Add fixes and suggestions

2026-04-25 08:45:14 +02:00 · 2023-12-18 12:20:32 +01:00
parent d8aa0e2d7e
commit 8b2accca83
2 changed files with 6 additions and 18 deletions
--- a/ruby/ql/lib/codeql/ruby/security/InsecureRandomnessCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/InsecureRandomnessCustomizations.qll
@@ -1,6 +1,6 @@
 /**
- * Provides default sources, sinks, and sanitizers for reasoning about bypass of
- * sensitive action guards, as well as extension points for adding your own.
+ * Provides default sources, sinks, and sanitizers for reasoning about random values that 
+ * are not cryptographically secure, as well as extension points for adding your own.
 */

 private import codeql.ruby.CFG
@@ -9,10 +9,11 @@ private import codeql.ruby.DataFlow
 private import codeql.ruby.security.SensitiveActions
 private import codeql.ruby.Concepts
 private import codeql.ruby.ApiGraphs
+import codeql.ruby.frameworks.core.Kernel

 /**
- * Provides default sources, sinks, and sanitizers for reasoning about bypass of
- * sensitive action guards, as well as extension points for adding your own.
+ * Provides default sources, sinks, and sanitizers for reasoning about random values that 
+ * are not cryptographically secure, as well as extension points for adding your own.
 */
 module InsecureRandomness {
  /**
@@ -42,6 +43,7 @@ module InsecureRandomness {
        this.getReceiver().asExpr().getExpr() instanceof SelfVariableAccess and
        super.getMethodName() = "rand"
      )
+      or this.(Kernel::KernelMethodCall).getMethodName() = "rand"
    }
  }

--- a/ruby/ql/lib/codeql/ruby/security/InsecureRandomnessQuery.qll
+++ b/ruby/ql/lib/codeql/ruby/security/InsecureRandomnessQuery.qll
@@ -7,20 +7,6 @@ private import codeql.ruby.DataFlow
 private import codeql.ruby.TaintTracking
 import InsecureRandomnessCustomizations::InsecureRandomness

-/**
- * A taint-tracking configuration for detecting Insecure Randomness vulnerabilities.
- * DEPRECATED: Use `InsecureRandomnessFlow`
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "InsecureRandomnessConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 private module InsecureRandomnessConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) { source instanceof Source }