hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Limit findings to just those called in Controllers

Browse Source
This commit is contained in:
thiggy1342
2022-06-21 21:27:18 +00:00
committed by GitHub
parent ecb2114b7b
commit 990747cd22
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql
View File

@@ -23,6 +23,10 @@ class HttpVerbMethod extends MethodCall {
}
}
class ControllerClass extends ModuleBase {
ControllerClass() { this.getModule().getSuperClass+().toString() = "ApplicationController" }
}
class CheckRequestMethodFromEnv extends DataFlow::CallNode {
CheckRequestMethodFromEnv() {
// is this node an instance of `env["REQUEST_METHOD"]
@@ -78,7 +82,10 @@ class CheckHeadRequest extends MethodCall {
from CheckRequestMethodFromEnv env, AstNode node
where
node instanceof HttpVerbMethod or
node = env.asExpr().getExpr()
(
node instanceof HttpVerbMethod or
node = env.asExpr().getExpr()
) and
node.getEnclosingModule() instanceof ControllerClass
select node,
"Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods."