Ruby: Add flow summaries for ActiveSupport::JSON

2026-04-29 18:55:14 +02:00 · 2022-11-07 12:29:14 +13:00
parent 375403fb9d
commit 0a98559fcb
3 changed files with 53 additions and 0 deletions
--- a/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
@@ -374,4 +374,17 @@ module ActiveSupport {
        ]
    }
  }
+
+  /** `ActiveSupport::JSON` */
+  module Json {
+    private class JsonSummary extends ModelInput::SummaryModelCsv {
+      override predicate row(string row) {
+        row =
+          [
+            "activesupport;;Member[ActiveSupport].Member[JSON].Method[encode,dump];Argument[0];ReturnValue;taint",
+            "activesupport;;Member[ActiveSupport].Member[JSON].Method[decode,load];Argument[0];ReturnValue;taint",
+          ]
+      }
+    }
+  }
 }