hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: fix some SensitiveDataSource definitions

Browse Source
This commit is contained in:
Alex Ford
2024-06-18 17:46:52 +01:00
parent f217de9623
commit 81ec6861f9
1 changed files with 8 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
ruby/ql/lib/codeql/ruby/security/WeakSensitiveDataHashingCustomizations.qll
View File

@@ -8,6 +8,7 @@ private import ruby
private import codeql.ruby.Concepts
private import codeql.ruby.security.SensitiveActions
private import codeql.ruby.dataflow.BarrierGuards
private import codeql.ruby.dataflow.SSA
private module SensitiveDataSources {
/**
@@ -42,28 +43,24 @@ private module SensitiveDataSources {
/**
* A call to a method that may return sensitive data.
*/
class SensitiveMethodCall extends SensitiveDataSource::Range, DataFlow::CallNode instanceof SensitiveNode
{
SensitiveDataMethodName methodName;
SensitiveMethodCall() { methodName = this.getMethodName() }
class SensitiveMethodCall extends SensitiveDataSource::Range instanceof SensitiveCall {
override SensitiveDataClassification getClassification() {
result = methodName.getClassification()
result = SensitiveCall.super.getClassification()
}
}
/**
* An assignment to a variable that may contain sensitive data.
*/
class SensitiveVariableAssignment extends SensitiveDataSource::Range instanceof SensitiveNode {
class SensitiveVariableAssignment extends SensitiveDataSource::Range, DataFlow::SsaDefinitionNode {
SensitiveNode sensitiveNode;
SensitiveVariableAssignment() {
this.(DataFlow::VariableAccessNode).asVariableAccessAstNode() instanceof
Ast::VariableWriteAccess
this.getDefinition().(Ssa::WriteDefinition).getWriteAccess() = sensitiveNode.asExpr()
}
override SensitiveDataClassification getClassification() {
result = SensitiveNode.super.getClassification()
result = sensitiveNode.getClassification()
}
}