hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggested changes

Browse Source
This commit is contained in:
Maiky
2023-07-06 02:20:42 +02:00
parent f6887c86b3
commit 25814f76b9
5 changed files with 45 additions and 173 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ruby/ql/lib/codeql/ruby/Frameworks.qll
View File

@@ -32,6 +32,3 @@ private import codeql.ruby.frameworks.Slim
private import codeql.ruby.frameworks.Sinatra
private import codeql.ruby.frameworks.Twirp
private import codeql.ruby.frameworks.Sqlite3
private import codeql.ruby.frameworks.Rexml
private import codeql.ruby.frameworks.Nokogiri
private import codeql.ruby.frameworks.LibXml

68
ruby/ql/lib/codeql/ruby/frameworks/LibXml.qll
View File

@@ -1,68 +0,0 @@
/**
* Provides modeling for `libxml`, an XML library for Ruby.
*/
private import codeql.ruby.ApiGraphs
private import codeql.ruby.dataflow.FlowSummary
private import codeql.ruby.Concepts
/**
* Provides modeling for `libxml`, an XML library for Ruby.
*/
module LibXml {
/**
* Flow summary for `libxml`. Wraps a string, parsing it as an XML document.
*/
private class XmlSummary extends SummarizedCallable {
XmlSummary() { this = "LibXML::XML" }
override MethodCall getACall() { result = any(LibXmlRubyXmlParserCall c).asExpr().getExpr() }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Argument[0]" and output = "ReturnValue" and preservesValue = false
}
}
/** A call that parses XML. */
abstract private class LibXmlRubyXmlParserCall extends XmlParserCall::Range, DataFlow::CallNode {
}
private class LibXmlRubyXmlParserCallString extends LibXmlRubyXmlParserCall {
LibXmlRubyXmlParserCallString() {
this =
[API::getTopLevelMember("LibXML").getMember("XML"), API::getTopLevelMember("XML")]
.getMember(["Document", "Parser"])
.getAMethodCall(["string"])
}
override DataFlow::Node getInput() { result = this.getArgument(0) }
/** No option for parsing */
override predicate externalEntitiesEnabled() { none() }
}
private class LibXmlRubyXmlParserCallIoFile extends LibXmlRubyXmlParserCall {
LibXmlRubyXmlParserCallIoFile() {
this =
[API::getTopLevelMember("LibXML").getMember("XML"), API::getTopLevelMember("XML")]
.getMember(["Document", "Parser"])
.getAMethodCall(["file", "io"])
}
override DataFlow::Node getInput() { result = this.getArgument(0) }
/** No option for parsing */
override predicate externalEntitiesEnabled() { none() }
}
/** Execution of a XPath statement. */
private class LibXmlXPathExecution extends XPathExecution::Range, DataFlow::CallNode {
LibXmlXPathExecution() {
exists(LibXmlRubyXmlParserCall parserCall |
this = parserCall.getAMethodCall(["find", "find_first"])
)
}
override DataFlow::Node getXPath() { result = this.getArgument(0) }
}
}

54
ruby/ql/lib/codeql/ruby/frameworks/Nokogiri.qll
View File

@@ -1,54 +0,0 @@
/**
* Provides modeling for `nokogiri`, an XML library for Ruby.
*/
private import codeql.ruby.ApiGraphs
private import codeql.ruby.dataflow.FlowSummary
private import codeql.ruby.Concepts
/**
* Provides modeling for `nokogiri`, an XML library for Ruby.
*/
module Nokogiri {
/**
* Flow summary for `nokogiri`. Wraps a string, parsing it as an XML document.
*/
private class XmlSummary extends SummarizedCallable {
XmlSummary() { this = "Nokogiri::XML.parse" }
override MethodCall getACall() { result = any(NokogiriXmlParserCall p).asExpr().getExpr() }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Argument[0]" and output = "ReturnValue" and preservesValue = false
}
}
/** A call that parses XML. */
private class NokogiriXmlParserCall extends DataFlow::CallNode {
NokogiriXmlParserCall() {
this =
[
API::getTopLevelMember("Nokogiri").getMember("XML"),
API::getTopLevelMember("Nokogiri").getMember("XML").getMember("Document"),
API::getTopLevelMember("Nokogiri")
.getMember("XML")
.getMember("SAX")
.getMember("Parser")
.getInstance()
].getAMethodCall("parse")
}
DataFlow::Node getInput() { result = this.getArgument(0) }
}
/** Execution of a XPath statement. */
private class NokogiriXPathExecution extends XPathExecution::Range, DataFlow::CallNode {
NokogiriXPathExecution() {
exists(NokogiriXmlParserCall parserCall |
this = parserCall.getAMethodCall(["xpath", "at_xpath", "search", "at"])
)
}
override DataFlow::Node getXPath() { result = this.getArgument(0) }
}
}

