Files
codeql/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected
2026-06-16 10:40:37 +01:00

275 lines
36 KiB
Plaintext

#select
| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:78:23:78:28 | call to params | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:78:23:78:28 | call to params | user-provided value |
| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:78:38:78:43 | call to params | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:78:38:78:43 | call to params | user-provided value |
| ActiveRecordInjection.rb:12:31:12:65 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:78:23:78:28 | call to params | ActiveRecordInjection.rb:12:31:12:65 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:78:23:78:28 | call to params | user-provided value |
| ActiveRecordInjection.rb:12:31:12:65 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:78:38:78:43 | call to params | ActiveRecordInjection.rb:12:31:12:65 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:78:38:78:43 | call to params | user-provided value |
| ActiveRecordInjection.rb:16:13:16:26 | "name=#{...}" | ActiveRecordInjection.rb:78:23:78:28 | call to params | ActiveRecordInjection.rb:16:13:16:26 | "name=#{...}" | This SQL query depends on a $@. | ActiveRecordInjection.rb:78:23:78:28 | call to params | user-provided value |
| ActiveRecordInjection.rb:30:16:30:24 | condition | ActiveRecordInjection.rb:175:21:175:26 | call to params | ActiveRecordInjection.rb:30:16:30:24 | condition | This SQL query depends on a $@. | ActiveRecordInjection.rb:175:21:175:26 | call to params | user-provided value |
| ActiveRecordInjection.rb:42:30:42:44 | ...[...] | ActiveRecordInjection.rb:42:30:42:35 | call to params | ActiveRecordInjection.rb:42:30:42:44 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:42:30:42:35 | call to params | user-provided value |
| ActiveRecordInjection.rb:46:18:46:32 | ...[...] | ActiveRecordInjection.rb:46:18:46:23 | call to params | ActiveRecordInjection.rb:46:18:46:32 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:46:18:46:23 | call to params | user-provided value |
| ActiveRecordInjection.rb:50:20:50:42 | "id = '#{...}'" | ActiveRecordInjection.rb:50:29:50:34 | call to params | ActiveRecordInjection.rb:50:20:50:42 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:50:29:50:34 | call to params | user-provided value |
| ActiveRecordInjection.rb:55:21:55:43 | "id = '#{...}'" | ActiveRecordInjection.rb:55:30:55:35 | call to params | ActiveRecordInjection.rb:55:21:55:43 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:55:30:55:35 | call to params | user-provided value |
| ActiveRecordInjection.rb:59:21:59:45 | call to [] | ActiveRecordInjection.rb:59:31:59:36 | call to params | ActiveRecordInjection.rb:59:21:59:45 | call to [] | This SQL query depends on a $@. | ActiveRecordInjection.rb:59:31:59:36 | call to params | user-provided value |
| ActiveRecordInjection.rb:64:22:64:46 | call to [] | ActiveRecordInjection.rb:64:32:64:37 | call to params | ActiveRecordInjection.rb:64:22:64:46 | call to [] | This SQL query depends on a $@. | ActiveRecordInjection.rb:64:32:64:37 | call to params | user-provided value |
| ActiveRecordInjection.rb:68:16:68:21 | <<-SQL | ActiveRecordInjection.rb:69:21:69:26 | call to params | ActiveRecordInjection.rb:68:16:68:21 | <<-SQL | This SQL query depends on a $@. | ActiveRecordInjection.rb:69:21:69:26 | call to params | user-provided value |
| ActiveRecordInjection.rb:76:20:76:47 | "user.id = '#{...}'" | ActiveRecordInjection.rb:76:34:76:39 | call to params | ActiveRecordInjection.rb:76:20:76:47 | "user.id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:76:34:76:39 | call to params | user-provided value |
| ActiveRecordInjection.rb:82:32:82:54 | "id = '#{...}'" | ActiveRecordInjection.rb:82:41:82:46 | call to params | ActiveRecordInjection.rb:82:32:82:54 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:82:41:82:46 | call to params | user-provided value |
| ActiveRecordInjection.rb:87:23:87:35 | ...[...] | ActiveRecordInjection.rb:87:23:87:28 | call to params | ActiveRecordInjection.rb:87:23:87:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:87:23:87:28 | call to params | user-provided value |
