hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/main' into nickrolfe/oj

Browse Source
This commit is contained in:
Nick Rolfe
2021-10-07 16:40:36 +01:00
parent 175958b9be 2a32b59840
commit eafe22ef93
103 changed files with 8243 additions and 5744 deletions
Download Patch File Download Diff File Expand all files Collapse all files

558
ql/test/library-tests/ast/ValueText.expected Normal file
View File

@@ -0,0 +1,558 @@
| calls/calls.rb:11:1:11:3 | 123 | 123 |
| calls/calls.rb:14:5:14:5 | 0 | 0 |
| calls/calls.rb:14:8:14:8 | 1 | 1 |
| calls/calls.rb:14:11:14:11 | 2 | 2 |
| calls/calls.rb:17:15:17:15 | 1 | 1 |
| calls/calls.rb:21:7:21:7 | 1 | 1 |
| calls/calls.rb:25:1:25:3 | 123 | 123 |
| calls/calls.rb:25:9:25:13 | "foo" | foo |
| calls/calls.rb:26:7:26:7 | 1 | 1 |
| calls/calls.rb:36:9:36:11 | 100 | 100 |
| calls/calls.rb:36:14:36:16 | 200 | 200 |
| calls/calls.rb:278:5:278:8 | :blah | blah |
| calls/calls.rb:279:5:279:8 | :blah | blah |
| calls/calls.rb:288:11:288:16 | "blah" | blah |
| calls/calls.rb:289:11:289:11 | 1 | 1 |
| calls/calls.rb:289:14:289:14 | 2 | 2 |
| calls/calls.rb:289:17:289:17 | 3 | 3 |
| calls/calls.rb:290:21:290:21 | 1 | 1 |
| calls/calls.rb:291:22:291:22 | 2 | 2 |
| calls/calls.rb:292:11:292:11 | 4 | 4 |
| calls/calls.rb:292:14:292:14 | 5 | 5 |
| calls/calls.rb:292:26:292:28 | 100 | 100 |
| calls/calls.rb:293:11:293:11 | 6 | 6 |
| calls/calls.rb:293:14:293:14 | 7 | 7 |
| calls/calls.rb:293:27:293:29 | 200 | 200 |
| calls/calls.rb:311:6:311:6 | 1 | 1 |
| calls/calls.rb:314:1:314:8 | __synth__0 | 10 |
| calls/calls.rb:314:12:314:13 | 10 | 10 |
| calls/calls.rb:315:1:315:6 | __synth__0 | 10 |
| calls/calls.rb:315:5:315:5 | 0 | 0 |
| calls/calls.rb:315:10:315:11 | 10 | 10 |
| calls/calls.rb:316:1:316:8 | 0 | 0 |
| calls/calls.rb:316:12:316:19 | 1 | 1 |
| calls/calls.rb:316:12:316:19 | -2 | -2 |
| calls/calls.rb:316:22:316:27 | -1 | -1 |
| calls/calls.rb:316:26:316:26 | 4 | 4 |
| calls/calls.rb:316:32:316:32 | 1 | 1 |
| calls/calls.rb:316:35:316:35 | 2 | 2 |
| calls/calls.rb:316:38:316:38 | 3 | 3 |
| calls/calls.rb:316:41:316:41 | 4 | 4 |
| calls/calls.rb:317:1:317:1 | 0 | 0 |
| calls/calls.rb:317:5:317:10 | 1 | 1 |
| calls/calls.rb:317:5:317:10 | -1 | -1 |
| calls/calls.rb:317:9:317:9 | 5 | 5 |
| calls/calls.rb:317:15:317:15 | 1 | 1 |
| calls/calls.rb:317:18:317:18 | 2 | 2 |
| calls/calls.rb:317:21:317:21 | 3 | 3 |
| calls/calls.rb:318:15:318:15 | 1 | 1 |
| calls/calls.rb:319:5:319:5 | 0 | 0 |
| calls/calls.rb:319:5:319:5 | __synth__1 | 0 |
| calls/calls.rb:319:5:319:5 | __synth__1 | 0 |
| calls/calls.rb:319:11:319:11 | 1 | 1 |
| calls/calls.rb:320:9:320:9 | 0 | 0 |
| calls/calls.rb:320:9:320:9 | __synth__1 | 0 |
| calls/calls.rb:320:9:320:9 | __synth__1 | 0 |
| calls/calls.rb:320:31:320:31 | 1 | 1 |
| calls/calls.rb:320:37:320:37 | 2 | 2 |
| constants/constants.rb:3:19:3:27 | "const_a" | const_a |
| constants/constants.rb:6:15:6:23 | "const_b" | const_b |
| constants/constants.rb:17:12:17:18 | "Hello" | Hello |
| constants/constants.rb:17:22:17:45 | CONST_A | const_a |
| constants/constants.rb:17:49:17:64 | CONST_B | const_b |
| constants/constants.rb:20:14:20:19 | "Vera" | Vera |
| constants/constants.rb:20:22:20:28 | "Chuck" | Chuck |
| constants/constants.rb:20:31:20:36 | "Dave" | Dave |
| constants/constants.rb:28:11:28:15 | "foo" | foo |
| constants/constants.rb:37:30:37:33 | 1024 | 1024 |
| constants/constants.rb:39:6:39:31 | MAX_SIZE | 1024 |
| control/cases.rb:2:5:2:5 | 0 | 0 |
| control/cases.rb:3:5:3:5 | 0 | 0 |
| control/cases.rb:4:5:4:5 | 0 | 0 |
| control/cases.rb:5:5:5:5 | 0 | 0 |
| control/cases.rb:8:6:8:6 | a | 0 |
| control/cases.rb:9:6:9:6 | b | 0 |
| control/cases.rb:10:5:10:7 | 100 | 100 |
| control/cases.rb:11:6:11:6 | c | 0 |
| control/cases.rb:11:9:11:9 | d | 0 |
| control/cases.rb:12:5:12:7 | 200 | 200 |
| control/cases.rb:14:5:14:7 | 300 | 300 |
| control/cases.rb:19:6:19:6 | a | 0 |
| control/cases.rb:19:10:19:10 | b | 0 |
| control/cases.rb:19:18:19:19 | 10 | 10 |
| control/cases.rb:20:6:20:6 | a | 0 |
| control/cases.rb:20:11:20:11 | b | 0 |
| control/cases.rb:20:18:20:19 | 20 | 20 |
| control/cases.rb:21:6:21:6 | a | 0 |
| control/cases.rb:21:10:21:10 | b | 0 |
| control/cases.rb:21:18:21:19 | 30 | 30 |
| control/conditionals.rb:2:5:2:5 | 0 | 0 |
| control/conditionals.rb:3:5:3:5 | 0 | 0 |
| control/conditionals.rb:4:5:4:5 | 0 | 0 |
| control/conditionals.rb:5:5:5:5 | 0 | 0 |
| control/conditionals.rb:6:5:6:5 | 0 | 0 |
| control/conditionals.rb:7:5:7:5 | 0 | 0 |
| control/conditionals.rb:10:4:10:4 | a | 0 |
| control/conditionals.rb:10:8:10:8 | b | 0 |
| control/conditionals.rb:11:5:11:5 | c | 0 |
| control/conditionals.rb:15:4:15:4 | a | 0 |
| control/conditionals.rb:15:9:15:9 | b | 0 |
| control/conditionals.rb:16:5:16:5 | c | 0 |
| control/conditionals.rb:18:5:18:5 | d | 0 |
| control/conditionals.rb:22:4:22:4 | a | 0 |
| control/conditionals.rb:22:9:22:9 | 0 | 0 |
| control/conditionals.rb:23:5:23:5 | c | 0 |
| control/conditionals.rb:24:7:24:7 | a | 0 |
| control/conditionals.rb:24:12:24:12 | 1 | 1 |
| control/conditionals.rb:25:5:25:5 | d | 0 |
| control/conditionals.rb:26:7:26:7 | a | 0 |
| control/conditionals.rb:26:12:26:12 | 2 | 2 |
| control/conditionals.rb:27:5:27:5 | e | 0 |
| control/conditionals.rb:29:5:29:5 | f | 0 |
| control/conditionals.rb:33:4:33:4 | a | 0 |
| control/conditionals.rb:33:9:33:9 | 0 | 0 |
| control/conditionals.rb:34:5:34:5 | b | 0 |
| control/conditionals.rb:35:7:35:7 | a | 0 |
| control/conditionals.rb:35:12:35:12 | 1 | 1 |
| control/conditionals.rb:36:5:36:5 | c | 0 |
| control/conditionals.rb:40:8:40:8 | a | 0 |
| control/conditionals.rb:40:12:40:12 | b | 0 |
| control/conditionals.rb:41:5:41:5 | c | 0 |
| control/conditionals.rb:45:8:45:8 | a | 0 |
| control/conditionals.rb:45:13:45:13 | b | 0 |
| control/conditionals.rb:46:5:46:5 | c | 0 |
| control/conditionals.rb:48:5:48:5 | d | 0 |
| control/conditionals.rb:52:5:52:5 | b | 0 |
| control/conditionals.rb:52:10:52:10 | c | 0 |
| control/conditionals.rb:52:14:52:14 | d | 0 |
| control/conditionals.rb:55:5:55:5 | b | 0 |
| control/conditionals.rb:55:14:55:14 | c | 0 |
| control/conditionals.rb:55:18:55:18 | d | 0 |
| control/conditionals.rb:58:5:58:5 | b | 0 |
| control/conditionals.rb:58:9:58:9 | c | 0 |
| control/conditionals.rb:58:13:58:13 | d | 0 |
| control/conditionals.rb:58:13:58:17 | ... + ... | 1 |
| control/conditionals.rb:58:17:58:17 | 1 | 1 |
| control/conditionals.rb:58:21:58:21 | e | 0 |
| control/conditionals.rb:58:21:58:25 | ... - ... | -2 |
| control/conditionals.rb:58:25:58:25 | 2 | 2 |
| control/conditionals.rb:61:8:61:8 | b | 0 |
| control/conditionals.rb:62:5:62:5 | c | 0 |
| control/conditionals.rb:67:8:67:8 | b | 0 |
| control/conditionals.rb:69:5:69:5 | c | 0 |
| control/loops.rb:2:7:2:7 | 0 | 0 |
| control/loops.rb:3:7:3:7 | 0 | 0 |
| control/loops.rb:4:5:4:5 | 0 | 0 |
| control/loops.rb:5:5:5:5 | 0 | 0 |
| control/loops.rb:6:5:6:5 | 0 | 0 |
| control/loops.rb:9:10:9:10 | 1 | 1 |
| control/loops.rb:9:13:9:14 | 10 | 10 |
| control/loops.rb:16:10:16:10 | 1 | 1 |
| control/loops.rb:16:13:16:14 | 10 | 10 |
| control/loops.rb:22:20:22:22 | :foo | foo |
| control/loops.rb:22:25:22:25 | 0 | 0 |
| control/loops.rb:22:28:22:30 | :bar | bar |
| control/loops.rb:22:33:22:33 | 1 | 1 |
| control/loops.rb:28:22:28:24 | :foo | foo |
| control/loops.rb:28:27:28:27 | 0 | 0 |
| control/loops.rb:28:30:28:32 | :bar | bar |
| control/loops.rb:28:35:28:35 | 1 | 1 |
| control/loops.rb:35:11:35:11 | y | 0 |
| control/loops.rb:36:8:36:8 | 1 | 1 |
| control/loops.rb:37:8:37:8 | 1 | 1 |
| control/loops.rb:42:11:42:11 | y | 0 |
| control/loops.rb:43:8:43:8 | 1 | 1 |
| control/loops.rb:44:8:44:8 | 2 | 2 |
| control/loops.rb:48:6:48:6 | 1 | 1 |
| control/loops.rb:48:14:48:14 | y | 0 |
| control/loops.rb:51:12:51:12 | y | 0 |
| control/loops.rb:52:8:52:8 | 1 | 1 |
| control/loops.rb:53:8:53:8 | 1 | 1 |
| control/loops.rb:57:11:57:11 | y | 0 |
| control/loops.rb:58:8:58:8 | 1 | 1 |
| control/loops.rb:59:8:59:8 | 4 | 4 |
| control/loops.rb:63:6:63:6 | 1 | 1 |
| control/loops.rb:63:19:63:19 | 0 | 0 |
| control/loops.rb:66:11:66:11 | y | 0 |
| erb/template.html.erb:19:5:19:17 | "hello world" | hello world |
| erb/template.html.erb:25:9:25:10 | "" | |
| erb/template.html.erb:27:16:27:20 | "foo" | foo |
| erb/template.html.erb:27:23:27:27 | "bar" | bar |
| erb/template.html.erb:27:30:27:34 | "baz" | baz |
| gems/Gemfile:1:8:1:29 | "https://rubygems.org" | https://rubygems.org |
| gems/Gemfile:3:5:3:13 | "foo_gem" | foo_gem |
| gems/Gemfile:3:16:3:23 | "~> 2.0" | ~> 2.0 |
| gems/Gemfile:5:8:5:33 | "https://gems.example.com" | https://gems.example.com |
| gems/Gemfile:6:7:6:14 | "my_gem" | my_gem |
| gems/Gemfile:6:17:6:21 | "1.0" | 1.0 |
| gems/Gemfile:7:7:7:19 | "another_gem" | another_gem |
| gems/Gemfile:7:22:7:28 | "3.1.4" | 3.1.4 |
| gems/lib/test.rb:3:10:3:16 | "Hello" | Hello |
| gems/test.gemspec:2:3:2:8 | __synth__0 | test |
| gems/test.gemspec:2:19:2:24 | "test" | test |
| gems/test.gemspec:3:3:3:11 | __synth__0 | 0.0.0 |
| gems/test.gemspec:3:19:3:25 | "0.0.0" | 0.0.0 |
| gems/test.gemspec:4:3:4:11 | __synth__0 | foo! |
| gems/test.gemspec:4:19:4:24 | "foo!" | foo! |
| gems/test.gemspec:5:3:5:15 | __synth__0 | A test |
