hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix QL-for-QL warnings

Browse Source
This commit is contained in:
erik-krogh
2022-10-18 12:37:50 +02:00
parent 2033dd2dcc
commit 0f2a48f461
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ruby/ql/lib/codeql/ruby/security/UnsafeCodeConstructionCustomizations.qll
View File

@@ -64,11 +64,12 @@ module UnsafeCodeConstruction {
*/
class StringFormatAsSink extends Sink {
Concepts::CodeExecution s;
Ast::StringLiteral lit;
StringFormatAsSink() {
any(DataFlow::Node n | n.asExpr().getExpr() = lit) = getANodeExecutedAsCode(s) and
this.asExpr().getExpr() = lit.getComponent(_)
exists(Ast::StringLiteral lit |
any(DataFlow::Node n | n.asExpr().getExpr() = lit) = getANodeExecutedAsCode(s) and
this.asExpr().getExpr() = lit.getComponent(_)
)
}
override DataFlow::Node getCodeSink() { result = s }
@@ -84,11 +85,12 @@ module UnsafeCodeConstruction {
*/
class TaintedFormatStringAsSink extends Sink {
Concepts::CodeExecution s;
TaintedFormat::PrintfStyleCall call;
TaintedFormatStringAsSink() {
call = getANodeExecutedAsCode(s) and
this = [call.getFormatArgument(_), call.getFormatString()]
exists(TaintedFormat::PrintfStyleCall call |
call = getANodeExecutedAsCode(s) and
this = [call.getFormatArgument(_), call.getFormatString()]
)
}
override DataFlow::Node getCodeSink() { result = s }