File tree Expand file tree Collapse file tree 2 files changed +5
-4
lines changed
lib/codeql/ruby/frameworks
test/query-tests/security/cwe-611 Expand file tree Collapse file tree 2 files changed +5
-4
lines changed Original file line number Diff line number Diff line change @@ -93,9 +93,10 @@ private class FeatureDTDLOAD extends Feature, TDTDLOAD {
9393private API:: Node parseOptionsModule ( ) {
9494 result = API:: getTopLevelMember ( "Nokogiri" ) .getMember ( "XML" ) .getMember ( "ParseOptions" )
9595 or
96- result = API:: getTopLevelMember ( "LibXML" ) .getMember ( "XML" ) .getMember ( "Options" )
96+ result =
97+ API:: getTopLevelMember ( "LibXML" ) .getMember ( "XML" ) .getMember ( "Parser" ) .getMember ( "Options" )
9798 or
98- result = API:: getTopLevelMember ( "XML" ) .getMember ( "Options" )
99+ result = API:: getTopLevelMember ( "XML" ) .getMember ( "Parser" ) . getMember ( " Options")
99100}
100101
101102private predicate bitWiseAndOr ( CfgNodes:: ExprNodes:: OperationCfgNode operation ) {
Original file line number Diff line number Diff line change @@ -2,8 +2,8 @@ class LibXmlRubyXXE < ApplicationController
22
33 content = params [ :xml ]
44 LibXML ::XML ::Document . string ( content , { options : 2 | 2048 , encoding : 'utf-8' } )
5- LibXML ::XML ::Document . file ( content , { options : LibXML ::XML ::Options ::NOENT | 2048 } )
6- LibXML ::XML ::Document . io ( content , { options : XML ::Options ::NOENT | 2048 } )
5+ LibXML ::XML ::Document . file ( content , { options : LibXML ::XML ::Parser :: Options ::NOENT | 2048 } )
6+ LibXML ::XML ::Document . io ( content , { options : XML ::Parser :: Options ::NOENT | 2048 } )
77 LibXML ::XML ::Parser . string ( content , { options : 2 | 2048 } )
88 LibXML ::XML ::Parser . file ( content , { options : 3 | 2048 } )
99 LibXML ::XML ::Parser . io ( content , { options : 2 | 2048 } )
You can’t perform that action at this time.
0 commit comments