hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into ruby/rails-cookie-config

Browse Source
This commit is contained in:
Alex Ford
2022-01-04 12:04:44 +00:00
parent 7d3932dc8d 344e380fa3
commit dadaf25262
540 changed files with 3373 additions and 232 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ruby/ql/lib/CHANGELOG.md
View File

@@ -1 +1,7 @@
## 0.0.5
### New Features
* A new library, `Customizations.qll`, has been added, which allows for global customizations that affect all queries.
## 0.0.4

4
ruby/ql/lib/change-notes/2021-12-21-constants.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: deprecated
---
* `ConstantWriteAccess.getQualifiedName()` has been deprecated in favor of `getAQualifiedName()` which can return multiple possible qualified names for a given constant write access.

5
ruby/ql/lib/change-notes/released/0.0.5.md Normal file
View File

@@ -0,0 +1,5 @@
## 0.0.5
### New Features
* A new library, `Customizations.qll`, has been added, which allows for global customizations that affect all queries.

2
ruby/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.0.4
lastReleaseVersion: 0.0.5

2
ruby/ql/lib/codeql/ruby/ApiGraphs.qll
View File

@@ -98,7 +98,7 @@ module API {
/**
* Gets a `new` call to the function represented by this API component.
*/
DataFlow::Node getAnInstantiation() { result = this.getInstance().getAnImmediateUse() }
DataFlow::ExprNode getAnInstantiation() { result = this.getInstance().getAnImmediateUse() }
/**
* Gets a node representing a subclass of the class represented by this node.

42
ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll
View File

@@ -4,6 +4,7 @@ import ruby
import codeql.ruby.DataFlow
private import internal.FlowSummaryImpl as Impl
private import internal.DataFlowDispatch
private import internal.DataFlowPrivate
// import all instances below
private module Summaries {
@@ -22,12 +23,34 @@ module SummaryComponent {
predicate content = SC::content/1;
/** Gets a summary component that represents a qualifier. */
SummaryComponent qualifier() { result = argument(any(ParameterPosition pos | pos.isSelf())) }
/** Gets a summary component that represents a receiver. */
SummaryComponent receiver() { result = argument(any(ParameterPosition pos | pos.isSelf())) }
/** Gets a summary component that represents a block argument. */
SummaryComponent block() { result = argument(any(ParameterPosition pos | pos.isBlock())) }
/** Gets a summary component that represents an element in an array at an unknown index. */
SummaryComponent arrayElementUnknown() { result = SC::content(TUnknownArrayElementContent()) }
/** Gets a summary component that represents an element in an array at a known index. */
bindingset[i]
SummaryComponent arrayElementKnown(int i) {
result = SC::content(TKnownArrayElementContent(i))
or
// `i` may be out of range
not exists(TKnownArrayElementContent(i)) and
result = arrayElementUnknown()
}
/**
* Gets a summary component that represents an element in an array at either an unknown
* index or known index. This predicate should never be used in the output specification
* of a flow summary; use `arrayElementUnknown()` instead.
*/
SummaryComponent arrayElementAny() {
result in [arrayElementUnknown(), SC::content(TKnownArrayElementContent(_))]
}
/** Gets a summary component that represents the return value of a call. */
SummaryComponent return() { result = SC::return(any(NormalReturnKind rk)) }
}
@@ -44,8 +67,8 @@ module SummaryComponentStack {
predicate argument = SCS::argument/1;
/** Gets a singleton stack representing a qualifier. */
SummaryComponentStack qualifier() { result = singleton(SummaryComponent::qualifier()) }
/** Gets a singleton stack representing a receiver. */
SummaryComponentStack receiver() { result = singleton(SummaryComponent::receiver()) }
/** Gets a singleton stack representing a block argument. */
SummaryComponentStack block() { result = singleton(SummaryComponent::block()) }
@@ -108,6 +131,17 @@ abstract class SummarizedCallable extends LibraryCallable {
predicate clearsContent(ParameterPosition pos, DataFlow::Content content) { none() }
}
/**
* A callable with a flow summary, identified by a unique string, where all
* calls to a method with the same name are considered relevant.
*/
abstract class SimpleSummarizedCallable extends SummarizedCallable {
bindingset[this]
SimpleSummarizedCallable() { any() }
final override MethodCall getACall() { result.getMethodName() = this }
}
private class SummarizedCallableAdapter extends Impl::Public::SummarizedCallable {
private SummarizedCallable sc;

2
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
View File

@@ -250,7 +250,7 @@ private module Cached {
TPositionalParameterPosition(int pos) {
pos = any(Parameter p).getPosition()
or
pos in [0 .. 10] // TODO: remove once `Argument[_]` summaries are replaced with `Argument[i..]`
pos in [0 .. 100] // TODO: remove once `Argument[_]` summaries are replaced with `Argument[i..]`
or
FlowSummaryImplSpecific::ParsePositions::isParsedArgumentPosition(_, pos)
} or

12
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll
View File

@@ -294,9 +294,13 @@ private module Cached {
}
cached
newtype TContent = TTodoContent() // stub
newtype TContent =
TKnownArrayElementContent(int i) { i in [0 .. 10] } or
TUnknownArrayElementContent()
}
class TArrayElementContent = TKnownArrayElementContent or TUnknownArrayElementContent;
import Cached
/** Holds if `n` should be hidden from path explanations. */
@@ -741,8 +745,6 @@ predicate readStep(Node node1, Content c, Node node2) {
* in `x.f = newValue`.
*/
predicate clearsContent(Node n, Content c) {
storeStep(_, c, n)
or
FlowSummaryImpl::Private::Steps::summaryClearsContent(n, c)
}
@@ -886,4 +888,6 @@ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preserves
* One example would be to allow flow like `p.foo = p.bar;`, which is disallowed
* by default as a heuristic.
*/
predicate allowParameterReturnInSelf(ParameterNode p) { none() }
predicate allowParameterReturnInSelf(ParameterNode p) {
FlowSummaryImpl::Private::summaryAllowParameterReturnInSelf(p)
}

40
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll
View File

@@ -45,19 +45,19 @@ class Node extends TNode {
}
/** A data-flow node corresponding to a call in the control-flow graph. */
class CallNode extends LocalSourceNode {
class CallNode extends LocalSourceNode, ExprNode {
private CfgNodes::ExprNodes::CallCfgNode node;
CallNode() { node = this.asExpr() }
CallNode() { node = this.getExprNode() }
/** Gets the data-flow node corresponding to the receiver of the call corresponding to this data-flow node */
Node getReceiver() { result.asExpr() = node.getReceiver() }
ExprNode getReceiver() { result.getExprNode() = node.getReceiver() }
/** Gets the data-flow node corresponding to the `n`th argument of the call corresponding to this data-flow node */
Node getArgument(int n) { result.asExpr() = node.getArgument(n) }
ExprNode getArgument(int n) { result.getExprNode() = node.getArgument(n) }
/** Gets the data-flow node corresponding to the named argument of the call corresponding to this data-flow node */
Node getKeywordArgument(string name) { result.asExpr() = node.getKeywordArgument(name) }
ExprNode getKeywordArgument(string name) { result.getExprNode() = node.getKeywordArgument(name) }
/** Gets the name of the the method called by the method call (if any) corresponding to this data-flow node */
string getMethodName() { result = node.getExpr().(MethodCall).getMethodName() }
@@ -161,10 +161,7 @@ predicate localExprFlow(CfgNodes::ExprCfgNode e1, CfgNodes::ExprCfgNode e2) {
localFlow(exprNode(e1), exprNode(e2))
}
/**
* A reference contained in an object. This is either a field, a property,
* or an element in a collection.
*/
/** A reference contained in an object. */
class Content extends TContent {
/** Gets a textual representation of this content. */
string toString() { none() }
@@ -173,6 +170,31 @@ class Content extends TContent {
Location getLocation() { none() }
}
/** Provides different sub classes of `Content`. */
module Content {
/** An element in an array. */
class ArrayElementContent extends Content, TArrayElementContent { }
/** An element in an array at a known index. */
class KnownArrayElementContent extends ArrayElementContent, TKnownArrayElementContent {
private int i;
KnownArrayElementContent() { this = TKnownArrayElementContent(i) }
/** Gets the index in the array. */
int getIndex() { result = i }
override string toString() { result = "array element " + i }
}
/** An element in an array at an unknown index. */
class UnknownArrayElementContent extends ArrayElementContent, TUnknownArrayElementContent {
UnknownArrayElementContent() { this = TUnknownArrayElementContent() }
override string toString() { result = "array element" }
}
}
/**
* A guard that validates some expression.
*

