Skip to content

Commit a3f096a

Browse files
alexrfordalexrford
committed
Ruby: rb/unsafe-deserialization test realignment
1 parent d0bdbe6 commit a3f096a

File tree

2 files changed

+57
-56
lines changed

2 files changed

+57
-56
lines changed

ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.expected

Lines changed: 56 additions & 56 deletions
Original file line numberDiff line numberDiff line change
@@ -1,61 +1,61 @@
11
edges
2-
| UnsafeDeserialization.rb:9:39:9:44 | call to params : | UnsafeDeserialization.rb:9:39:9:50 | ...[...] : |
3-
| UnsafeDeserialization.rb:9:39:9:50 | ...[...] : | UnsafeDeserialization.rb:10:27:10:41 | serialized_data |
4-
| UnsafeDeserialization.rb:15:39:15:44 | call to params : | UnsafeDeserialization.rb:15:39:15:50 | ...[...] : |
5-
| UnsafeDeserialization.rb:15:39:15:50 | ...[...] : | UnsafeDeserialization.rb:16:30:16:44 | serialized_data |
6-
| UnsafeDeserialization.rb:21:17:21:22 | call to params : | UnsafeDeserialization.rb:21:17:21:28 | ...[...] : |
7-
| UnsafeDeserialization.rb:21:17:21:28 | ...[...] : | UnsafeDeserialization.rb:22:24:22:32 | json_data |
8-
| UnsafeDeserialization.rb:27:17:27:22 | call to params : | UnsafeDeserialization.rb:27:17:27:28 | ...[...] : |
9-
| UnsafeDeserialization.rb:27:17:27:28 | ...[...] : | UnsafeDeserialization.rb:28:27:28:35 | json_data |
10-
| UnsafeDeserialization.rb:39:17:39:22 | call to params : | UnsafeDeserialization.rb:39:17:39:28 | ...[...] : |
11-
| UnsafeDeserialization.rb:39:17:39:28 | ...[...] : | UnsafeDeserialization.rb:40:24:40:32 | yaml_data |
12-
| UnsafeDeserialization.rb:51:17:51:22 | call to params : | UnsafeDeserialization.rb:51:17:51:28 | ...[...] : |
13-
| UnsafeDeserialization.rb:51:17:51:28 | ...[...] : | UnsafeDeserialization.rb:52:22:52:30 | json_data |
14-
| UnsafeDeserialization.rb:51:17:51:28 | ...[...] : | UnsafeDeserialization.rb:53:22:53:30 | json_data |
15-
| UnsafeDeserialization.rb:58:17:58:22 | call to params : | UnsafeDeserialization.rb:58:17:58:28 | ...[...] : |
16-
| UnsafeDeserialization.rb:58:17:58:28 | ...[...] : | UnsafeDeserialization.rb:68:23:68:31 | json_data |
17-
| UnsafeDeserialization.rb:80:11:80:16 | call to params : | UnsafeDeserialization.rb:80:11:80:22 | ...[...] : |
18-
| UnsafeDeserialization.rb:80:11:80:22 | ...[...] : | UnsafeDeserialization.rb:81:34:81:36 | xml |
19-
| UnsafeDeserialization.rb:86:17:86:22 | call to params : | UnsafeDeserialization.rb:86:17:86:28 | ...[...] : |
20-
| UnsafeDeserialization.rb:86:17:86:28 | ...[...] : | UnsafeDeserialization.rb:87:25:87:33 | yaml_data |
2+
| UnsafeDeserialization.rb:10:39:10:44 | call to params : | UnsafeDeserialization.rb:10:39:10:50 | ...[...] : |
3+
| UnsafeDeserialization.rb:10:39:10:50 | ...[...] : | UnsafeDeserialization.rb:11:27:11:41 | serialized_data |
4+
| UnsafeDeserialization.rb:16:39:16:44 | call to params : | UnsafeDeserialization.rb:16:39:16:50 | ...[...] : |
5+
| UnsafeDeserialization.rb:16:39:16:50 | ...[...] : | UnsafeDeserialization.rb:17:30:17:44 | serialized_data |
6+
| UnsafeDeserialization.rb:22:17:22:22 | call to params : | UnsafeDeserialization.rb:22:17:22:28 | ...[...] : |
7+
| UnsafeDeserialization.rb:22:17:22:28 | ...[...] : | UnsafeDeserialization.rb:23:24:23:32 | json_data |
8+
| UnsafeDeserialization.rb:28:17:28:22 | call to params : | UnsafeDeserialization.rb:28:17:28:28 | ...[...] : |
9+
| UnsafeDeserialization.rb:28:17:28:28 | ...[...] : | UnsafeDeserialization.rb:29:27:29:35 | json_data |
10+
| UnsafeDeserialization.rb:40:17:40:22 | call to params : | UnsafeDeserialization.rb:40:17:40:28 | ...[...] : |
11+
| UnsafeDeserialization.rb:40:17:40:28 | ...[...] : | UnsafeDeserialization.rb:41:24:41:32 | yaml_data |
12+
| UnsafeDeserialization.rb:52:17:52:22 | call to params : | UnsafeDeserialization.rb:52:17:52:28 | ...[...] : |