| gems/test.gemspec:5:19:5:26 | "A test" | A test |
| gems/test.gemspec:6:20:6:30 | "Mona Lisa" | Mona Lisa |
| gems/test.gemspec:7:3:7:9 | __synth__0 | mona@example.com |
| gems/test.gemspec:7:19:7:36 | "mona@example.com" | mona@example.com |
| gems/test.gemspec:8:20:8:32 | "lib/test.rb" | lib/test.rb |
| gems/test.gemspec:9:3:9:12 | __synth__0 | https://github.com/github/codeql-ruby |
| gems/test.gemspec:9:19:9:57 | "https://github.com/github/cod..." | https://github.com/github/codeql-ruby |
| literals/literals.rb:2:1:2:3 | nil | nil |
| literals/literals.rb:3:1:3:3 | NIL | NIL |
| literals/literals.rb:4:1:4:5 | false | false |
| literals/literals.rb:5:1:5:5 | FALSE | FALSE |
| literals/literals.rb:6:1:6:4 | true | true |
| literals/literals.rb:7:1:7:4 | TRUE | TRUE |
| literals/literals.rb:10:1:10:4 | 1234 | 1234 |
| literals/literals.rb:11:1:11:5 | 5_678 | 5_678 |
| literals/literals.rb:12:1:12:1 | 0 | 0 |
| literals/literals.rb:13:1:13:5 | 0d900 | 0d900 |
| literals/literals.rb:16:1:16:6 | 0x1234 | 0x1234 |
| literals/literals.rb:17:1:17:10 | 0xdeadbeef | 0xdeadbeef |
| literals/literals.rb:18:1:18:11 | 0xF00D_face | 0xF00D_face |
| literals/literals.rb:21:1:21:4 | 0123 | 0123 |
| literals/literals.rb:22:1:22:5 | 0o234 | 0o234 |
| literals/literals.rb:23:1:23:6 | 0O45_6 | 0O45_6 |
| literals/literals.rb:26:1:26:10 | 0b10010100 | 0b10010100 |
| literals/literals.rb:27:1:27:11 | 0B011_01101 | 0B011_01101 |
| literals/literals.rb:30:1:30:5 | 12.34 | 12.34 |
| literals/literals.rb:31:1:31:7 | 1234e-2 | 1234e-2 |
| literals/literals.rb:32:1:32:7 | 1.234E1 | 1.234E1 |
| literals/literals.rb:35:1:35:3 | 23r | 23r |
| literals/literals.rb:36:1:36:5 | 9.85r | 9.85r |
| literals/literals.rb:39:1:39:2 | 2i | 2i |
| literals/literals.rb:46:1:46:2 | "" | |
| literals/literals.rb:47:1:47:2 | "" | |
| literals/literals.rb:48:1:48:7 | "hello" | hello |
| literals/literals.rb:49:1:49:9 | "goodbye" | goodbye |
| literals/literals.rb:50:1:50:30 | "string with escaped \\" quote" | string with escaped \\" quote |
| literals/literals.rb:51:1:51:21 | "string with " quote" | string with " quote |
| literals/literals.rb:52:1:52:14 | "foo bar baz" | foo bar baz |
| literals/literals.rb:53:1:53:15 | "foo bar baz" | foo bar baz |
| literals/literals.rb:54:1:54:20 | "foo ' bar " baz'" | foo ' bar " baz' |
| literals/literals.rb:55:1:55:20 | "FOO ' BAR " BAZ'" | FOO ' BAR " BAZ' |
| literals/literals.rb:56:1:56:12 | "foo\\ bar" | foo\\ bar |
| literals/literals.rb:57:1:57:12 | "foo\\ bar" | foo\\ bar |
| literals/literals.rb:58:13:58:13 | 2 | 2 |
| literals/literals.rb:58:13:58:17 | ... + ... | 4 |
| literals/literals.rb:58:17:58:17 | 2 | 2 |
| literals/literals.rb:59:15:59:15 | 3 | 3 |
| literals/literals.rb:59:15:59:19 | ... + ... | 7 |
| literals/literals.rb:59:19:59:19 | 4 | 4 |
| literals/literals.rb:60:1:60:20 | "2 + 2 = #{ 2 + 2 }" | 2 + 2 = #{ 2 + 2 } |
| literals/literals.rb:61:1:61:22 | "3 + 4 = #{ 3 + 4 }" | 3 + 4 = #{ 3 + 4 } |
| literals/literals.rb:62:1:62:5 | "foo" | foo |
| literals/literals.rb:62:7:62:11 | "bar" | bar |
| literals/literals.rb:62:13:62:17 | "baz" | baz |
| literals/literals.rb:63:1:63:7 | "foo" | foo |
| literals/literals.rb:63:9:63:13 | "bar" | bar |
| literals/literals.rb:63:15:63:19 | "baz" | baz |
| literals/literals.rb:64:1:64:5 | "foo" | foo |
| literals/literals.rb:64:14:64:14 | 1 | 1 |
| literals/literals.rb:64:14:64:18 | ... * ... | 1 |
| literals/literals.rb:64:18:64:18 | 1 | 1 |
| literals/literals.rb:64:23:64:27 | "baz" | baz |
| literals/literals.rb:65:17:65:17 | 2 | 2 |
| literals/literals.rb:65:17:65:21 | ... + ... | 5 |
| literals/literals.rb:65:21:65:21 | 3 | 3 |
| literals/literals.rb:66:17:66:17 | 1 | 1 |
| literals/literals.rb:66:17:66:19 | ... + ... | 10 |
| literals/literals.rb:66:19:66:19 | 9 | 9 |
| literals/literals.rb:69:1:69:2 | ?x | ?x |
| literals/literals.rb:70:1:70:3 | ?\\n | ?\\n |
| literals/literals.rb:71:1:71:3 | ?\\s | ?\\s |
| literals/literals.rb:72:1:72:3 | ?\\\\ | ?\\\\ |
| literals/literals.rb:73:1:73:7 | ?\\u{58} | ?\\u{58} |
| literals/literals.rb:74:1:74:5 | ?\\C-a | ?\\C-a |
| literals/literals.rb:75:1:75:5 | ?\\M-a | ?\\M-a |
| literals/literals.rb:76:1:76:8 | ?\\M-\\C-a | ?\\M-\\C-a |
| literals/literals.rb:77:1:77:8 | ?\\C-\\M-a | ?\\C-\\M-a |
| literals/literals.rb:80:1:80:3 | :"" | |
| literals/literals.rb:81:1:81:6 | :hello | hello |
| literals/literals.rb:82:1:82:10 | :"foo bar" | foo bar |
| literals/literals.rb:83:1:83:10 | :"bar baz" | bar baz |
| literals/literals.rb:84:3:84:5 | :foo | foo |
| literals/literals.rb:84:8:84:12 | "bar" | bar |
| literals/literals.rb:85:1:85:10 | :"wibble" | wibble |
| literals/literals.rb:86:1:86:17 | :"wibble wobble" | wibble wobble |
| literals/literals.rb:87:10:87:10 | 2 | 2 |
| literals/literals.rb:87:10:87:14 | ... + ... | 4 |
| literals/literals.rb:87:14:87:14 | 2 | 2 |
| literals/literals.rb:88:1:88:17 | :"foo_#{ 1 + 1 }" | foo_#{ 1 + 1 } |
| literals/literals.rb:89:1:89:18 | :"foo_#{ 3 - 2 }" | foo_#{ 3 - 2 } |
| literals/literals.rb:93:2:93:2 | 1 | 1 |
| literals/literals.rb:93:5:93:5 | 2 | 2 |
| literals/literals.rb:93:8:93:8 | 3 | 3 |
| literals/literals.rb:94:2:94:2 | 4 | 4 |
| literals/literals.rb:94:5:94:5 | 5 | 5 |
| literals/literals.rb:94:8:94:9 | 12 | 12 |
| literals/literals.rb:94:8:94:13 | ... / ... | 6 |
| literals/literals.rb:94:13:94:13 | 2 | 2 |
| literals/literals.rb:95:2:95:2 | 7 | 7 |
| literals/literals.rb:95:6:95:6 | 8 | 8 |
| literals/literals.rb:95:9:95:9 | 9 | 9 |
| literals/literals.rb:99:4:99:6 | "foo" | foo |
| literals/literals.rb:99:8:99:10 | "bar" | bar |
| literals/literals.rb:99:12:99:14 | "baz" | baz |
| literals/literals.rb:100:4:100:6 | "foo" | foo |
| literals/literals.rb:100:8:100:10 | "bar" | bar |
| literals/literals.rb:100:12:100:14 | "baz" | baz |
| literals/literals.rb:101:4:101:6 | "foo" | foo |
| literals/literals.rb:101:13:101:13 | 1 | 1 |
| literals/literals.rb:101:13:101:15 | ... + ... | 2 |
| literals/literals.rb:101:15:101:15 | 1 | 1 |
| literals/literals.rb:101:18:101:20 | "baz" | baz |
| literals/literals.rb:102:4:102:6 | "foo" | foo |
| literals/literals.rb:102:8:102:16 | "bar#{1+1}" | bar#{1+1} |
| literals/literals.rb:102:18:102:20 | "baz" | baz |
| literals/literals.rb:106:4:106:6 | :"foo" | foo |
| literals/literals.rb:106:8:106:10 | :"bar" | bar |
| literals/literals.rb:106:12:106:14 | :"baz" | baz |
| literals/literals.rb:107:4:107:6 | :"foo" | foo |
| literals/literals.rb:107:8:107:10 | :"bar" | bar |
| literals/literals.rb:107:12:107:14 | :"baz" | baz |
| literals/literals.rb:108:4:108:6 | :"foo" | foo |
| literals/literals.rb:108:14:108:14 | 2 | 2 |
| literals/literals.rb:108:14:108:18 | ... + ... | 6 |
| literals/literals.rb:108:18:108:18 | 4 | 4 |
| literals/literals.rb:108:22:108:24 | :"baz" | baz |
| literals/literals.rb:109:4:109:6 | :"foo" | foo |
| literals/literals.rb:109:8:109:12 | :"bar#{" | bar#{ |
| literals/literals.rb:109:14:109:14 | :"2" | 2 |
| literals/literals.rb:109:16:109:16 | :"+" | + |
| literals/literals.rb:109:18:109:18 | :"4" | 4 |
| literals/literals.rb:109:20:109:20 | :"}" | } |
| literals/literals.rb:109:22:109:24 | :"baz" | baz |
| literals/literals.rb:113:3:113:5 | :foo | foo |
| literals/literals.rb:113:8:113:8 | 1 | 1 |
| literals/literals.rb:113:11:113:14 | :bar | bar |
| literals/literals.rb:113:19:113:19 | 2 | 2 |
| literals/literals.rb:113:22:113:26 | "baz" | baz |
| literals/literals.rb:113:31:113:31 | 3 | 3 |
| literals/literals.rb:114:3:114:5 | :foo | foo |
| literals/literals.rb:114:8:114:8 | 7 | 7 |
| literals/literals.rb:117:2:117:2 | 1 | 1 |
| literals/literals.rb:117:5:117:6 | 10 | 10 |
| literals/literals.rb:118:2:118:2 | 1 | 1 |
| literals/literals.rb:118:6:118:7 | 10 | 10 |
| literals/literals.rb:119:2:119:2 | 1 | 1 |
| literals/literals.rb:119:7:119:7 | 0 | 0 |
| literals/literals.rb:120:9:120:9 | 2 | 2 |
| literals/literals.rb:120:9:120:11 | ... + ... | 5 |
| literals/literals.rb:120:11:120:11 | 3 | 3 |
| literals/literals.rb:121:2:121:2 | 1 | 1 |
| literals/literals.rb:122:4:122:4 | 1 | 1 |
| literals/literals.rb:123:2:123:2 | 0 | 0 |
| literals/literals.rb:123:6:123:6 | 1 | 1 |
| literals/literals.rb:126:1:126:7 | `ls -l` | ls -l |
| literals/literals.rb:127:1:127:9 | `ls -l` | ls -l |
| literals/literals.rb:128:11:128:11 | 1 | 1 |
| literals/literals.rb:128:11:128:15 | ... + ... | 2 |
| literals/literals.rb:128:15:128:15 | 1 | 1 |
| literals/literals.rb:129:13:129:13 | 5 | 5 |
| literals/literals.rb:129:13:129:17 | ... - ... | 1 |
| literals/literals.rb:129:17:129:17 | 4 | 4 |
| literals/literals.rb:132:1:132:2 | // | |
| literals/literals.rb:133:1:133:5 | /foo/ | foo |
| literals/literals.rb:134:1:134:6 | /foo/ | foo |
| literals/literals.rb:135:1:135:13 | /foo+\\sbar\\S/ | foo+\\sbar\\S |
| literals/literals.rb:136:8:136:8 | 1 | 1 |
| literals/literals.rb:136:8:136:12 | ... + ... | 2 |
| literals/literals.rb:136:12:136:12 | 1 | 1 |
| literals/literals.rb:137:1:137:8 | /foo/ | foo |
| literals/literals.rb:138:1:138:4 | // | |
| literals/literals.rb:139:1:139:7 | /foo/ | foo |
| literals/literals.rb:140:1:140:8 | /foo/ | foo |
| literals/literals.rb:141:1:141:15 | /foo+\\sbar\\S/ | foo+\\sbar\\S |
| literals/literals.rb:142:10:142:10 | 1 | 1 |
