hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix LinkToCallArgumentAsSink matching when link_to is passed a block

Browse Source
This commit is contained in:
Alex Ford
2021-09-08 16:21:02 +01:00
parent 200c8f2493
commit 6cc82d46f3
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ql/lib/codeql/ruby/frameworks/ActionView.qll
View File

@@ -145,7 +145,12 @@ private class ActionViewRenderToCall extends ActionViewContextCall, RenderToCall
class LinkToCall extends ActionViewContextCall {
LinkToCall() { this.getMethodName() = "link_to" }
// TODO: the path can also be specified through other optional arguments
Expr getPathArgument() { result = this.getArgument(1) }
Expr getPathArgument() {
// When `link_to` is called with a block, it uses the first argument as the
// path, and otherwise the second argument.
exists(this.getBlock()) and result = this.getArgument(0)
or
not exists(this.getBlock()) and result = this.getArgument(1)
}
}
// TODO: model flow in/out of template files properly,