hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update names and qldoc for params taint predicates

Browse Source
This commit is contained in:
Joe Farebrother
2024-03-15 14:43:29 +00:00
parent e7b00a7b42
commit 8c5fff2d11
1 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
View File

@@ -506,8 +506,8 @@ private module ParamsSummaries {
]
}
/** Gets a field of an instance of `ActionController::Parameters` */
private DataFlow::LocalSourceNode paramsField() {
/** Gets a node that may be tainted from an `ActionController::Parameters` instance, through field accesses and hash/array element reads. */
private DataFlow::LocalSourceNode taintFromParamsBase() {
result =
[
paramsInstance(),
@@ -515,16 +515,16 @@ private module ParamsSummaries {
]
}
private DataFlow::LocalSourceNode paramsFieldType(TypeTracker t) {
private DataFlow::LocalSourceNode taintFromParamsType(TypeTracker t) {
t.start() and
result = paramsField()
result = taintFromParamsBase()
or
exists(TypeTracker t2 | result = paramsFieldType(t2).track(t2, t))
exists(TypeTracker t2 | result = taintFromParamsType(t2).track(t2, t))
}
/** Gets a node with a type that can be a field of `ActionController::Parameters` */
private DataFlow::LocalSourceNode paramsFieldType() {
paramsFieldType(TypeTracker::end()).flowsTo(result)
/** Gets a node with a type that may be tainted from an `ActionController::Parameters` instance. */
private DataFlow::LocalSourceNode taintFromParamsType() {
taintFromParamsType(TypeTracker::end()).flowsTo(result)
}
/**
@@ -602,7 +602,7 @@ private module ParamsSummaries {
override MethodCall getACall() {
result =
paramsFieldType()
taintFromParamsType()
.getAMethodCall(["original_filename", "content_type", "headers"])
.asExpr()
.getExpr() and
@@ -622,7 +622,7 @@ private module ParamsSummaries {
UploadedFileReadSummary() { this = "ActionDispatch::Http::UploadedFile#read" }
override MethodCall getACall() {
result = paramsFieldType().getAMethodCall("read").asExpr().getExpr() and
result = taintFromParamsType().getAMethodCall("read").asExpr().getExpr() and
result.getNumberOfArguments() in [0 .. 2]
}