| literals/literals.rb:142:10:142:14 | ... + ... | 2 |
| literals/literals.rb:142:14:142:14 | 1 | 1 |
| literals/literals.rb:143:1:143:10 | /foo/ | foo |
| literals/literals.rb:146:1:146:34 | "abcdefghijklmnopqrstuvwxyzabcdef" | abcdefghijklmnopqrstuvwxyzabcdef |
| literals/literals.rb:147:1:147:35 | "foobarfoobarfoobarfoobarfooba..." | foobarfoobarfoobarfoobarfoobarfoo |
| literals/literals.rb:148:1:148:40 | "foobar\\\\foobar\\\\foobar\\\\fooba..." | foobar\\\\foobar\\\\foobar\\\\foobar\\\\foobar |
| literals/literals.rb:151:9:151:13 | <<SQL | \nselect * from table\n |
| literals/literals.rb:158:11:158:16 | <<-BLA | \nsome text\\nand some more\n |
| literals/literals.rb:163:9:163:19 | <<~SQUIGGLY | \n indented stuff\n |
| literals/literals.rb:176:10:176:19 | <<`SCRIPT` | \n cat file.txt\n |
| misc/misc.erb:2:15:2:37 | "main_include_admin.js" | main_include_admin.js |
| misc/misc.rb:1:7:1:11 | "bar" | bar |
| misc/misc.rb:3:7:3:9 | foo | foo |
| misc/misc.rb:3:12:3:15 | :foo | foo |
| misc/misc.rb:3:18:3:21 | foo= | foo= |
| misc/misc.rb:3:24:3:25 | [] | [] |
| misc/misc.rb:3:28:3:30 | []= | []= |
| misc/misc.rb:4:15:4:17 | bar | bar |
| misc/misc.rb:5:7:5:9 | nil | nil |
| misc/misc.rb:5:12:5:15 | true | true |
| misc/misc.rb:5:18:5:22 | false | false |
| misc/misc.rb:5:25:5:29 | super | super |
| misc/misc.rb:5:32:5:35 | self | self |
| misc/misc.rb:7:7:7:9 | new | new |
| misc/misc.rb:7:11:7:14 | :old | old |
| misc/misc.rb:8:7:8:10 | foo= | foo= |
| misc/misc.rb:8:12:8:14 | []= | []= |
| misc/misc.rb:9:7:9:11 | super | super |
| misc/misc.rb:9:13:9:16 | self | self |
| misc/misc.rb:10:13:10:15 | bar | bar |
| misc/misc.rb:10:19:10:24 | :"foo" | foo |
| modules/classes.rb:11:28:11:31 | :baz | baz |
| modules/classes.rb:22:10:22:12 | "a" | a |
| modules/classes.rb:26:10:26:12 | "b" | b |
| modules/classes.rb:30:17:30:19 | 123 | 123 |
| modules/classes.rb:40:5:40:11 | "hello" | hello |
| modules/classes.rb:41:10:41:10 | x | hello |
| modules/classes.rb:43:5:43:7 | 100 | 100 |
| modules/classes.rb:47:10:47:17 | "wibble" | wibble |
| modules/classes.rb:51:18:51:20 | 456 | 456 |
| modules/modules.rb:12:10:12:26 | "module Foo::Bar" | module Foo::Bar |
| modules/modules.rb:13:19:13:19 | 0 | 0 |
| modules/modules.rb:22:8:22:19 | "module Foo" | module Foo |
| modules/modules.rb:23:17:23:17 | 1 | 1 |
| modules/modules.rb:33:8:33:25 | "module Foo again" | module Foo again |
| modules/modules.rb:34:17:34:17 | 2 | 2 |
| modules/modules.rb:44:8:44:19 | "module Bar" | module Bar |
| modules/modules.rb:45:17:45:17 | 3 | 3 |
| modules/modules.rb:55:8:55:30 | "module Foo::Bar again" | module Foo::Bar again |
| modules/modules.rb:56:17:56:17 | 4 | 4 |
| modules/toplevel.rb:1:6:1:12 | "world" | world |
| modules/toplevel.rb:3:12:3:16 | "!!!" | !!! |
| modules/toplevel.rb:5:14:5:20 | "hello" | hello |
| operations/operations.rb:3:5:3:5 | 0 | 0 |
| operations/operations.rb:4:5:4:5 | 0 | 0 |
| operations/operations.rb:5:7:5:7 | 0 | 0 |
| operations/operations.rb:6:8:6:8 | 0 | 0 |
| operations/operations.rb:7:7:7:7 | 0 | 0 |
| operations/operations.rb:8:7:8:7 | 0 | 0 |
| operations/operations.rb:9:10:9:10 | 0 | 0 |
| operations/operations.rb:10:5:10:5 | 0 | 0 |
| operations/operations.rb:11:8:11:8 | 0 | 0 |
| operations/operations.rb:12:5:12:5 | 0 | 0 |
| operations/operations.rb:13:8:13:8 | 0 | 0 |
| operations/operations.rb:14:7:14:7 | 0 | 0 |
| operations/operations.rb:15:9:15:9 | 0 | 0 |
| operations/operations.rb:16:7:16:7 | 0 | 0 |
| operations/operations.rb:17:5:17:5 | 0 | 0 |
| operations/operations.rb:18:5:18:5 | 0 | 0 |
| operations/operations.rb:19:5:19:5 | 0 | 0 |
| operations/operations.rb:20:5:20:5 | 0 | 0 |
| operations/operations.rb:23:2:23:2 | a | 0 |
| operations/operations.rb:24:5:24:5 | b | 0 |
| operations/operations.rb:25:2:25:3 | 14 | 14 |
| operations/operations.rb:26:2:26:2 | 7 | 7 |
| operations/operations.rb:27:2:27:2 | x | 0 |
| operations/operations.rb:28:10:28:12 | foo | 0 |
| operations/operations.rb:29:17:29:17 | 1 | 1 |
| operations/operations.rb:29:22:29:22 | 2 | 2 |
| operations/operations.rb:29:26:29:26 | :a | a |
| operations/operations.rb:29:28:29:28 | 3 | 3 |
| operations/operations.rb:29:34:29:34 | :b | b |
| operations/operations.rb:29:36:29:36 | 4 | 4 |
| operations/operations.rb:29:39:29:39 | :c | c |
| operations/operations.rb:29:41:29:41 | 5 | 5 |
| operations/operations.rb:32:1:32:1 | w | 0 |
| operations/operations.rb:32:1:32:7 | ... + ... | 234 |
| operations/operations.rb:32:5:32:7 | 234 | 234 |
| operations/operations.rb:33:1:33:1 | x | 0 |
| operations/operations.rb:33:1:33:6 | ... - ... | -17 |
| operations/operations.rb:33:5:33:6 | 17 | 17 |
| operations/operations.rb:34:1:34:1 | y | 0 |
| operations/operations.rb:34:1:34:6 | ... * ... | 0 |
| operations/operations.rb:34:5:34:6 | 10 | 10 |
| operations/operations.rb:35:1:35:1 | z | 0 |
| operations/operations.rb:35:1:35:5 | ... / ... | 0 |
| operations/operations.rb:35:5:35:5 | 2 | 2 |
| operations/operations.rb:36:1:36:3 | num | 0 |
| operations/operations.rb:36:7:36:7 | 2 | 2 |
| operations/operations.rb:37:1:37:4 | base | 0 |
| operations/operations.rb:37:9:37:13 | power | 0 |
| operations/operations.rb:40:1:40:3 | foo | 0 |
| operations/operations.rb:40:8:40:10 | bar | 0 |
| operations/operations.rb:41:1:41:3 | baz | 0 |
| operations/operations.rb:41:9:41:11 | qux | 0 |
| operations/operations.rb:42:1:42:1 | a | 0 |
| operations/operations.rb:42:6:42:6 | b | 0 |
| operations/operations.rb:43:1:43:1 | x | 0 |
| operations/operations.rb:43:6:43:6 | y | 0 |
| operations/operations.rb:46:1:46:1 | x | 0 |
| operations/operations.rb:46:6:46:6 | 3 | 3 |
| operations/operations.rb:47:1:47:1 | y | 0 |
| operations/operations.rb:47:6:47:7 | 16 | 16 |
| operations/operations.rb:48:1:48:3 | foo | 0 |
| operations/operations.rb:48:7:48:10 | 0xff | 0xff |
| operations/operations.rb:49:1:49:3 | bar | 0 |
| operations/operations.rb:49:7:49:10 | 0x02 | 0x02 |
| operations/operations.rb:50:1:50:3 | baz | 0 |
| operations/operations.rb:50:7:50:9 | qux | 0 |
| operations/operations.rb:53:1:53:1 | x | 0 |
| operations/operations.rb:53:6:53:6 | y | 0 |
| operations/operations.rb:54:1:54:1 | a | 0 |
| operations/operations.rb:54:6:54:8 | 123 | 123 |
| operations/operations.rb:55:1:55:1 | m | 0 |
| operations/operations.rb:55:7:55:7 | n | 0 |
| operations/operations.rb:58:1:58:1 | x | 0 |
| operations/operations.rb:58:5:58:5 | 0 | 0 |
| operations/operations.rb:59:1:59:1 | y | 0 |
| operations/operations.rb:59:6:59:8 | 100 | 100 |
| operations/operations.rb:60:1:60:1 | a | 0 |
| operations/operations.rb:60:5:60:5 | b | 0 |
| operations/operations.rb:61:1:61:1 | 7 | 7 |
| operations/operations.rb:61:6:61:8 | foo | 0 |
| operations/operations.rb:64:1:64:1 | a | 0 |
| operations/operations.rb:64:7:64:7 | b | 0 |
| operations/operations.rb:65:1:65:4 | name | 0 |
| operations/operations.rb:65:9:65:15 | /foo.*/ | foo.* |
| operations/operations.rb:66:1:66:6 | handle | 0 |
| operations/operations.rb:66:11:66:17 | /.*bar/ | .*bar |
| operations/operations.rb:69:1:69:1 | x | 0 |
| operations/operations.rb:69:3:69:4 | ... + ... | 128 |
| operations/operations.rb:69:6:69:8 | 128 | 128 |
| operations/operations.rb:70:1:70:1 | y | 0 |
| operations/operations.rb:70:3:70:4 | ... - ... | -32 |
| operations/operations.rb:70:6:70:7 | 32 | 32 |
| operations/operations.rb:71:1:71:1 | a | 0 |
| operations/operations.rb:71:3:71:4 | ... * ... | 0 |
| operations/operations.rb:71:6:71:7 | 12 | 12 |
| operations/operations.rb:72:1:72:1 | b | 0 |
| operations/operations.rb:72:3:72:4 | ... / ... | 0 |
| operations/operations.rb:72:6:72:6 | 4 | 4 |
| operations/operations.rb:73:1:73:1 | z | 0 |
| operations/operations.rb:73:6:73:6 | 2 | 2 |
| operations/operations.rb:74:1:74:3 | foo | 0 |
| operations/operations.rb:74:9:74:11 | bar | 0 |
| operations/operations.rb:77:2:77:2 | x | 128 |
| operations/operations.rb:77:8:77:8 | y | -32 |
| operations/operations.rb:78:2:78:2 | a | 0 |
| operations/operations.rb:78:8:78:8 | b | 0 |
| operations/operations.rb:81:8:81:8 | 2 | 2 |
| operations/operations.rb:82:2:82:2 | y | -32 |
| operations/operations.rb:82:8:82:8 | 3 | 3 |
| operations/operations.rb:83:9:83:12 | mask | 0 |
| operations/operations.rb:84:2:84:4 | bar | 0 |
| operations/operations.rb:84:9:84:12 | 0x01 | 0x01 |
| operations/operations.rb:85:2:85:4 | baz | 0 |
| operations/operations.rb:85:9:85:11 | qux | 0 |
| operations/operations.rb:88:8:88:8 | 1 | 1 |
| operations/operations.rb:89:9:89:9 | 2 | 2 |
| operations/operations.rb:91:9:91:9 | 3 | 3 |
| operations/operations.rb:92:10:92:10 | 4 | 4 |
| operations/operations.rb:95:15:95:15 | 5 | 5 |
| operations/operations.rb:96:16:96:16 | 6 | 6 |
| params/params.rb:41:46:41:46 | 7 | 7 |
| params/params.rb:47:19:47:21 | :bar | bar |
| params/params.rb:47:24:47:24 | 2 | 2 |
| params/params.rb:47:27:47:29 | :foo | foo |
| params/params.rb:47:32:47:32 | 3 | 3 |
| params/params.rb:49:37:49:39 | 100 | 100 |
| params/params.rb:53:44:53:44 | 3 | 3 |
| params/params.rb:58:46:58:46 | 0 | 0 |
| params/params.rb:58:56:58:58 | 100 | 100 |
| params/params.rb:63:14:63:19 | "Zeus" | Zeus |
| params/params.rb:65:41:65:42 | 99 | 99 |
| params/params.rb:70:42:70:45 | 1000 | 1000 |
| params/params.rb:70:52:70:53 | 20 | 20 |