21
ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll
View File

@@ -58,12 +58,33 @@ predicate summaryElement(DataFlowCallable c, string input, string output, string
* This covers all the Ruby-specific components of a flow summary, and
* is currently restricted to `"BlockArgument"`.
*/
bindingset[c]
SummaryComponent interpretComponentSpecific(string c) {
c = "Receiver" and
result = FlowSummary::SummaryComponent::receiver()
or
c = "BlockArgument" and
result = FlowSummary::SummaryComponent::block()
or
c = "Argument[_]" and
result = FlowSummary::SummaryComponent::argument(any(ParameterPosition pos | pos.isPositional(_)))
or
c = "ArrayElement" and
result = FlowSummary::SummaryComponent::arrayElementAny()
or
c = "ArrayElement[?]" and
result = FlowSummary::SummaryComponent::arrayElementUnknown()
or
exists(int i |
c.regexpCapture("ArrayElement\\[([0-9]+)\\]", 1).toInt() = i and
result = FlowSummary::SummaryComponent::arrayElementKnown(i)
)
or
exists(int i1, int i2 |
c.regexpCapture("ArrayElement\\[([-0-9]+)\\.\\.([0-9]+)\\]", 1).toInt() = i1 and
c.regexpCapture("ArrayElement\\[([-0-9]+)\\.\\.([0-9]+)\\]", 2).toInt() = i2 and
result = FlowSummary::SummaryComponent::arrayElementKnown([i1 .. i2])
)
}
/** Gets the textual representation of a summary component in the format used for flow summaries. */

9
ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll
View File

@@ -1,4 +1,5 @@
private import ruby
private import DataFlowPrivate
private import TaintTrackingPublic
private import codeql.ruby.CFG
private import codeql.ruby.DataFlow
@@ -34,8 +35,10 @@ predicate defaultAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nod
nodeFrom.asExpr() =
nodeTo.asExpr().(CfgNodes::ExprNodes::StringlikeLiteralCfgNode).getAComponent()
or
// element reference from nodeFrom
nodeFrom.asExpr() = nodeTo.asExpr().(CfgNodes::ExprNodes::ElementReferenceCfgNode).getReceiver()
or
FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom, nodeTo, false)
or
// Although flow through arrays is modelled precisely using stores/reads, we still
// allow flow out of a _tainted_ array. This is needed in order to support taint-
// tracking configurations where the source is an array.
readStep(nodeFrom, any(DataFlow::Content::ArrayElementContent c), nodeTo)
}

1102
ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll
View File

File diff suppressed because it is too large Load Diff

2
ruby/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/ruby-all
version: 0.0.5-dev
version: 0.0.6-dev
groups: ruby
extractor: ruby
dbscheme: ruby.dbscheme

2
ruby/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,5 @@
## 0.0.5
## 0.0.4
### New Queries

1
ruby/ql/src/change-notes/released/0.0.5.md Normal file
View File

@@ -0,0 +1 @@
## 0.0.5

2
ruby/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.0.4
lastReleaseVersion: 0.0.5

2
ruby/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/ruby-queries
version: 0.0.5-dev
version: 0.0.6-dev
groups: ruby
suites: codeql-suites
defaultSuiteFile: codeql-suites/ruby-code-scanning.qls

2
ruby/ql/src/queries/security/cwe-116/BadTagFilter.ql
View File

@@ -10,6 +10,8 @@
* security
* external/cwe/cwe-116
* external/cwe/cwe-020
* external/cwe/cwe-185
* external/cwe/cwe-186
*/
import codeql.ruby.security.BadTagFilterQuery

1071
ruby/ql/test/library-tests/dataflow/array-flow/array-flow.expected Normal file
View File

File diff suppressed because it is too large Load Diff

15
ruby/ql/test/library-tests/dataflow/array-flow/array-flow.ql Normal file
View File

@@ -0,0 +1,15 @@
/**
* @kind path-problem
*/
import ruby
import TestUtilities.InlineFlowTest
import PathGraph
class HasFlowTest extends InlineFlowTest {
override DataFlow::Configuration getTaintFlowConfig() { none() }
}
from DataFlow::PathNode source, DataFlow::PathNode sink, DefaultValueFlowConf conf
where conf.hasFlowPath(source, sink)
select sink, source, sink, "$@", source, source.toString()

523
ruby/ql/test/library-tests/dataflow/array-flow/array_flow.rb Normal file
View File

