hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15722 from hmac/mad-sinks

Browse Source
This commit is contained in:
Harry Maclean
2024-03-06 08:18:19 +00:00
committed by GitHub
parent dcc6f83d3b f7b8e8af41
commit 350dab4621
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll
View File

@@ -10,6 +10,7 @@ private import codeql.ruby.DataFlow
private import codeql.ruby.dataflow.RemoteFlowSources
private import codeql.ruby.Concepts
private import codeql.ruby.dataflow.Sanitizers
private import codeql.ruby.frameworks.data.internal.ApiGraphModels
/**
* Provides default sources, sinks and sanitizers for reasoning about
@@ -41,4 +42,8 @@ module ServerSideRequestForgery {
/** A string interpolation with a fixed prefix, considered as a flow sanitizer. */
class StringInterpolationAsSanitizer extends PrefixedStringInterpolation, Sanitizer { }
private class ExternalRequestForgerySink extends Sink {
ExternalRequestForgerySink() { this = ModelOutput::getASinkNode("request-forgery").asSink() }
}
}