call to params | $@ for GET requests uses query parameter as sensitive data. | app/controllers/users_controller.rb:8:3:11:5 | login_get_2 | Route handler |
| app/controllers/users_controller.rb:14:17:14:22 | call to params | $@ for GET requests uses query parameter as sensitive data. | app/controllers/users_controller.rb:13:3:16:5 | login_get_3 | Route handler |