| ActiveRecordInjection.rb:91:17:91:31 | ...[...] | ActiveRecordInjection.rb:91:17:91:22 | call to params | ActiveRecordInjection.rb:91:17:91:31 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:91:17:91:22 | call to params | user-provided value |
| ActiveRecordInjection.rb:92:19:92:33 | ...[...] | ActiveRecordInjection.rb:92:19:92:24 | call to params | ActiveRecordInjection.rb:92:19:92:33 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:92:19:92:24 | call to params | user-provided value |
| ActiveRecordInjection.rb:96:18:96:35 | ...[...] | ActiveRecordInjection.rb:96:18:96:23 | call to params | ActiveRecordInjection.rb:96:18:96:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:96:18:96:23 | call to params | user-provided value |
| ActiveRecordInjection.rb:100:21:100:35 | ...[...] | ActiveRecordInjection.rb:100:21:100:26 | call to params | ActiveRecordInjection.rb:100:21:100:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:100:21:100:26 | call to params | user-provided value |
| ActiveRecordInjection.rb:108:20:108:55 | "name = '#{...}'" | ActiveRecordInjection.rb:108:31:108:36 | call to params | ActiveRecordInjection.rb:108:20:108:55 | "name = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:108:31:108:36 | call to params | user-provided value |
| ActiveRecordInjection.rb:112:19:112:54 | "name = '#{...}'" | ActiveRecordInjection.rb:112:30:112:35 | call to params | ActiveRecordInjection.rb:112:19:112:54 | "name = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:112:30:112:35 | call to params | user-provided value |
| ActiveRecordInjection.rb:114:18:114:35 | ...[...] | ActiveRecordInjection.rb:114:18:114:23 | call to params | ActiveRecordInjection.rb:114:18:114:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:114:18:114:23 | call to params | user-provided value |
| ActiveRecordInjection.rb:116:26:116:40 | ...[...] | ActiveRecordInjection.rb:116:26:116:31 | call to params | ActiveRecordInjection.rb:116:26:116:40 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:116:26:116:31 | call to params | user-provided value |
| ActiveRecordInjection.rb:117:28:117:42 | ...[...] | ActiveRecordInjection.rb:117:28:117:33 | call to params | ActiveRecordInjection.rb:117:28:117:42 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:117:28:117:33 | call to params | user-provided value |
| ActiveRecordInjection.rb:118:25:118:49 | "b #{...}" | ActiveRecordInjection.rb:118:30:118:35 | call to params | ActiveRecordInjection.rb:118:25:118:49 | "b #{...}" | This SQL query depends on a $@. | ActiveRecordInjection.rb:118:30:118:35 | call to params | user-provided value |
| ActiveRecordInjection.rb:119:27:119:51 | "b #{...}" | ActiveRecordInjection.rb:119:32:119:37 | call to params | ActiveRecordInjection.rb:119:27:119:51 | "b #{...}" | This SQL query depends on a $@. | ActiveRecordInjection.rb:119:32:119:37 | call to params | user-provided value |
| ActiveRecordInjection.rb:120:21:120:35 | ...[...] | ActiveRecordInjection.rb:120:21:120:26 | call to params | ActiveRecordInjection.rb:120:21:120:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:120:21:120:26 | call to params | user-provided value |
| ActiveRecordInjection.rb:121:21:121:35 | ...[...] | ActiveRecordInjection.rb:121:21:121:26 | call to params | ActiveRecordInjection.rb:121:21:121:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:121:21:121:26 | call to params | user-provided value |
| ActiveRecordInjection.rb:122:20:122:34 | ...[...] | ActiveRecordInjection.rb:122:20:122:25 | call to params | ActiveRecordInjection.rb:122:20:122:34 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:122:20:122:25 | call to params | user-provided value |
| ActiveRecordInjection.rb:124:23:124:47 | ...[...] | ActiveRecordInjection.rb:124:23:124:28 | call to params | ActiveRecordInjection.rb:124:23:124:47 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:124:23:124:28 | call to params | user-provided value |
| ActiveRecordInjection.rb:128:19:128:30 | ...[...] | ActiveRecordInjection.rb:128:19:128:24 | call to params | ActiveRecordInjection.rb:128:19:128:30 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:128:19:128:24 | call to params | user-provided value |
