rename runsImmediately to runsArbitraryCode

2026-04-29 02:35:15 +02:00 · 2022-10-20 10:10:11 +02:00
parent 3dd89bb7bf
commit 24916f8538
7 changed files with 10 additions and 10 deletions
--- a/ruby/ql/lib/codeql/ruby/Concepts.qll
+++ b/ruby/ql/lib/codeql/ruby/Concepts.qll
@@ -702,8 +702,8 @@ class CodeExecution extends DataFlow::Node instanceof CodeExecution::Range {
  /** Gets the argument that specifies the code to be executed. */
  DataFlow::Node getCode() { result = super.getCode() }

-  /** Holds if this execution immediately runs the input as code, as opposed to loading some code using the input as a "path". */
-  predicate runsImmediately() { super.runsImmediately() }
+  /** Holds if this execution runs arbitary code, as opposed to some restricted subset. E.g. `Object.send` will only run any method on an object. */
+  predicate runsArbitraryCode() { super.runsArbitraryCode() }
 }

 /** Provides a class for modeling new dynamic code execution APIs. */
@@ -718,8 +718,8 @@ module CodeExecution {
    /** Gets the argument that specifies the code to be executed. */
    abstract DataFlow::Node getCode();

-    /** Holds if this execution immediately runs the input as code, as opposed to loading some code using the input as a "path". */
-    predicate runsImmediately() { any() }
+    /** Holds if this execution runs arbitary code, as opposed to some restricted subset. E.g. `Object.send` will only run any method on an object. */
+    predicate runsArbitraryCode() { any() }
  }
 }

--- a/ruby/ql/lib/codeql/ruby/frameworks/ActiveJob.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/ActiveJob.qll
@@ -26,7 +26,7 @@ module ActiveJob {

      override DataFlow::Node getCode() { result = this.getArgument(0) }

-      override predicate runsImmediately() { none() }
+      override predicate runsArbitraryCode() { none() }
    }
  }
 }
--- a/ruby/ql/lib/codeql/ruby/frameworks/ActiveStorage.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/ActiveStorage.qll
@@ -222,6 +222,6 @@ module ActiveStorage {

    override DataFlow::Node getCode() { result = this.getArgument(0) }

-    override predicate runsImmediately() { none() }
+    override predicate runsArbitraryCode() { none() }
  }
 }
--- a/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
@@ -36,7 +36,7 @@ module ActiveSupport {

        override DataFlow::Node getCode() { result = this.getReceiver() }

-        override predicate runsImmediately() { none() }
+        override predicate runsArbitraryCode() { none() }
      }

      /**
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
@@ -167,7 +167,7 @@ module Kernel {

    override DataFlow::Node getCode() { result = this.getArgument(0) }

-    override predicate runsImmediately() { none() }
+    override predicate runsArbitraryCode() { none() }
  }

  private class TapSummary extends SimpleSummarizedCallable {
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/Module.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Module.qll
@@ -43,6 +43,6 @@ module Module {

    override DataFlow::Node getCode() { result = this.getArgument(0) }

-    override predicate runsImmediately() { none() }
+    override predicate runsArbitraryCode() { none() }
  }
 }
--- a/ruby/ql/lib/codeql/ruby/security/CodeInjectionCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/CodeInjectionCustomizations.qll
@@ -69,7 +69,7 @@ module CodeInjection {

    /** Gets a flow state for which this is a sink. */
    override DataFlow::FlowState getAFlowState() {
-      if c.runsImmediately()
+      if c.runsArbitraryCode()
      then result = [FlowState::substring(), FlowState::full()] // If it runs immediately, then it's always vulnerable.
      else result = FlowState::full() // If it "just" loads something, then it's only vulnerable if the attacker controls the entire string.
    }