hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

just check string literal

Browse Source
This commit is contained in:
thiggy1342
2022-06-22 02:17:01 +00:00
committed by GitHub
parent c767f241ad
commit 995f365568
1 changed files with 3 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql
View File

@@ -28,14 +28,9 @@ class CheckGetFromEnv extends AstNode {
CheckGetFromEnv() {
// is this node an instance of `env["REQUEST_METHOD"]
this instanceof GetRequestMethodFromEnv and
(
// and is this node a param of a call to `.include?`
exists(MethodCall call | call.getAnArgument() = this | call.getMethodName() = "include?")
or
// check if env["REQUEST_METHOD"] is compared to GET
exists(EqualityOperation eq | eq.getAChild() = this |
eq.getAChild().(StringLiteral).toString() = "GET"
)
// check if env["REQUEST_METHOD"] is compared to GET
exists(EqualityOperation eq | eq.getAChild() = this |
eq.getAChild().(StringLiteral).toString() = "GET"
)
}
}