hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add more defaultAdditionalTaintSteps

Browse Source
This commit is contained in:
Alex Ford
2021-06-23 16:09:25 +01:00
parent 6e5665da8c
commit 957b29b5af
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ql/src/codeql_ruby/dataflow/internal/TaintTrackingPrivate.qll
View File

@@ -15,9 +15,23 @@ predicate defaultTaintSanitizer(DataFlow::Node node) { none() }
*/
cached
predicate defaultAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
// operation involving `nodeFrom`
exists(CfgNodes::ExprNodes::OperationCfgNode op |
op = nodeTo.asExpr() and
op.getAnOperand() = nodeFrom.asExpr() and
not op.getExpr() instanceof AssignExpr
)
or
// string interpolation of `nodeFrom` into `nodeTo`
exists(CfgNodes::ExprNodes::StringlikeLiteralCfgNode lit, StringInterpolationComponent sic |
lit = nodeTo.asExpr() and
sic = lit.getExpr().getComponent(_) and
sic.getAStmt() = nodeFrom.asExpr().getExpr()
)
or
// element reference from nodeFrom
exists(CfgNodes::ExprNodes::ElementReferenceCfgNode ref |
ref = nodeTo.asExpr() and
ref.getExpr().getReceiver() = nodeFrom.asExpr().getExpr()
)
}