mirror of
https://github.com/github/codeql.git
synced 2025-12-18 18:10:39 +01:00
95 lines
2.4 KiB
Ruby
95 lines
2.4 KiB
Ruby
class FooController < ActionController::Base
|
|
# BAD
|
|
def route0
|
|
path = params[:path] # $ Source=path1
|
|
@content = File.read path # $ Alert=path1
|
|
end
|
|
|
|
# BAD - File.absolute_path preserves taint
|
|
def route1
|
|
path = File.absolute_path params[:path] # $ Source=path2
|
|
@content = File.read path # $ Alert=path2
|
|
end
|
|
|
|
# BAD - File.dirname preserves taint
|
|
def route2
|
|
path = "#{File.dirname(params[:path])}/foo" # $ Source=path3
|
|
@content = File.read path # $ Alert=path3
|
|
end
|
|
|
|
# BAD - File.expand_path preserves taint
|
|
def route3
|
|
path = File.expand_path params[:path] # $ Source=path4
|
|
@content = File.read path # $ Alert=path4
|
|
end
|
|
|
|
# BAD - File.path preserves taint
|
|
def route4
|
|
path = File.path params[:path] # $ Source=path5
|
|
@content = File.read path # $ Alert=path5
|
|
end
|
|
|
|
# BAD - File.realdirpath preserves taint
|
|
def route5
|
|
path = File.realdirpath params[:path] # $ Source=path6
|
|
@content = File.read path # $ Alert=path6
|
|
end
|
|
|
|
# BAD - File.realpath preserves taint
|
|
def route6
|
|
path = File.realpath params[:path] # $ Source=path7
|
|
@content = File.read path # $ Alert=path7
|
|
end
|
|
|
|
# BAD - tainted arguments in any position propagate to the return value of
|
|
# File.join
|
|
def route7
|
|
path = File.join("foo", "bar", "baz", params[:path], "qux") # $ Source=path8
|
|
@content = File.read path # $ Alert=path8
|
|
end
|
|
|
|
# GOOD - File.basename does not preserve taint
|
|
def route8
|
|
path = File.basename params[:path]
|
|
@content = File.read path
|
|
end
|
|
|
|
# BAD
|
|
def route9
|
|
path = ActiveStorage::Filename.new(params[:path]) # $ Source=path9
|
|
@content = File.read path # $ Alert=path9
|
|
end
|
|
|
|
# GOOD - explicitly sanitized
|
|
def route10
|
|
path = ActiveStorage::Filename.new(params[:path]).sanitized
|
|
@content = File.read path
|
|
end
|
|
|
|
# BAD
|
|
def route11
|
|
path = ActiveStorage::Filename.new(params[:path]) # $ Source=path10
|
|
send_file path # $ Alert=path10
|
|
end
|
|
|
|
# BAD
|
|
def route12
|
|
path = ActiveStorage::Filename.new(params[:path]) # $ Source=path11
|
|
bla (Dir.glob path) # $ Alert=path11
|
|
bla (Dir[path]) # $ Alert=path11
|
|
end
|
|
|
|
# BAD
|
|
def route13
|
|
path = ActiveStorage::Filename.new(params[:path]) # $ Source=path12
|
|
load(path) # $ Alert=path12
|
|
autoload(:MyModule, path) # $ Alert=path12
|
|
end
|
|
|
|
def require_relative()
|
|
path = ActiveStorage::Filename.new(params[:path]) # $ Source=path13
|
|
puts "Debug: require_relative(#{path})"
|
|
super(path) # $ Alert=path13
|
|
end
|
|
end
|