4
ql/test/library-tests/ast/ValueText.ql Normal file
View File

@@ -0,0 +1,4 @@
import ruby
from Expr e
select e, e.getValueText()

20
ql/test/library-tests/controlflow/graph/Cfg.expected
View File

@@ -41,8 +41,8 @@ break_ensure.rb:
#-----| -> do ...
# 3| ... > ...
#-----| true -> break
#-----| raise -> for ... in ...
#-----| true -> break
#-----| false -> if ...
# 3| element
@@ -580,12 +580,12 @@ cfg.html.erb:
# 12| self
#-----| -> call to a
# 12| :id
#-----| -> "a"
# 12| Pair
#-----| -> call to link_to
# 12| :id
#-----| -> "a"
# 12| "a"
#-----| -> Pair
@@ -1493,12 +1493,12 @@ cfg.rb:
# 97| "d"
#-----| -> Pair
# 97| :e
#-----| -> "f"
# 97| Pair
#-----| -> {...}
# 97| :e
#-----| -> "f"
# 97| "f"
#-----| -> Pair
@@ -1826,6 +1826,9 @@ cfg.rb:
# 134| EmptyModule
#-----| -> ... rescue ...
# 136| ... rescue ...
#-----| -> 1
# 136| ... / ...
#-----| raise -> self
#-----| -> __synth__0
@@ -1833,9 +1836,6 @@ cfg.rb:
# 136| 1
#-----| -> 0
# 136| ... rescue ...
#-----| -> 1
# 136| 0
#-----| -> ... / ...

2
ql/test/library-tests/dataflow/local/ReturnNodes.ql
View File

@@ -1,4 +1,4 @@
import ruby
import codeql.ruby.dataflow.internal.DataFlowPrivate
select any(ReturnNode node)
select any(ReturningNode node)

12
ql/test/library-tests/frameworks/ActionController.expected
View File

@@ -13,8 +13,8 @@ actionControllerActionMethods
| app/controllers/foo/bars_controller.rb:15:3:19:5 | show |
paramsCalls
| ActiveRecordInjection.rb:35:30:35:35 | call to params |
| ActiveRecordInjection.rb:39:30:39:35 | call to params |
| ActiveRecordInjection.rb:43:32:43:37 | call to params |
| ActiveRecordInjection.rb:39:29:39:34 | call to params |
| ActiveRecordInjection.rb:43:31:43:36 | call to params |
| ActiveRecordInjection.rb:48:21:48:26 | call to params |
| ActiveRecordInjection.rb:54:34:54:39 | call to params |
| ActiveRecordInjection.rb:56:23:56:28 | call to params |
@@ -24,7 +24,7 @@ paramsCalls
| ActiveRecordInjection.rb:77:12:77:17 | call to params |
| ActiveRecordInjection.rb:83:12:83:17 | call to params |
| ActiveRecordInjection.rb:88:15:88:20 | call to params |
| ActiveRecordInjection.rb:94:22:94:27 | call to params |
| ActiveRecordInjection.rb:94:21:94:26 | call to params |
| app/controllers/foo/bars_controller.rb:8:21:8:26 | call to params |
| app/controllers/foo/bars_controller.rb:9:10:9:15 | call to params |
| app/controllers/foo/bars_controller.rb:16:21:16:26 | call to params |
@@ -32,8 +32,8 @@ paramsCalls
| app/views/foo/bars/show.html.erb:5:9:5:14 | call to params |
paramsSources
| ActiveRecordInjection.rb:35:30:35:35 | call to params |
| ActiveRecordInjection.rb:39:30:39:35 | call to params |
| ActiveRecordInjection.rb:43:32:43:37 | call to params |
| ActiveRecordInjection.rb:39:29:39:34 | call to params |
| ActiveRecordInjection.rb:43:31:43:36 | call to params |
| ActiveRecordInjection.rb:48:21:48:26 | call to params |
| ActiveRecordInjection.rb:54:34:54:39 | call to params |
| ActiveRecordInjection.rb:56:23:56:28 | call to params |
@@ -43,7 +43,7 @@ paramsSources
| ActiveRecordInjection.rb:77:12:77:17 | call to params |
| ActiveRecordInjection.rb:83:12:83:17 | call to params |
| ActiveRecordInjection.rb:88:15:88:20 | call to params |
| ActiveRecordInjection.rb:94:22:94:27 | call to params |
| ActiveRecordInjection.rb:94:21:94:26 | call to params |
| app/controllers/foo/bars_controller.rb:8:21:8:26 | call to params |
| app/controllers/foo/bars_controller.rb:9:10:9:15 | call to params |
| app/controllers/foo/bars_controller.rb:16:21:16:26 | call to params |

26
ql/test/library-tests/frameworks/ActiveRecord.expected
View File

@@ -4,13 +4,13 @@ activeRecordModelClasses
| ActiveRecordInjection.rb:19:1:25:3 | Admin |
activeRecordSqlExecutionRanges
| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" |
| ActiveRecordInjection.rb:23:17:23:25 | condition |
| ActiveRecordInjection.rb:23:16:23:24 | condition |
| ActiveRecordInjection.rb:35:30:35:44 | ...[...] |
| ActiveRecordInjection.rb:39:21:39:43 | "id = '#{...}'" |
| ActiveRecordInjection.rb:43:23:43:45 | "id = '#{...}'" |
| ActiveRecordInjection.rb:39:20:39:42 | "id = '#{...}'" |
| ActiveRecordInjection.rb:43:22:43:44 | "id = '#{...}'" |
| ActiveRecordInjection.rb:47:16:47:21 | <<-SQL |
| ActiveRecordInjection.rb:54:20:54:47 | "user.id = '#{...}'" |
| ActiveRecordInjection.rb:68:21:68:33 | ... + ... |
| ActiveRecordInjection.rb:68:20:68:32 | ... + ... |
| ActiveRecordInjection.rb:75:16:75:28 | "name #{...}" |
| ActiveRecordInjection.rb:80:20:80:39 | "username = #{...}" |
activeRecordModelClassMethodCalls
@@ -19,28 +19,28 @@ activeRecordModelClassMethodCalls
| ActiveRecordInjection.rb:10:5:10:68 | call to find |
| ActiveRecordInjection.rb:15:5:15:40 | call to find_by |
| ActiveRecordInjection.rb:15:5:15:46 | call to users |
| ActiveRecordInjection.rb:23:5:23:26 | call to destroy_all |
| ActiveRecordInjection.rb:23:5:23:25 | call to destroy_by |
| ActiveRecordInjection.rb:35:5:35:45 | call to calculate |
| ActiveRecordInjection.rb:39:5:39:44 | call to delete_all |
| ActiveRecordInjection.rb:43:5:43:47 | call to destroy_all |
| ActiveRecordInjection.rb:39:5:39:43 | call to delete_by |
| ActiveRecordInjection.rb:43:5:43:46 | call to destroy_by |
| ActiveRecordInjection.rb:47:5:47:35 | call to where |
| ActiveRecordInjection.rb:54:5:54:14 | call to where |
| ActiveRecordInjection.rb:54:5:54:48 | call to not |
| ActiveRecordInjection.rb:56:5:56:51 | call to authenticate |
| ActiveRecordInjection.rb:68:5:68:34 | call to delete_all |
| ActiveRecordInjection.rb:68:5:68:33 | call to delete_by |
| ActiveRecordInjection.rb:75:5:75:29 | call to order |
| ActiveRecordInjection.rb:80:7:80:40 | call to find_by |
| ActiveRecordInjection.rb:85:5:85:33 | call to find_by |
| ActiveRecordInjection.rb:88:5:88:34 | call to find |
| ActiveRecordInjection.rb:94:5:94:46 | call to delete_all |
| ActiveRecordInjection.rb:94:5:94:45 | call to delete_by |
potentiallyUnsafeSqlExecutingMethodCall
| ActiveRecordInjection.rb:10:5:10:68 | call to find |
| ActiveRecordInjection.rb:23:5:23:26 | call to destroy_all |
| ActiveRecordInjection.rb:23:5:23:25 | call to destroy_by |
| ActiveRecordInjection.rb:35:5:35:45 | call to calculate |
| ActiveRecordInjection.rb:39:5:39:44 | call to delete_all |
| ActiveRecordInjection.rb:43:5:43:47 | call to destroy_all |
| ActiveRecordInjection.rb:39:5:39:43 | call to delete_by |
| ActiveRecordInjection.rb:43:5:43:46 | call to destroy_by |
| ActiveRecordInjection.rb:47:5:47:35 | call to where |
| ActiveRecordInjection.rb:54:5:54:48 | call to not |
| ActiveRecordInjection.rb:68:5:68:34 | call to delete_all |
| ActiveRecordInjection.rb:68:5:68:33 | call to delete_by |
| ActiveRecordInjection.rb:75:5:75:29 | call to order |
| ActiveRecordInjection.rb:80:7:80:40 | call to find_by |

14
ql/test/library-tests/frameworks/ActiveRecordInjection.rb
View File

@@ -17,10 +17,10 @@ class User < ApplicationRecord
end
class Admin < User
def self.delete_all(condition = nil)
# BAD: `delete_all` overrides an ActiveRecord method, but doesn't perform
def self.delete_by(condition = nil)
# BAD: `delete_by` overrides an ActiveRecord method, but doesn't perform
# any validation before passing its arguments on to another ActiveRecord method
destroy_all(condition)
destroy_by(condition)
end
end
@@ -36,11 +36,11 @@ class FooController < ActionController::Base
# BAD: executes `DELETE FROM "users" WHERE (id = '#{params[:id]}')`
# where `params[:id]` is unsanitized
User.delete_all("id = '#{params[:id]}'")
User.delete_by("id = '#{params[:id]}'")
# BAD: executes `SELECT "users".* FROM "users" WHERE (id = '#{params[:id]}')`
# where `params[:id]` is unsanitized
User.destroy_all(["id = '#{params[:id]}'"])
User.destroy_by(["id = '#{params[:id]}'"])
# BAD: executes `SELECT "users".* FROM "users" WHERE id BETWEEN '#{params[:min_id]}' AND 100000`
# where `params[:min_id]` is unsanitized
@@ -65,7 +65,7 @@ class BarController < ApplicationController
# BAD: executes `DELETE FROM "users" WHERE (id = #{uid})`
# where `uid` is unsantized
User.delete_all("id " + uidEq)
User.delete_by("id " + uidEq)
end
def safe_paths
@@ -91,6 +91,6 @@ end
class BazController < BarController
def yet_another_handler
Admin.delete_all(params[:admin_condition])
Admin.delete_by(params[:admin_condition])
end
end

7
ql/test/library-tests/frameworks/Eval.rb
View File

@@ -1,10 +1,10 @@
# Uses of eval and send
eval("raise \"error\"")
eval("raise \"error\"", binding, "file", 1)
send("raise", "error")
a = []
a.send("raise", "error")
a.send("push", "1")
class Foo
def eval(x)
@@ -21,3 +21,6 @@ class Foo
end
Foo.new.send("exit", 1)
Foo.new.instance_eval("self.class", "file.rb", 3)
Foo.class_eval("def foo; 1; end", "file.rb", 1)
Foo.module_eval("def bar; 1; end", "other_file.rb", 2)

12
ql/test/library-tests/frameworks/StandardLibrary.expected
View File

@@ -59,7 +59,13 @@ open3PipelineCallExecutions
| CommandExecution.rb:64:1:64:44 | call to pipeline_start |
| CommandExecution.rb:65:1:65:38 | call to pipeline |
evalCallCodeExecutions
| Eval.rb:3:1:3:23 | call to eval |
| Eval.rb:3:1:3:43 | call to eval | Eval.rb:3:6:3:22 | "raise \\"error\\"" |
sendCallCodeExecutions
| Eval.rb:4:1:4:22 | call to send |
| Eval.rb:7:1:7:24 | call to send |
| Eval.rb:4:1:4:22 | call to send | Eval.rb:4:6:4:12 | "raise" |
| Eval.rb:7:1:7:19 | call to send | Eval.rb:7:8:7:13 | "push" |
instanceEvalCallCodeExecutions
| Eval.rb:24:1:24:49 | call to instance_eval | Eval.rb:24:23:24:34 | "self.class" |
classEvalCallCodeExecutions
| Eval.rb:25:1:25:47 | call to class_eval | Eval.rb:25:16:25:32 | "def foo; 1; end" |
moduleEvalCallCodeExecutions
| Eval.rb:26:1:26:54 | call to module_eval | Eval.rb:26:17:26:33 | "def bar; 1; end" |

