hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: Bugfix after HTTP::Client::Request change

Browse Source 
I guess this is not 100% accurate any longer since the base class is
only a `DataFlow::Node` now... I guess we could make it a
`DataFlow::CallNode` in the Concept definition.
This commit is contained in:
Rasmus Wriedt Larsen
2022-08-19 16:25:47 +02:00
parent 9eda630965
commit 9790594984
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ruby/ql/lib/codeql/ruby/security/InsecureDownloadCustomizations.qll
View File

@@ -143,7 +143,7 @@ module InsecureDownload {
hasUnsafeExtension(req.getAUrlPart().asExpr().getConstantValue().getString())
}
override DataFlow::Node getDownloadCall() { result.asExpr().getExpr() = req }
override DataFlow::Node getDownloadCall() { result = req }
override DataFlow::FlowState getALabel() {
result instanceof Label::SensitiveInsecure
@@ -193,6 +193,6 @@ module InsecureDownload {
override DataFlow::FlowState getALabel() { result instanceof Label::Insecure }
override DataFlow::Node getDownloadCall() { result.asExpr().getExpr() = request }
override DataFlow::Node getDownloadCall() { result = request }
}
}