-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathCore.qll
More file actions
89 lines (74 loc) · 2.3 KB
/
Core.qll
File metadata and controls
89 lines (74 loc) · 2.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
/**
* Provides modeling for the Ruby core libraries.
*/
private import codeql.ruby.Concepts
private import codeql.ruby.DataFlow
private import codeql.ruby.dataflow.FlowSummary
import core.BasicObject::BasicObject
import core.Object::Object
import core.Gem::Gem
import core.Kernel::Kernel
import core.Module
import core.Array
import core.Hash
import core.String
import core.IO
import core.Digest
import core.Base64
/**
* A system command executed via subshell literal syntax.
* E.g.
* ```ruby
* `cat foo.txt`
* %x(cat foo.txt)
* %x[cat foo.txt]
* %x{cat foo.txt}
* %x/cat foo.txt/
* ```
*/
class SubshellLiteralExecution extends SystemCommandExecution::Range {
SubshellLiteral literal;
SubshellLiteralExecution() { this.asExpr().getExpr() = literal }
override DataFlow::Node getAnArgument() { result.asExpr().getExpr() = literal.getComponent(_) }
override predicate isShellInterpreted(DataFlow::Node arg) { arg = this.getAnArgument() }
}
/**
* A system command executed via shell heredoc syntax.
* E.g.
* ```ruby
* <<`EOF`
* cat foo.text
* EOF
* ```
*/
class SubshellHeredocExecution extends SystemCommandExecution::Range {
HereDoc heredoc;
SubshellHeredocExecution() { this.asExpr().getExpr() = heredoc and heredoc.isSubShell() }
override DataFlow::Node getAnArgument() { result.asExpr().getExpr() = heredoc.getComponent(_) }
override predicate isShellInterpreted(DataFlow::Node arg) { arg = this.getAnArgument() }
}
private class SplatSummary extends SummarizedCallable::Range {
SplatSummary() { this = "*(splat)" }
override SplatExpr getACallSimple() { any() }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
(
// *1 = [1]
input = "Argument[self].WithoutElement[any]" and
output = "ReturnValue.Element[0]"
or
// *[1] = [1]
input = "Argument[self].WithElement[any]" and
output = "ReturnValue"
) and
preservesValue = true
}
}
private class HashSplatSummary extends SummarizedCallable::Range {
HashSplatSummary() { this = "**(hash-splat)" }
override HashSplatExpr getACallSimple() { any() }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
input = "Argument[self].WithElement[any]" and
output = "ReturnValue" and
preservesValue = true
}
}