@@ -0,0 +1,523 @@
def m0(i)
a = *source(0)
sink(a[0]) # $ hasValueFlow=0
sink(a[1])
sink(a[i]) # $ hasValueFlow=0
end
def m1(i)
a = [0, source(1), 2]
sink(a[0])
sink(a[1]) # $ hasValueFlow=1
sink(a[2])
sink(a[i]) # $ hasValueFlow=1
end
def m2(i)
a = Array.new(1, source(2.1))
sink(a[0]) # $ hasValueFlow=2.1
sink(a[i]) # $ hasValueFlow=2.1
b = Array.new(a)
sink(b[0]) # $ hasValueFlow=2.1
sink(b[i]) # $ hasValueFlow=2.1
c = Array.new(1) do |x|
source(2.2)
end
sink(c[0]) # $ hasValueFlow=2.2
sink(c[i]) # $ hasValueFlow=2.2
end
def m3
a = [source(3), 1]
b = Array.try_convert(a)
sink(b[0]) # $ hasValueFlow=3
sink(b[1])
end
def m4
a = [source(4.1), 1]
b = [2, 3, source(4.2)]
c = a & b
sink(c[0]) # $ hasValueFlow=4.1 $ hasValueFlow=4.2
sink(c[1]) # $ hasValueFlow=4.1 $ hasValueFlow=4.2
end
def m5
a = [source(5), 1]
b = a * 3
sink(b[0]) # $ hasValueFlow=5
sink(b[1]) # $ hasValueFlow=5
end
def m6
a = [source(6.1), 1]
b = [2, source(6.2)]
c = a + b
sink(c[0]) # $ hasValueFlow=6.1 $ hasValueFlow=6.2
sink(c[1]) # $ hasValueFlow=6.2
end
def m7
a = [source(7.1), 1]
b = [2, source(7.2)]
c = a - b
sink(c[0]) # $ hasValueFlow=7.1
sink(c[1]) # $ hasValueFlow=7.1
end
def m8
a = [source(8.1), 1]
b = a << source(8.2)
sink(b[0]) # $ hasValueFlow=8.1 $ hasValueFlow=8.2
sink(b[1]) # $ hasValueFlow=8.2
end
def m9(i)
a = [0, source(9), 2]
b, c, d = a
sink(b)
sink(c) # $ hasValueFlow=9
sink(d)
end
def m10(i)
a = [0, source(10), 2]
b = a[0, 2]
sink(b[0]) # $ hasValueFlow=10
sink(b[1]) # $ hasValueFlow=10
sink(b[i]) # $ hasValueFlow=10
end
def m11(i)
a = [0, source(11), 2]
b = a[0..2]
sink(b[0]) # $ hasValueFlow=11
sink(b[1]) # $ hasValueFlow=11
sink(b[i]) # $ hasValueFlow=11
end
def m12(i)
a = [0, 1]
a[0, 1] = source(12)
sink(a[0]) # $ hasValueFlow=12
sink(a[1]) # $ hasValueFlow=12
sink(a[i]) # $ hasValueFlow=12
end
def m13(i)
a = [0, 1]
a[0, 1] = [0, source(13), 2]
sink(a[0]) # $ hasValueFlow=13
sink(a[1]) # $ hasValueFlow=13
sink(a[i]) # $ hasValueFlow=13
end
def m14(i)
a = [0, 1]
a[0..1] = source(14)
sink(a[0]) # $ hasValueFlow=14
sink(a[1]) # $ hasValueFlow=14
sink(a[i]) # $ hasValueFlow=14
end
def m15(i)
a = [0, 1]
a[0..1] = [0, source(15), 2]
sink(a[0]) # $ hasValueFlow=15
sink(a[1]) # $ hasValueFlow=15
sink(a[i]) # $ hasValueFlow=15
end
def m16
a = [0, 1, source(16)]
a.all? do |x|
sink x # $ hasValueFlow=16
end
end
def m17
a = [0, 1, source(17)]
a.any? do |x|
sink x # $ hasValueFlow=17
end
end
def m18
a = ["a", 0]
b = ["b", 1]
c = ["c", source(18)]
d = [a, b, c]
sink (d.assoc("a")[0]) # $ hasValueFlow=18
sink (d.assoc("c")[0]) # $ hasValueFlow=18
end
def m19(i)
a = [0, source(19), 2]
sink(a.at(0))
sink(a.at(1)) # $ hasValueFlow=19
sink(a.at(2))
sink(a.at(i)) # $ hasValueFlow=19
end
def m20
a = [0, 1, source(20)]
b = a.bsearch do |x|
sink x # $ hasValueFlow=20
end
sink b # $ hasValueFlow=20
end
def m21
a = [0, 1, source(21)]
b = a.bsearch_index do |x|
sink x # $ hasValueFlow=21
end
sink b
end
def m22
a = [0, 1, source(22)]
a.clear()
sink(a[2])
end
def m23
a = [0, 1, source(23)]
b = a.collect do |x|
sink x # $ hasValueFlow=23
x
end
sink(b[0]) # $ hasValueFlow=23
end
def m24
a = [0, 1, source(24)]
b = a.collect_concat do |x|
sink x # $ hasValueFlow=24
[x, x]
end
sink(b[0]) # $ hasValueFlow=24
end
def m25
a = [0, 1, source(25)]
a.combination(1) do |x|
sink(x[0]) # $ hasValueFlow=25
end
end
def m26
a = [0, 1, source(26)]
b = a.compact
sink(b[0]) # $ hasValueFlow=26
end
def m27
a = [0, 1, source(27.1)]
b = [0, 1, source(27.2)]
a.concat(b)
sink(a[0]) # $ hasValueFlow=27.2
sink(a[2]) # $ hasValueFlow=27.1 $ hasValueFlow=27.2
end
def m28
a = [0, 1, source(28)]
a.count do |x|
sink x # $ hasValueFlow=28
end
end
def m29
a = [0, 1, source(29)]
a.cycle(2) do |x|
sink x # $ hasValueFlow=29
end
end
def m30
a = [0, 1, source(30.1)]
b = a.delete(2) { source(30.2) }
sink b # $ hasValueFlow=30.1 $ hasValueFlow=30.2
end
def m31
a = [0, 1, source(31)]
b = a.delete_at(2)
sink b # $ hasValueFlow=31
end
def m32
a = [0, 1, source(32)]
b = a.delete_if do |x|
sink x # $ hasValueFlow=32
end
sink(b[0]) # $ hasValueFlow=32
end
def m33
a = [0, 1, source(33)]
b = a.difference([1])
sink(b[0]) # $ hasValueFlow=33
end
def m34(i)
a = [0, 1, source(34.1), [0, source(34.2)]]
sink(a.dig(0))
sink(a.dig(2)) # $ hasValueFlow=34.1
sink(a.dig(i)) # $ hasValueFlow=34.1
sink(a.dig(3,0))
sink(a.dig(3,1)) # $ hasValueFlow=34.2
end
def m35
a = [0, 1, source(35.1)]
b = a.detect(-> { source(35.2) }) do |x|
sink x # $ hasValueFlow=35.1
end
sink b # $ hasValueFlow=35.1 $ hasValueFlow=35.2
end
def m36(i)
a = [0, 1, source(36.1), source(36.2)]
b = a.drop(i)
sink(b[0]) # $ hasValueFlow=36.1 # $ hasValueFlow=36.2
b = a.drop(1)
sink(b[0])
sink(b[1]) # $ hasValueFlow=36.1
sink(b[i]) # $ hasValueFlow=36.1 # $ hasValueFlow=36.2
a[i] = source(36.3)
b = a.drop(1)
sink(b[1]) # $ hasValueFlow=36.1 # $ hasValueFlow=36.3
c = b.drop(100)
sink(c[1]) # $ hasValueFlow=36.3
end
def m37
a = [0, 1, source(37.1), source(37.2)]
b = a.drop_while do |x|
sink x # $ hasValueFlow=37.1 # $ hasValueFlow=37.2
end
sink(b[0]) # $ hasValueFlow=37.1 # $ hasValueFlow=37.2
end
def m38
a = [0, 1, source(38)]
b = a.each do |x|
sink x # $ hasValueFlow=38
end
sink(b[2]) # $ hasValueFlow=38
end
def m39
a = [0, 1, source(39)]
b = for x in a # desugars to an `each` call
sink x # $ hasValueFlow=39
end
sink x # $ hasValueFlow=39
sink(b[2]) # $ hasValueFlow=39
end
def m40
a = [0, 1, source(40)]
a.each_cons(2) do |x|
sink (x[0]) # $ hasValueFlow=40
end
end
def m41
a = [0, 1, source(41)]
b = a.each_entry do |x|
sink x # $ hasValueFlow=41
end
sink(b[2]) # $ hasValueFlow=41
end
def m42
a = [0, 1, source(42)]
b = a.each_index do |x|
sink x
end
sink(b[2]) # $ hasValueFlow=42
end
def m43
a = [0, 1, 2, source(43)]
a.each_slice(1) do |x|
sink(x[0]) # $ hasValueFlow=43
end
end
def m44
a = [0, 1, 2, source(44)]
b = a.each_with_index do |x,i|
sink(x) # $ hasValueFlow=44
sink(i)
end
sink(b[3]) # $ hasValueFlow=44
end
def m45
a = [0, 1, 2, source(45.1)]
b = a.each_with_object(source(45.2)) do |x,a|
sink(x) # $ hasValueFlow=45.1
sink(a) # $ hasValueFlow=45.2
end
sink(b) # $ hasValueFlow=45.2
end
def m46(i)
a = [0, 1, 2, source(46.1)]
b = a.fetch(source(46.2)) do |x|
sink(x) # $ hasValueFlow=46.2
end
sink(b) # $ hasValueFlow=46.1
end
def m47
a = [0, 1, 2, source(47.1)]
a.fill(source(47.2), 1, 1)
sink(a[3]) # $ hasValueFlow=47.1 $ hasValueFlow=47.2
a.fill(source(47.3))
sink(a[0]) # $ hasValueFlow=47.3
a.fill do |i|
source(47.4)
end
sink(a[0]) # $ hasValueFlow=47.4
a.fill(2) do |i|
source(47.5)
end
sink(a[0]) # $ hasValueFlow=47.4 $ hasValueFlow=47.5
end
def m48
a = [0, 1, 2, source(48)]
b = a.filter do |x|
sink(x) # $ hasValueFlow=48
end
sink(b[0]) # $ hasValueFlow=48
end
def m49
a = [0, 1, 2, source(49)]
b = a.filter_map do |x|
sink(x) # $ hasValueFlow=49
end
sink(b[0]) # $ hasValueFlow=49
end
def m50
a = [0, 1, 2, source(50)]
b = a.filter! do |x|
sink(x) # $ hasValueFlow=50
x > 2
end
sink(b[0]) # $ hasValueFlow=50
end
def m51
a = [0, 1, 2, source(51.1)]
b = a.find(-> { source(51.2) }) do |x|
sink(x) # $ hasValueFlow=51.1
end
sink(b) # $ hasValueFlow=51.1 $ hasValueFlow=51.2
end
def m52
a = [0, 1, 2, source(52)]
b = a.find_all do |x|
sink(x) # $ hasValueFlow=52
end
sink(b[0]) # $ hasValueFlow=52
end
def m53
a = [0, 1, 2, source(53)]
a.find_index do |x|
sink(x) # $ hasValueFlow=53
end
end
def m54(i)
a = [source(54.1), 1, 2, source(54.2)]
a[i] = source(54.3)
sink(a.first) # $ hasValueFlow=54.1 $ hasValueFlow=54.3
b = a.first(2)
sink(b[0]) # $ hasValueFlow=54.1 $ hasValueFlow=54.3
sink(b[4]) # $ hasValueFlow=54.3
c = a.first(i)
sink(c[0]) # $ hasValueFlow=54.1 $ hasValueFlow=54.3
sink(c[3]) # $ hasValueFlow=54.2 $ hasValueFlow=54.3
end
def m55
a = [0, 1, 2, source(55.1)]
b = a.flat_map do |x|
sink(x) # $ hasValueFlow=55.1
[x, source(55.2)]
end
sink(b[0]) # $ hasValueFlow=55.1 $ hasValueFlow=55.2
end
def m56
a = [0, 1, [2, source(56)]]
b = a.flatten
sink(b[0]) # $ hasValueFlow=56
end
def m57
a = [0, 1, [2, source(57)]]
sink(a[2][1]) # $ hasValueFlow=57
a.flatten!
sink(a[0]) # $ hasValueFlow=57
sink(a[2][1]) # $ SPURIOUS: hasValueFlow=57
end
def m58
a = [0, 1, 2, source(58.1)]
b = a.grep(/.*/)
sink(b[0]) # $ hasValueFlow=58.1
b = a.grep(/.*/) do |x|
sink x # $ hasValueFlow=58.1
source(58.2)
end
sink(b[0]) # $ hasValueFlow=58.2
end
def m59
a = [0, 1, 2, source(59.1)]
b = a.grep_v(/A/)
sink(b[0]) # $ hasValueFlow=59.1
b = a.grep_v(/A/) do |x|
sink x # $ hasValueFlow=59.1
source(59.2)
end
sink(b[0]) # $ hasValueFlow=59.2
end
def m60
a = [0, 1, 2, source(60)]
a.index do |x|
sink x # $ hasValueFlow=60
end
end
def m61
a = [0, 1, 2, source(61.1)]
a.replace([source(61.2)])
sink(a[0]) # $ hasValueFlow=61.2
end
# TODO: assign appropriate number when reached in the alphabetical ordering
def m2600
a = [0, 1, source(2600.1)]
a.prepend(2, 3, source(2600.2))
sink(a[0])
sink(a[1])
sink(a[2]) # $ hasValueFlow=2600.2
sink(a[3])
sink(a[4])
sink(a[5]) # $ hasValueFlow=2600.1
end