17
ql/test/library-tests/frameworks/StandardLibrary.ql
View File

@@ -1,4 +1,5 @@
import codeql.ruby.frameworks.StandardLibrary
import codeql.ruby.DataFlow
query predicate subshellLiteralExecutions(SubshellLiteralExecution e) { any() }
@@ -14,6 +15,18 @@ query predicate open3CallExecutions(Open3Call c) { any() }
query predicate open3PipelineCallExecutions(Open3PipelineCall c) { any() }
query predicate evalCallCodeExecutions(EvalCallCodeExecution e) { any() }
query DataFlow::Node evalCallCodeExecutions(EvalCallCodeExecution e) { result = e.getCode() }
query predicate sendCallCodeExecutions(SendCallCodeExecution e) { any() }
query DataFlow::Node sendCallCodeExecutions(SendCallCodeExecution e) { result = e.getCode() }
query DataFlow::Node instanceEvalCallCodeExecutions(InstanceEvalCallCodeExecution e) {
result = e.getCode()
}
query DataFlow::Node classEvalCallCodeExecutions(ClassEvalCallCodeExecution e) {
result = e.getCode()
}
query DataFlow::Node moduleEvalCallCodeExecutions(ModuleEvalCallCodeExecution e) {
result = e.getCode()
}

0
ql/test/library-tests/frameworks/Files.expected → ql/test/library-tests/frameworks/files/Files.expected
View File

0
ql/test/library-tests/frameworks/Files.ql → ql/test/library-tests/frameworks/files/Files.ql
View File

0
ql/test/library-tests/frameworks/Files.rb → ql/test/library-tests/frameworks/files/Files.rb
View File

2
ql/test/library-tests/frameworks/http_clients/Excon.ql
View File

@@ -1,4 +1,4 @@
import codeql.ruby.frameworks.http_clients.Excon
import codeql.ruby.DataFlow
query DataFlow::Node exconHTTPRequests(ExconHTTPRequest e) { result = e.getResponseBody() }
query DataFlow::Node exconHttpRequests(ExconHttpRequest e) { result = e.getResponseBody() }

2
ql/test/library-tests/frameworks/http_clients/Faraday.ql
View File

@@ -1,4 +1,4 @@
import codeql.ruby.frameworks.http_clients.Faraday
import codeql.ruby.DataFlow
query DataFlow::Node faradayHTTPRequests(FaradayHTTPRequest e) { result = e.getResponseBody() }
query DataFlow::Node faradayHttpRequests(FaradayHttpRequest e) { result = e.getResponseBody() }

9
ql/test/library-tests/frameworks/http_clients/HttpClient.expected Normal file
View File

@@ -0,0 +1,9 @@
| HttpClient.rb:3:9:3:45 | call to get | HttpClient.rb:4:1:4:10 | call to body |
| HttpClient.rb:6:9:6:65 | call to post | HttpClient.rb:7:1:7:13 | call to content |
| HttpClient.rb:9:9:9:64 | call to put | HttpClient.rb:10:1:10:15 | call to http_body |
| HttpClient.rb:12:9:12:48 | call to delete | HttpClient.rb:13:1:13:10 | call to dump |
| HttpClient.rb:15:9:15:46 | call to head | HttpClient.rb:16:1:16:10 | call to body |
| HttpClient.rb:18:9:18:49 | call to options | HttpClient.rb:19:1:19:13 | call to content |
| HttpClient.rb:21:9:21:47 | call to trace | HttpClient.rb:22:1:22:15 | call to http_body |
| HttpClient.rb:24:9:24:53 | call to get_content | HttpClient.rb:24:9:24:53 | call to get_content |
| HttpClient.rb:26:10:26:74 | call to post_content | HttpClient.rb:26:10:26:74 | call to post_content |

4
ql/test/library-tests/frameworks/http_clients/HttpClient.ql Normal file
View File

@@ -0,0 +1,4 @@
import codeql.ruby.frameworks.http_clients.HttpClient
import codeql.ruby.DataFlow
query DataFlow::Node httpClientRequests(HttpClientRequest e) { result = e.getResponseBody() }

26
ql/test/library-tests/frameworks/http_clients/HttpClient.rb Normal file
View File

@@ -0,0 +1,26 @@
require "httpclient"
resp1 = HTTPClient.get("http://example.com/")
resp1.body
resp2 = HTTPClient.post("http://example.com/", body: "some_data")
resp2.content
resp3 = HTTPClient.put("http://example.com/", body: "some_data")
resp3.http_body
resp5 = HTTPClient.delete("http://example.com/")
resp5.dump
resp6 = HTTPClient.head("http://example.com/")
resp6.body
resp7 = HTTPClient.options("http://example.com/")
resp7.content
resp8 = HTTPClient.trace("http://example.com/")
resp8.http_body
resp9 = HTTPClient.get_content("http://example.com/")
resp10 = HTTPClient.post_content("http://example.com/", body: "some_data")

7
ql/test/library-tests/frameworks/http_clients/Httparty.expected Normal file
View File

@@ -0,0 +1,7 @@
| Httparty.rb:5:1:5:35 | call to get | Httparty.rb:5:1:5:35 | call to get |
| Httparty.rb:7:1:7:55 | call to post | Httparty.rb:7:1:7:55 | call to post |
| Httparty.rb:9:1:9:54 | call to put | Httparty.rb:9:1:9:54 | call to put |
| Httparty.rb:11:1:11:56 | call to patch | Httparty.rb:11:1:11:56 | call to patch |
| Httparty.rb:15:9:15:46 | call to delete | Httparty.rb:16:1:16:10 | call to body |
| Httparty.rb:18:9:18:44 | call to head | Httparty.rb:19:1:19:10 | call to body |
| Httparty.rb:21:9:21:47 | call to options | Httparty.rb:22:1:22:10 | call to body |

4
ql/test/library-tests/frameworks/http_clients/Httparty.ql Normal file
View File

@@ -0,0 +1,4 @@
import codeql.ruby.frameworks.http_clients.Httparty
import codeql.ruby.DataFlow
query DataFlow::Node httpartyRequests(HttpartyRequest e) { result = e.getResponseBody() }

31
ql/test/library-tests/frameworks/http_clients/Httparty.rb Normal file
View File

@@ -0,0 +1,31 @@
require "httparty"
# If the response body is not nil or an empty string, it will be parsed and returned directly.
HTTParty.get("http://example.com/")
HTTParty.post("http://example.com/", body: "some_data")
HTTParty.put("http://example.com/", body: "some_data")
HTTParty.patch("http://example.com/", body: "some_data")
# Otherwise, `HTTParty::Response` will be returned, which has a `#body` method.
resp5 = HTTParty.delete("http://example.com/")
resp5.body
resp6 = HTTParty.head("http://example.com/")
resp6.body
resp7 = HTTParty.options("http://example.com/")
resp7.body
# HTTParty methods can also be included in other classes.
# This is not yet modelled.
class MyClient
inlcude HTTParty
end
MyClient.get("http://example.com")

8
ql/test/library-tests/frameworks/http_clients/NetHTTP.expected
View File

@@ -1,8 +0,0 @@
| NetHTTP.rb:4:1:4:18 | call to get | NetHTTP.rb:4:1:4:18 | call to get |
| NetHTTP.rb:6:8:6:50 | call to post | NetHTTP.rb:7:1:7:9 | call to body |
| NetHTTP.rb:6:8:6:50 | call to post | NetHTTP.rb:8:1:8:14 | call to read_body |
| NetHTTP.rb:6:8:6:50 | call to post | NetHTTP.rb:9:1:9:11 | call to entity |
| NetHTTP.rb:13:6:13:17 | call to get | NetHTTP.rb:18:1:18:7 | call to body |
| NetHTTP.rb:14:6:14:18 | call to post | NetHTTP.rb:19:1:19:12 | call to read_body |
| NetHTTP.rb:15:6:15:17 | call to put | NetHTTP.rb:20:1:20:9 | call to entity |
| NetHTTP.rb:24:3:24:33 | call to get | NetHTTP.rb:27:1:27:28 | call to body |

4
ql/test/library-tests/frameworks/http_clients/NetHTTP.ql
View File

@@ -1,4 +0,0 @@
import codeql.ruby.frameworks.http_clients.NetHTTP
import codeql.ruby.DataFlow
query DataFlow::Node netHTTPRequests(NetHTTPRequest e) { result = e.getResponseBody() }

8
ql/test/library-tests/frameworks/http_clients/NetHttp.expected Normal file
View File

@@ -0,0 +1,8 @@
| NetHttp.rb:4:1:4:18 | call to get | NetHttp.rb:4:1:4:18 | call to get |
| NetHttp.rb:6:8:6:50 | call to post | NetHttp.rb:7:1:7:9 | call to body |
| NetHttp.rb:6:8:6:50 | call to post | NetHttp.rb:8:1:8:14 | call to read_body |
| NetHttp.rb:6:8:6:50 | call to post | NetHttp.rb:9:1:9:11 | call to entity |
| NetHttp.rb:13:6:13:17 | call to get | NetHttp.rb:18:1:18:7 | call to body |
| NetHttp.rb:14:6:14:18 | call to post | NetHttp.rb:19:1:19:12 | call to read_body |
| NetHttp.rb:15:6:15:17 | call to put | NetHttp.rb:20:1:20:9 | call to entity |
| NetHttp.rb:24:3:24:33 | call to get | NetHttp.rb:27:1:27:28 | call to body |

4
ql/test/library-tests/frameworks/http_clients/NetHttp.ql Normal file
View File

@@ -0,0 +1,4 @@
import codeql.ruby.frameworks.http_clients.NetHttp
import codeql.ruby.DataFlow
query DataFlow::Node netHttpRequests(NetHttpRequest e) { result = e.getResponseBody() }

0
ql/test/library-tests/frameworks/http_clients/NetHTTP.rb → ql/test/library-tests/frameworks/http_clients/NetHttp.rb
View File

4
ql/test/library-tests/frameworks/http_clients/OpenURI.expected Normal file
View File

@@ -0,0 +1,4 @@
| OpenURI.rb:3:9:3:41 | call to open | OpenURI.rb:4:1:4:10 | call to read |
| OpenURI.rb:6:9:6:34 | call to open | OpenURI.rb:7:1:7:15 | call to readlines |
| OpenURI.rb:9:9:9:38 | call to open | OpenURI.rb:10:1:10:10 | call to read |
| OpenURI.rb:12:9:12:45 | call to open | OpenURI.rb:13:1:13:10 | call to read |

4
ql/test/library-tests/frameworks/http_clients/OpenURI.ql Normal file
View File

@@ -0,0 +1,4 @@
import codeql.ruby.frameworks.http_clients.OpenURI
import codeql.ruby.DataFlow
query DataFlow::Node openURIRequests(OpenURIRequest e) { result = e.getResponseBody() }

13
ql/test/library-tests/frameworks/http_clients/OpenURI.rb Normal file
View File

@@ -0,0 +1,13 @@
require "open-uri"
resp1 = Kernel.open("http://example.com")
resp1.read
resp2 = open("http://example.com")
resp2.readlines
resp3 = URI.open("http://example.com")
resp3.read
resp4 = URI.parse("https://example.com").open
resp4.read

2
ql/test/library-tests/frameworks/http_clients/RestClient.ql
View File

@@ -1,6 +1,6 @@
import codeql.ruby.frameworks.http_clients.RestClient
import codeql.ruby.DataFlow
query DataFlow::Node restClientHTTPRequests(RestClientHTTPRequest e) {
query DataFlow::Node restClientHttpRequests(RestClientHttpRequest e) {
result = e.getResponseBody()
}

7
ql/test/library-tests/frameworks/http_clients/Typhoeus.expected Normal file
View File

@@ -0,0 +1,7 @@
| Typhoeus.rb:3:9:3:43 | call to get | Typhoeus.rb:4:1:4:10 | call to body |
| Typhoeus.rb:6:9:6:63 | call to post | Typhoeus.rb:7:1:7:10 | call to body |
| Typhoeus.rb:9:9:9:62 | call to put | Typhoeus.rb:10:1:10:10 | call to body |
| Typhoeus.rb:12:9:12:64 | call to patch | Typhoeus.rb:13:1:13:10 | call to body |
| Typhoeus.rb:15:9:15:46 | call to delete | Typhoeus.rb:16:1:16:10 | call to body |
| Typhoeus.rb:18:9:18:44 | call to head | Typhoeus.rb:19:1:19:10 | call to body |
| Typhoeus.rb:21:9:21:47 | call to options | Typhoeus.rb:22:1:22:10 | call to body |

4
ql/test/library-tests/frameworks/http_clients/Typhoeus.ql Normal file
View File

@@ -0,0 +1,4 @@
import codeql.ruby.frameworks.http_clients.Typhoeus
import codeql.ruby.DataFlow
query DataFlow::Node typhoeusHttpRequests(TyphoeusHttpRequest e) { result = e.getResponseBody() }

22
ql/test/library-tests/frameworks/http_clients/Typhoeus.rb Normal file
View File

@@ -0,0 +1,22 @@
require "typhoeus"
resp1 = Typhoeus.get("http://example.com/")
resp1.body
resp2 = Typhoeus.post("http://example.com/", body: "some_data")
resp2.body
resp3 = Typhoeus.put("http://example.com/", body: "some_data")
resp3.body
resp4 = Typhoeus.patch("http://example.com/", body: "some_data")
resp4.body
resp5 = Typhoeus.delete("http://example.com/")
resp5.body
resp6 = Typhoeus.head("http://example.com/")
resp6.body
resp7 = Typhoeus.options("http://example.com/")
resp7.body

