hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add comment

Browse Source
This commit is contained in:
Arthur Baars
2021-10-01 12:12:31 +02:00
parent c78d02d00d
commit 5a454bb9f2
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ql/lib/codeql/ruby/frameworks/XmlParsing.qll
View File

@@ -25,6 +25,11 @@ private class NokogiriXmlParserCall extends XmlParserCall::Range, DataFlow::Call
this.getArgument(3) =
[trackEnableFeature(TNOENT()), trackEnableFeature(TDTDLOAD()), trackDisableFeature(TNONET())]
or
// calls to methods that enable/disable features in a block argument passed to this parser call.
// For example:
// ```ruby
// doc.parse(...) { |options| options.nononet; options.noent }
// ```
this.asExpr()
.getExpr()
.(MethodCall)
@@ -32,7 +37,7 @@ private class NokogiriXmlParserCall extends XmlParserCall::Range, DataFlow::Call
.getAStmt()
.getAChild*()
.(MethodCall)
.getMethodName() = ["noent", "nononet"]
.getMethodName() = ["noent", "dtdload", "nononet"]
}
}