| ActiveRecordInjection.rb:130:29:130:39 | ...[...] | ActiveRecordInjection.rb:130:29:130:34 | call to params | ActiveRecordInjection.rb:130:29:130:39 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:130:29:130:34 | call to params | user-provided value |
| ActiveRecordInjection.rb:142:20:142:32 | ... + ... | ActiveRecordInjection.rb:136:10:136:15 | call to params | ActiveRecordInjection.rb:142:20:142:32 | ... + ... | This SQL query depends on a $@. | ActiveRecordInjection.rb:136:10:136:15 | call to params | user-provided value |
| ActiveRecordInjection.rb:175:21:175:44 | ...[...] | ActiveRecordInjection.rb:175:21:175:26 | call to params | ActiveRecordInjection.rb:175:21:175:44 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:175:21:175:26 | call to params | user-provided value |
| ActiveRecordInjection.rb:189:27:189:76 | "this is an unsafe annotation:..." | ActiveRecordInjection.rb:189:59:189:64 | call to params | ActiveRecordInjection.rb:189:27:189:76 | "this is an unsafe annotation:..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:189:59:189:64 | call to params | user-provided value |
| ActiveRecordInjection.rb:202:37:202:41 | query | ActiveRecordInjection.rb:207:5:207:10 | call to params | ActiveRecordInjection.rb:202:37:202:41 | query | This SQL query depends on a $@. | ActiveRecordInjection.rb:207:5:207:10 | call to params | user-provided value |
| ActiveRecordInjection.rb:211:43:211:104 | "SELECT * FROM users WHERE id ..." | ActiveRecordInjection.rb:207:5:207:10 | call to params | ActiveRecordInjection.rb:211:43:211:104 | "SELECT * FROM users WHERE id ..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:207:5:207:10 | call to params | user-provided value |
| ActiveRecordInjection.rb:212:35:212:96 | "SELECT * FROM users WHERE id ..." | ActiveRecordInjection.rb:207:5:207:10 | call to params | ActiveRecordInjection.rb:212:35:212:96 | "SELECT * FROM users WHERE id ..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:207:5:207:10 | call to params | user-provided value |
| ActiveRecordInjection.rb:217:38:217:53 | "role = #{...}" | ActiveRecordInjection.rb:223:29:223:34 | call to params | ActiveRecordInjection.rb:217:38:217:53 | "role = #{...}" | This SQL query depends on a $@. | ActiveRecordInjection.rb:223:29:223:34 | call to params | user-provided value |
| ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | ArelInjection.rb:4:12:4:17 | call to params | ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | This SQL query depends on a $@. | ArelInjection.rb:4:12:4:17 | call to params | user-provided value |
| ArelInjection.rb:7:39:7:80 | "SELECT * FROM users WHERE nam..." | ArelInjection.rb:4:12:4:17 | call to params | ArelInjection.rb:7:39:7:80 | "SELECT * FROM users WHERE nam..." | This SQL query depends on a $@. | ArelInjection.rb:4:12:4:17 | call to params | user-provided value |
| PgInjection.rb:14:15:14:18 | qry1 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:14:15:14:18 | qry1 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value |
| PgInjection.rb:15:21:15:24 | qry1 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:15:21:15:24 | qry1 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value |
| PgInjection.rb:20:22:20:25 | qry2 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:20:22:20:25 | qry2 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value |
| PgInjection.rb:21:28:21:31 | qry2 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:21:28:21:31 | qry2 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value |
| PgInjection.rb:32:29:32:32 | qry3 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:32:29:32:32 | qry3 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value |
| PgInjection.rb:44:29:44:32 | qry3 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:44:29:44:32 | qry3 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value |
edges
