Apply suggestions from code review

Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
2026-04-30 19:26:02 +02:00 · 2023-01-23 14:58:04 +01:00
parent 8251ad5e99
commit 32c4cf5769
4 changed files with 9 additions and 9 deletions
--- a/ruby/ql/lib/codeql/ruby/security/UnsafeHtmlConstructionCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/UnsafeHtmlConstructionCustomizations.qll
@@ -36,7 +36,7 @@ module UnsafeHtmlConstruction {
  private import codeql.ruby.security.XSS::ReflectedXss as ReflectedXss

  /** Gets a node that eventually ends up in the XSS `sink`. */
-  DataFlow::Node getANodeThatEndsInXssSink(ReflectedXss::Sink sink) {
+  private DataFlow::Node getANodeThatEndsInXssSink(ReflectedXss::Sink sink) {
    result = getANodeThatEndsInXssSink(TypeTracker::TypeBackTracker::end(), sink)
  }

@@ -55,10 +55,10 @@ module UnsafeHtmlConstruction {
  }

  /**
-   * A string constructed from a string-literal (e.g. `"foo #{sink}"`),
+   * A component of a string-literal (e.g. `"foo #{sink}"`),
   * where the resulting string ends up being used in an XSS sink.
   */
-  class StringFormatAsSink extends Sink {
+  private class StringFormatAsSink extends Sink {
    ReflectedXss::Sink s;

    StringFormatAsSink() {
@@ -73,13 +73,13 @@ module UnsafeHtmlConstruction {
    override string getSinkType() { result = "string interpolation" }
  }

-  import codeql.ruby.security.TaintedFormatStringSpecific as TaintedFormat
+  private import codeql.ruby.security.TaintedFormatStringSpecific as TaintedFormat

  /**
-   * A string constructed from a printf-style call,
+   * An argument to a printf-style call,
   * where the resulting string ends up being used in an XSS sink.
   */
-  class TaintedFormatStringAsSink extends Sink {
+  private class TaintedFormatStringAsSink extends Sink {
    ReflectedXss::Sink s;

    TaintedFormatStringAsSink() {
--- a/ruby/ql/lib/codeql/ruby/security/UnsafeHtmlConstructionQuery.qll
+++ b/ruby/ql/lib/codeql/ruby/security/UnsafeHtmlConstructionQuery.qll
@@ -15,7 +15,7 @@ private import codeql.ruby.dataflow.BarrierGuards
 * A taint-tracking configuration for detecting unsafe HTML construction.
 */
 class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "UnsafeShellCommandConstruction" }
+  Configuration() { this = "UnsafeHtmlConstruction" }

  override predicate isSource(DataFlow::Node source) { source instanceof Source }

--- a/ruby/ql/src/queries/security/cwe-079/examples/unsafe-html-construction.rb
+++ b/ruby/ql/src/queries/security/cwe-079/examples/unsafe-html-construction.rb
@@ -1,6 +1,6 @@
 class UsersController < ActionController::Base
  # BAD - create a user description, where the name is not escaped
  def create_user_description (name)
-    "<h2>#{name}</h2>".html_safe
+    "<b>#{name}</b>".html_safe
  end
 end
--- a/ruby/ql/src/queries/security/cwe-079/examples/unsafe-html-construction_safe.rb
+++ b/ruby/ql/src/queries/security/cwe-079/examples/unsafe-html-construction_safe.rb
@@ -1,6 +1,6 @@
 class UsersController < ActionController::Base
  # Good - create a user description, where the name is escaped
  def create_user_description (name)
-    "<h2>#{ERB::Util.html_escape(name)}</h2>".html_safe
+    "<b>#{ERB::Util.html_escape(name)}</b>".html_safe
  end
 end