13+
| UnsafeDeserialization.rb:52:17:52:28 | ...[...] : | UnsafeDeserialization.rb:53:22:53:30 | json_data |
14+
| UnsafeDeserialization.rb:52:17:52:28 | ...[...] : | UnsafeDeserialization.rb:54:22:54:30 | json_data |
15+
| UnsafeDeserialization.rb:59:17:59:22 | call to params : | UnsafeDeserialization.rb:59:17:59:28 | ...[...] : |
16+
| UnsafeDeserialization.rb:59:17:59:28 | ...[...] : | UnsafeDeserialization.rb:69:23:69:31 | json_data |
17+
| UnsafeDeserialization.rb:81:11:81:16 | call to params : | UnsafeDeserialization.rb:81:11:81:22 | ...[...] : |
18+
| UnsafeDeserialization.rb:81:11:81:22 | ...[...] : | UnsafeDeserialization.rb:82:34:82:36 | xml |
19+
| UnsafeDeserialization.rb:87:17:87:22 | call to params : | UnsafeDeserialization.rb:87:17:87:28 | ...[...] : |
20+
| UnsafeDeserialization.rb:87:17:87:28 | ...[...] : | UnsafeDeserialization.rb:88:25:88:33 | yaml_data |
2121
nodes
22-
| UnsafeDeserialization.rb:9:39:9:44 | call to params : | semmle.label | call to params : |
23-
| UnsafeDeserialization.rb:9:39:9:50 | ...[...] : | semmle.label | ...[...] : |
24-
| UnsafeDeserialization.rb:10:27:10:41 | serialized_data | semmle.label | serialized_data |
25-
| UnsafeDeserialization.rb:15:39:15:44 | call to params : | semmle.label | call to params : |
26-
| UnsafeDeserialization.rb:15:39:15:50 | ...[...] : | semmle.label | ...[...] : |
27-
| UnsafeDeserialization.rb:16:30:16:44 | serialized_data | semmle.label | serialized_data |
28-
| UnsafeDeserialization.rb:21:17:21:22 | call to params : | semmle.label | call to params : |
29-
| UnsafeDeserialization.rb:21:17:21:28 | ...[...] : | semmle.label | ...[...] : |
30-
| UnsafeDeserialization.rb:22:24:22:32 | json_data | semmle.label | json_data |
31-
| UnsafeDeserialization.rb:27:17:27:22 | call to params : | semmle.label | call to params : |
32-
| UnsafeDeserialization.rb:27:17:27:28 | ...[...] : | semmle.label | ...[...] : |
33-
| UnsafeDeserialization.rb:28:27:28:35 | json_data | semmle.label | json_data |
34-
| UnsafeDeserialization.rb:39:17:39:22 | call to params : | semmle.label | call to params : |
35-
| UnsafeDeserialization.rb:39:17:39:28 | ...[...] : | semmle.label | ...[...] : |
36-
| UnsafeDeserialization.rb:40:24:40:32 | yaml_data | semmle.label | yaml_data |
37-
| UnsafeDeserialization.rb:51:17:51:22 | call to params : | semmle.label | call to params : |
38-
| UnsafeDeserialization.rb:51:17:51:28 | ...[...] : | semmle.label | ...[...] : |
39-
| UnsafeDeserialization.rb:52:22:52:30 | json_data | semmle.label | json_data |
22+
| UnsafeDeserialization.rb:10:39:10:44 | call to params : | semmle.label | call to params : |
23+
| UnsafeDeserialization.rb:10:39:10:50 | ...[...] : | semmle.label | ...[...] : |
24+
| UnsafeDeserialization.rb:11:27:11:41 | serialized_data | semmle.label | serialized_data |
25+
| UnsafeDeserialization.rb:16:39:16:44 | call to params : | semmle.label | call to params : |
26+
| UnsafeDeserialization.rb:16:39:16:50 | ...[...] : | semmle.label | ...[...] : |
27+
| UnsafeDeserialization.rb:17:30:17:44 | serialized_data | semmle.label | serialized_data |
28+
| UnsafeDeserialization.rb:22:17:22:22 | call to params : | semmle.label | call to params : |
29+
| UnsafeDeserialization.rb:22:17:22:28 | ...[...] : | semmle.label | ...[...] : |
30+
| UnsafeDeserialization.rb:23:24:23:32 | json_data | semmle.label | json_data |
31+
| UnsafeDeserialization.rb:28:17:28:22 | call to params : | semmle.label | call to params : |
32+
| UnsafeDeserialization.rb:28:17:28:28 | ...[...] : | semmle.label | ...[...] : |
33+
| UnsafeDeserialization.rb:29:27:29:35 | json_data | semmle.label | json_data |
34+
| UnsafeDeserialization.rb:40:17:40:22 | call to params : | semmle.label | call to params : |
35+