| ActiveRecordInjection.rb:8:25:8:28 | name | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:8:25:8:28 | name | ActiveRecordInjection.rb:12:31:12:65 | "name='#{...}' and pass='#{...}'" | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:8:25:8:28 | name | ActiveRecordInjection.rb:16:13:16:26 | "name=#{...}" | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:8:31:8:34 | pass | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:8:31:8:34 | pass | ActiveRecordInjection.rb:12:31:12:65 | "name='#{...}' and pass='#{...}'" | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:27:22:27:30 | condition | ActiveRecordInjection.rb:30:16:30:24 | condition | provenance | |
| ActiveRecordInjection.rb:42:30:42:35 | call to params | ActiveRecordInjection.rb:42:30:42:44 | ...[...] | provenance | |
| ActiveRecordInjection.rb:46:18:46:23 | call to params | ActiveRecordInjection.rb:46:18:46:32 | ...[...] | provenance | |
| ActiveRecordInjection.rb:50:29:50:34 | call to params | ActiveRecordInjection.rb:50:29:50:39 | ...[...] | provenance | |
| ActiveRecordInjection.rb:50:29:50:39 | ...[...] | ActiveRecordInjection.rb:50:20:50:42 | "id = '#{...}'" | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:55:30:55:35 | call to params | ActiveRecordInjection.rb:55:30:55:40 | ...[...] | provenance | |
| ActiveRecordInjection.rb:55:30:55:40 | ...[...] | ActiveRecordInjection.rb:55:21:55:43 | "id = '#{...}'" | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:59:22:59:44 | "id = '#{...}'" : String | ActiveRecordInjection.rb:59:21:59:45 | call to [] | provenance | |
| ActiveRecordInjection.rb:59:31:59:36 | call to params | ActiveRecordInjection.rb:59:31:59:41 | ...[...] | provenance | |
| ActiveRecordInjection.rb:59:31:59:41 | ...[...] | ActiveRecordInjection.rb:59:22:59:44 | "id = '#{...}'" : String | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:64:23:64:45 | "id = '#{...}'" : String | ActiveRecordInjection.rb:64:22:64:46 | call to [] | provenance | |
| ActiveRecordInjection.rb:64:32:64:37 | call to params | ActiveRecordInjection.rb:64:32:64:42 | ...[...] | provenance | |
| ActiveRecordInjection.rb:64:32:64:42 | ...[...] | ActiveRecordInjection.rb:64:23:64:45 | "id = '#{...}'" : String | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:69:21:69:26 | call to params | ActiveRecordInjection.rb:69:21:69:35 | ...[...] | provenance | |
| ActiveRecordInjection.rb:69:21:69:35 | ...[...] | ActiveRecordInjection.rb:68:16:68:21 | <<-SQL | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:76:34:76:39 | call to params | ActiveRecordInjection.rb:76:34:76:44 | ...[...] | provenance | |
| ActiveRecordInjection.rb:76:34:76:44 | ...[...] | ActiveRecordInjection.rb:76:20:76:47 | "user.id = '#{...}'" | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:78:23:78:28 | call to params | ActiveRecordInjection.rb:78:23:78:35 | ...[...] | provenance | |
| ActiveRecordInjection.rb:78:23:78:35 | ...[...] | ActiveRecordInjection.rb:8:25:8:28 | name | provenance | |
| ActiveRecordInjection.rb:78:38:78:43 | call to params | ActiveRecordInjection.rb:78:38:78:50 | ...[...] | provenance | |
| ActiveRecordInjection.rb:78:38:78:50 | ...[...] | ActiveRecordInjection.rb:8:31:8:34 | pass | provenance | |
| ActiveRecordInjection.rb:82:41:82:46 | call to params | ActiveRecordInjection.rb:82:41:82:51 | ...[...] | provenance | |
| ActiveRecordInjection.rb:82:41:82:51 | ...[...] | ActiveRecordInjection.rb:82:32:82:54 | "id = '#{...}'" | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:87:23:87:28 | call to params | ActiveRecordInjection.rb:87:23:87:35 | ...[...] | provenance | |
| ActiveRecordInjection.rb:91:17:91:22 | call to params | ActiveRecordInjection.rb:91:17:91:31 | ...[...] | provenance | |
| ActiveRecordInjection.rb:92:19:92:24 | call to params | ActiveRecordInjection.rb:92:19:92:33 | ...[...] | provenance | |
| ActiveRecordInjection.rb:96:18:96:23 | call to params | ActiveRecordInjection.rb:96:18:96:35 | ...[...] | provenance | |
| ActiveRecordInjection.rb:100:21:100:26 | call to params | ActiveRecordInjection.rb:100:21:100:35 | ...[...] | provenance | |
| ActiveRecordInjection.rb:108:31:108:36 | call to params | ActiveRecordInjection.rb:108:31:108:52 | ...[...] | provenance | |
| ActiveRecordInjection.rb:108:31:108:52 | ...[...] | ActiveRecordInjection.rb:108:20:108:55 | "name = '#{...}'" | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:112:30:112:35 | call to params | ActiveRecordInjection.rb:112:30:112:51 | ...[...] | provenance | |