11
ql/test/query-tests/security/cwe-078/KernelOpen.expected Normal file
View File

@@ -0,0 +1,11 @@
edges
| KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:4:10:4:13 | file |
| KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:5:13:5:16 | file |
nodes
| KernelOpen.rb:3:12:3:17 | call to params : | semmle.label | call to params : |
| KernelOpen.rb:4:10:4:13 | file | semmle.label | file |
| KernelOpen.rb:5:13:5:16 | file | semmle.label | file |
subpaths
#select
| KernelOpen.rb:4:10:4:13 | file | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:4:10:4:13 | file | This call to Kernel.open depends on a user-provided value. Replace it with File.open. |
| KernelOpen.rb:5:13:5:16 | file | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:5:13:5:16 | file | This call to IO.read depends on a user-provided value. Replace it with File.read. |

1
ql/test/query-tests/security/cwe-078/KernelOpen.qlref Normal file
View File

@@ -0,0 +1 @@
queries/security/cwe-078/KernelOpen.ql

17
ql/test/query-tests/security/cwe-078/KernelOpen.rb Normal file
View File

@@ -0,0 +1,17 @@
class UsersController < ActionController::Base
def create
file = params[:file]
open(file) # BAD
IO.read(file) # BAD
File.open(file).read # GOOD
if file == "some/const/path.txt"
open(file) # GOOD - file path is sanitised by guard
end
if %w(some/const/1.txt some/const/2.txt).include? file
IO.read(file) # GOOD - file path is sanitised by guard
end
end
end

46
ql/test/query-tests/security/cwe-089/ActiveRecordInjection.rb
View File

@@ -17,10 +17,10 @@ class User < ApplicationRecord
end
class Admin < User
def self.delete_all(condition = nil)
# BAD: `delete_all` overrides an ActiveRecord method, but doesn't perform
def self.delete_by(condition = nil)
# BAD: `delete_by overrides an ActiveRecord method, but doesn't perform
# any validation before passing its arguments on to another ActiveRecord method
destroy_all(condition)
destroy_by(condition)
end
end
@@ -34,12 +34,26 @@ class FooController < ActionController::Base
# where `params[:column]` is unsanitized
User.calculate(:average, params[:column])
# BAD: executes `SELECT MAX(#{params[:column]}) FROM "users"`
# where `params[:column]` is unsanitized
User.maximum(params[:column])
# BAD: executes `DELETE FROM "users" WHERE (id = '#{params[:id]}')`
# where `params[:id]` is unsanitized
User.delete_by("id = '#{params[:id]}'")
# BAD: executes `DELETE FROM "users" WHERE (id = '#{params[:id]}')`
# where `params[:id]` is unsanitized
# (in Rails < 4.0)
User.delete_all("id = '#{params[:id]}'")
# BAD: executes `SELECT "users".* FROM "users" WHERE (id = '#{params[:id]}')`
# where `params[:id]` is unsanitized
User.destroy_by(["id = '#{params[:id]}'"])
# BAD: executes `SELECT "users".* FROM "users" WHERE (id = '#{params[:id]}')`
# where `params[:id]` is unsanitized
# (in Rails < 4.0)
User.destroy_all(["id = '#{params[:id]}'"])
# BAD: executes `SELECT "users".* FROM "users" WHERE id BETWEEN '#{params[:min_id]}' AND 100000`
@@ -54,6 +68,28 @@ class FooController < ActionController::Base
User.where.not("user.id = '#{params[:id]}'")
User.authenticate(params[:name], params[:pass])
# BAD: executes `SELECT "users".* FROM "users" WHERE (id = '#{params[:id]}')` LIMIT 1
# where `params[:id]` is unsanitized
User.find_or_initialize_by("id = '#{params[:id]}'")
user = User.first
# BAD: executes `SELECT "users".* FROM "users" WHERE id = 1 LIMIT 1 #{params[:lock]}`
# where `params[:lock]` is unsanitized
user.reload(lock: params[:lock])
# BAD: executes `SELECT #{params[:column]} FROM "users"`
# where `params[:column]` is unsanitized
User.select(params[:column])
User.reselect(params[:column])
# BAD: executes `SELECT "users".* FROM "users" WHERE (#{params[:condition]})`
# where `params[:condition]` is unsanitized
User.rewhere(params[:condition])
# BAD: executes `UPDATE "users" SET #{params[:fields]}`
# where `params[:fields]` is unsanitized
User.update_all(params[:fields])
end
end
@@ -65,7 +101,7 @@ class BarController < ApplicationController
# BAD: executes `DELETE FROM "users" WHERE (id = #{uid})`
# where `uid` is unsantized
User.delete_all("id " + uidEq)
User.delete_by("id " + uidEq)
end
def safe_paths
@@ -98,6 +134,6 @@ end
class BazController < BarController
def yet_another_handler
Admin.delete_all(params[:admin_condition])
Admin.delete_by(params[:admin_condition])
end
end

108
ql/test/query-tests/security/cwe-089/SqlInjection.expected
View File

@@ -1,51 +1,83 @@
edges
| ActiveRecordInjection.rb:8:25:8:28 | name : | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" |
| ActiveRecordInjection.rb:8:31:8:34 | pass : | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" |
| ActiveRecordInjection.rb:20:23:20:31 | condition : | ActiveRecordInjection.rb:23:17:23:25 | condition |
| ActiveRecordInjection.rb:20:22:20:30 | condition : | ActiveRecordInjection.rb:23:16:23:24 | condition |
| ActiveRecordInjection.rb:35:30:35:35 | call to params : | ActiveRecordInjection.rb:35:30:35:44 | ...[...] |
| ActiveRecordInjection.rb:39:30:39:35 | call to params : | ActiveRecordInjection.rb:39:21:39:43 | "id = '#{...}'" |
| ActiveRecordInjection.rb:43:32:43:37 | call to params : | ActiveRecordInjection.rb:43:23:43:45 | "id = '#{...}'" |
| ActiveRecordInjection.rb:48:21:48:26 | call to params : | ActiveRecordInjection.rb:47:16:47:21 | <<-SQL |
| ActiveRecordInjection.rb:54:34:54:39 | call to params : | ActiveRecordInjection.rb:54:20:54:47 | "user.id = '#{...}'" |
| ActiveRecordInjection.rb:56:23:56:28 | call to params : | ActiveRecordInjection.rb:56:23:56:35 | ...[...] : |
| ActiveRecordInjection.rb:56:23:56:35 | ...[...] : | ActiveRecordInjection.rb:8:25:8:28 | name : |
| ActiveRecordInjection.rb:56:38:56:43 | call to params : | ActiveRecordInjection.rb:56:38:56:50 | ...[...] : |
| ActiveRecordInjection.rb:56:38:56:50 | ...[...] : | ActiveRecordInjection.rb:8:31:8:34 | pass : |
| ActiveRecordInjection.rb:62:10:62:15 | call to params : | ActiveRecordInjection.rb:68:21:68:33 | ... + ... |
| ActiveRecordInjection.rb:101:22:101:27 | call to params : | ActiveRecordInjection.rb:101:22:101:45 | ...[...] : |
| ActiveRecordInjection.rb:101:22:101:45 | ...[...] : | ActiveRecordInjection.rb:20:23:20:31 | condition : |
| ActiveRecordInjection.rb:39:18:39:23 | call to params : | ActiveRecordInjection.rb:39:18:39:32 | ...[...] |
| ActiveRecordInjection.rb:43:29:43:34 | call to params : | ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" |
| ActiveRecordInjection.rb:48:30:48:35 | call to params : | ActiveRecordInjection.rb:48:21:48:43 | "id = '#{...}'" |
| ActiveRecordInjection.rb:52:31:52:36 | call to params : | ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" |
| ActiveRecordInjection.rb:57:32:57:37 | call to params : | ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" |
| ActiveRecordInjection.rb:62:21:62:26 | call to params : | ActiveRecordInjection.rb:61:16:61:21 | <<-SQL |
| ActiveRecordInjection.rb:68:34:68:39 | call to params : | ActiveRecordInjection.rb:68:20:68:47 | "user.id = '#{...}'" |
| ActiveRecordInjection.rb:70:23:70:28 | call to params : | ActiveRecordInjection.rb:70:23:70:35 | ...[...] : |
| ActiveRecordInjection.rb:70:23:70:35 | ...[...] : | ActiveRecordInjection.rb:8:25:8:28 | name : |
| ActiveRecordInjection.rb:70:38:70:43 | call to params : | ActiveRecordInjection.rb:70:38:70:50 | ...[...] : |
| ActiveRecordInjection.rb:70:38:70:50 | ...[...] : | ActiveRecordInjection.rb:8:31:8:34 | pass : |
| ActiveRecordInjection.rb:74:41:74:46 | call to params : | ActiveRecordInjection.rb:74:32:74:54 | "id = '#{...}'" |
| ActiveRecordInjection.rb:83:17:83:22 | call to params : | ActiveRecordInjection.rb:83:17:83:31 | ...[...] |
| ActiveRecordInjection.rb:84:19:84:24 | call to params : | ActiveRecordInjection.rb:84:19:84:33 | ...[...] |
| ActiveRecordInjection.rb:88:18:88:23 | call to params : | ActiveRecordInjection.rb:88:18:88:35 | ...[...] |
| ActiveRecordInjection.rb:92:21:92:26 | call to params : | ActiveRecordInjection.rb:92:21:92:35 | ...[...] |
| ActiveRecordInjection.rb:98:10:98:15 | call to params : | ActiveRecordInjection.rb:104:20:104:32 | ... + ... |
| ActiveRecordInjection.rb:137:21:137:26 | call to params : | ActiveRecordInjection.rb:137:21:137:44 | ...[...] : |
| ActiveRecordInjection.rb:137:21:137:44 | ...[...] : | ActiveRecordInjection.rb:20:22:20:30 | condition : |
nodes
| ActiveRecordInjection.rb:8:25:8:28 | name : | semmle.label | name : |
| ActiveRecordInjection.rb:8:31:8:34 | pass : | semmle.label | pass : |
| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | semmle.label | "name='#{...}' and pass='#{...}'" |
| ActiveRecordInjection.rb:20:23:20:31 | condition : | semmle.label | condition : |
| ActiveRecordInjection.rb:23:17:23:25 | condition | semmle.label | condition |
| ActiveRecordInjection.rb:20:22:20:30 | condition : | semmle.label | condition : |
| ActiveRecordInjection.rb:23:16:23:24 | condition | semmle.label | condition |
| ActiveRecordInjection.rb:35:30:35:35 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:35:30:35:44 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:39:21:39:43 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:39:30:39:35 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:43:23:43:45 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:43:32:43:37 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:47:16:47:21 | <<-SQL | semmle.label | <<-SQL |
| ActiveRecordInjection.rb:48:21:48:26 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:54:20:54:47 | "user.id = '#{...}'" | semmle.label | "user.id = '#{...}'" |
| ActiveRecordInjection.rb:54:34:54:39 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:56:23:56:28 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:56:23:56:35 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:56:38:56:43 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:56:38:56:50 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:62:10:62:15 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:68:21:68:33 | ... + ... | semmle.label | ... + ... |
| ActiveRecordInjection.rb:101:22:101:27 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:101:22:101:45 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:39:18:39:23 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:39:18:39:32 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:43:29:43:34 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:48:21:48:43 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:48:30:48:35 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:52:31:52:36 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:57:32:57:37 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:61:16:61:21 | <<-SQL | semmle.label | <<-SQL |
| ActiveRecordInjection.rb:62:21:62:26 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:68:20:68:47 | "user.id = '#{...}'" | semmle.label | "user.id = '#{...}'" |
| ActiveRecordInjection.rb:68:34:68:39 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:70:23:70:28 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:70:23:70:35 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:70:38:70:43 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:70:38:70:50 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:74:32:74:54 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:74:41:74:46 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:83:17:83:22 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:83:17:83:31 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:84:19:84:24 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:84:19:84:33 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:88:18:88:23 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:88:18:88:35 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:92:21:92:26 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:92:21:92:35 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:98:10:98:15 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:104:20:104:32 | ... + ... | semmle.label | ... + ... |
| ActiveRecordInjection.rb:137:21:137:26 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:137:21:137:44 | ...[...] : | semmle.label | ...[...] : |
subpaths
#select
| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:56:23:56:28 | call to params : | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on $@. | ActiveRecordInjection.rb:56:23:56:28 | call to params | a user-provided value |
| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:56:38:56:43 | call to params : | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on $@. | ActiveRecordInjection.rb:56:38:56:43 | call to params | a user-provided value |
| ActiveRecordInjection.rb:23:17:23:25 | condition | ActiveRecordInjection.rb:101:22:101:27 | call to params : | ActiveRecordInjection.rb:23:17:23:25 | condition | This SQL query depends on $@. | ActiveRecordInjection.rb:101:22:101:27 | call to params | a user-provided value |
| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:70:23:70:28 | call to params : | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on $@. | ActiveRecordInjection.rb:70:23:70:28 | call to params | a user-provided value |
| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:70:38:70:43 | call to params : | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on $@. | ActiveRecordInjection.rb:70:38:70:43 | call to params | a user-provided value |
| ActiveRecordInjection.rb:23:16:23:24 | condition | ActiveRecordInjection.rb:137:21:137:26 | call to params : | ActiveRecordInjection.rb:23:16:23:24 | condition | This SQL query depends on $@. | ActiveRecordInjection.rb:137:21:137:26 | call to params | a user-provided value |
| ActiveRecordInjection.rb:35:30:35:44 | ...[...] | ActiveRecordInjection.rb:35:30:35:35 | call to params : | ActiveRecordInjection.rb:35:30:35:44 | ...[...] | This SQL query depends on $@. | ActiveRecordInjection.rb:35:30:35:35 | call to params | a user-provided value |
| ActiveRecordInjection.rb:39:21:39:43 | "id = '#{...}'" | ActiveRecordInjection.rb:39:30:39:35 | call to params : | ActiveRecordInjection.rb:39:21:39:43 | "id = '#{...}'" | This SQL query depends on $@. | ActiveRecordInjection.rb:39:30:39:35 | call to params | a user-provided value |
| ActiveRecordInjection.rb:43:23:43:45 | "id = '#{...}'" | ActiveRecordInjection.rb:43:32:43:37 | call to params : | ActiveRecordInjection.rb:43:23:43:45 | "id = '#{...}'" | This SQL query depends on $@. | ActiveRecordInjection.rb:43:32:43:37 | call to params | a user-provided value |
| ActiveRecordInjection.rb:47:16:47:21 | <<-SQL | ActiveRecordInjection.rb:48:21:48:26 | call to params : | ActiveRecordInjection.rb:47:16:47:21 | <<-SQL | This SQL query depends on $@. | ActiveRecordInjection.rb:48:21:48:26 | call to params | a user-provided value |
| ActiveRecordInjection.rb:54:20:54:47 | "user.id = '#{...}'" | ActiveRecordInjection.rb:54:34:54:39 | call to params : | ActiveRecordInjection.rb:54:20:54:47 | "user.id = '#{...}'" | This SQL query depends on $@. | ActiveRecordInjection.rb:54:34:54:39 | call to params | a user-provided value |
| ActiveRecordInjection.rb:68:21:68:33 | ... + ... | ActiveRecordInjection.rb:62:10:62:15 | call to params : | ActiveRecordInjection.rb:68:21:68:33 | ... + ... | This SQL query depends on $@. | ActiveRecordInjection.rb:62:10:62:15 | call to params | a user-provided value |
| ActiveRecordInjection.rb:39:18:39:32 | ...[...] | ActiveRecordInjection.rb:39:18:39:23 | call to params : | ActiveRecordInjection.rb:39:18:39:32 | ...[...] | This SQL query depends on $@. | ActiveRecordInjection.rb:39:18:39:23 | call to params | a user-provided value |
| ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" | ActiveRecordInjection.rb:43:29:43:34 | call to params : | ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" | This SQL query depends on $@. | ActiveRecordInjection.rb:43:29:43:34 | call to params | a user-provided value |
| ActiveRecordInjection.rb:48:21:48:43 | "id = '#{...}'" | ActiveRecordInjection.rb:48:30:48:35 | call to params : | ActiveRecordInjection.rb:48:21:48:43 | "id = '#{...}'" | This SQL query depends on $@. | ActiveRecordInjection.rb:48:30:48:35 | call to params | a user-provided value |
| ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" | ActiveRecordInjection.rb:52:31:52:36 | call to params : | ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" | This SQL query depends on $@. | ActiveRecordInjection.rb:52:31:52:36 | call to params | a user-provided value |
| ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" | ActiveRecordInjection.rb:57:32:57:37 | call to params : | ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" | This SQL query depends on $@. | ActiveRecordInjection.rb:57:32:57:37 | call to params | a user-provided value |
| ActiveRecordInjection.rb:61:16:61:21 | <<-SQL | ActiveRecordInjection.rb:62:21:62:26 | call to params : | ActiveRecordInjection.rb:61:16:61:21 | <<-SQL | This SQL query depends on $@. | ActiveRecordInjection.rb:62:21:62:26 | call to params | a user-provided value |
| ActiveRecordInjection.rb:68:20:68:47 | "user.id = '#{...}'" | ActiveRecordInjection.rb:68:34:68:39 | call to params : | ActiveRecordInjection.rb:68:20:68:47 | "user.id = '#{...}'" | This SQL query depends on $@. | ActiveRecordInjection.rb:68:34:68:39 | call to params | a user-provided value |
| ActiveRecordInjection.rb:74:32:74:54 | "id = '#{...}'" | ActiveRecordInjection.rb:74:41:74:46 | call to params : | ActiveRecordInjection.rb:74:32:74:54 | "id = '#{...}'" | This SQL query depends on $@. | ActiveRecordInjection.rb:74:41:74:46 | call to params | a user-provided value |
| ActiveRecordInjection.rb:83:17:83:31 | ...[...] | ActiveRecordInjection.rb:83:17:83:22 | call to params : | ActiveRecordInjection.rb:83:17:83:31 | ...[...] | This SQL query depends on $@. | ActiveRecordInjection.rb:83:17:83:22 | call to params | a user-provided value |
| ActiveRecordInjection.rb:84:19:84:33 | ...[...] | ActiveRecordInjection.rb:84:19:84:24 | call to params : | ActiveRecordInjection.rb:84:19:84:33 | ...[...] | This SQL query depends on $@. | ActiveRecordInjection.rb:84:19:84:24 | call to params | a user-provided value |
| ActiveRecordInjection.rb:88:18:88:35 | ...[...] | ActiveRecordInjection.rb:88:18:88:23 | call to params : | ActiveRecordInjection.rb:88:18:88:35 | ...[...] | This SQL query depends on $@. | ActiveRecordInjection.rb:88:18:88:23 | call to params | a user-provided value |
| ActiveRecordInjection.rb:92:21:92:35 | ...[...] | ActiveRecordInjection.rb:92:21:92:26 | call to params : | ActiveRecordInjection.rb:92:21:92:35 | ...[...] | This SQL query depends on $@. | ActiveRecordInjection.rb:92:21:92:26 | call to params | a user-provided value |
| ActiveRecordInjection.rb:104:20:104:32 | ... + ... | ActiveRecordInjection.rb:98:10:98:15 | call to params : | ActiveRecordInjection.rb:104:20:104:32 | ... + ... | This SQL query depends on $@. | ActiveRecordInjection.rb:98:10:98:15 | call to params | a user-provided value |