| UnsafeDeserialization.rb:40:17:40:28 | ...[...] : | semmle.label | ...[...] : |
36+
| UnsafeDeserialization.rb:41:24:41:32 | yaml_data | semmle.label | yaml_data |
37+
| UnsafeDeserialization.rb:52:17:52:22 | call to params : | semmle.label | call to params : |
38+
| UnsafeDeserialization.rb:52:17:52:28 | ...[...] : | semmle.label | ...[...] : |
4039
| UnsafeDeserialization.rb:53:22:53:30 | json_data | semmle.label | json_data |
41-
| UnsafeDeserialization.rb:58:17:58:22 | call to params : | semmle.label | call to params : |
42-
| UnsafeDeserialization.rb:58:17:58:28 | ...[...] : | semmle.label | ...[...] : |
43-
| UnsafeDeserialization.rb:68:23:68:31 | json_data | semmle.label | json_data |
44-
| UnsafeDeserialization.rb:80:11:80:16 | call to params : | semmle.label | call to params : |
45-
| UnsafeDeserialization.rb:80:11:80:22 | ...[...] : | semmle.label | ...[...] : |
46-
| UnsafeDeserialization.rb:81:34:81:36 | xml | semmle.label | xml |
47-
| UnsafeDeserialization.rb:86:17:86:22 | call to params : | semmle.label | call to params : |
48-
| UnsafeDeserialization.rb:86:17:86:28 | ...[...] : | semmle.label | ...[...] : |
49-
| UnsafeDeserialization.rb:87:25:87:33 | yaml_data | semmle.label | yaml_data |
40+
| UnsafeDeserialization.rb:54:22:54:30 | json_data | semmle.label | json_data |
41+
| UnsafeDeserialization.rb:59:17:59:22 | call to params : | semmle.label | call to params : |
42+
| UnsafeDeserialization.rb:59:17:59:28 | ...[...] : | semmle.label | ...[...] : |
43+
| UnsafeDeserialization.rb:69:23:69:31 | json_data | semmle.label | json_data |
44+
| UnsafeDeserialization.rb:81:11:81:16 | call to params : | semmle.label | call to params : |
45+
| UnsafeDeserialization.rb:81:11:81:22 | ...[...] : | semmle.label | ...[...] : |
46+
| UnsafeDeserialization.rb:82:34:82:36 | xml | semmle.label | xml |
47+
| UnsafeDeserialization.rb:87:17:87:22 | call to params : | semmle.label | call to params : |
48+
| UnsafeDeserialization.rb:87:17:87:28 | ...[...] : | semmle.label | ...[...] : |
49+
| UnsafeDeserialization.rb:88:25:88:33 | yaml_data | semmle.label | yaml_data |
5050
subpaths
5151
#select
52-
| UnsafeDeserialization.rb:10:27:10:41 | serialized_data | UnsafeDeserialization.rb:9:39:9:44 | call to params : | UnsafeDeserialization.rb:10:27:10:41 | serialized_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:9:39:9:44 | call to params | user-provided value |
53-
| UnsafeDeserialization.rb:16:30:16:44 | serialized_data | UnsafeDeserialization.rb:15:39:15:44 | call to params : | UnsafeDeserialization.rb:16:30:16:44 | serialized_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:15:39:15:44 | call to params | user-provided value |
54-
| UnsafeDeserialization.rb:22:24:22:32 | json_data | UnsafeDeserialization.rb:21:17:21:22 | call to params : | UnsafeDeserialization.rb:22:24:22:32 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:21:17:21:22 | call to params | user-provided value |
55-
| UnsafeDeserialization.rb:28:27:28:35 | json_data | UnsafeDeserialization.rb:27:17:27:22 | call to params : | UnsafeDeserialization.rb:28:27:28:35 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:27:17:27:22 | call to params | user-provided value |
56-
| UnsafeDeserialization.rb:40:24:40:32 | yaml_data | UnsafeDeserialization.rb:39:17:39:22 | call to params : | UnsafeDeserialization.rb:40:24:40:32 | yaml_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:39:17:39:22 | call to params | user-provided value |
57-
| UnsafeDeserialization.rb:52:22:52:30 | json_data | UnsafeDeserialization.rb:51:17:51:22 | call to params : | UnsafeDeserialization.rb:52:22:52:30 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:51:17:51:22 | call to params | user-provided value |
58-
