hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add ERB Template Injection Sink

Browse Source
This commit is contained in:
Maiky
2023-04-13 17:21:31 +02:00
parent aeff6d3b85
commit 820db43945
3 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
ruby/ql/lib/codeql/ruby/frameworks/Rails.qll
View File

@@ -400,3 +400,19 @@ private class AccessLocalsKeySummary extends SummarizedCallable {
preservesValue = true
}
}
/** A call to `render inline: foo`, considered as a ERB template rendering. */
private class RailsTemplateRendering extends TemplateRendering::Range, DataFlow::CallNode {
private DataFlow::Node template;
RailsTemplateRendering() {
(
this.asExpr().getExpr() instanceof Rails::RenderCall
or
this.asExpr().getExpr() instanceof Rails::RenderToCall
) and
template = this.getKeywordArgument("inline")
}
override DataFlow::Node getTemplate() { result = template }
}