hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: handle Regexp.quote wherever we handle Regexp.escape

Browse Source
This commit is contained in:
Nick Rolfe
2021-11-22 17:12:01 +00:00
parent 5b11cfe006
commit 4b42c4447b
2 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll
View File

@@ -335,12 +335,12 @@ class ModuleEvalCallCodeExecution extends CodeExecution::Range, DataFlow::CallNo
override DataFlow::Node getCode() { result = this.getArgument(0) }
}
/** Flow summary for `Regexp.escape`. */
/** Flow summary for `Regexp.escape` and its alias, `Regexp.quote`. */
class RegexpEscapeSummary extends SummarizedCallable {
RegexpEscapeSummary() { this = "Regexp.escape" }
override MethodCall getACall() {
result = API::getTopLevelMember("Regexp").getAMethodCall("escape").asExpr().getExpr()
result = API::getTopLevelMember("Regexp").getAMethodCall(["escape", "quote"]).asExpr().getExpr()
}
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {

7
ruby/ql/lib/codeql/ruby/security/performance/RegExpInjectionCustomizations.qll
View File

@@ -70,9 +70,12 @@ module RegExpInjection {
StringConstArrayInclusionCall { }
/**
* A call to `Regexp.escape`, considered as a sanitizer.
* A call to `Regexp.escape` (or its alias, `Regexp.quote`), considered as a
* sanitizer.
*/
class RegexpEscapeSanitization extends Sanitizer {
RegexpEscapeSanitization() { this = API::getTopLevelMember("Regexp").getAMethodCall("escape") }
RegexpEscapeSanitization() {
this = API::getTopLevelMember("Regexp").getAMethodCall(["escape", "quote"])
}
}
}