codeql

hohn/codeql

Fork 0

mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00

Commit Graph

Author	SHA1	Message	Date
Asger Feldthaus	cbd044a768	Ruby: add a code injection test for flwo through Regexp.escape	2022-03-01 14:08:21 +01:00
Harry Maclean	43ddc54f2b	Ruby: Add Module#const_get as a code execution Module#const_get takes a single string argument and interprets it as the name of a constant. It then looks up the constant and returns its value. Object.const_get("Math::PI") # => 3.141592653589793 By itself, this method is not as dangerous as e.g. eval, but if the value returned is a class that is then instantiated, this can allow an attacker to instantiate arbitrary Ruby classes. As a result, I think it's safe to say that any remote input flowing into this call is a potential vulnerability. A real-world example of this is https://github.com/advisories/GHSA-52p9-v744-mwjj.	2022-01-06 13:03:41 +13:00
Arthur Baars	976daddd36	Move files to ruby subfolder	2021-10-15 11:47:28 +02:00

Author

SHA1

Message

Date

Asger Feldthaus

cbd044a768

Ruby: add a code injection test for flwo through Regexp.escape

2022-03-01 14:08:21 +01:00

Harry Maclean

43ddc54f2b

Ruby: Add Module#const_get as a code execution

Module#const_get takes a single string argument and interprets it as the
name of a constant. It then looks up the constant and returns its value.

    Object.const_get("Math::PI")
    # => 3.141592653589793

By itself, this method is not as dangerous as e.g. eval, but if the
value returned is a class that is then instantiated, this can allow an
attacker to instantiate arbitrary Ruby classes.

As a result, I think it's safe to say that any remote input flowing into
this call is a potential vulnerability. A real-world example of this is
https://github.com/advisories/GHSA-52p9-v744-mwjj.

2022-01-06 13:03:41 +13:00

Arthur Baars

976daddd36

Move files to ruby subfolder

2021-10-15 11:47:28 +02:00

3 Commits