mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
Ruby: Do not expose AST layer through ruby.qll
This commit is contained in:
Tom Hvitved
2
.github/workflows/ruby-build.yml
vendored
2
.github/workflows/ruby-build.yml
vendored
@@ -197,7 +197,7 @@ jobs:
|
||||
- name: Prepare test files
|
||||
shell: bash
|
||||
run: |
|
||||
echo "import ruby select count(File f)" > "test.ql"
|
||||
echo "import codeql.ruby.AST select count(File f)" > "test.ql"
|
||||
echo "| 4 |" > "test.expected"
|
||||
echo 'name: sample-tests
|
||||
version: 0.0.0
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
* statement
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
|
||||
from IfExpr i
|
||||
where not exists(i.getThen().getAChild())
|
||||
|
||||
@@ -9,4 +9,3 @@
|
||||
* to model frameworks that are not covered by the standard library.
|
||||
*/
|
||||
|
||||
import ruby
|
||||
|
||||
@@ -17,6 +17,7 @@ private import ast.internal.AST
|
||||
private import ast.internal.Scope
|
||||
private import ast.internal.Synthesis
|
||||
private import ast.internal.TreeSitter
|
||||
private import Customizations
|
||||
|
||||
cached
|
||||
private module Cached {
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
* directed and labeled; they specify how the components represented by nodes relate to each other.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.typetracking.TypeTracker
|
||||
private import codeql.ruby.ast.internal.Module
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
/** Provides classes representing the control flow graph. */
|
||||
|
||||
import codeql.Locations
|
||||
import controlflow.ControlFlowGraph
|
||||
import controlflow.CfgNodes as CfgNodes
|
||||
import controlflow.BasicBlocks
|
||||
|
||||
@@ -2,6 +2,9 @@
|
||||
* Provides classes for performing local (intra-procedural) and
|
||||
* global (inter-procedural) data flow analyses.
|
||||
*/
|
||||
|
||||
import codeql.Locations
|
||||
|
||||
module DataFlow {
|
||||
import codeql.ruby.dataflow.internal.DataFlowImpl
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* Contains classes for recognizing array and string inclusion tests.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.controlflow.CfgNodes
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* Provides classes and predicates for reasoning about string-manipulating expressions.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.controlflow.CfgNodes
|
||||
private import InclusionTests
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
private import codeql.Locations
|
||||
private import codeql.ruby.AST
|
||||
private import internal.Erb
|
||||
private import internal.TreeSitter
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
private import codeql.Locations
|
||||
private import codeql.ruby.AST
|
||||
|
||||
// Names of built-in modules and classes
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
private import TreeSitter
|
||||
private import codeql.Locations
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.ast.internal.AST
|
||||
private import codeql.ruby.ast.internal.Parameter
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
/** Provides classes representing basic blocks. */
|
||||
|
||||
private import codeql.Locations
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.ast.internal.AST
|
||||
private import codeql.ruby.ast.internal.TreeSitter
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
/** Provides classes representing the control flow graph. */
|
||||
|
||||
private import codeql.Locations
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.controlflow.BasicBlocks
|
||||
private import SuccessorTypes
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
private import ruby as RB
|
||||
private import codeql.ruby.AST as RB
|
||||
private import ControlFlowGraphImpl as Impl
|
||||
private import Completion as Comp
|
||||
private import codeql.ruby.ast.internal.Synthesis
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
/** Provides commonly used barriers to dataflow. */
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.CFG
|
||||
private import codeql.ruby.controlflow.CfgNodes
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
/** Provides classes and predicates for defining flow summaries. */
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.frameworks.data.ModelsAsData
|
||||
private import codeql.ruby.ApiGraphs
|
||||
|
||||
@@ -6,7 +6,6 @@
|
||||
* Provides classes for working with static single assignment (SSA) form.
