hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-16 23:13:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ff4c11f503755f0cbaddedd13df875eb5596ee7a
codeql/ruby/ql/test/query-tests/security/cwe-116/IncompleteMultiCharacterSanitization/IncompleteMultiCharacterSanitization.ql

40 lines
1.0 KiB
Plaintext
Raw Blame History

/**
* @kind problem
*/
import codeql.ruby.AST
import codeql.ruby.regexp.RegExpTreeView as RETV
import codeql.ruby.DataFlow
import codeql.ruby.security.IncompleteMultiCharacterSanitizationQuery as Query
import utils.test.InlineExpectationsTest
module Test implements TestSig {
string getARelevantTag() { result = "hasResult" }
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "hasResult" and
hasResult(location, element, value)
}
}
import MakeTest<Test>
predicate hasResult(Location location, string element, string value) {
exists(DataFlow::Node replace, string kind |
replace.getLocation() = location and
element = replace.toString() and
value = shortKind(kind)
|
Query::isResult(replace, _, _, kind)
)
}
bindingset[kind]
string shortKind(string kind) {
kind = "an HTML element injection vulnerability" and result = "html"
or
kind = "a path injection vulnerability" and result = "path"
or
kind = "an HTML attribute injection vulnerability" and result = "attr"
}
Reference in New Issue View Git Blame Copy Permalink