hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: update use of PostUpdateNode now that it's public

Browse Source
This commit is contained in:
Nick Rolfe
2022-04-20 12:08:41 +01:00
parent 9b6e610e24
commit 9b2a98326c
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ruby/ql/src/queries/security/cwe-116/IncompleteSanitization.ql
View File

@@ -104,7 +104,7 @@ predicate allBackslashesEscaped(DataFlow::Node node) {
allBackslashesEscaped(node.getAPredecessor())
or
// general data flow from a (destructive) [g]sub!
exists(DataFlowPrivate::PostUpdateNode post, StringSubstitutionCall sub |
exists(DataFlow::PostUpdateNode post, StringSubstitutionCall sub |
sub.isDestructive() and
allBackslashesEscaped(sub) and
post.getPreUpdateNode() = sub.getReceiver() and
@@ -135,7 +135,7 @@ DataFlow::CallNode getAMethodCall(StringSubstitutionCall call) {
// for a destructive string substitution, is there flow from its
// post-update receiver to the receiver of another method call?
call.isDestructive() and
exists(DataFlowPrivate::PostUpdateNode post | post.getPreUpdateNode() = call.getReceiver() |
exists(DataFlow::PostUpdateNode post | post.getPreUpdateNode() = call.getReceiver() |
post.(DataFlow::LocalSourceNode).flowsTo(receiver)
)
)