Add additional sinks for connection methods

2026-04-22 23:35:14 +02:00 · 2024-02-14 22:42:03 +00:00
parent cd00a4dacd
commit 37eb81097f
1 changed files with 7 additions and 1 deletions
--- a/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll
@@ -200,7 +200,13 @@ private predicate sqlFragmentArgumentInner(DataFlow::CallNode call, DataFlow::No
  call = activeRecordQueryBuilderCall("annotate") and
  sink = call.getArgument(_)
  or
-  call = activeRecordConnectionInstance().getAMethodCall("execute") and
+  call =
+    activeRecordConnectionInstance()
+        .getAMethodCall([
+            "delete", "exec_query", "exec_delete", "exec_insert", "exec_update", "execute",
+            "insert", "select_all", "select_one", "select_rows", "select_value", "select_values",
+            "select_update", "update"
+          ]) and
  sink = call.getArgument(0)
  or
  call = activeRecordQueryBuilderCall("update_all") and