mirror of
https://github.com/github/codeql.git
synced 2026-04-24 00:05:14 +02:00
This query finds cases where user input flows to an argument to `eval` or `send`, which can execute arbitrary Ruby code.
24 lines
242 B
Ruby
24 lines
242 B
Ruby
# Uses of eval and send
|
|
|
|
eval("raise \"error\"")
|
|
send("raise", "error")
|
|
|
|
a = []
|
|
a.send("raise", "error")
|
|
|
|
class Foo
|
|
def eval(x)
|
|
x + 1
|
|
end
|
|
|
|
def send(*args)
|
|
2
|
|
end
|
|
|
|
def run
|
|
eval("exit 1")
|
|
end
|
|
end
|
|
|
|
Foo.new.send("exit", 1)
|