3
ruby/ql/test/library-tests/dataflow/local/Nodes.ql
View File

@@ -5,5 +5,6 @@ import codeql.ruby.dataflow.internal.DataFlowDispatch
query predicate ret(ReturningNode node) { any() }
query predicate arg(ArgumentNode n, DataFlowCall call, ArgumentPosition pos) {
n.argumentOf(call, pos)
n.argumentOf(call, pos) and
not n instanceof SummaryNode
}

1
ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected
View File

@@ -27,6 +27,7 @@ nodes
| summaries.rb:18:6:18:13 | tainted3 | semmle.label | tainted3 |
subpaths
invalidSpecComponent
invalidOutputSpecComponent
#select
| summaries.rb:2:6:2:12 | tainted | summaries.rb:1:20:1:26 | "taint" : | summaries.rb:2:6:2:12 | tainted | $@ | summaries.rb:1:20:1:26 | "taint" : | "taint" : |
| summaries.rb:5:8:5:8 | x | summaries.rb:1:20:1:26 | "taint" : | summaries.rb:5:8:5:8 | x | $@ | summaries.rb:1:20:1:26 | "taint" : | "taint" : |

6
ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql
View File

@@ -13,6 +13,12 @@ query predicate invalidSpecComponent(SummarizedCallable sc, string s, string c)
Private::External::invalidSpecComponent(s, c)
}
query predicate invalidOutputSpecComponent(SummarizedCallable sc, string s, string c) {
sc.propagatesFlowExt(_, s, _) and
Private::External::specSplit(s, c, _) and
c = "ArrayElement" // not allowed in output specs; use `ArrayElement[?] instead
}
private class SummarizedCallableIdentity extends SummarizedCallable {
SummarizedCallableIdentity() { this = "identity" }

4
ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected
View File

@@ -1,5 +1,6 @@
edges
| tainted_path.rb:4:12:4:17 | call to params : | tainted_path.rb:5:26:5:29 | path |
| tainted_path.rb:4:12:4:17 | call to params : | tainted_path.rb:4:12:4:24 | ...[...] : |
| tainted_path.rb:4:12:4:24 | ...[...] : | tainted_path.rb:5:26:5:29 | path |
| tainted_path.rb:10:12:10:43 | call to absolute_path : | tainted_path.rb:11:26:11:29 | path |
| tainted_path.rb:10:31:10:36 | call to params : | tainted_path.rb:10:31:10:43 | ...[...] : |
| tainted_path.rb:10:31:10:43 | ...[...] : | tainted_path.rb:10:12:10:43 | call to absolute_path : |
@@ -23,6 +24,7 @@ edges
| tainted_path.rb:47:43:47:55 | ...[...] : | tainted_path.rb:47:12:47:63 | call to join : |
nodes
| tainted_path.rb:4:12:4:17 | call to params : | semmle.label | call to params : |
| tainted_path.rb:4:12:4:24 | ...[...] : | semmle.label | ...[...] : |
| tainted_path.rb:5:26:5:29 | path | semmle.label | path |
| tainted_path.rb:10:12:10:43 | call to absolute_path : | semmle.label | call to absolute_path : |
| tainted_path.rb:10:31:10:36 | call to params : | semmle.label | call to params : |

22
ruby/ql/test/query-tests/security/cwe-078/CommandInjection.expected
View File

@@ -1,15 +1,18 @@
edges
| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:7:10:7:15 | #{...} |
| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:8:16:8:18 | cmd |
| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:10:14:10:16 | cmd |
| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:11:17:11:22 | #{...} |
| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:13:9:13:14 | #{...} |
| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:29:19:29:24 | #{...} |
| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:33:24:33:36 | "echo #{...}" |
| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:34:39:34:51 | "grep #{...}" |
| CommandInjection.rb:46:15:46:20 | call to params : | CommandInjection.rb:50:24:50:36 | "echo #{...}" |
| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:6:15:6:26 | ...[...] : |
| CommandInjection.rb:6:15:6:26 | ...[...] : | CommandInjection.rb:7:10:7:15 | #{...} |
| CommandInjection.rb:6:15:6:26 | ...[...] : | CommandInjection.rb:8:16:8:18 | cmd |
| CommandInjection.rb:6:15:6:26 | ...[...] : | CommandInjection.rb:10:14:10:16 | cmd |
| CommandInjection.rb:6:15:6:26 | ...[...] : | CommandInjection.rb:11:17:11:22 | #{...} |
| CommandInjection.rb:6:15:6:26 | ...[...] : | CommandInjection.rb:13:9:13:14 | #{...} |
| CommandInjection.rb:6:15:6:26 | ...[...] : | CommandInjection.rb:29:19:29:24 | #{...} |
| CommandInjection.rb:6:15:6:26 | ...[...] : | CommandInjection.rb:33:24:33:36 | "echo #{...}" |
| CommandInjection.rb:6:15:6:26 | ...[...] : | CommandInjection.rb:34:39:34:51 | "grep #{...}" |
| CommandInjection.rb:46:15:46:20 | call to params : | CommandInjection.rb:46:15:46:26 | ...[...] : |
| CommandInjection.rb:46:15:46:26 | ...[...] : | CommandInjection.rb:50:24:50:36 | "echo #{...}" |
nodes
| CommandInjection.rb:6:15:6:20 | call to params : | semmle.label | call to params : |
| CommandInjection.rb:6:15:6:26 | ...[...] : | semmle.label | ...[...] : |
| CommandInjection.rb:7:10:7:15 | #{...} | semmle.label | #{...} |
| CommandInjection.rb:8:16:8:18 | cmd | semmle.label | cmd |
| CommandInjection.rb:10:14:10:16 | cmd | semmle.label | cmd |
@@ -19,6 +22,7 @@ nodes
| CommandInjection.rb:33:24:33:36 | "echo #{...}" | semmle.label | "echo #{...}" |
| CommandInjection.rb:34:39:34:51 | "grep #{...}" | semmle.label | "grep #{...}" |
| CommandInjection.rb:46:15:46:20 | call to params : | semmle.label | call to params : |
| CommandInjection.rb:46:15:46:26 | ...[...] : | semmle.label | ...[...] : |
| CommandInjection.rb:50:24:50:36 | "echo #{...}" | semmle.label | "echo #{...}" |
subpaths
#select

6
ruby/ql/test/query-tests/security/cwe-078/KernelOpen.expected
View File

@@ -1,8 +1,10 @@
edges
| KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:4:10:4:13 | file |
| KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:5:13:5:16 | file |
| KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:3:12:3:24 | ...[...] : |
| KernelOpen.rb:3:12:3:24 | ...[...] : | KernelOpen.rb:4:10:4:13 | file |
| KernelOpen.rb:3:12:3:24 | ...[...] : | KernelOpen.rb:5:13:5:16 | file |
nodes
| KernelOpen.rb:3:12:3:17 | call to params : | semmle.label | call to params : |
| KernelOpen.rb:3:12:3:24 | ...[...] : | semmle.label | ...[...] : |
| KernelOpen.rb:4:10:4:13 | file | semmle.label | file |
| KernelOpen.rb:5:13:5:16 | file | semmle.label | file |
subpaths

