hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 15:16:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
adf7d5409dfffd39db78deee210c93bc8a32dc89
codeql/ruby/ql/test/query-tests/security/cwe-300/Gemfile
Harry Maclean 3d96c5e6db Ruby: Add test case for rb/insecure-dependency 
This tests that we recognise kwargs in hashrocket style:

    gem "foo", "1.2.3", :git => "..."

as well as the modern style:

    gem "foo", "1.2.3", git: "..."
2022-04-01 15:30:07 +13:00

56 lines
2.1 KiB
Ruby
Raw Blame History

source "https://rubygems.org" # GOOD
source "http://rubygems.org" # $result=BAD
source "ftp://rubygems.org" # $result=BAD
source "ftps://rubygems.org" # GOOD
source "unknown://rubygems.org" # GOOD
git_source(:a) { "https://github.com" } # GOOD
git_source(:b) { "http://github.com" } # $result=BAD
git_source(:c) { "ftp://github.com" } # $result=BAD
git_source(:d) { "ftps://github.com" } # GOOD
git_source(:e) { "unknown://github.com" } # GOOD
git_source(:f) { |name| "https://github.com/#{name}" } # GOOD
git_source(:g) { |name| "http://github.com/#{name}" } # $result=BAD
git_source(:h) { |name| "ftp://github.com/#{name}" } # $result=BAD
git_source(:i) { |name| "ftps://github.com/#{name}" } # GOOD
git_source(:j) { |name| "unknown://github.com/#{name}" } # GOOD
git_source(:k) do |name|
foo
"https://github.com/#{name}" } # GOOD
end
git_source(:l) do |name|
foo
"http://github.com/#{name}" } # $result=BAD
end
git_source(:m) do |name|
foo
"ftp://github.com/#{name}" } # $result=BAD
end
git_source(:n) do |name|
foo
"ftps://github.com/#{name}" } # GOOD
end
git_source(:o) do |name|
foo
"unknown://github.com/#{name}" } # GOOD
end
gem "jwt", "1.2.3", git: "https://github.com/jwt/ruby-jwt" # GOOD
gem "jwt", "1.2.3", git: "http://github.com/jwt/ruby-jwt" # $result=BAD
gem "jwt", "1.2.3", git: "ftp://github.com/jwt/ruby-jwt" # $result=BAD
gem "jwt", "1.2.3", git: "ftps://github.com/jwt/ruby-jwt" # GOOD
gem "jwt", "1.2.3", git: "unknown://github.com/jwt/ruby-jwt" # GOOD
gem "jwt", "1.2.3", :git => "https://github.com/jwt/ruby-jwt" # GOOD
gem "jwt", "1.2.3", :git => "http://github.com/jwt/ruby-jwt" # $result=BAD
gem "jwt", "1.2.3", :git => "ftp://github.com/jwt/ruby-jwt" # $result=BAD
gem "jwt", "1.2.3", :git => "ftps://github.com/jwt/ruby-jwt" # GOOD
gem "jwt", "1.2.3", :git => "unknown://github.com/jwt/ruby-jwt" # GOOD
gem "jwt", "1.2.3", source: "https://rubygems.org" # GOOD
gem "jwt", "1.2.3", source: "http://rubygems.org" # $result=BAD
gem "jwt", "1.2.3", source: "ftp://rubygems.org" # $result=BAD
gem "jwt", "1.2.3", source: "ftps://rubygems.org" # GOOD
gem "jwt", "1.2.3", source: "unknown://rubygems.org" # GOOD
Reference in New Issue View Git Blame Copy Permalink