hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

refine query to use appropriate types

Browse Source
This commit is contained in:
thiggy1342
2022-06-18 18:26:45 +00:00
committed by GitHub
parent 8aa2602d9e
commit 059c4d38ad
2 changed files with 14 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql
View File

@@ -12,15 +12,14 @@
import ruby import ruby
import codeql.ruby.DataFlow import codeql.ruby.DataFlow
class ManuallyCheckHttpVerb extends DataFlow::CallNode { class HttpVerbMethod extends MethodCall {
ManuallyCheckHttpVerb() { HttpVerbMethod() {
this instanceof CheckGetRequest or this instanceof CheckGetRequest or
this instanceof CheckPostRequest or this instanceof CheckPostRequest or
this instanceof CheckPatchRequest or this instanceof CheckPatchRequest or
this instanceof CheckPostRequest or this instanceof CheckPostRequest or
this instanceof CheckDeleteRequest or this instanceof CheckDeleteRequest or
this instanceof CheckHeadRequest or this instanceof CheckHeadRequest
this instanceof CheckRequestMethodFromEnv
} }
} }
@@ -53,30 +52,33 @@ class GetRequestMethodFromEnv extends ElementReference {
} }
} }
class CheckGetRequest extends DataFlow::CallNode { class CheckGetRequest extends MethodCall {
CheckGetRequest() { this.getMethodName() = "get?" } CheckGetRequest() { this.getMethodName() = "get?" }
} }
class CheckPostRequest extends DataFlow::CallNode { class CheckPostRequest extends MethodCall {
CheckPostRequest() { this.getMethodName() = "post?" } CheckPostRequest() { this.getMethodName() = "post?" }
} }
class CheckPutRequest extends DataFlow::CallNode { class CheckPutRequest extends MethodCall {
CheckPutRequest() { this.getMethodName() = "put?" } CheckPutRequest() { this.getMethodName() = "put?" }
} }
class CheckPatchRequest extends DataFlow::CallNode { class CheckPatchRequest extends MethodCall {
CheckPatchRequest() { this.getMethodName() = "patch?" } CheckPatchRequest() { this.getMethodName() = "patch?" }
} }
class CheckDeleteRequest extends DataFlow::CallNode { class CheckDeleteRequest extends MethodCall {
CheckDeleteRequest() { this.getMethodName() = "delete?" } CheckDeleteRequest() { this.getMethodName() = "delete?" }
} }
class CheckHeadRequest extends DataFlow::CallNode { class CheckHeadRequest extends MethodCall {
CheckHeadRequest() { this.getMethodName() = "head?" } CheckHeadRequest() { this.getMethodName() = "head?" }
} }
from ManuallyCheckHttpVerb check from CheckRequestMethodFromEnv env, AstNode node
select check, where
node instanceof HttpVerbMethod or
node = env.asExpr().getExpr()
select node,
"Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods." "Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods."

0
ruby/ql/test/query-tests/security/manually-check-http-verb/ManuallyCheckHttpVerb.expected Normal file
View File