10
ruby/ql/test/query-tests/security/cwe-079/ReflectedXSS.expected
View File

@@ -1,11 +1,13 @@
edges
| app/controllers/foo/bars_controller.rb:9:12:9:17 | call to params : | app/controllers/foo/bars_controller.rb:9:12:9:29 | ...[...] : |
| app/controllers/foo/bars_controller.rb:9:12:9:29 | ...[...] : | app/views/foo/bars/show.html.erb:47:5:47:13 | call to user_name |
| app/controllers/foo/bars_controller.rb:13:20:13:25 | call to params : | app/views/foo/bars/show.html.erb:51:5:51:18 | call to user_name_memo |
| app/controllers/foo/bars_controller.rb:13:20:13:25 | call to params : | app/controllers/foo/bars_controller.rb:13:20:13:37 | ...[...] : |
| app/controllers/foo/bars_controller.rb:13:20:13:37 | ...[...] : | app/views/foo/bars/show.html.erb:51:5:51:18 | call to user_name_memo |
| app/controllers/foo/bars_controller.rb:17:21:17:26 | call to params : | app/controllers/foo/bars_controller.rb:17:21:17:36 | ...[...] : |
| app/controllers/foo/bars_controller.rb:17:21:17:36 | ...[...] : | app/views/foo/bars/show.html.erb:2:18:2:30 | @user_website |
| app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | app/controllers/foo/bars_controller.rb:19:22:19:23 | dt : |
| app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | app/controllers/foo/bars_controller.rb:23:53:23:54 | dt : |
| app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | app/controllers/foo/bars_controller.rb:18:10:18:22 | ...[...] : |
| app/controllers/foo/bars_controller.rb:18:10:18:22 | ...[...] : | app/controllers/foo/bars_controller.rb:19:22:19:23 | dt : |
| app/controllers/foo/bars_controller.rb:18:10:18:22 | ...[...] : | app/controllers/foo/bars_controller.rb:23:53:23:54 | dt : |
| app/controllers/foo/bars_controller.rb:19:22:19:23 | dt : | app/views/foo/bars/show.html.erb:41:3:41:16 | @instance_text |
| app/controllers/foo/bars_controller.rb:23:53:23:54 | dt : | app/views/foo/bars/show.html.erb:5:9:5:20 | call to display_text |
| app/controllers/foo/bars_controller.rb:23:53:23:54 | dt : | app/views/foo/bars/show.html.erb:8:9:8:36 | ...[...] |
@@ -21,9 +23,11 @@ nodes
| app/controllers/foo/bars_controller.rb:9:12:9:17 | call to params : | semmle.label | call to params : |
| app/controllers/foo/bars_controller.rb:9:12:9:29 | ...[...] : | semmle.label | ...[...] : |
| app/controllers/foo/bars_controller.rb:13:20:13:25 | call to params : | semmle.label | call to params : |
| app/controllers/foo/bars_controller.rb:13:20:13:37 | ...[...] : | semmle.label | ...[...] : |
| app/controllers/foo/bars_controller.rb:17:21:17:26 | call to params : | semmle.label | call to params : |
| app/controllers/foo/bars_controller.rb:17:21:17:36 | ...[...] : | semmle.label | ...[...] : |
| app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | semmle.label | call to params : |
| app/controllers/foo/bars_controller.rb:18:10:18:22 | ...[...] : | semmle.label | ...[...] : |
| app/controllers/foo/bars_controller.rb:19:22:19:23 | dt : | semmle.label | dt : |
| app/controllers/foo/bars_controller.rb:23:53:23:54 | dt : | semmle.label | dt : |
| app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | semmle.label | call to display_text |

34
ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected
View File

@@ -4,22 +4,31 @@ edges
| ActiveRecordInjection.rb:20:22:20:30 | condition : | ActiveRecordInjection.rb:23:16:23:24 | condition |
| ActiveRecordInjection.rb:35:30:35:35 | call to params : | ActiveRecordInjection.rb:35:30:35:44 | ...[...] |
| ActiveRecordInjection.rb:39:18:39:23 | call to params : | ActiveRecordInjection.rb:39:18:39:32 | ...[...] |
| ActiveRecordInjection.rb:43:29:43:34 | call to params : | ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" |
| ActiveRecordInjection.rb:48:30:48:35 | call to params : | ActiveRecordInjection.rb:48:21:48:43 | "id = '#{...}'" |
| ActiveRecordInjection.rb:52:31:52:36 | call to params : | ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" |
| ActiveRecordInjection.rb:57:32:57:37 | call to params : | ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" |
| ActiveRecordInjection.rb:62:21:62:26 | call to params : | ActiveRecordInjection.rb:61:16:61:21 | <<-SQL |
| ActiveRecordInjection.rb:68:34:68:39 | call to params : | ActiveRecordInjection.rb:68:20:68:47 | "user.id = '#{...}'" |
| ActiveRecordInjection.rb:43:29:43:34 | call to params : | ActiveRecordInjection.rb:43:29:43:39 | ...[...] : |
| ActiveRecordInjection.rb:43:29:43:39 | ...[...] : | ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" |
| ActiveRecordInjection.rb:48:30:48:35 | call to params : | ActiveRecordInjection.rb:48:30:48:40 | ...[...] : |
| ActiveRecordInjection.rb:48:30:48:40 | ...[...] : | ActiveRecordInjection.rb:48:21:48:43 | "id = '#{...}'" |
| ActiveRecordInjection.rb:52:31:52:36 | call to params : | ActiveRecordInjection.rb:52:31:52:41 | ...[...] : |
| ActiveRecordInjection.rb:52:31:52:41 | ...[...] : | ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" |
| ActiveRecordInjection.rb:57:32:57:37 | call to params : | ActiveRecordInjection.rb:57:32:57:42 | ...[...] : |
| ActiveRecordInjection.rb:57:32:57:42 | ...[...] : | ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" |
| ActiveRecordInjection.rb:62:21:62:26 | call to params : | ActiveRecordInjection.rb:62:21:62:35 | ...[...] : |
| ActiveRecordInjection.rb:62:21:62:35 | ...[...] : | ActiveRecordInjection.rb:61:16:61:21 | <<-SQL |
| ActiveRecordInjection.rb:68:34:68:39 | call to params : | ActiveRecordInjection.rb:68:34:68:44 | ...[...] : |
| ActiveRecordInjection.rb:68:34:68:44 | ...[...] : | ActiveRecordInjection.rb:68:20:68:47 | "user.id = '#{...}'" |
| ActiveRecordInjection.rb:70:23:70:28 | call to params : | ActiveRecordInjection.rb:70:23:70:35 | ...[...] : |
| ActiveRecordInjection.rb:70:23:70:35 | ...[...] : | ActiveRecordInjection.rb:8:25:8:28 | name : |
| ActiveRecordInjection.rb:70:38:70:43 | call to params : | ActiveRecordInjection.rb:70:38:70:50 | ...[...] : |
| ActiveRecordInjection.rb:70:38:70:50 | ...[...] : | ActiveRecordInjection.rb:8:31:8:34 | pass : |
| ActiveRecordInjection.rb:74:41:74:46 | call to params : | ActiveRecordInjection.rb:74:32:74:54 | "id = '#{...}'" |
| ActiveRecordInjection.rb:74:41:74:46 | call to params : | ActiveRecordInjection.rb:74:41:74:51 | ...[...] : |
| ActiveRecordInjection.rb:74:41:74:51 | ...[...] : | ActiveRecordInjection.rb:74:32:74:54 | "id = '#{...}'" |
| ActiveRecordInjection.rb:83:17:83:22 | call to params : | ActiveRecordInjection.rb:83:17:83:31 | ...[...] |
| ActiveRecordInjection.rb:84:19:84:24 | call to params : | ActiveRecordInjection.rb:84:19:84:33 | ...[...] |
| ActiveRecordInjection.rb:88:18:88:23 | call to params : | ActiveRecordInjection.rb:88:18:88:35 | ...[...] |
| ActiveRecordInjection.rb:92:21:92:26 | call to params : | ActiveRecordInjection.rb:92:21:92:35 | ...[...] |
| ActiveRecordInjection.rb:98:10:98:15 | call to params : | ActiveRecordInjection.rb:104:20:104:32 | ... + ... |
| ActiveRecordInjection.rb:98:10:98:15 | call to params : | ActiveRecordInjection.rb:99:11:99:12 | ps : |
| ActiveRecordInjection.rb:99:11:99:12 | ps : | ActiveRecordInjection.rb:99:11:99:17 | ...[...] : |
| ActiveRecordInjection.rb:99:11:99:17 | ...[...] : | ActiveRecordInjection.rb:104:20:104:32 | ... + ... |
| ActiveRecordInjection.rb:137:21:137:26 | call to params : | ActiveRecordInjection.rb:137:21:137:44 | ...[...] : |
| ActiveRecordInjection.rb:137:21:137:44 | ...[...] : | ActiveRecordInjection.rb:20:22:20:30 | condition : |
nodes
@@ -34,22 +43,29 @@ nodes
| ActiveRecordInjection.rb:39:18:39:32 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:43:29:43:34 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:43:29:43:39 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:48:21:48:43 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:48:30:48:35 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:48:30:48:40 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:52:31:52:36 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:52:31:52:41 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:57:32:57:37 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:57:32:57:42 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:61:16:61:21 | <<-SQL | semmle.label | <<-SQL |
| ActiveRecordInjection.rb:62:21:62:26 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:62:21:62:35 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:68:20:68:47 | "user.id = '#{...}'" | semmle.label | "user.id = '#{...}'" |
| ActiveRecordInjection.rb:68:34:68:39 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:68:34:68:44 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:70:23:70:28 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:70:23:70:35 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:70:38:70:43 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:70:38:70:50 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:74:32:74:54 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:74:41:74:46 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:74:41:74:51 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:83:17:83:22 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:83:17:83:31 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:84:19:84:24 | call to params : | semmle.label | call to params : |
@@ -59,6 +75,8 @@ nodes
| ActiveRecordInjection.rb:92:21:92:26 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:92:21:92:35 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:98:10:98:15 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:99:11:99:12 | ps : | semmle.label | ps : |
| ActiveRecordInjection.rb:99:11:99:17 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:104:20:104:32 | ... + ... | semmle.label | ... + ... |
| ActiveRecordInjection.rb:137:21:137:26 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:137:21:137:44 | ...[...] : | semmle.label | ...[...] : |

