hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 02:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Change how sql-injection barriers are accepted

Browse Source
This commit is contained in:
Owen Mansel-Chan
2026-02-17 12:58:38 +00:00
parent 3dc465f167
commit 1d7a39a093
2 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ruby/ql/lib/codeql/ruby/Concepts.qll
View File

@@ -9,6 +9,7 @@ private import codeql.ruby.CFG
private import codeql.ruby.DataFlow
private import codeql.ruby.dataflow.internal.DataFlowImplSpecific
private import codeql.ruby.Frameworks
private import codeql.ruby.frameworks.data.internal.ApiGraphModels
private import codeql.ruby.dataflow.RemoteFlowSources
private import codeql.ruby.ApiGraphs
private import codeql.ruby.Regexp as RE
@@ -95,6 +96,10 @@ module SqlSanitization {
abstract class Range extends DataFlow::Node { }
}
private class ExternalSqlInjectionSanitizer extends SqlSanitization::Range {
ExternalSqlInjectionSanitizer() { ModelOutput::barrierNode(this, "sql-injection") }
}
/**
* A data-flow node that executes a regular expression.
*

4
ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll
View File

@@ -61,8 +61,4 @@ module SqlInjection {
private class ExternalSqlInjectionSink extends Sink {
ExternalSqlInjectionSink() { ModelOutput::sinkNode(this, "sql-injection") }
}
private class ExternalSqlInjectionSanitizer extends Sanitizer {
ExternalSqlInjectionSanitizer() { ModelOutput::barrierNode(this, "sql-injection") }
}
}