hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix singleton set literal

Browse Source
This commit is contained in:
Maiky
2023-07-15 00:18:21 +02:00
parent a524735236
commit 3f36d3244b
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ruby/ql/lib/codeql/ruby/frameworks/Ldap.qll
View File

@@ -29,12 +29,12 @@ module NetLdap {
/** A call that establishes a LDAP Connection */
private class NetLdapConnection extends DataFlow::CallNode {
NetLdapConnection() { this in [ldap().getAnInstantiation(), ldap().getAMethodCall(["open"])] }
NetLdapConnection() { this in [ldap().getAnInstantiation(), ldap().getAMethodCall("open")] }
}
/** A call that constructs a LDAP query */
private class NetLdapFilter extends LdapConstruction::Range, DataFlow::CallNode {
NetLdapFilter() { this = any(ldap().getMember("Filter").getAMethodCall(["eq"])) }
NetLdapFilter() { this = any(ldap().getMember("Filter").getAMethodCall("eq")) }
override DataFlow::Node getQuery() { result = this.getArgument([0, 1]) }
}

7
ruby/ql/lib/codeql/ruby/security/LdapInjectionCustomizations.qll
View File

@@ -34,8 +34,8 @@ module LdapInjection {
exists(DataFlow::CallNode filterCall |
(
filterCall =
API::getTopLevelMember("Net").getMember("LDAP").getMember("Filter").getAMethodCall(["eq"]) or
filterCall.getMethodName() = ["[]"]
API::getTopLevelMember("Net").getMember("LDAP").getMember("Filter").getAMethodCall("eq") or
filterCall.getMethodName() = "[]"
) and
n1 = filterCall.getArgument([0, 1]) and
n2 = filterCall
@@ -64,5 +64,6 @@ module LdapInjection {
* sanitizer-guard.
*/
private class StringConstArrayInclusionCallAsSanitizer extends Sanitizer,
StringConstArrayInclusionCallBarrier { }
StringConstArrayInclusionCallBarrier
{ }
}