hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

add transform method that is an alias for to_ruby

Browse Source
This commit is contained in:
amammad
2023-06-17 07:12:02 +10:00
committed by Harry Maclean
parent a75a004942
commit 18fa91bde4
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ruby/ql/lib/codeql/ruby/frameworks/Yaml.qll
View File

@@ -41,8 +41,8 @@ private class YamlParseStep extends AdditionalTaintStep {
exists(API::Node parseSuccessors | parseSuccessors = yamlNode() |
succ =
[
parseSuccessors.getMethod("to_ruby").getReturn().asSource(),
parseSuccessors.getMethod("to_ruby").getReturn().getAnElement().asSource()
parseSuccessors.getMethod(["to_ruby", "transform"]).getReturn().asSource(),
parseSuccessors.getMethod(["to_ruby", "transform"]).getReturn().getAnElement().asSource()
] and
pred = parseSuccessors.asSource()
)

2
ruby/ql/lib/codeql/ruby/security/UnsafeDeserializationCustomizations.qll
View File

@@ -105,7 +105,7 @@ module UnsafeDeserialization {
exists(API::Node toRubyReceiver |
toRubyReceiver = yamlNode() and this = toRubyReceiver.asSource()
|
exists(toRubyReceiver.getMethod("to_ruby"))
exists(toRubyReceiver.getMethod(["to_ruby", "transform"]))
)
}
}