8
ruby/ql/test/query-tests/security/cwe-094/CodeInjection.expected
View File

@@ -1,9 +1,11 @@
edges
| CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:6:10:6:13 | code |
| CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:18:20:18:23 | code |
| CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:21:21:21:24 | code |
| CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:3:12:3:24 | ...[...] : |
| CodeInjection.rb:3:12:3:24 | ...[...] : | CodeInjection.rb:6:10:6:13 | code |
| CodeInjection.rb:3:12:3:24 | ...[...] : | CodeInjection.rb:18:20:18:23 | code |
| CodeInjection.rb:3:12:3:24 | ...[...] : | CodeInjection.rb:21:21:21:24 | code |
nodes
| CodeInjection.rb:3:12:3:17 | call to params : | semmle.label | call to params : |
| CodeInjection.rb:3:12:3:24 | ...[...] : | semmle.label | ...[...] : |
| CodeInjection.rb:6:10:6:13 | code | semmle.label | code |
| CodeInjection.rb:9:10:9:15 | call to params | semmle.label | call to params |
| CodeInjection.rb:18:20:18:23 | code | semmle.label | code |

44
ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.expected
View File

@@ -1,24 +1,29 @@
edges
| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:10:5:10:8 | name |
| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:11:5:11:8 | name |
| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:12:5:12:8 | name |
| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:13:5:13:8 | name |
| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:14:5:14:8 | name |
| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:15:5:15:8 | name |
| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:16:5:16:8 | name |
| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:17:5:17:8 | name |
| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:18:5:18:8 | name |
| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:19:5:19:8 | name |
| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:20:5:20:8 | name |
| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:21:5:21:8 | name |
| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:22:5:22:8 | name |
| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:23:17:23:20 | name |
| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:24:18:24:21 | name |
| PolynomialReDoS.rb:27:9:27:14 | call to params : | PolynomialReDoS.rb:28:5:28:5 | a |
| PolynomialReDoS.rb:29:9:29:14 | call to params : | PolynomialReDoS.rb:30:5:30:5 | b |
| PolynomialReDoS.rb:31:9:31:14 | call to params : | PolynomialReDoS.rb:32:5:32:5 | c |
| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:4:12:4:24 | ...[...] : |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:10:5:10:8 | name |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:11:5:11:8 | name |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:12:5:12:8 | name |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:13:5:13:8 | name |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:14:5:14:8 | name |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:15:5:15:8 | name |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:16:5:16:8 | name |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:17:5:17:8 | name |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:18:5:18:8 | name |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:19:5:19:8 | name |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:20:5:20:8 | name |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:21:5:21:8 | name |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:22:5:22:8 | name |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:23:17:23:20 | name |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:24:18:24:21 | name |
| PolynomialReDoS.rb:27:9:27:14 | call to params : | PolynomialReDoS.rb:27:9:27:18 | ...[...] : |
| PolynomialReDoS.rb:27:9:27:18 | ...[...] : | PolynomialReDoS.rb:28:5:28:5 | a |
| PolynomialReDoS.rb:29:9:29:14 | call to params : | PolynomialReDoS.rb:29:9:29:18 | ...[...] : |
| PolynomialReDoS.rb:29:9:29:18 | ...[...] : | PolynomialReDoS.rb:30:5:30:5 | b |
| PolynomialReDoS.rb:31:9:31:14 | call to params : | PolynomialReDoS.rb:31:9:31:18 | ...[...] : |
| PolynomialReDoS.rb:31:9:31:18 | ...[...] : | PolynomialReDoS.rb:32:5:32:5 | c |
nodes
| PolynomialReDoS.rb:4:12:4:17 | call to params : | semmle.label | call to params : |
| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | semmle.label | ...[...] : |
| PolynomialReDoS.rb:10:5:10:8 | name | semmle.label | name |
| PolynomialReDoS.rb:11:5:11:8 | name | semmle.label | name |
| PolynomialReDoS.rb:12:5:12:8 | name | semmle.label | name |
@@ -35,10 +40,13 @@ nodes
| PolynomialReDoS.rb:23:17:23:20 | name | semmle.label | name |
| PolynomialReDoS.rb:24:18:24:21 | name | semmle.label | name |
| PolynomialReDoS.rb:27:9:27:14 | call to params : | semmle.label | call to params : |
| PolynomialReDoS.rb:27:9:27:18 | ...[...] : | semmle.label | ...[...] : |
| PolynomialReDoS.rb:28:5:28:5 | a | semmle.label | a |
| PolynomialReDoS.rb:29:9:29:14 | call to params : | semmle.label | call to params : |
| PolynomialReDoS.rb:29:9:29:18 | ...[...] : | semmle.label | ...[...] : |
| PolynomialReDoS.rb:30:5:30:5 | b | semmle.label | b |
| PolynomialReDoS.rb:31:9:31:14 | call to params : | semmle.label | call to params : |
| PolynomialReDoS.rb:31:9:31:18 | ...[...] : | semmle.label | ...[...] : |
| PolynomialReDoS.rb:32:5:32:5 | c | semmle.label | c |
subpaths
#select

20
ruby/ql/test/query-tests/security/cwe-1333-regexp-injection/RegExpInjection.expected
View File

