hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-23 15:55:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: rack - add env['QUERY_STRING'] as an http request input

Browse Source
This commit is contained in:
Alex Ford
2023-06-21 16:32:44 +01:00
parent b6912decc1
commit 9b2cd768e1
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll
View File

@@ -4,6 +4,7 @@
private import codeql.ruby.AST
private import codeql.ruby.ApiGraphs
private import codeql.ruby.Concepts
private import codeql.ruby.DataFlow
private import codeql.ruby.typetracking.TypeTracker
private import Response::Private as RP
@@ -86,4 +87,22 @@ module App {
/** Gets a response returned from this request handler. */
RP::PotentialResponseNode getAResponse() { result = resp }
}
/** A read of the query string via `env['QUERY_STRING']`. */
private class EnvQueryStringRead extends Http::Server::RequestInputAccess::Range {
EnvQueryStringRead() {
exists(RequestHandler handler, DataFlow::ParameterNode env, ConstantValue key |
handler.getEnv() = env
|
this = env.getAnElementRead(key) and
key.isStringlikeValue("QUERY_STRING")
)
}
override string getSourceType() { result = "Rack env" }
override Http::Server::RequestInputKind getKind() {
result = Http::Server::parameterInputKind()
}
}
}