add CWE-770 experimental query for detection of DoS

[Sim4n6]

Following the @xcorail message , please find this PR that adds an experimental and incomplete query for detecting a specific kind of denial of service.

Regards,
@Sim4n6

[p-]

@Sim4n6 Thanks!

@pwntester Could you have a look at this regarding the file names?

I think the files and should generally not just be named DoS, but maybe LoopDoS (or if anyone has a better name 😁 ) and the query id then githubsecuritylab/loop-dos respectively. Additionally, the example files (if we want to keep them) should best be prefixed with the name of the query. So maybe LoopDoS-good.rb. ?

[p-]

Hey @Sim4n6

I think we're almost there, we can use the query as-is. (just with a different id)

Following things to do yet (maybe you see more that make sense)

• Think of a better name to use (e.g. UserControlledMaxIterations).
• Use it for file names and for the query id.
• Create a test instead of examples. See CWE-328
  • .rb file
  • .qlref file
  • .expected file
  • Check that the test works

That's it!

[p-]

@Sim4n6 I've saw that you made one change in the QHelp file, have you also seen this comment? - just asking in case you didn't 🙈

[Sim4n6]

Sorry I forget about this one, I'm gonna fix that today

[Sim4n6]

@p- keep me posted on this one ;-)

[p-]

Thanks for the changes 👍

Could you please change the query id and remove the samples?

[Sim4n6]

Done 👍🏾

[p-]

Now we have these failed tests:

Executing tests in /home/runner/work/CodeQL-Community-Packs/CodeQL-Community-Packs/ruby/test/security/CWE-770.
--- expected
+++ actual
@@ -1,9 +1,9 @@
 edges
-| UserControlledMaxIterations__bad.rb:3:7:3:11 | limit | UserControlledMaxIterations__bad.rb:11:7:11:11 | limit |
-| UserControlledMaxIterations__bad.rb:3:7:3:11 | limit | UserControlledMaxIterations__bad.rb:16:7:16:11 | limit |
-| UserControlledMaxIterations__bad.rb:3:15:3:20 | call to params | UserControlledMaxIterations__bad.rb:3:15:3:28 | ...[...] |
-| UserControlledMaxIterations__bad.rb:3:15:3:28 | ...[...] | UserControlledMaxIterations__bad.rb:3:15:3:[33](https://github.com/GitHubSecurityLab/CodeQL-Community-Packs/actions/runs/9368391526/job/25790465997#step:7:34) | call to to_i |
-| UserControlledMaxIterations__bad.rb:3:15:3:33 | call to to_i | UserControlledMaxIterations__bad.rb:3:7:3:11 | limit |
+| UserControlledMaxIterations__bad.rb:3:7:3:11 | limit | UserControlledMaxIterations__bad.rb:11:7:11:11 | limit | provenance |  |
+| UserControlledMaxIterations__bad.rb:3:7:3:11 | limit | UserControlledMaxIterations__bad.rb:16:7:16:11 | limit | provenance |  |
+| UserControlledMaxIterations__bad.rb:3:15:3:20 | call to params | UserControlledMaxIterations__bad.rb:3:15:3:28 | ...[...] | provenance |  |
+| UserControlledMaxIterations__bad.rb:3:15:3:28 | ...[...] | UserControlledMaxIterations__bad.rb:3:15:3:33 | call to to_i | provenance |  |
+| UserControlledMaxIterations__bad.rb:3:15:3:33 | call to to_i | UserControlledMaxIterations__bad.rb:3:7:3:11 | limit | provenance |  |
 nodes
 | UserControlledMaxIterations__bad.rb:3:7:3:11 | limit | semmle.label | limit |
 | UserControlledMaxIterations__bad.rb:3:15:3:20 | call to params | semmle.label | call to params |
[1/1 comp 1m17s eval 2.3s] FAILED(RESULT) /home/runner/work/CodeQL-Community-Packs/CodeQL-Community-Packs/ruby/test/security/CWE-770/UserControlledMaxIterations.qlref
Completed in 1m22s (extract 2.3s comp 1m17s eval 2.3s).
0 tests passed; 1 tests failed:
  FAILED: /home/runner/work/CodeQL-Community-Packs/CodeQL-Community-Packs/ruby/test/security/CWE-770/UserControlledMaxIterations.qlref

Is it possible that you ran these with an older CodeQL version? (Probably easiest to replace the old edges lines with the new ones and run again.

[Sim4n6]

A strange behavior, I updated Codeql cli from 1.17.1 to 1.17.4. The fix is manually added in the commit 757cf05

[p-]

Here we go, Thanks!