48
ruby/ql/lib/codeql/ruby/frameworks/Rexml.qll
View File

@@ -1,48 +0,0 @@
/**
* Provides modeling for `rexml`, an XML toolkit for Ruby.
*/
private import codeql.ruby.ApiGraphs
private import codeql.ruby.dataflow.FlowSummary
private import codeql.ruby.Concepts
/**
* Provides modeling for `rexml`, an XML toolkit for Ruby.
*/
module Rexml {
/**
* Flow summary for `REXML::Document.new()`. This method wraps a string, parsing it as an XML document.
*/
private class XmlSummary extends SummarizedCallable {
XmlSummary() { this = "REXML::Document.new()" }
override MethodCall getACall() { result = any(RexmlParserCall c).asExpr().getExpr() }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Argument[0]" and output = "ReturnValue" and preservesValue = false
}
}
/** A call to `REXML::Document.new`, considered as a XML parsing. */
private class RexmlParserCall extends XmlParserCall::Range, DataFlow::CallNode {
RexmlParserCall() {
this = API::getTopLevelMember("REXML").getMember("Document").getAnInstantiation()
}
override DataFlow::Node getInput() { result = this.getArgument(0) }
/** No option for parsing */
override predicate externalEntitiesEnabled() { none() }
}
/** Execution of a XPath statement. */
private class RexmlXPathExecution extends XPathExecution::Range, DataFlow::CallNode {
RexmlXPathExecution() {
this =
[API::getTopLevelMember("REXML").getMember("XPath"), API::getTopLevelMember("XPath")]
.getAMethodCall(["each", "first", "match"])
}
override DataFlow::Node getXPath() { result = this.getArgument(1) }
}
}

45
ruby/ql/lib/codeql/ruby/frameworks/XmlParsing.qll
View File

@@ -45,6 +45,17 @@ private class NokogiriXmlParserCall extends XmlParserCall::Range, DataFlow::Call
}
}
/** Execution of a XPath statement. */
private class NokogiriXPathExecution extends XPathExecution::Range, DataFlow::CallNode {
NokogiriXPathExecution() {
exists(NokogiriXmlParserCall parserCall |
this = parserCall.getAMethodCall(["xpath", "at_xpath", "search", "at"])
)
}
override DataFlow::Node getXPath() { result = this.getArgument(0) }
}
/**
* Holds if `assign` enables the `default_substitute_entities` option in
* libxml-ruby.
@@ -123,6 +134,40 @@ private predicate xmlMiniEntitySubstitutionEnabled() {
enablesLibXmlDefaultEntitySubstitution(_)
}
/** Execution of a XPath statement. */
private class LibXmlXPathExecution extends XPathExecution::Range, DataFlow::CallNode {
LibXmlXPathExecution() {
exists(LibXmlRubyXmlParserCall parserCall |
this = parserCall.getAMethodCall(["find", "find_first"])
)
}
override DataFlow::Node getXPath() { result = this.getArgument(0) }
}
/** A call to `REXML::Document.new`, considered as a XML parsing. */
private class RexmlParserCall extends XmlParserCall::Range, DataFlow::CallNode {
RexmlParserCall() {
this = API::getTopLevelMember("REXML").getMember("Document").getAnInstantiation()
}
override DataFlow::Node getInput() { result = this.getArgument(0) }
/** No option for parsing */
override predicate externalEntitiesEnabled() { none() }
}
/** Execution of a XPath statement. */
private class RexmlXPathExecution extends XPathExecution::Range, DataFlow::CallNode {
RexmlXPathExecution() {
this =
[API::getTopLevelMember("REXML").getMember("XPath"), API::getTopLevelMember("XPath")]
.getAMethodCall(["each", "first", "match"])
}
override DataFlow::Node getXPath() { result = this.getArgument(1) }
}
/**
* A call to `ActiveSupport::XmlMini.parse` considered as an `XmlParserCall`.
*/