hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: Use API graphs asCallable() instead of Proc.new workaround

Browse Source
This commit is contained in:
Asger F
2023-07-14 13:50:07 +02:00
parent 31bed36231
commit 2962727f0f
1 changed files with 1 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll
View File

@@ -18,16 +18,7 @@ private class PotentialRequestHandler extends DataFlow::CallableNode {
(
this.(DataFlow::MethodNode).getMethodName() = "call"
or
not this instanceof DataFlow::MethodNode and
exists(DataFlow::CallNode cn | cn.getMethodName() = "run" |
this.(DataFlow::LocalSourceNode).flowsTo(cn.getArgument(0))
or
// TODO: `Proc.new` should automatically propagate flow from its block argument
any(DataFlow::CallNode proc |
proc = API::getTopLevelMember("Proc").getAnInstantiation() and
proc.getBlock() = this
).(DataFlow::LocalSourceNode).flowsTo(cn.getArgument(0))
)
this = API::getTopLevelCall("run").getArgument(0).asCallable()
)
}
}