| ActiveRecordInjection.rb:112:30:112:51 | ...[...] | ActiveRecordInjection.rb:112:19:112:54 | "name = '#{...}'" | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:114:18:114:23 | call to params | ActiveRecordInjection.rb:114:18:114:35 | ...[...] | provenance | |
| ActiveRecordInjection.rb:116:26:116:31 | call to params | ActiveRecordInjection.rb:116:26:116:40 | ...[...] | provenance | |
| ActiveRecordInjection.rb:117:28:117:33 | call to params | ActiveRecordInjection.rb:117:28:117:42 | ...[...] | provenance | |
| ActiveRecordInjection.rb:118:30:118:35 | call to params | ActiveRecordInjection.rb:118:30:118:47 | ...[...] | provenance | |
| ActiveRecordInjection.rb:118:30:118:47 | ...[...] | ActiveRecordInjection.rb:118:25:118:49 | "b #{...}" | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:119:32:119:37 | call to params | ActiveRecordInjection.rb:119:32:119:49 | ...[...] | provenance | |
| ActiveRecordInjection.rb:119:32:119:49 | ...[...] | ActiveRecordInjection.rb:119:27:119:51 | "b #{...}" | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:120:21:120:26 | call to params | ActiveRecordInjection.rb:120:21:120:35 | ...[...] | provenance | |
| ActiveRecordInjection.rb:121:21:121:26 | call to params | ActiveRecordInjection.rb:121:21:121:35 | ...[...] | provenance | |
| ActiveRecordInjection.rb:122:20:122:25 | call to params | ActiveRecordInjection.rb:122:20:122:34 | ...[...] | provenance | |
| ActiveRecordInjection.rb:124:23:124:28 | call to params | ActiveRecordInjection.rb:124:23:124:47 | ...[...] | provenance | |
| ActiveRecordInjection.rb:128:19:128:24 | call to params | ActiveRecordInjection.rb:128:19:128:30 | ...[...] | provenance | |
| ActiveRecordInjection.rb:130:29:130:34 | call to params | ActiveRecordInjection.rb:130:29:130:39 | ...[...] | provenance | |
| ActiveRecordInjection.rb:136:5:136:6 | ps | ActiveRecordInjection.rb:137:11:137:12 | ps | provenance | |
| ActiveRecordInjection.rb:136:10:136:15 | call to params | ActiveRecordInjection.rb:136:5:136:6 | ps | provenance | |
| ActiveRecordInjection.rb:137:5:137:7 | uid | ActiveRecordInjection.rb:138:5:138:9 | uidEq : String | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:137:11:137:12 | ps | ActiveRecordInjection.rb:137:11:137:17 | ...[...] | provenance | |
| ActiveRecordInjection.rb:137:11:137:17 | ...[...] | ActiveRecordInjection.rb:137:5:137:7 | uid | provenance | |
| ActiveRecordInjection.rb:138:5:138:9 | uidEq : String | ActiveRecordInjection.rb:142:20:142:32 | ... + ... | provenance | |
| ActiveRecordInjection.rb:175:21:175:26 | call to params | ActiveRecordInjection.rb:175:21:175:44 | ...[...] | provenance | |
| ActiveRecordInjection.rb:175:21:175:26 | call to params | ActiveRecordInjection.rb:175:21:175:44 | ...[...] | provenance | |
| ActiveRecordInjection.rb:175:21:175:44 | ...[...] | ActiveRecordInjection.rb:27:22:27:30 | condition | provenance | |
| ActiveRecordInjection.rb:189:59:189:64 | call to params | ActiveRecordInjection.rb:189:59:189:74 | ...[...] | provenance | |
| ActiveRecordInjection.rb:189:59:189:74 | ...[...] | ActiveRecordInjection.rb:189:27:189:76 | "this is an unsafe annotation:..." | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:200:5:200:13 | my_params | ActiveRecordInjection.rb:201:47:201:55 | my_params | provenance | |
| ActiveRecordInjection.rb:200:17:200:32 | call to permitted_params | ActiveRecordInjection.rb:200:5:200:13 | my_params | provenance | |
| ActiveRecordInjection.rb:201:5:201:9 | query : String | ActiveRecordInjection.rb:202:37:202:41 | query | provenance | |
| ActiveRecordInjection.rb:201:47:201:55 | my_params | ActiveRecordInjection.rb:201:47:201:65 | ...[...] | provenance | |
| ActiveRecordInjection.rb:201:47:201:65 | ...[...] | ActiveRecordInjection.rb:201:5:201:9 | query : String | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:207:5:207:10 | call to params | ActiveRecordInjection.rb:207:5:207:27 | call to require | provenance | |
| ActiveRecordInjection.rb:207:5:207:27 | call to require | ActiveRecordInjection.rb:207:5:207:59 | call to permit | provenance | |
| ActiveRecordInjection.rb:207:5:207:59 | call to permit | ActiveRecordInjection.rb:200:17:200:32 | call to permitted_params | provenance | |
