Ruby: rack - remove PotentialResponseNode#getAStatusCode

2026-04-25 00:35:20 +02:00 · 2023-06-13 12:42:46 +01:00
parent af1ca7fec7
commit 977ceb89fd
3 changed files with 4 additions and 30 deletions
--- a/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/Response.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/Response.qll
@@ -12,25 +12,11 @@ private import App as A

 /** Contains implementation details for modeling `Rack::Response`. */
 module Private {
-  private DataFlow::LocalSourceNode trackInt(TypeTracker t, int i) {
-    t.start() and
-    result.getConstantValue().isInt(i)
-    or
-    exists(TypeTracker t2 | result = trackInt(t2, i).track(t2, t))
-  }
-
-  private DataFlow::Node trackInt(int i) { trackInt(TypeTracker::end(), i).flowsTo(result) }
-
  /** A `DataFlow::Node` that may be a rack response. This is detected heuristically, if something "looks like" a rack response syntactically then we consider it to be a potential response node. */
  class PotentialResponseNode extends DataFlow::ArrayLiteralNode {
    // [status, headers, body]
    PotentialResponseNode() { this.getNumberOfArguments() = 3 }

-    /**
-     * Gets an HTTP status code that may be returned in this response.
-     */
-    int getAStatusCode() { this.getElement(0) = trackInt(result) }
-
    /** Gets the headers returned with this response. */
    DataFlow::Node getHeaders() { result = this.getElement(1) }

@@ -87,8 +73,10 @@ module Public {

  /** A `DataFlow::Node` returned from a rack request that has a redirect HTTP status code. */
  class RedirectResponse extends ResponseNode, Http::Server::HttpRedirectResponse::Range {
-    RedirectResponse() { this.getAStatusCode() = [300, 301, 302, 303, 307, 308] }
+    private DataFlow::Node redirectLocation;

-    override DataFlow::Node getRedirectLocation() { result = getHeaderValue(this, "location") }
+    RedirectResponse() { redirectLocation = getHeaderValue(this, "location") }
+
+    override DataFlow::Node getRedirectLocation() { result = redirectLocation }
  }
 }
--- a/ruby/ql/test/library-tests/frameworks/rack/Rack.expected
+++ b/ruby/ql/test/library-tests/frameworks/rack/Rack.expected
@@ -4,14 +4,6 @@ rackApps
 | rack.rb:24:1:37:3 | Logger | rack.rb:30:12:30:14 | env |
 | rack.rb:39:1:45:3 | Redirector | rack.rb:40:12:40:14 | env |
 | rack.rb:59:1:75:3 | Baz | rack.rb:60:12:60:14 | env |
-rackResponseStatusCodes
-| rack.rb:8:5:8:38 | call to [] | 200 |
-| rack.rb:8:5:8:38 | call to [] | 500 |
-| rack.rb:20:5:20:27 | call to [] | <unknown> |
-| rack.rb:35:5:35:26 | call to [] | <unknown> |
-| rack.rb:43:5:43:45 | call to [] | 302 |
-| rack.rb:66:7:66:22 | call to [] | 200 |
-| rack.rb:73:5:73:21 | call to [] | 400 |
 rackResponseContentTypes
 | rack.rb:8:5:8:38 | call to [] | rack.rb:7:34:7:45 | "text/plain" |
 | rack.rb:20:5:20:27 | call to [] | rack.rb:19:28:19:54 | call to mime_type |
--- a/ruby/ql/test/library-tests/frameworks/rack/Rack.ql
+++ b/ruby/ql/test/library-tests/frameworks/rack/Rack.ql
@@ -6,12 +6,6 @@ query predicate rackApps(Rack::App::AppCandidate c, DataFlow::ParameterNode env)
  env = c.getEnv()
 }

-query predicate rackResponseStatusCodes(Rack::Response::ResponseNode resp, string status) {
-  if exists(resp.getAStatusCode())
-  then status = resp.getAStatusCode().toString()
-  else status = "<unknown>"
-}
-
 query predicate rackResponseContentTypes(
  Rack::Response::ResponseNode resp, DataFlow::Node contentType
 ) {