hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: add Regexp.{compile,quote} to regex injection test

Browse Source
This commit is contained in:
Nick Rolfe
2021-11-23 11:05:41 +00:00
parent 13459c8afc
commit e5f473052d
2 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ruby/ql/test/query-tests/security/cwe-1333-regexp-injection/RegExpInjection.expected
View File

@@ -3,6 +3,7 @@ edges
| RegExpInjection.rb:10:12:10:17 | call to params : | RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ |
| RegExpInjection.rb:16:12:16:17 | call to params : | RegExpInjection.rb:17:24:17:27 | name |
| RegExpInjection.rb:22:12:22:17 | call to params : | RegExpInjection.rb:23:24:23:33 | ... + ... |
| RegExpInjection.rb:54:12:54:17 | call to params : | RegExpInjection.rb:55:28:55:37 | ... + ... |
nodes
| RegExpInjection.rb:4:12:4:17 | call to params : | semmle.label | call to params : |
| RegExpInjection.rb:5:13:5:21 | /#{...}/ | semmle.label | /#{...}/ |
@@ -12,9 +13,12 @@ nodes
| RegExpInjection.rb:17:24:17:27 | name | semmle.label | name |
| RegExpInjection.rb:22:12:22:17 | call to params : | semmle.label | call to params : |
| RegExpInjection.rb:23:24:23:33 | ... + ... | semmle.label | ... + ... |
| RegExpInjection.rb:54:12:54:17 | call to params : | semmle.label | call to params : |
| RegExpInjection.rb:55:28:55:37 | ... + ... | semmle.label | ... + ... |
subpaths
#select
| RegExpInjection.rb:5:13:5:21 | /#{...}/ | RegExpInjection.rb:4:12:4:17 | call to params : | RegExpInjection.rb:5:13:5:21 | /#{...}/ | This regular expression is constructed from a $@. | RegExpInjection.rb:4:12:4:17 | call to params | user-provided value |
| RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ | RegExpInjection.rb:10:12:10:17 | call to params : | RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ | This regular expression is constructed from a $@. | RegExpInjection.rb:10:12:10:17 | call to params | user-provided value |
| RegExpInjection.rb:17:24:17:27 | name | RegExpInjection.rb:16:12:16:17 | call to params : | RegExpInjection.rb:17:24:17:27 | name | This regular expression is constructed from a $@. | RegExpInjection.rb:16:12:16:17 | call to params | user-provided value |
| RegExpInjection.rb:23:24:23:33 | ... + ... | RegExpInjection.rb:22:12:22:17 | call to params : | RegExpInjection.rb:23:24:23:33 | ... + ... | This regular expression is constructed from a $@. | RegExpInjection.rb:22:12:22:17 | call to params | user-provided value |
| RegExpInjection.rb:55:28:55:37 | ... + ... | RegExpInjection.rb:54:12:54:17 | call to params : | RegExpInjection.rb:55:28:55:37 | ... + ... | This regular expression is constructed from a $@. | RegExpInjection.rb:54:12:54:17 | call to params | user-provided value |

12
ruby/ql/test/query-tests/security/cwe-1333-regexp-injection/RegExpInjection.rb
View File

@@ -42,4 +42,16 @@ class FooController < ActionController::Base
name = params[:name]
regex = Regexp.new(Regexp.escape(name))
end
# GOOD - string is explicitly escaped
def route7
name = params[:name]
regex = Regexp.new(Regexp.quote(name))
end
# BAD
def route8
name = params[:name]
regex = Regexp.compile("@" + name)
end
end