|
||||
*/
|
||||
module Ssa {
|
||||
private import codeql.Locations
|
||||
private import codeql.ruby.CFG
|
||||
private import codeql.ruby.ast.Variable
|
||||
private import internal.SsaImpl as SsaImpl
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.CFG
|
||||
private import DataFlowPrivate
|
||||
private import codeql.ruby.typetracking.TypeTracker
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.ast.internal.Synthesis
|
||||
private import codeql.ruby.CFG
|
||||
private import codeql.ruby.dataflow.SSA
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import DataFlowDispatch
|
||||
private import DataFlowPrivate
|
||||
private import codeql.ruby.CFG
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* Provides Ruby specific classes and predicates for defining flow summaries.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import DataFlowDispatch
|
||||
private import DataFlowPrivate
|
||||
private import DataFlowPublic
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import DataFlowPrivate
|
||||
private import TaintTrackingPublic
|
||||
private import codeql.ruby.CFG
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import TaintTrackingPrivate
|
||||
private import codeql.ruby.CFG
|
||||
private import codeql.ruby.DataFlow
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
/** Provides classes for detecting generated code. */
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.ast.internal.TreeSitter
|
||||
|
||||
/** A source file that contains generated code. */
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
* https://rubygems.org/gems/actioncable
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.Concepts
|
||||
private import codeql.ruby.ApiGraphs
|
||||
private import codeql.ruby.frameworks.stdlib.Logger::Logger as StdlibLogger
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
* Version: 6.0.0.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.Concepts
|
||||
private import codeql.ruby.controlflow.CfgNodes
|
||||
private import codeql.ruby.ast.internal.Module
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
* https://rubygems.org/gems/activesupport
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.Concepts
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.dataflow.FlowSummary
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* Provides classes for working with archive libraries.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.Concepts
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.ApiGraphs
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* Provides classes for working with file system libraries.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.Concepts
|
||||
private import codeql.ruby.ApiGraphs
|
||||
private import codeql.ruby.DataFlow
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
* Provides classes for working with Rails.
|
||||
*/
|
||||
|
||||
private import codeql.files.FileSystem
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.Concepts
|
||||
private import codeql.ruby.DataFlow
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
* https://rubygems.org/gems/railties
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.Concepts
|
||||
private import codeql.ruby.ApiGraphs
|
||||
private import codeql.ruby.DataFlow
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* Provides modeling for concepts shared across `File` and `IO`.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.ApiGraphs
|
||||
private import codeql.ruby.frameworks.Files
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
* - the name of a type definition from `ModelInput::TypeModelCsv`
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import internal.ApiGraphModels as Shared
|
||||
private import internal.ApiGraphModelsSpecific as Specific
|
||||
import Shared::ModelInput as ModelInput
|
||||
|
||||
@@ -19,7 +19,7 @@
|
||||
* ```
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.dataflow.internal.DataFlowPrivate as DataFlowPrivate
|
||||
private import ApiGraphModels
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* Provides modeling for the `Excon` library.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.CFG
|
||||
private import codeql.ruby.Concepts
|
||||
private import codeql.ruby.ApiGraphs
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* Provides modeling for the `Faraday` library.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.CFG
|
||||
private import codeql.ruby.Concepts
|
||||
private import codeql.ruby.ApiGraphs
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* Provides modeling for the `HTTPClient` library.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.Concepts
|
||||
private import codeql.ruby.ApiGraphs
|
||||
private import codeql.ruby.DataFlow
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* Provides modeling for the `HTTParty` library.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.CFG
|
||||
private import codeql.ruby.Concepts
|
||||
private import codeql.ruby.ApiGraphs
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* Provides modeling for the `OpenURI` library.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.CFG
|
||||
private import codeql.ruby.Concepts
|
||||
private import codeql.ruby.ApiGraphs
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* Provides modeling for the `RestClient` library.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.CFG
|
||||
private import codeql.ruby.Concepts
|
||||
private import codeql.ruby.ApiGraphs
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* Provides modeling for the `Typhoeus` library.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.CFG
|
||||
private import codeql.ruby.Concepts
|
||||
private import codeql.ruby.ApiGraphs
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
* adding your own.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.Concepts
|
||||
private import internal.CleartextSources
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
* `CleartextLoggingCustomizations` should be imported instead.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.TaintTracking
|
||||
import CleartextLoggingCustomizations::CleartextLogging
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
* adding your own.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.Concepts
|
||||
private import internal.CleartextSources
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
* imported instead.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.TaintTracking
|
||||
private import CleartextStorageCustomizations::CleartextStorage as CleartextStorage
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.Concepts
|
||||
private import codeql.ruby.Frameworks
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
* `CommandInjectionCustomizations` should be imported instead.
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.TaintTracking
|
||||
import CommandInjectionCustomizations::CommandInjection
|
||||
import codeql.ruby.DataFlow
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* Provides imports and classes needed for `HttpToFileAccessQuery` and `HttpToFileAccessCustomizations`.
