hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
0281dbd53210d513c3faad1f4964126eb45e7b30
codeql/ruby/ql/test/query-tests/security/decompression-api/DecompressionApi.expected
thiggy1342 0281dbd532 remove Zip::Entry.extract from query
2022-06-16 00:04:31 +00:00

13 lines
1.4 KiB
Plaintext
Raw Blame History

edges
| decompression_api.rb:3:31:3:36 | call to params : | decompression_api.rb:3:31:3:43 | ...[...] |
| decompression_api.rb:13:44:13:49 | call to params : | decompression_api.rb:13:44:13:56 | ...[...] |
nodes
| decompression_api.rb:3:31:3:36 | call to params : | semmle.label | call to params : |
| decompression_api.rb:3:31:3:43 | ...[...] | semmle.label | ...[...] |
| decompression_api.rb:13:44:13:49 | call to params : | semmle.label | call to params : |
| decompression_api.rb:13:44:13:56 | ...[...] | semmle.label | ...[...] |
subpaths
#select
| decompression_api.rb:3:31:3:43 | ...[...] | decompression_api.rb:3:31:3:36 | call to params : | decompression_api.rb:3:31:3:43 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | decompression_api.rb:3:9:3:44 | call to inflate | call to inflate |
| decompression_api.rb:13:44:13:56 | ...[...] | decompression_api.rb:13:44:13:49 | call to params : | decompression_api.rb:13:44:13:56 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | decompression_api.rb:13:9:13:57 | call to inflate | call to inflate |
Reference in New Issue View Git Blame Copy Permalink