hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
7c2b19baad0efd7b368e44acce2cf9254cc11d84
codeql/ruby/ql/test/query-tests/security/decompression-api/DecompressionApi.expected
thiggy1342 7c2b19baad tweaks and add Zip::File.open_buffer to query
2022-06-17 02:43:54 +00:00

13 lines
1.4 KiB
Plaintext
Raw Blame History

edges
| decompression_api.rb:4:31:4:36 | call to params : | decompression_api.rb:4:31:4:43 | ...[...] |
| decompression_api.rb:14:31:14:36 | call to params : | decompression_api.rb:14:31:14:43 | ...[...] |
nodes
| decompression_api.rb:4:31:4:36 | call to params : | semmle.label | call to params : |
| decompression_api.rb:4:31:4:43 | ...[...] | semmle.label | ...[...] |
| decompression_api.rb:14:31:14:36 | call to params : | semmle.label | call to params : |
| decompression_api.rb:14:31:14:43 | ...[...] | semmle.label | ...[...] |
subpaths
#select
| decompression_api.rb:4:31:4:43 | ...[...] | decompression_api.rb:4:31:4:36 | call to params : | decompression_api.rb:4:31:4:43 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | decompression_api.rb:4:9:4:44 | call to inflate | inflate |
| decompression_api.rb:14:31:14:43 | ...[...] | decompression_api.rb:14:31:14:36 | call to params : | decompression_api.rb:14:31:14:43 | ...[...] | This call to $@ is unsafe because user-controlled data is used to set the object being decompressed, which could lead to a denial of service attack or malicious code extracted from an unknown source. | decompression_api.rb:14:9:14:44 | call to open_buffer | open_buffer |
Reference in New Issue View Git Blame Copy Permalink