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.DataFlow
|
||||
import codeql.ruby.dataflow.RemoteFlowSources
|
||||
import codeql.ruby.Concepts
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* Provides predicates for reasoning about improper memoization methods.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.dataflow.internal.DataFlowDispatch
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* Provides predicates for reasoning about insecure dependency configurations.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
|
||||
/**
|
||||
* A method call in a Gemfile.
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
* extension points for adding your own.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.Concepts
|
||||
private import codeql.ruby.typetracking.TypeTracker
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
* `InsecureDownloadCustomizations` should be imported instead.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.DataFlow
|
||||
import InsecureDownloadCustomizations::InsecureDownload
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* Provides a taint-tracking configuration for reasoning about untrusted user input used in log entries.
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.Concepts
|
||||
import codeql.ruby.DataFlow
|
||||
import codeql.ruby.TaintTracking
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
* adding your own.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.ApiGraphs
|
||||
private import codeql.ruby.CFG
|
||||
private import codeql.ruby.Concepts
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
* `XSS::ReflectedXSS` should be imported instead.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
import codeql.ruby.DataFlow
|
||||
import codeql.ruby.TaintTracking
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
* server side request forgery, as well as extension points for adding your own.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.ApiGraphs
|
||||
private import codeql.ruby.CFG
|
||||
private import codeql.ruby.DataFlow
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
* `XSS::StoredXSS` should be imported instead.
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.DataFlow
|
||||
import codeql.ruby.TaintTracking
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* Provides Ruby-specific imports and classes needed for `TaintedFormatStringQuery` and `TaintedFormatStringCustomizations`.
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.DataFlow
|
||||
import codeql.ruby.dataflow.RemoteFlowSources
|
||||
import codeql.ruby.ApiGraphs
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
* deserialization, as well as extension points for adding your own.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.ApiGraphs
|
||||
private import codeql.ruby.CFG
|
||||
private import codeql.ruby.DataFlow
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
* `UnsafeDeserializationCustomizations` should be imported instead.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.TaintTracking
|
||||
import UnsafeDeserializationCustomizations
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
* own.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.Concepts
|
||||
private import codeql.ruby.dataflow.RemoteFlowSources
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
* otherwise `UrlRedirectCustomizations` should be imported instead.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
import codeql.ruby.DataFlow
|
||||
import codeql.ruby.TaintTracking
|
||||
import UrlRedirectCustomizations
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* Provides classes and predicates used by the XSS queries.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.DataFlow2
|
||||
private import codeql.ruby.CFG
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
* your own sources and sanitizers.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.TaintTracking::TaintTracking
|
||||
private import codeql.ruby.dataflow.RemoteFlowSources
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
* injection vulnerabilities, as well as extension points for adding your own.
|
||||
*/
|
||||
|
||||
private import ruby
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.Concepts
|
||||
private import codeql.ruby.Frameworks
|
||||
|
||||
@@ -1,6 +1,9 @@
|
||||
/**
|
||||
* Provides classes for working with Ruby programs.
|
||||
* Kept for backwards compatibility with e.g. quick-queries.
|
||||
*
|
||||
* Instead, import the relevant abstraction layer:
|
||||
* - `codeql.ruby.DataFlow` for data-flow queries.
|
||||
* - `codeql.ruby.CFG` for control-flow queries.
|
||||
* - `codeql.ruby.AST` for syntactic queries.
|
||||
*/
|
||||
|
||||
private import Customizations
|
||||
import codeql.ruby.AST
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
* @id rb/alert-suppression
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.ast.internal.TreeSitter
|
||||
|
||||
/**
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
* external/cwe/cwe-290
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.DataFlow
|
||||
import codeql.ruby.dataflow.internal.DataFlowPublic
|
||||
import codeql.ruby.security.ConditionalBypassQuery
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
* @tags security external/cwe/cwe-409
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.ApiGraphs
|
||||
import codeql.ruby.DataFlow
|
||||
import codeql.ruby.dataflow.RemoteFlowSources
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
* @id rb/improper-memoization
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.security.ImproperMemoizationQuery
|
||||
|
||||
from Method m, Parameter p, AssignLogicalOrExpr s
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
* @tags security
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.DataFlow
|
||||
import codeql.ruby.controlflow.CfgNodes
|
||||
import codeql.ruby.frameworks.ActionController
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
// This is an implementation of the Rubocop rule
|
||||
// https://github.com/rubocop/rubocop-performance/blob/master/lib/rubocop/cop/performance/detect.rb
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.dataflow.SSA
|
||||
|
||||
/** A call that extracts the first or last element of a list. */
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
* @tags security
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.Concepts
|
||||
import codeql.ruby.DataFlow
|
||||
import codeql.ruby.TaintTracking
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
* @id rb/file-classifier
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.filters.GeneratedCode
|
||||
|
||||
predicate classify(File f, string category) {
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
* - should `Foo.new` point to `Foo#initialize`?