6
ql/test/query-tests/security/cwe-094/CodeInjection.expected
View File

@@ -1,10 +1,16 @@
edges
| CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:6:10:6:13 | code |
| CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:18:20:18:23 | code |
| CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:21:21:21:24 | code |
nodes
| CodeInjection.rb:3:12:3:17 | call to params : | semmle.label | call to params : |
| CodeInjection.rb:6:10:6:13 | code | semmle.label | code |
| CodeInjection.rb:9:10:9:15 | call to params | semmle.label | call to params |
| CodeInjection.rb:18:20:18:23 | code | semmle.label | code |
| CodeInjection.rb:21:21:21:24 | code | semmle.label | code |
subpaths
#select
| CodeInjection.rb:6:10:6:13 | code | CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:6:10:6:13 | code | This code execution depends on $@. | CodeInjection.rb:3:12:3:17 | call to params | a user-provided value |
| CodeInjection.rb:9:10:9:15 | call to params | CodeInjection.rb:9:10:9:15 | call to params | CodeInjection.rb:9:10:9:15 | call to params | This code execution depends on $@. | CodeInjection.rb:9:10:9:15 | call to params | a user-provided value |
| CodeInjection.rb:18:20:18:23 | code | CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:18:20:18:23 | code | This code execution depends on $@. | CodeInjection.rb:3:12:3:17 | call to params | a user-provided value |
| CodeInjection.rb:21:21:21:24 | code | CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:21:21:21:24 | code | This code execution depends on $@. | CodeInjection.rb:3:12:3:17 | call to params | a user-provided value |

24
ql/test/query-tests/security/cwe-094/CodeInjection.rb
View File

@@ -8,14 +8,32 @@ class UsersController < ActionController::Base
# BAD
eval(params)
# GOOD - user input is in second argument, which is not evaluated as Ruby code
send(:sanitize, params[:code])
# GOOD
Foo.new.bar(code)
# BAD
Foo.class_eval(code)
# BAD
Foo.module_eval(code)
# GOOD
Bar.class_eval(code)
end
def update
# GOOD
eval("foo")
end
private
def sanitize(code)
true
end
end
class Foo
@@ -27,3 +45,9 @@ class Foo
eval(x)
end
end
class Bar
def self.class_eval(x)
true
end
end

5
ql/test/query-tests/security/cwe-601/UrlRedirect.expected
View File

@@ -3,9 +3,7 @@ edges
| UrlRedirect.rb:14:17:14:22 | call to params : | UrlRedirect.rb:14:17:14:43 | call to fetch |
| UrlRedirect.rb:19:17:19:22 | call to params : | UrlRedirect.rb:19:17:19:37 | call to to_unsafe_hash |
| UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:24:17:24:37 | call to filter_params |
| UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:56:21:56:32 | input_params : |
| UrlRedirect.rb:34:20:34:25 | call to params : | UrlRedirect.rb:34:17:34:37 | "#{...}/foo" |
| UrlRedirect.rb:56:21:56:32 | input_params : | UrlRedirect.rb:57:5:57:29 | call to permit : |
nodes
| UrlRedirect.rb:4:17:4:22 | call to params | semmle.label | call to params |
| UrlRedirect.rb:9:17:9:22 | call to params : | semmle.label | call to params : |
@@ -18,10 +16,7 @@ nodes
| UrlRedirect.rb:24:31:24:36 | call to params : | semmle.label | call to params : |
| UrlRedirect.rb:34:17:34:37 | "#{...}/foo" | semmle.label | "#{...}/foo" |
| UrlRedirect.rb:34:20:34:25 | call to params : | semmle.label | call to params : |
| UrlRedirect.rb:56:21:56:32 | input_params : | semmle.label | input_params : |
| UrlRedirect.rb:57:5:57:29 | call to permit : | semmle.label | call to permit : |
subpaths
| UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:56:21:56:32 | input_params : | UrlRedirect.rb:57:5:57:29 | call to permit : | UrlRedirect.rb:24:17:24:37 | call to filter_params : |
#select
| UrlRedirect.rb:4:17:4:22 | call to params | UrlRedirect.rb:4:17:4:22 | call to params | UrlRedirect.rb:4:17:4:22 | call to params | Untrusted URL redirection due to $@. | UrlRedirect.rb:4:17:4:22 | call to params | a user-provided value |
| UrlRedirect.rb:9:17:9:28 | ...[...] | UrlRedirect.rb:9:17:9:22 | call to params : | UrlRedirect.rb:9:17:9:28 | ...[...] | Untrusted URL redirection due to $@. | UrlRedirect.rb:9:17:9:22 | call to params | a user-provided value |

16
ql/test/query-tests/security/cwe-611/LibXmlRuby.rb Normal file
View File

@@ -0,0 +1,16 @@
class LibXmlRubyXXE < ApplicationController
content = params[:xml]
LibXML::XML::Document.string(content, { options: 2 | 2048, encoding: 'utf-8' })
LibXML::XML::Document.file(content, { options: LibXML::XML::Parser::Options::NOENT | 2048})
LibXML::XML::Document.io(content, { options: XML::Parser::Options::NOENT | 2048 })
LibXML::XML::Parser.string(content, { options: 2 | 2048 })
LibXML::XML::Parser.file(content, { options: 3 | 2048 })
LibXML::XML::Parser.io(content, { options: 2 | 2048})
XML::Document.string(content, { options: 2 | 2048 })
XML::Parser.string(content, { options: 2 | 2048 })
LibXML::XML::Parser.file(content, { options: 2048 }) # OK
end

30
ql/test/query-tests/security/cwe-611/Nokogiri.rb Normal file
View File

@@ -0,0 +1,30 @@
class NokogiriXXE < ApplicationController
content = params[:xml]
Nokogiri::XML::parse(content, nil, nil, 2)
Nokogiri::XML::parse(content, nil, nil, 1 | 2)
Nokogiri::XML::parse(content, nil, nil, 1 & ~Nokogiri::XML::ParseOptions::NONET)
Nokogiri::XML::parse(content, nil, nil, Nokogiri::XML::ParseOptions::NOENT)
Nokogiri::XML::parse(content, nil, nil, Nokogiri::XML::ParseOptions::DTDLOAD)
Nokogiri::XML::parse(content, nil, nil, ~Nokogiri::XML::ParseOptions::NOENT) #OK
Nokogiri::XML::parse(content, nil, nil, ~Nokogiri::XML::ParseOptions::NONET)
Nokogiri::XML::parse(content, nil, nil, Nokogiri::XML::ParseOptions.new 2)
options = Nokogiri::XML::ParseOptions.new 2048
options.noent
Nokogiri::XML::parse(content, nil, nil, options)
Nokogiri::XML::parse(content, nil, nil, (Nokogiri::XML::ParseOptions.new 0).noent)
Nokogiri::XML::parse(content) { |x| x.noent }
Nokogiri::XML::parse(content) { |x| x.nononet } #FAIL
Nokogiri::XML::parse(content) { |x| x.nodtdload } # OK
Nokogiri::XML::parse(content) { |x| x.nonet.noent.nodtdload }
Nokogiri::XML::parse(content, nil, nil, 2048) # OK
Nokogiri::XML::parse(content, nil, nil, 3)
Nokogiri::XML::parse(content) { |x| x.nonet.nodtdload } # OK
Nokogiri::XML::parse(content, nil, nil, Nokogiri::XML::ParseOptions::NOENT & ~Nokogiri::XML::ParseOptions::NOBLANKS)
Nokogiri::XML::parse(content, nil, nil, ~Nokogiri::XML::ParseOptions::NONET | Nokogiri::XML::ParseOptions::NOBLANKS)
end