@@ -1,19 +1,29 @@
edges
| RegExpInjection.rb:4:12:4:17 | call to params : | RegExpInjection.rb:5:13:5:21 | /#{...}/ |
| RegExpInjection.rb:10:12:10:17 | call to params : | RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ |
| RegExpInjection.rb:16:12:16:17 | call to params : | RegExpInjection.rb:17:24:17:27 | name |
| RegExpInjection.rb:22:12:22:17 | call to params : | RegExpInjection.rb:23:24:23:33 | ... + ... |
| RegExpInjection.rb:54:12:54:17 | call to params : | RegExpInjection.rb:55:28:55:37 | ... + ... |
| RegExpInjection.rb:4:12:4:17 | call to params : | RegExpInjection.rb:4:12:4:24 | ...[...] : |
| RegExpInjection.rb:4:12:4:24 | ...[...] : | RegExpInjection.rb:5:13:5:21 | /#{...}/ |
| RegExpInjection.rb:10:12:10:17 | call to params : | RegExpInjection.rb:10:12:10:24 | ...[...] : |
| RegExpInjection.rb:10:12:10:24 | ...[...] : | RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ |
| RegExpInjection.rb:16:12:16:17 | call to params : | RegExpInjection.rb:16:12:16:24 | ...[...] : |
| RegExpInjection.rb:16:12:16:24 | ...[...] : | RegExpInjection.rb:17:24:17:27 | name |
| RegExpInjection.rb:22:12:22:17 | call to params : | RegExpInjection.rb:22:12:22:24 | ...[...] : |
| RegExpInjection.rb:22:12:22:24 | ...[...] : | RegExpInjection.rb:23:24:23:33 | ... + ... |
| RegExpInjection.rb:54:12:54:17 | call to params : | RegExpInjection.rb:54:12:54:24 | ...[...] : |
| RegExpInjection.rb:54:12:54:24 | ...[...] : | RegExpInjection.rb:55:28:55:37 | ... + ... |
nodes
| RegExpInjection.rb:4:12:4:17 | call to params : | semmle.label | call to params : |
| RegExpInjection.rb:4:12:4:24 | ...[...] : | semmle.label | ...[...] : |
| RegExpInjection.rb:5:13:5:21 | /#{...}/ | semmle.label | /#{...}/ |
| RegExpInjection.rb:10:12:10:17 | call to params : | semmle.label | call to params : |
| RegExpInjection.rb:10:12:10:24 | ...[...] : | semmle.label | ...[...] : |
| RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ | semmle.label | /foo#{...}bar/ |
| RegExpInjection.rb:16:12:16:17 | call to params : | semmle.label | call to params : |
| RegExpInjection.rb:16:12:16:24 | ...[...] : | semmle.label | ...[...] : |
| RegExpInjection.rb:17:24:17:27 | name | semmle.label | name |
| RegExpInjection.rb:22:12:22:17 | call to params : | semmle.label | call to params : |
| RegExpInjection.rb:22:12:22:24 | ...[...] : | semmle.label | ...[...] : |
| RegExpInjection.rb:23:24:23:33 | ... + ... | semmle.label | ... + ... |
| RegExpInjection.rb:54:12:54:17 | call to params : | semmle.label | call to params : |
| RegExpInjection.rb:54:12:54:24 | ...[...] : | semmle.label | ...[...] : |
| RegExpInjection.rb:55:28:55:37 | ... + ... | semmle.label | ... + ... |
subpaths
#select

4
ruby/ql/test/query-tests/security/cwe-502/oj-global-options/UnsafeDeserialization.expected
View File

@@ -1,7 +1,9 @@
edges
| OjGlobalOptions.rb:13:17:13:22 | call to params : | OjGlobalOptions.rb:14:22:14:30 | json_data |
| OjGlobalOptions.rb:13:17:13:22 | call to params : | OjGlobalOptions.rb:13:17:13:28 | ...[...] : |
| OjGlobalOptions.rb:13:17:13:28 | ...[...] : | OjGlobalOptions.rb:14:22:14:30 | json_data |
nodes
| OjGlobalOptions.rb:13:17:13:22 | call to params : | semmle.label | call to params : |
| OjGlobalOptions.rb:13:17:13:28 | ...[...] : | semmle.label | ...[...] : |
| OjGlobalOptions.rb:14:22:14:30 | json_data | semmle.label | json_data |
subpaths
#select

30
ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.expected
View File

@@ -1,27 +1,41 @@
edges
| UnsafeDeserialization.rb:9:39:9:44 | call to params : | UnsafeDeserialization.rb:10:27:10:41 | serialized_data |
| UnsafeDeserialization.rb:15:39:15:44 | call to params : | UnsafeDeserialization.rb:16:30:16:44 | serialized_data |
| UnsafeDeserialization.rb:21:17:21:22 | call to params : | UnsafeDeserialization.rb:22:24:22:32 | json_data |
| UnsafeDeserialization.rb:27:17:27:22 | call to params : | UnsafeDeserialization.rb:28:27:28:35 | json_data |
| UnsafeDeserialization.rb:39:17:39:22 | call to params : | UnsafeDeserialization.rb:40:24:40:32 | yaml_data |
| UnsafeDeserialization.rb:51:17:51:22 | call to params : | UnsafeDeserialization.rb:52:22:52:30 | json_data |
| UnsafeDeserialization.rb:51:17:51:22 | call to params : | UnsafeDeserialization.rb:53:22:53:30 | json_data |
| UnsafeDeserialization.rb:58:17:58:22 | call to params : | UnsafeDeserialization.rb:68:23:68:31 | json_data |
| UnsafeDeserialization.rb:9:39:9:44 | call to params : | UnsafeDeserialization.rb:9:39:9:50 | ...[...] : |
| UnsafeDeserialization.rb:9:39:9:50 | ...[...] : | UnsafeDeserialization.rb:10:27:10:41 | serialized_data |
| UnsafeDeserialization.rb:15:39:15:44 | call to params : | UnsafeDeserialization.rb:15:39:15:50 | ...[...] : |
| UnsafeDeserialization.rb:15:39:15:50 | ...[...] : | UnsafeDeserialization.rb:16:30:16:44 | serialized_data |
| UnsafeDeserialization.rb:21:17:21:22 | call to params : | UnsafeDeserialization.rb:21:17:21:28 | ...[...] : |
| UnsafeDeserialization.rb:21:17:21:28 | ...[...] : | UnsafeDeserialization.rb:22:24:22:32 | json_data |
| UnsafeDeserialization.rb:27:17:27:22 | call to params : | UnsafeDeserialization.rb:27:17:27:28 | ...[...] : |
| UnsafeDeserialization.rb:27:17:27:28 | ...[...] : | UnsafeDeserialization.rb:28:27:28:35 | json_data |
| UnsafeDeserialization.rb:39:17:39:22 | call to params : | UnsafeDeserialization.rb:39:17:39:28 | ...[...] : |
| UnsafeDeserialization.rb:39:17:39:28 | ...[...] : | UnsafeDeserialization.rb:40:24:40:32 | yaml_data |
| UnsafeDeserialization.rb:51:17:51:22 | call to params : | UnsafeDeserialization.rb:51:17:51:28 | ...[...] : |
| UnsafeDeserialization.rb:51:17:51:28 | ...[...] : | UnsafeDeserialization.rb:52:22:52:30 | json_data |
| UnsafeDeserialization.rb:51:17:51:28 | ...[...] : | UnsafeDeserialization.rb:53:22:53:30 | json_data |
| UnsafeDeserialization.rb:58:17:58:22 | call to params : | UnsafeDeserialization.rb:58:17:58:28 | ...[...] : |
| UnsafeDeserialization.rb:58:17:58:28 | ...[...] : | UnsafeDeserialization.rb:68:23:68:31 | json_data |
nodes
| UnsafeDeserialization.rb:9:39:9:44 | call to params : | semmle.label | call to params : |
| UnsafeDeserialization.rb:9:39:9:50 | ...[...] : | semmle.label | ...[...] : |
| UnsafeDeserialization.rb:10:27:10:41 | serialized_data | semmle.label | serialized_data |
| UnsafeDeserialization.rb:15:39:15:44 | call to params : | semmle.label | call to params : |
| UnsafeDeserialization.rb:15:39:15:50 | ...[...] : | semmle.label | ...[...] : |
| UnsafeDeserialization.rb:16:30:16:44 | serialized_data | semmle.label | serialized_data |
| UnsafeDeserialization.rb:21:17:21:22 | call to params : | semmle.label | call to params : |
| UnsafeDeserialization.rb:21:17:21:28 | ...[...] : | semmle.label | ...[...] : |
| UnsafeDeserialization.rb:22:24:22:32 | json_data | semmle.label | json_data |
| UnsafeDeserialization.rb:27:17:27:22 | call to params : | semmle.label | call to params : |
| UnsafeDeserialization.rb:27:17:27:28 | ...[...] : | semmle.label | ...[...] : |
| UnsafeDeserialization.rb:28:27:28:35 | json_data | semmle.label | json_data |
| UnsafeDeserialization.rb:39:17:39:22 | call to params : | semmle.label | call to params : |
| UnsafeDeserialization.rb:39:17:39:28 | ...[...] : | semmle.label | ...[...] : |
| UnsafeDeserialization.rb:40:24:40:32 | yaml_data | semmle.label | yaml_data |
| UnsafeDeserialization.rb:51:17:51:22 | call to params : | semmle.label | call to params : |
| UnsafeDeserialization.rb:51:17:51:28 | ...[...] : | semmle.label | ...[...] : |
| UnsafeDeserialization.rb:52:22:52:30 | json_data | semmle.label | json_data |
| UnsafeDeserialization.rb:53:22:53:30 | json_data | semmle.label | json_data |
| UnsafeDeserialization.rb:58:17:58:22 | call to params : | semmle.label | call to params : |
| UnsafeDeserialization.rb:58:17:58:28 | ...[...] : | semmle.label | ...[...] : |
| UnsafeDeserialization.rb:68:23:68:31 | json_data | semmle.label | json_data |
subpaths
#select