| ActiveRecordInjection.rb:207:5:207:59 | call to permit | ActiveRecordInjection.rb:211:77:211:92 | call to permitted_params | provenance | |
| ActiveRecordInjection.rb:207:5:207:59 | call to permit | ActiveRecordInjection.rb:212:69:212:84 | call to permitted_params | provenance | |
| ActiveRecordInjection.rb:211:77:211:92 | call to permitted_params | ActiveRecordInjection.rb:211:77:211:102 | ...[...] | provenance | |
| ActiveRecordInjection.rb:211:77:211:102 | ...[...] | ActiveRecordInjection.rb:211:43:211:104 | "SELECT * FROM users WHERE id ..." | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:212:69:212:84 | call to permitted_params | ActiveRecordInjection.rb:212:69:212:94 | ...[...] | provenance | |
| ActiveRecordInjection.rb:212:69:212:94 | ...[...] | ActiveRecordInjection.rb:212:35:212:96 | "SELECT * FROM users WHERE id ..." | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:217:24:217:27 | role | ActiveRecordInjection.rb:217:38:217:53 | "role = #{...}" | provenance | AdditionalTaintStep |
| ActiveRecordInjection.rb:223:29:223:34 | call to params | ActiveRecordInjection.rb:223:29:223:41 | ...[...] | provenance | |
| ActiveRecordInjection.rb:223:29:223:41 | ...[...] | ActiveRecordInjection.rb:217:24:217:27 | role | provenance | |
| ArelInjection.rb:4:5:4:8 | name | ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | provenance | AdditionalTaintStep |
| ArelInjection.rb:4:5:4:8 | name | ArelInjection.rb:7:39:7:80 | "SELECT * FROM users WHERE nam..." | provenance | AdditionalTaintStep |
| ArelInjection.rb:4:12:4:17 | call to params | ArelInjection.rb:4:12:4:29 | ...[...] | provenance | |
| ArelInjection.rb:4:12:4:29 | ...[...] | ArelInjection.rb:4:5:4:8 | name | provenance | |
| PgInjection.rb:6:5:6:8 | name | PgInjection.rb:13:5:13:8 | qry1 : String | provenance | AdditionalTaintStep |
| PgInjection.rb:6:5:6:8 | name | PgInjection.rb:19:5:19:8 | qry2 : String | provenance | AdditionalTaintStep |
| PgInjection.rb:6:5:6:8 | name | PgInjection.rb:31:5:31:8 | qry3 : String | provenance | AdditionalTaintStep |
| PgInjection.rb:6:5:6:8 | name | PgInjection.rb:43:5:43:8 | qry3 : String | provenance | AdditionalTaintStep |
| PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:6:12:6:24 | ...[...] | provenance | |
| PgInjection.rb:6:12:6:24 | ...[...] | PgInjection.rb:6:5:6:8 | name | provenance | |
| PgInjection.rb:13:5:13:8 | qry1 : String | PgInjection.rb:14:15:14:18 | qry1 | provenance | |
| PgInjection.rb:13:5:13:8 | qry1 : String | PgInjection.rb:15:21:15:24 | qry1 | provenance | |
| PgInjection.rb:19:5:19:8 | qry2 : String | PgInjection.rb:20:22:20:25 | qry2 | provenance | |
| PgInjection.rb:19:5:19:8 | qry2 : String | PgInjection.rb:21:28:21:31 | qry2 | provenance | |
| PgInjection.rb:31:5:31:8 | qry3 : String | PgInjection.rb:32:29:32:32 | qry3 | provenance | |
| PgInjection.rb:43:5:43:8 | qry3 : String | PgInjection.rb:44:29:44:32 | qry3 | provenance | |
nodes
| ActiveRecordInjection.rb:8:25:8:28 | name | semmle.label | name |
| ActiveRecordInjection.rb:8:31:8:34 | pass | semmle.label | pass |
| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | semmle.label | "name='#{...}' and pass='#{...}'" |
| ActiveRecordInjection.rb:12:31:12:65 | "name='#{...}' and pass='#{...}'" | semmle.label | "name='#{...}' and pass='#{...}'" |
| ActiveRecordInjection.rb:16:13:16:26 | "name=#{...}" | semmle.label | "name=#{...}" |
| ActiveRecordInjection.rb:27:22:27:30 | condition | semmle.label | condition |
| ActiveRecordInjection.rb:30:16:30:24 | condition | semmle.label | condition |
| ActiveRecordInjection.rb:42:30:42:35 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:42:30:42:44 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:46:18:46:23 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:46:18:46:32 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:50:20:50:42 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:50:29:50:34 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:50:29:50:39 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:55:21:55:43 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:55:30:55:35 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:55:30:55:40 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:59:21:59:45 | call to [] | semmle.label | call to [] |
