hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

add stdin as source for unsafe-deserialization

Browse Source
This commit is contained in:
erik-krogh
2022-12-06 16:59:17 +01:00
parent 44213f0144
commit 0e6028a7f3
4 changed files with 64 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ruby/ql/src/queries/security/cwe-502/UnsafeDeserialization.ql
View File

@@ -11,12 +11,11 @@
* external/cwe/cwe-502
*/
import codeql.ruby.AST
import DataFlow::PathGraph
import codeql.ruby.DataFlow
import ruby
import codeql.ruby.security.UnsafeDeserializationQuery
import DataFlow::PathGraph
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
where cfg.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "Unsafe deserialization depends on a $@.", source.getNode(),
"user-provided value"
source.getNode().(UnsafeDeserialization::Source).describe()