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.ast.internal.Module
|
||||
import codeql.ruby.dataflow.SSA
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
* @id rb/diagnostics/extraction-errors
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.Diagnostics
|
||||
|
||||
/** Gets the SARIF severity to associate an error. */
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
* @id rb/diagnostics/successfully-extracted-files
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.Diagnostics
|
||||
|
||||
from File f
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
* @id rb/lines-per-file
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
|
||||
from RubyFile f, int n
|
||||
where n = f.getNumberOfLines()
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
* @id rb/lines-of-code-in-files
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
|
||||
from RubyFile f, int n
|
||||
where n = f.getNumberOfLinesOfCode()
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
* @id rb/lines-of-comments-in-files
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
|
||||
from RubyFile f, int n
|
||||
where n = f.getNumberOfLinesOfComments()
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
* external/cwe/cwe-099
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.security.PathInjectionQuery
|
||||
import codeql.ruby.DataFlow
|
||||
import DataFlow::PathGraph
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
* external/cwe/cwe-088
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.security.CommandInjectionQuery
|
||||
import DataFlow::PathGraph
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
* external/cwe/cwe-073
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.ApiGraphs
|
||||
import codeql.ruby.frameworks.core.Kernel::Kernel
|
||||
import codeql.ruby.TaintTracking
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
* external/cwe/cwe-116
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.security.ReflectedXSSQuery
|
||||
import DataFlow::PathGraph
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
* external/cwe/cwe-116
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.security.StoredXSSQuery
|
||||
import DataFlow::PathGraph
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
* external/cwe/cwe-089
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.Concepts
|
||||
import codeql.ruby.DataFlow
|
||||
import codeql.ruby.dataflow.BarrierGuards
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
* external/cwe/cwe-116
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.security.CodeInjectionQuery
|
||||
import DataFlow::PathGraph
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
* external/cwe/cwe-116
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.DataFlow
|
||||
import codeql.ruby.controlflow.CfgNodes
|
||||
import codeql.ruby.frameworks.core.String
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
* external/cwe/cwe-117
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import DataFlow::PathGraph
|
||||
import codeql.ruby.security.LogInjectionQuery
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
* external/cwe/cwe-400
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import DataFlow::PathGraph
|
||||
import codeql.ruby.DataFlow
|
||||
import codeql.ruby.security.regexp.RegExpInjectionQuery
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
* external/cwe/cwe-134
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.DataFlow
|
||||
import codeql.ruby.security.TaintedFormatStringQuery
|
||||
import DataFlow::PathGraph
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
* external/cwe/cwe-295
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.Concepts
|
||||
import codeql.ruby.DataFlow
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
* external/cwe/cwe-829
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.security.InsecureDependencyQuery
|
||||
|
||||
from Expr url, string msg
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
* external/cwe/cwe-532
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.security.CleartextLoggingQuery
|
||||
import codeql.ruby.DataFlow
|
||||
import DataFlow::PathGraph
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
* external/cwe/cwe-532
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.security.CleartextStorageQuery
|
||||
import codeql.ruby.security.CleartextStorageCustomizations::CleartextStorage
|
||||
import codeql.ruby.DataFlow
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
* external/cwe/cwe-327
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.Concepts
|
||||
|
||||
from Cryptography::CryptographicOperation operation, string msgPrefix
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
* external/cwe/cwe-352
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.Concepts
|
||||
|
||||
from CsrfProtectionSetting s
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
* external/cwe/cwe-502
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import DataFlow::PathGraph
|
||||
import codeql.ruby.DataFlow
|
||||
import codeql.ruby.security.UnsafeDeserializationQuery
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
* @precision high
|
||||
*/
|
||||
|
||||
import ruby
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.security.UrlRedirectQuery
|
||||
import codeql.ruby.DataFlow::DataFlow::PathGraph
|
||||
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user