hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update Kernel.qll to include send aliases

Browse Source 
Add `public_send` and `__send__` as Code Injection sinks as proposed by @vcsjones
This commit is contained in:
Alvaro Muñoz
2023-12-28 19:08:03 +01:00
committed by GitHub
parent 19c5d1fd1d
commit 2964aef083
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
View File

@@ -43,7 +43,7 @@ module Kernel {
* ```
*/
private predicate isPublicKernelMethod(string method) {
method in ["class", "clone", "frozen?", "tap", "then", "yield_self", "send"]
method in ["class", "clone", "frozen?", "tap", "then", "yield_self", "send", "public_send", "__send__"]
}
/**
@@ -167,7 +167,7 @@ module Kernel {
* ```
*/
class SendCallCodeExecution extends CodeExecution::Range, KernelMethodCall {
SendCallCodeExecution() { this.getMethodName() = "send" }
SendCallCodeExecution() { this.getMethodName() = ["send", "public_send", "__send__"] }
override DataFlow::Node getCode() { result = this.getArgument(0) }