4
ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.expected
View File

@@ -4,7 +4,8 @@ edges
| UrlRedirect.rb:19:17:19:22 | call to params : | UrlRedirect.rb:19:17:19:37 | call to to_unsafe_hash |
| UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:24:17:24:37 | call to filter_params |
| UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:56:21:56:32 | input_params : |
| UrlRedirect.rb:34:20:34:25 | call to params : | UrlRedirect.rb:34:17:34:37 | "#{...}/foo" |
| UrlRedirect.rb:34:20:34:25 | call to params : | UrlRedirect.rb:34:20:34:31 | ...[...] : |
| UrlRedirect.rb:34:20:34:31 | ...[...] : | UrlRedirect.rb:34:17:34:37 | "#{...}/foo" |
| UrlRedirect.rb:56:21:56:32 | input_params : | UrlRedirect.rb:57:5:57:29 | call to permit : |
nodes
| UrlRedirect.rb:4:17:4:22 | call to params | semmle.label | call to params |
@@ -18,6 +19,7 @@ nodes
| UrlRedirect.rb:24:31:24:36 | call to params : | semmle.label | call to params : |
| UrlRedirect.rb:34:17:34:37 | "#{...}/foo" | semmle.label | "#{...}/foo" |
| UrlRedirect.rb:34:20:34:25 | call to params : | semmle.label | call to params : |
| UrlRedirect.rb:34:20:34:31 | ...[...] : | semmle.label | ...[...] : |
| UrlRedirect.rb:56:21:56:32 | input_params : | semmle.label | input_params : |
| UrlRedirect.rb:57:5:57:29 | call to permit : | semmle.label | call to permit : |
subpaths

50
ruby/ql/test/query-tests/security/cwe-611/Xxe.expected
View File

@@ -1,29 +1,32 @@
edges
| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:4:34:4:40 | content |
| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:5:32:5:38 | content |
| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:6:30:6:36 | content |
| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:7:32:7:38 | content |
| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:8:30:8:36 | content |
| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:9:28:9:34 | content |
| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:11:26:11:32 | content |
| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:12:24:12:30 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:5:26:5:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:6:26:6:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:7:26:7:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:8:26:8:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:9:26:9:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:11:26:11:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:12:26:12:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:15:26:15:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:16:26:16:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:18:26:18:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:19:26:19:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:22:26:22:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:25:26:25:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:27:26:27:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:28:26:28:32 | content |
| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:3:15:3:26 | ...[...] : |
| LibXmlRuby.rb:3:15:3:26 | ...[...] : | LibXmlRuby.rb:4:34:4:40 | content |
| LibXmlRuby.rb:3:15:3:26 | ...[...] : | LibXmlRuby.rb:5:32:5:38 | content |
| LibXmlRuby.rb:3:15:3:26 | ...[...] : | LibXmlRuby.rb:6:30:6:36 | content |
| LibXmlRuby.rb:3:15:3:26 | ...[...] : | LibXmlRuby.rb:7:32:7:38 | content |
| LibXmlRuby.rb:3:15:3:26 | ...[...] : | LibXmlRuby.rb:8:30:8:36 | content |
| LibXmlRuby.rb:3:15:3:26 | ...[...] : | LibXmlRuby.rb:9:28:9:34 | content |
| LibXmlRuby.rb:3:15:3:26 | ...[...] : | LibXmlRuby.rb:11:26:11:32 | content |
| LibXmlRuby.rb:3:15:3:26 | ...[...] : | LibXmlRuby.rb:12:24:12:30 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:3:15:3:26 | ...[...] : |
| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:5:26:5:32 | content |
| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:6:26:6:32 | content |
| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:7:26:7:32 | content |
| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:8:26:8:32 | content |
| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:9:26:9:32 | content |
| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:11:26:11:32 | content |
| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:12:26:12:32 | content |
| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:15:26:15:32 | content |
| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:16:26:16:32 | content |
| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:18:26:18:32 | content |
| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:19:26:19:32 | content |
| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:22:26:22:32 | content |
| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:25:26:25:32 | content |
| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:27:26:27:32 | content |
| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:28:26:28:32 | content |
nodes
| LibXmlRuby.rb:3:15:3:20 | call to params : | semmle.label | call to params : |
| LibXmlRuby.rb:3:15:3:26 | ...[...] : | semmle.label | ...[...] : |
| LibXmlRuby.rb:4:34:4:40 | content | semmle.label | content |
| LibXmlRuby.rb:5:32:5:38 | content | semmle.label | content |
| LibXmlRuby.rb:6:30:6:36 | content | semmle.label | content |
@@ -33,6 +36,7 @@ nodes
| LibXmlRuby.rb:11:26:11:32 | content | semmle.label | content |
| LibXmlRuby.rb:12:24:12:30 | content | semmle.label | content |
| Nokogiri.rb:3:15:3:20 | call to params : | semmle.label | call to params : |
| Nokogiri.rb:3:15:3:26 | ...[...] : | semmle.label | ...[...] : |
| Nokogiri.rb:5:26:5:32 | content | semmle.label | content |
| Nokogiri.rb:6:26:6:32 | content | semmle.label | content |
| Nokogiri.rb:7:26:7:32 | content | semmle.label | content |

5
ruby/ql/test/query-tests/security/cwe-807-user-controlled-bypass/ConditionalBypass.expected
View File

@@ -1,12 +1,13 @@
edges
| ConditionalBypass.rb:3:13:3:18 | call to params : | ConditionalBypass.rb:6:8:6:12 | check |
| ConditionalBypass.rb:3:13:3:18 | call to params : | ConditionalBypass.rb:3:13:3:26 | ...[...] : |
| ConditionalBypass.rb:3:13:3:26 | ...[...] : | ConditionalBypass.rb:6:8:6:12 | check |
| ConditionalBypass.rb:14:14:14:19 | call to params : | ConditionalBypass.rb:14:14:14:27 | ...[...] |
| ConditionalBypass.rb:25:10:25:15 | call to params : | ConditionalBypass.rb:25:10:25:22 | ...[...] |
| ConditionalBypass.rb:25:10:25:15 | call to params : | ConditionalBypass.rb:25:10:25:22 | ...[...] : |
| ConditionalBypass.rb:25:10:25:15 | call to params : | ConditionalBypass.rb:27:8:27:8 | p |
| ConditionalBypass.rb:25:10:25:22 | ...[...] : | ConditionalBypass.rb:27:8:27:8 | p |
nodes
| ConditionalBypass.rb:3:13:3:18 | call to params : | semmle.label | call to params : |
| ConditionalBypass.rb:3:13:3:26 | ...[...] : | semmle.label | ...[...] : |
| ConditionalBypass.rb:6:8:6:12 | check | semmle.label | check |
| ConditionalBypass.rb:14:14:14:19 | call to params : | semmle.label | call to params : |
| ConditionalBypass.rb:14:14:14:27 | ...[...] | semmle.label | ...[...] |

4
ruby/ql/test/query-tests/security/cwe-918/ServerSideRequestForgery.expected
View File

@@ -1,7 +1,9 @@
edges
| ServerSideRequestForgery.rb:9:32:9:37 | call to params : | ServerSideRequestForgery.rb:10:31:10:62 | "#{...}/logins" |
| ServerSideRequestForgery.rb:9:32:9:37 | call to params : | ServerSideRequestForgery.rb:9:32:9:60 | ...[...] : |
| ServerSideRequestForgery.rb:9:32:9:60 | ...[...] : | ServerSideRequestForgery.rb:10:31:10:62 | "#{...}/logins" |
nodes
| ServerSideRequestForgery.rb:9:32:9:37 | call to params : | semmle.label | call to params : |
| ServerSideRequestForgery.rb:9:32:9:60 | ...[...] : | semmle.label | ...[...] : |
| ServerSideRequestForgery.rb:10:31:10:62 | "#{...}/logins" | semmle.label | "#{...}/logins" |
subpaths
#select