75
ql/test/query-tests/security/cwe-611/Xxe.expected Normal file
View File

@@ -0,0 +1,75 @@
edges
| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:4:34:4:40 | content |
| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:5:32:5:38 | content |
| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:6:30:6:36 | content |
| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:7:32:7:38 | content |
| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:8:30:8:36 | content |
| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:9:28:9:34 | content |
| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:11:26:11:32 | content |
| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:12:24:12:30 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:5:26:5:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:6:26:6:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:7:26:7:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:8:26:8:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:9:26:9:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:11:26:11:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:12:26:12:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:15:26:15:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:16:26:16:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:18:26:18:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:19:26:19:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:22:26:22:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:25:26:25:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:27:26:27:32 | content |
| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:28:26:28:32 | content |
nodes
| LibXmlRuby.rb:3:15:3:20 | call to params : | semmle.label | call to params : |
| LibXmlRuby.rb:4:34:4:40 | content | semmle.label | content |
| LibXmlRuby.rb:5:32:5:38 | content | semmle.label | content |
| LibXmlRuby.rb:6:30:6:36 | content | semmle.label | content |
| LibXmlRuby.rb:7:32:7:38 | content | semmle.label | content |
| LibXmlRuby.rb:8:30:8:36 | content | semmle.label | content |
| LibXmlRuby.rb:9:28:9:34 | content | semmle.label | content |
| LibXmlRuby.rb:11:26:11:32 | content | semmle.label | content |
| LibXmlRuby.rb:12:24:12:30 | content | semmle.label | content |
| Nokogiri.rb:3:15:3:20 | call to params : | semmle.label | call to params : |
| Nokogiri.rb:5:26:5:32 | content | semmle.label | content |
| Nokogiri.rb:6:26:6:32 | content | semmle.label | content |
| Nokogiri.rb:7:26:7:32 | content | semmle.label | content |
| Nokogiri.rb:8:26:8:32 | content | semmle.label | content |
| Nokogiri.rb:9:26:9:32 | content | semmle.label | content |
| Nokogiri.rb:11:26:11:32 | content | semmle.label | content |
| Nokogiri.rb:12:26:12:32 | content | semmle.label | content |
| Nokogiri.rb:15:26:15:32 | content | semmle.label | content |
| Nokogiri.rb:16:26:16:32 | content | semmle.label | content |
| Nokogiri.rb:18:26:18:32 | content | semmle.label | content |
| Nokogiri.rb:19:26:19:32 | content | semmle.label | content |
| Nokogiri.rb:22:26:22:32 | content | semmle.label | content |
| Nokogiri.rb:25:26:25:32 | content | semmle.label | content |
| Nokogiri.rb:27:26:27:32 | content | semmle.label | content |
| Nokogiri.rb:28:26:28:32 | content | semmle.label | content |
subpaths
#select
| LibXmlRuby.rb:4:34:4:40 | content | LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:4:34:4:40 | content | Unsafe parsing of XML file from $@. | LibXmlRuby.rb:3:15:3:20 | call to params | user input |
| LibXmlRuby.rb:5:32:5:38 | content | LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:5:32:5:38 | content | Unsafe parsing of XML file from $@. | LibXmlRuby.rb:3:15:3:20 | call to params | user input |
| LibXmlRuby.rb:6:30:6:36 | content | LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:6:30:6:36 | content | Unsafe parsing of XML file from $@. | LibXmlRuby.rb:3:15:3:20 | call to params | user input |
| LibXmlRuby.rb:7:32:7:38 | content | LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:7:32:7:38 | content | Unsafe parsing of XML file from $@. | LibXmlRuby.rb:3:15:3:20 | call to params | user input |
| LibXmlRuby.rb:8:30:8:36 | content | LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:8:30:8:36 | content | Unsafe parsing of XML file from $@. | LibXmlRuby.rb:3:15:3:20 | call to params | user input |
| LibXmlRuby.rb:9:28:9:34 | content | LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:9:28:9:34 | content | Unsafe parsing of XML file from $@. | LibXmlRuby.rb:3:15:3:20 | call to params | user input |
| LibXmlRuby.rb:11:26:11:32 | content | LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:11:26:11:32 | content | Unsafe parsing of XML file from $@. | LibXmlRuby.rb:3:15:3:20 | call to params | user input |
| LibXmlRuby.rb:12:24:12:30 | content | LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:12:24:12:30 | content | Unsafe parsing of XML file from $@. | LibXmlRuby.rb:3:15:3:20 | call to params | user input |
| Nokogiri.rb:5:26:5:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:5:26:5:32 | content | Unsafe parsing of XML file from $@. | Nokogiri.rb:3:15:3:20 | call to params | user input |
| Nokogiri.rb:6:26:6:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:6:26:6:32 | content | Unsafe parsing of XML file from $@. | Nokogiri.rb:3:15:3:20 | call to params | user input |
| Nokogiri.rb:7:26:7:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:7:26:7:32 | content | Unsafe parsing of XML file from $@. | Nokogiri.rb:3:15:3:20 | call to params | user input |
| Nokogiri.rb:8:26:8:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:8:26:8:32 | content | Unsafe parsing of XML file from $@. | Nokogiri.rb:3:15:3:20 | call to params | user input |
| Nokogiri.rb:9:26:9:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:9:26:9:32 | content | Unsafe parsing of XML file from $@. | Nokogiri.rb:3:15:3:20 | call to params | user input |
| Nokogiri.rb:11:26:11:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:11:26:11:32 | content | Unsafe parsing of XML file from $@. | Nokogiri.rb:3:15:3:20 | call to params | user input |
| Nokogiri.rb:12:26:12:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:12:26:12:32 | content | Unsafe parsing of XML file from $@. | Nokogiri.rb:3:15:3:20 | call to params | user input |
| Nokogiri.rb:15:26:15:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:15:26:15:32 | content | Unsafe parsing of XML file from $@. | Nokogiri.rb:3:15:3:20 | call to params | user input |
| Nokogiri.rb:16:26:16:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:16:26:16:32 | content | Unsafe parsing of XML file from $@. | Nokogiri.rb:3:15:3:20 | call to params | user input |
| Nokogiri.rb:18:26:18:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:18:26:18:32 | content | Unsafe parsing of XML file from $@. | Nokogiri.rb:3:15:3:20 | call to params | user input |
| Nokogiri.rb:19:26:19:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:19:26:19:32 | content | Unsafe parsing of XML file from $@. | Nokogiri.rb:3:15:3:20 | call to params | user input |
| Nokogiri.rb:22:26:22:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:22:26:22:32 | content | Unsafe parsing of XML file from $@. | Nokogiri.rb:3:15:3:20 | call to params | user input |
| Nokogiri.rb:25:26:25:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:25:26:25:32 | content | Unsafe parsing of XML file from $@. | Nokogiri.rb:3:15:3:20 | call to params | user input |
| Nokogiri.rb:27:26:27:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:27:26:27:32 | content | Unsafe parsing of XML file from $@. | Nokogiri.rb:3:15:3:20 | call to params | user input |
| Nokogiri.rb:28:26:28:32 | content | Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:28:26:28:32 | content | Unsafe parsing of XML file from $@. | Nokogiri.rb:3:15:3:20 | call to params | user input |

1
ql/test/query-tests/security/cwe-611/Xxe.qlref Normal file
View File

@@ -0,0 +1 @@
queries/security/cwe-611/Xxe.ql

8
ql/test/query-tests/security/cwe-798/HardcodedCredentials.expected
View File

@@ -6,6 +6,8 @@ edges
| HardcodedCredentials.rb:21:12:21:37 | "4fQuzXef4f2yow8KWvIJTA==" : | HardcodedCredentials.rb:23:19:23:20 | pw : |
| HardcodedCredentials.rb:23:19:23:20 | pw : | HardcodedCredentials.rb:1:23:1:30 | password |
| HardcodedCredentials.rb:38:40:38:85 | "kdW/xVhiv6y1fQQNevDpUaq+2rfPK..." : | HardcodedCredentials.rb:31:18:31:23 | passwd |
| HardcodedCredentials.rb:43:29:43:43 | "user@test.com" : | HardcodedCredentials.rb:43:18:43:25 | username |
| HardcodedCredentials.rb:43:57:43:70 | "abcdef123456" : | HardcodedCredentials.rb:43:46:43:53 | password |
nodes
| HardcodedCredentials.rb:1:23:1:30 | password | semmle.label | password |
| HardcodedCredentials.rb:4:20:4:65 | "xwjVWdfzfRlbcgKkbSfG/xSrUeHYq..." | semmle.label | "xwjVWdfzfRlbcgKkbSfG/xSrUeHYq..." |
@@ -19,6 +21,10 @@ nodes
| HardcodedCredentials.rb:23:19:23:20 | pw : | semmle.label | pw : |
| HardcodedCredentials.rb:31:18:31:23 | passwd | semmle.label | passwd |
| HardcodedCredentials.rb:38:40:38:85 | "kdW/xVhiv6y1fQQNevDpUaq+2rfPK..." : | semmle.label | "kdW/xVhiv6y1fQQNevDpUaq+2rfPK..." : |
| HardcodedCredentials.rb:43:18:43:25 | username | semmle.label | username |
| HardcodedCredentials.rb:43:29:43:43 | "user@test.com" : | semmle.label | "user@test.com" : |
| HardcodedCredentials.rb:43:46:43:53 | password | semmle.label | password |
| HardcodedCredentials.rb:43:57:43:70 | "abcdef123456" : | semmle.label | "abcdef123456" : |
subpaths
#select
| HardcodedCredentials.rb:4:20:4:65 | "xwjVWdfzfRlbcgKkbSfG/xSrUeHYq..." | HardcodedCredentials.rb:4:20:4:65 | "xwjVWdfzfRlbcgKkbSfG/xSrUeHYq..." | HardcodedCredentials.rb:4:20:4:65 | "xwjVWdfzfRlbcgKkbSfG/xSrUeHYq..." | Use of $@. | HardcodedCredentials.rb:4:20:4:65 | "xwjVWdfzfRlbcgKkbSfG/xSrUeHYq..." | hardcoded credentials |
@@ -29,3 +35,5 @@ subpaths
| HardcodedCredentials.rb:20:11:20:76 | "3jOe7sXKX6Tx52qHWUVqh2t9LNsE+..." | HardcodedCredentials.rb:20:11:20:76 | "3jOe7sXKX6Tx52qHWUVqh2t9LNsE+..." : | HardcodedCredentials.rb:1:23:1:30 | password | Use of $@. | HardcodedCredentials.rb:20:11:20:76 | "3jOe7sXKX6Tx52qHWUVqh2t9LNsE+..." | hardcoded credentials |
| HardcodedCredentials.rb:21:12:21:37 | "4fQuzXef4f2yow8KWvIJTA==" | HardcodedCredentials.rb:21:12:21:37 | "4fQuzXef4f2yow8KWvIJTA==" : | HardcodedCredentials.rb:1:23:1:30 | password | Use of $@. | HardcodedCredentials.rb:21:12:21:37 | "4fQuzXef4f2yow8KWvIJTA==" | hardcoded credentials |
| HardcodedCredentials.rb:38:40:38:85 | "kdW/xVhiv6y1fQQNevDpUaq+2rfPK..." | HardcodedCredentials.rb:38:40:38:85 | "kdW/xVhiv6y1fQQNevDpUaq+2rfPK..." : | HardcodedCredentials.rb:31:18:31:23 | passwd | Use of $@. | HardcodedCredentials.rb:38:40:38:85 | "kdW/xVhiv6y1fQQNevDpUaq+2rfPK..." | hardcoded credentials |
| HardcodedCredentials.rb:43:29:43:43 | "user@test.com" | HardcodedCredentials.rb:43:29:43:43 | "user@test.com" : | HardcodedCredentials.rb:43:18:43:25 | username | Use of $@. | HardcodedCredentials.rb:43:29:43:43 | "user@test.com" | hardcoded credentials |
| HardcodedCredentials.rb:43:57:43:70 | "abcdef123456" | HardcodedCredentials.rb:43:57:43:70 | "abcdef123456" : | HardcodedCredentials.rb:43:46:43:53 | password | Use of $@. | HardcodedCredentials.rb:43:57:43:70 | "abcdef123456" | hardcoded credentials |

4
ql/test/query-tests/security/cwe-798/HardcodedCredentials.rb
View File

@@ -39,3 +39,7 @@ Passwords::KnownPasswords.new.include?("kdW/xVhiv6y1fQQNevDpUaq+2rfPKfh+teE/45zS
# Call to unrelated method with same name (should not be flagged)
"foobar".include?("foo")
def default_cred(username = "user@test.com", password = "abcdef123456")
username
end