From e0f2547720ea404210805362b387b4750c64a381 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Wed, 10 Apr 2024 22:29:36 +0200 Subject: [PATCH] ruby: add manual provenance --- .../codeql/ruby/frameworks/terrapin/model.yml | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/frameworks/terrapin/model.yml b/ruby/ql/lib/codeql/ruby/frameworks/terrapin/model.yml index c111ca5efbc5..8ca4354f0d57 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/terrapin/model.yml +++ b/ruby/ql/lib/codeql/ruby/frameworks/terrapin/model.yml @@ -8,16 +8,16 @@ extensions: pack: codeql/ruby-all extensible: sinkModel data: - - ["Terrapin::CommandLine!","Method[new].Argument[0]","command-injection"] - - ["Terrapin::CommandLine!","Method[new].Argument[1]","command-injection"] + - ["Terrapin::CommandLine!","Method[new].Argument[0]","command-injection","manual"] + - ["Terrapin::CommandLine!","Method[new].Argument[1]","command-injection","manual"] - addsTo: pack: codeql/ruby-all extensible: summaryModel data: - - ["Terrapin::CommandLine::Output!","Method[new]","Argument[1]","ReturnValue","value"] - - ["Terrapin::CommandLine!","Method[path=]","Argument[0]","ReturnValue","taint"] - - ["Terrapin::CommandLine!","Method[new]","Argument[2]","ReturnValue","taint"] + - ["Terrapin::CommandLine::Output!","Method[new]","Argument[1]","ReturnValue","value","manual"] + - ["Terrapin::CommandLine!","Method[path=]","Argument[0]","ReturnValue","taint","manual"] + - ["Terrapin::CommandLine!","Method[new]","Argument[2]","ReturnValue","taint","manual"] - addsTo: pack: codeql/ruby-all @@ -28,14 +28,14 @@ extensions: pack: codeql/ruby-all extensible: typeModel data: - - ["Terrapin::CommandLine::Output","Terrapin::CommandLine::MultiPipe","Method[output].ReturnValue"] - - ["Terrapin::CommandLine::Output","Terrapin::CommandLine::FakeRunner","Method[call].ReturnValue"] - - ["Terrapin::CommandLine::Output","Terrapin::CommandLine::ProcessRunner","Method[call].ReturnValue"] - - ["Terrapin::CommandLine::Output","Terrapin::CommandLine!","Method[runner].ReturnValue.ReturnValue"] - - ["Terrapin::CommandLine::FakeRunner","Terrapin::CommandLine!","Method[runner].ReturnValue"] - - ["Terrapin::CommandLine::Output","Terrapin::CommandLine!","Method[fake!].ReturnValue.ReturnValue"] - - ["Terrapin::CommandLine::FakeRunner","Terrapin::CommandLine!","Method[fake!].ReturnValue"] - - ["Terrapin::CommandLine::Output","Terrapin::CommandLine","Method[output].ReturnValue"] - - ["Terrapin::CommandLineError","Terrapin::CommandNotFoundError",""] - - ["Terrapin::CommandLineError","Terrapin::ExitStatusError",""] - - ["Terrapin::CommandLineError","Terrapin::InterpolationError",""] + - ["Terrapin::CommandLine::Output","Terrapin::CommandLine::MultiPipe","Method[output].ReturnValue","manual"] + - ["Terrapin::CommandLine::Output","Terrapin::CommandLine::FakeRunner","Method[call].ReturnValue","manual"] + - ["Terrapin::CommandLine::Output","Terrapin::CommandLine::ProcessRunner","Method[call].ReturnValue","manual"] + - ["Terrapin::CommandLine::Output","Terrapin::CommandLine!","Method[runner].ReturnValue.ReturnValue","manual"] + - ["Terrapin::CommandLine::FakeRunner","Terrapin::CommandLine!","Method[runner].ReturnValue","manual"] + - ["Terrapin::CommandLine::Output","Terrapin::CommandLine!","Method[fake!].ReturnValue.ReturnValue","manual"] + - ["Terrapin::CommandLine::FakeRunner","Terrapin::CommandLine!","Method[fake!].ReturnValue","manual"] + - ["Terrapin::CommandLine::Output","Terrapin::CommandLine","Method[output].ReturnValue","manual"] + - ["Terrapin::CommandLineError","Terrapin::CommandNotFoundError","","manual"] + - ["Terrapin::CommandLineError","Terrapin::ExitStatusError","","manual"] + - ["Terrapin::CommandLineError","Terrapin::InterpolationError","","manual"]