| UnsafeDeserialization.rb:53:22:53:30 | json_data | UnsafeDeserialization.rb:51:17:51:22 | call to params : | UnsafeDeserialization.rb:53:22:53:30 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:51:17:51:22 | call to params | user-provided value |
59-
| UnsafeDeserialization.rb:68:23:68:31 | json_data | UnsafeDeserialization.rb:58:17:58:22 | call to params : | UnsafeDeserialization.rb:68:23:68:31 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:58:17:58:22 | call to params | user-provided value |
60-
| UnsafeDeserialization.rb:81:34:81:36 | xml | UnsafeDeserialization.rb:80:11:80:16 | call to params : | UnsafeDeserialization.rb:81:34:81:36 | xml | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:80:11:80:16 | call to params | user-provided value |
61-
| UnsafeDeserialization.rb:87:25:87:33 | yaml_data | UnsafeDeserialization.rb:86:17:86:22 | call to params : | UnsafeDeserialization.rb:87:25:87:33 | yaml_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:86:17:86:22 | call to params | user-provided value |
52+
| UnsafeDeserialization.rb:11:27:11:41 | serialized_data | UnsafeDeserialization.rb:10:39:10:44 | call to params : | UnsafeDeserialization.rb:11:27:11:41 | serialized_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:10:39:10:44 | call to params | user-provided value |
53+
| UnsafeDeserialization.rb:17:30:17:44 | serialized_data | UnsafeDeserialization.rb:16:39:16:44 | call to params : | UnsafeDeserialization.rb:17:30:17:44 | serialized_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:16:39:16:44 | call to params | user-provided value |
54+
| UnsafeDeserialization.rb:23:24:23:32 | json_data | UnsafeDeserialization.rb:22:17:22:22 | call to params : | UnsafeDeserialization.rb:23:24:23:32 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:22:17:22:22 | call to params | user-provided value |
55+
| UnsafeDeserialization.rb:29:27:29:35 | json_data | UnsafeDeserialization.rb:28:17:28:22 | call to params : | UnsafeDeserialization.rb:29:27:29:35 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:28:17:28:22 | call to params | user-provided value |
56+
| UnsafeDeserialization.rb:41:24:41:32 | yaml_data | UnsafeDeserialization.rb:40:17:40:22 | call to params : | UnsafeDeserialization.rb:41:24:41:32 | yaml_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:40:17:40:22 | call to params | user-provided value |
57+
| UnsafeDeserialization.rb:53:22:53:30 | json_data | UnsafeDeserialization.rb:52:17:52:22 | call to params : | UnsafeDeserialization.rb:53:22:53:30 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:52:17:52:22 | call to params | user-provided value |
58+
| UnsafeDeserialization.rb:54:22:54:30 | json_data | UnsafeDeserialization.rb:52:17:52:22 | call to params : | UnsafeDeserialization.rb:54:22:54:30 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:52:17:52:22 | call to params | user-provided value |
59+
| UnsafeDeserialization.rb:69:23:69:31 | json_data | UnsafeDeserialization.rb:59:17:59:22 | call to params : | UnsafeDeserialization.rb:69:23:69:31 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:59:17:59:22 | call to params | user-provided value |
60+
| UnsafeDeserialization.rb:82:34:82:36 | xml | UnsafeDeserialization.rb:81:11:81:16 | call to params : | UnsafeDeserialization.rb:82:34:82:36 | xml | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:81:11:81:16 | call to params | user-provided value |
61+
| UnsafeDeserialization.rb:88:25:88:33 | yaml_data | UnsafeDeserialization.rb:87:17:87:22 | call to params : | UnsafeDeserialization.rb:88:25:88:33 | yaml_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:87:17:87:22 | call to params | user-provided value |

ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
require "active_job"
12
require "base64"
23
require "json"
34
require "oj"

0 commit comments

Comments
 (0)