| ActiveRecordInjection.rb:59:22:59:44 | "id = '#{...}'" : String | semmle.label | "id = '#{...}'" : String |
| ActiveRecordInjection.rb:59:31:59:36 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:59:31:59:41 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:64:22:64:46 | call to [] | semmle.label | call to [] |
| ActiveRecordInjection.rb:64:23:64:45 | "id = '#{...}'" : String | semmle.label | "id = '#{...}'" : String |
| ActiveRecordInjection.rb:64:32:64:37 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:64:32:64:42 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:68:16:68:21 | <<-SQL | semmle.label | <<-SQL |
| ActiveRecordInjection.rb:69:21:69:26 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:69:21:69:35 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:76:20:76:47 | "user.id = '#{...}'" | semmle.label | "user.id = '#{...}'" |
| ActiveRecordInjection.rb:76:34:76:39 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:76:34:76:44 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:78:23:78:28 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:78:23:78:35 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:78:38:78:43 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:78:38:78:50 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:82:32:82:54 | "id = '#{...}'" | semmle.label | "id = '#{...}'" |
| ActiveRecordInjection.rb:82:41:82:46 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:82:41:82:51 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:87:23:87:28 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:87:23:87:35 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:91:17:91:22 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:91:17:91:31 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:92:19:92:24 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:92:19:92:33 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:96:18:96:23 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:96:18:96:35 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:100:21:100:26 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:100:21:100:35 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:108:20:108:55 | "name = '#{...}'" | semmle.label | "name = '#{...}'" |
| ActiveRecordInjection.rb:108:31:108:36 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:108:31:108:52 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:112:19:112:54 | "name = '#{...}'" | semmle.label | "name = '#{...}'" |
| ActiveRecordInjection.rb:112:30:112:35 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:112:30:112:51 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:114:18:114:23 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:114:18:114:35 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:116:26:116:31 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:116:26:116:40 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:117:28:117:33 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:117:28:117:42 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:118:25:118:49 | "b #{...}" | semmle.label | "b #{...}" |
| ActiveRecordInjection.rb:118:30:118:35 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:118:30:118:47 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:119:27:119:51 | "b #{...}" | semmle.label | "b #{...}" |
| ActiveRecordInjection.rb:119:32:119:37 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:119:32:119:49 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:120:21:120:26 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:120:21:120:35 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:121:21:121:26 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:121:21:121:35 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:122:20:122:25 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:122:20:122:34 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:124:23:124:28 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:124:23:124:47 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:128:19:128:24 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:128:19:128:30 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:130:29:130:34 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:130:29:130:39 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:136:5:136:6 | ps | semmle.label | ps |
