add a rb/unsafe-code-construction query

rebase
2026-05-04 13:15:21 +02:00 · 2022-10-17 16:52:08 +02:00
parent 5f6cb1684b
commit f1668801d3
10 changed files with 267 additions and 0 deletions
--- a/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/UnsafeCodeConstruction.expected
+++ b/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/UnsafeCodeConstruction.expected
@@ -0,0 +1,16 @@
+edges
+| impl/unsafeCode.rb:2:12:2:17 | target :  | impl/unsafeCode.rb:3:17:3:25 | #{...} |
+| impl/unsafeCode.rb:7:12:7:12 | x :  | impl/unsafeCode.rb:8:30:8:30 | x |
+| impl/unsafeCode.rb:12:12:12:12 | x :  | impl/unsafeCode.rb:13:33:13:33 | x |
+nodes
+| impl/unsafeCode.rb:2:12:2:17 | target :  | semmle.label | target :  |
+| impl/unsafeCode.rb:3:17:3:25 | #{...} | semmle.label | #{...} |
+| impl/unsafeCode.rb:7:12:7:12 | x :  | semmle.label | x :  |
+| impl/unsafeCode.rb:8:30:8:30 | x | semmle.label | x |
+| impl/unsafeCode.rb:12:12:12:12 | x :  | semmle.label | x :  |
+| impl/unsafeCode.rb:13:33:13:33 | x | semmle.label | x |
+subpaths
+#select
+| impl/unsafeCode.rb:3:17:3:25 | #{...} | impl/unsafeCode.rb:2:12:2:17 | target :  | impl/unsafeCode.rb:3:17:3:25 | #{...} | This string interpolation which depends on $@ is later $@. | impl/unsafeCode.rb:2:12:2:17 | target | library input | impl/unsafeCode.rb:3:5:3:27 | call to eval | interpreted as code |
+| impl/unsafeCode.rb:8:30:8:30 | x | impl/unsafeCode.rb:7:12:7:12 | x :  | impl/unsafeCode.rb:8:30:8:30 | x | This string format which depends on $@ is later $@. | impl/unsafeCode.rb:7:12:7:12 | x | library input | impl/unsafeCode.rb:8:5:8:32 | call to eval | interpreted as code |
+| impl/unsafeCode.rb:13:33:13:33 | x | impl/unsafeCode.rb:12:12:12:12 | x :  | impl/unsafeCode.rb:13:33:13:33 | x | This string format which depends on $@ is later $@. | impl/unsafeCode.rb:12:12:12:12 | x | library input | impl/unsafeCode.rb:13:5:13:35 | call to eval | interpreted as code |
--- a/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/UnsafeCodeConstruction.qlref
+++ b/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/UnsafeCodeConstruction.qlref
@@ -0,0 +1 @@
+queries/security/cwe-094/UnsafeCodeConstruction.ql
--- a/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/impl/unsafeCode.rb
+++ b/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/impl/unsafeCode.rb
@@ -0,0 +1,19 @@
+class Foobar
+  def foo1(target)
+    eval("foo = #{target}") # NOT OK
+  end
+
+  # sprintf
+  def foo2(x) 
+    eval(sprintf("foo = %s", x)) # NOT OK
+  end
+
+  # String#%
+  def foo3(x)
+    eval("foo = %{foo}" % {foo: x}) # NOT OK
+  end   
+
+  def indirect_eval(x)
+    eval(x) # OK - no construction.
+  end
+end
--- a/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/unsafe-code.gemspec
+++ b/ruby/ql/test/query-tests/security/cwe-094/UnsafeCodeConstruction/unsafe-code.gemspec
@@ -0,0 +1,5 @@
+Gem::Specification.new do |s|
+    s.name = 'unsafe-code'
+    s.require_path = "impl"
+  end
+
				`@@ -0,0 +1 @@`
				`queries/security/cwe-094/UnsafeCodeConstruction.ql`