Review suggestions - rename sink class and add barrier out

2026-04-20 22:44:52 +02:00 · 2024-04-10 10:17:19 +01:00
parent c2d771b334
commit 976ca48317
2 changed files with 5 additions and 6 deletions
--- a/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll
@@ -806,8 +806,8 @@ private module MassAssignmentSinks {
  }

  /** A call to a method that sets attributes of an database record using a hash. */
-  private class MassAssignmentCall extends MassAssignment::Sink {
-    MassAssignmentCall() {
+  private class MassAssignmentSink extends MassAssignment::Sink {
+    MassAssignmentSink() {
      exists(DataFlow::CallNode call, string name | massAssignmentCall(call, name) |
        name =
          [
--- a/ruby/ql/lib/codeql/ruby/security/MassAssignmentQuery.qll
+++ b/ruby/ql/lib/codeql/ruby/security/MassAssignmentQuery.qll
@@ -43,10 +43,9 @@ private module Config implements DataFlow::StateConfigSig {
    state instanceof FlowState::Permitted
  }

-  predicate isBarrierIn(DataFlow::Node node, FlowState state) {
-    node instanceof MassAssignment::Source and
-    state instanceof FlowState::Unpermitted
-  }
+  predicate isBarrierIn(DataFlow::Node node, FlowState state) { isSource(node, state) }
+
+  predicate isBarrierOut(DataFlow::Node node, FlowState state) { isSink(node, state) }

  predicate isBarrier(DataFlow::Node node) { node instanceof MassAssignment::Sanitizer }