hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: Avoid a forced CP.

Browse Source
This commit is contained in:
Alex Eyers-Taylor
2025-04-01 16:16:13 +01:00
parent 7096abe0a9
commit 1cf1acbbc6
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll
View File

@@ -54,6 +54,14 @@ class NetHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode {
override DataFlow::Node getAUrlPart() { override DataFlow::Node getAUrlPart() {
result = request.getArgument(0) result = request.getArgument(0)
or or
result = this.getAUrlPartFromConstructor()
}
/**
* Gets a node that contributes to the URL of the request
* indirectly, through the constructor.
*/
private DataFlow::Node getAUrlPartFromConstructor() {
// Net::HTTP.new(...).get(...) // Net::HTTP.new(...).get(...)
exists(API::Node new | exists(API::Node new |
new = API::getTopLevelMember("Net").getMember("HTTP").getInstance() and new = API::getTopLevelMember("Net").getMember("HTTP").getInstance() and