hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-12 10:34:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
e419fc9599e951f88a5fde9ec95096ed5ca0a178
codeql/ql/test/query-tests/security/cwe-094/CodeInjection.rb
Harry Maclean e419fc9599 Make Code execution query more specific 
Only the first argument to eval, instance_eval, send, class_send and
module_send is interpreted as Ruby code.
2021-10-05 10:28:34 +01:00

53 lines
637 B
Ruby
Raw Blame History

class UsersController < ActionController::Base
def create
code = params[:code]
# BAD
eval(code)
# BAD
eval(params)
# GOOD - user input is in second argument, which is not evaluated as Ruby code
send(:sanitize, params[:code])
# GOOD
Foo.new.bar(code)
# BAD
Foo.class_eval(code)
# BAD
Foo.module_eval(code)
# GOOD
Bar.class_eval(code)
end
def update
# GOOD
eval("foo")
end
private
def sanitize(code)
true
end
end
class Foo
def eval(x)
true
end
def bar(x)
eval(x)
end
end
class Bar
def self.class_eval(x)
true
end
end
Reference in New Issue View Git Blame Copy Permalink