hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: configsig rb/xxe

Browse Source
This commit is contained in:
Alex Ford
2023-09-03 16:53:54 +01:00
parent 956207b7d9
commit 73ed5696f3
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
ruby/ql/src/queries/security/cwe-611/Xxe.ql
View File

@@ -13,12 +13,10 @@
* external/cwe/cwe-827
*/
import codeql.ruby.AST
import codeql.ruby.dataflow.RemoteFlowSources
import codeql.ruby.TaintTracking
import codeql.ruby.Concepts
import codeql.ruby.DataFlow
import DataFlow::PathGraph
class UnsafeXxeSink extends DataFlow::ExprNode {
UnsafeXxeSink() {
@@ -29,16 +27,18 @@ class UnsafeXxeSink extends DataFlow::ExprNode {
}
}
class XxeConfig extends TaintTracking::Configuration {
XxeConfig() { this = "XXE.ql::XxeConfig" }
private module XxeConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeXxeSink }
predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeXxeSink }
}
from DataFlow::PathNode source, DataFlow::PathNode sink, XxeConfig conf
where conf.hasFlowPath(source, sink)
private module XxeFlow = TaintTracking::Global<XxeConfig>;
private import XxeFlow::PathGraph
from XxeFlow::PathNode source, XxeFlow::PathNode sink
where XxeFlow::flowPath(source, sink)
select sink.getNode(), source, sink,
"XML parsing depends on a $@ without guarding against external entity expansion.",
source.getNode(), "user-provided value"