hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: Constrain parameters flow properly

Browse Source
This commit is contained in:
Harry Maclean
2022-10-03 14:06:06 +13:00
parent 32baf67b07
commit 236b628ee2
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
View File

@@ -386,12 +386,13 @@ private module ParamsSummaries {
ParamsInstance() {
this.asExpr().getExpr() instanceof ParamsCall
or
exists(DataFlow::CallNode call | call = this |
call.getReceiver() instanceof ParamsInstance and
call.getMethodName() = paramsMethodReturningParamsInstance()
)
this =
any(DataFlow::CallNode call |
call.getReceiver() instanceof ParamsInstance and
call.getMethodName() = paramsMethodReturningParamsInstance()
)
or
exists(DataFlow::LocalSourceNode prev | prev.flowsTo(this))
exists(ParamsInstance prev | prev.(DataFlow::LocalSourceNode).flowsTo(this))
}
}