hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply review suggestions: Use getInstance and clarify predicate name/qldoc. Also fix changenote formatting.

Browse Source
This commit is contained in:
Joe Farebrother
2024-03-05 16:34:48 +00:00
parent 31687afd5d
commit 7027b7fe82
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ruby/ql/lib/change-notes/2024-03-01-typhoeus-request.md
View File

@@ -1,4 +1,4 @@
---
category: minorAnalysis
---
Calls to `Typhoeus::Request.new` are now considered as instances of the `Http::Client::Request` concept, with the response body being treated as a remote flow source.
* Calls to `Typhoeus::Request.new` are now considered as instances of the `Http::Client::Request` concept, with the response body being treated as a remote flow source.

10
ruby/ql/lib/codeql/ruby/frameworks/http_clients/Typhoeus.qll
View File

@@ -27,7 +27,7 @@ class TyphoeusHttpRequest extends Http::Client::Request::Range, DataFlow::CallNo
.getReturn(["get", "head", "delete", "options", "post", "put", "patch"])
or
directResponse = false and
requestNode = API::getTopLevelMember("Typhoeus").getMember("Request").getReturn("new")
requestNode = API::getTopLevelMember("Typhoeus").getMember("Request").getInstance()
)
}
@@ -38,7 +38,7 @@ class TyphoeusHttpRequest extends Http::Client::Request::Range, DataFlow::CallNo
result = getBodyFromResponse(requestNode)
or
directResponse = false and
result = getBodyFromRequest(requestNode)
result = getResponseBodyFromRequest(requestNode)
}
/** Gets the value that controls certificate validation, if any. */
@@ -69,10 +69,10 @@ private module TyphoeusDisablesCertificateValidationConfig implements DataFlow::
private module TyphoeusDisablesCertificateValidationFlow =
DataFlow::Global<TyphoeusDisablesCertificateValidationConfig>;
/** Gets the body from the given `requestNode` representing a Typhoeus request */
/** Gets the response body from the given `requestNode` representing a Typhoeus request */
bindingset[requestNode]
pragma[inline_late]
private DataFlow::Node getBodyFromRequest(API::Node requestNode) {
private DataFlow::Node getResponseBodyFromRequest(API::Node requestNode) {
result =
[
getBodyFromResponse(getResponseFromRequest(requestNode)),
@@ -95,7 +95,7 @@ private API::Node getResponseFromRequest(API::Node requestNode) {
]
}
/** Gets the body from the given `responseNode` representing a Typhoeus response */
/** Gets the response body from the given `responseNode` representing a Typhoeus response */
bindingset[responseNode]
pragma[inline_late]
private DataFlow::Node getBodyFromResponse(API::Node responseNode) {