Ruby: fix defining every dataflow node as a command execution sink

2026-04-28 02:05:14 +02:00 · 2022-07-11 15:06:27 +01:00
parent 3bacb18315
commit 348ad95fc0
3 changed files with 16 additions and 2 deletions
--- a/ruby/ql/lib/codeql/ruby/frameworks/Railties.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Railties.qll
@@ -43,7 +43,7 @@ module Railties {

    override DataFlow::Node getAnArgument() { result = this.getArgument([0, 1]) }

-    override predicate isShellInterpreted(DataFlow::Node arg) { any() }
+    override predicate isShellInterpreted(DataFlow::Node arg) { arg = this.getAnArgument() }
  }

  /**
@@ -57,6 +57,6 @@ module Railties {

    override DataFlow::Node getAnArgument() { result = this.getArgument(0) }

-    override predicate isShellInterpreted(DataFlow::Node arg) { any() }
+    override predicate isShellInterpreted(DataFlow::Node arg) { arg = this.getAnArgument() }
  }
 }
--- a/ruby/ql/test/library-tests/frameworks/railties/Railties.expected
+++ b/ruby/ql/test/library-tests/frameworks/railties/Railties.expected
@@ -1,5 +1,14 @@
+systemCommandExecutions
 | Railties.rb:5:5:5:34 | call to execute_command |
 | Railties.rb:6:5:6:37 | call to execute_command |
 | Railties.rb:8:5:8:16 | call to rake |
 | Railties.rb:10:5:10:27 | call to rails_command |
 | Railties.rb:12:5:12:17 | call to git |
+shellInterpretedArguments
+| Railties.rb:5:5:5:34 | call to execute_command | Railties.rb:5:21:5:25 | :rake |
+| Railties.rb:5:5:5:34 | call to execute_command | Railties.rb:5:28:5:33 | "test" |
+| Railties.rb:6:5:6:37 | call to execute_command | Railties.rb:6:21:6:26 | :rails |
+| Railties.rb:6:5:6:37 | call to execute_command | Railties.rb:6:29:6:36 | "server" |
+| Railties.rb:8:5:8:16 | call to rake | Railties.rb:8:10:8:15 | "test" |
+| Railties.rb:10:5:10:27 | call to rails_command | Railties.rb:10:19:10:26 | "server" |
+| Railties.rb:12:5:12:17 | call to git | Railties.rb:12:9:12:16 | "status" |
--- a/ruby/ql/test/library-tests/frameworks/railties/Railties.ql
+++ b/ruby/ql/test/library-tests/frameworks/railties/Railties.ql
@@ -1,5 +1,10 @@
 private import ruby
 private import codeql.ruby.Concepts
 private import codeql.ruby.frameworks.Railties
+private import codeql.ruby.DataFlow

 query predicate systemCommandExecutions(SystemCommandExecution e) { any() }
+
+query predicate shellInterpretedArguments(SystemCommandExecution e, DataFlow::Node arg) {
+  e.isShellInterpreted(arg)
+}