| ActiveRecordInjection.rb:136:10:136:15 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:137:5:137:7 | uid | semmle.label | uid |
| ActiveRecordInjection.rb:137:11:137:12 | ps | semmle.label | ps |
| ActiveRecordInjection.rb:137:11:137:17 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:138:5:138:9 | uidEq : String | semmle.label | uidEq : String |
| ActiveRecordInjection.rb:142:20:142:32 | ... + ... | semmle.label | ... + ... |
| ActiveRecordInjection.rb:175:21:175:26 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:175:21:175:44 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:175:21:175:44 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:189:27:189:76 | "this is an unsafe annotation:..." | semmle.label | "this is an unsafe annotation:..." |
| ActiveRecordInjection.rb:189:59:189:64 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:189:59:189:74 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:200:5:200:13 | my_params | semmle.label | my_params |
| ActiveRecordInjection.rb:200:17:200:32 | call to permitted_params | semmle.label | call to permitted_params |
| ActiveRecordInjection.rb:201:5:201:9 | query : String | semmle.label | query : String |
| ActiveRecordInjection.rb:201:47:201:55 | my_params | semmle.label | my_params |
| ActiveRecordInjection.rb:201:47:201:65 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:202:37:202:41 | query | semmle.label | query |
| ActiveRecordInjection.rb:207:5:207:10 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:207:5:207:27 | call to require | semmle.label | call to require |
| ActiveRecordInjection.rb:207:5:207:59 | call to permit | semmle.label | call to permit |
| ActiveRecordInjection.rb:211:43:211:104 | "SELECT * FROM users WHERE id ..." | semmle.label | "SELECT * FROM users WHERE id ..." |
| ActiveRecordInjection.rb:211:77:211:92 | call to permitted_params | semmle.label | call to permitted_params |
| ActiveRecordInjection.rb:211:77:211:102 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:212:35:212:96 | "SELECT * FROM users WHERE id ..." | semmle.label | "SELECT * FROM users WHERE id ..." |
| ActiveRecordInjection.rb:212:69:212:84 | call to permitted_params | semmle.label | call to permitted_params |
| ActiveRecordInjection.rb:212:69:212:94 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:217:24:217:27 | role | semmle.label | role |
| ActiveRecordInjection.rb:217:38:217:53 | "role = #{...}" | semmle.label | "role = #{...}" |
| ActiveRecordInjection.rb:223:29:223:34 | call to params | semmle.label | call to params |
| ActiveRecordInjection.rb:223:29:223:41 | ...[...] | semmle.label | ...[...] |
| ArelInjection.rb:4:5:4:8 | name | semmle.label | name |
| ArelInjection.rb:4:12:4:17 | call to params | semmle.label | call to params |
| ArelInjection.rb:4:12:4:29 | ...[...] | semmle.label | ...[...] |
| ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | semmle.label | "SELECT * FROM users WHERE nam..." |
| ArelInjection.rb:7:39:7:80 | "SELECT * FROM users WHERE nam..." | semmle.label | "SELECT * FROM users WHERE nam..." |
| PgInjection.rb:6:5:6:8 | name | semmle.label | name |
| PgInjection.rb:6:12:6:17 | call to params | semmle.label | call to params |
| PgInjection.rb:6:12:6:24 | ...[...] | semmle.label | ...[...] |
| PgInjection.rb:13:5:13:8 | qry1 : String | semmle.label | qry1 : String |
| PgInjection.rb:14:15:14:18 | qry1 | semmle.label | qry1 |
| PgInjection.rb:15:21:15:24 | qry1 | semmle.label | qry1 |
| PgInjection.rb:19:5:19:8 | qry2 : String | semmle.label | qry2 : String |
| PgInjection.rb:20:22:20:25 | qry2 | semmle.label | qry2 |
| PgInjection.rb:21:28:21:31 | qry2 | semmle.label | qry2 |
| PgInjection.rb:31:5:31:8 | qry3 : String | semmle.label | qry3 : String |
| PgInjection.rb:32:29:32:32 | qry3 | semmle.label | qry3 |
| PgInjection.rb:43:5:43:8 | qry3 : String | semmle.label | qry3 : String |
| PgInjection.rb:44:29:44:32 | qry3 | semmle.label | qry3 |
subpaths