Ruby: client request: getUrl => getAUrlPart

This is a port of the same change in Python from f8fc583af3 The description of that commit was: > I think `getUrl` is a bit too misleading, since from the name, I would > only ever expect ONE result for one request being made. > > `getAUrlPart` captures that there could be multiple results, and that > they might not constitute a whole URl. > > Which is the same naming I used when I tried to model this a long time ago > a80860cdc6/python/ql/lib/semmle/python/web/Http.qll (L102-L111)
2026-05-05 13:45:19 +02:00 · 2022-03-09 14:41:07 +01:00
parent ea065b7d8a
commit 9c2fc1b415
10 changed files with 17 additions and 17 deletions
--- a/ruby/ql/lib/codeql/ruby/Concepts.qll
+++ b/ruby/ql/lib/codeql/ruby/Concepts.qll
@@ -485,10 +485,10 @@ module HTTP {
      DataFlow::Node getResponseBody() { result = super.getResponseBody() }

      /**
-       * Gets a node that contributes to the URL of the request.
+       * Gets a data-flow node that contributes to the URL of the request.
       * Depending on the framework, a request may have multiple nodes which contribute to the URL.
       */
-      DataFlow::Node getURL() { result = super.getURL() }
+      DataFlow::Node getAUrlPart() { result = super.getAUrlPart() }

      /** Gets a string that identifies the framework used for this request. */
      string getFramework() { result = super.getFramework() }
@@ -515,11 +515,11 @@ module HTTP {
        /** Gets a node which returns the body of the response */
        abstract DataFlow::Node getResponseBody();

-        /**
-         * Gets a node that contributes to the URL of the request.
-         * Depending on the framework, a request may have multiple nodes which contribute to the URL.
-         */
-        abstract DataFlow::Node getURL();
+      /**
+       * Gets a data-flow node that contributes to the URL of the request.
+       * Depending on the framework, a request may have multiple nodes which contribute to the URL.
+       */
+        abstract DataFlow::Node getAUrlPart();

        /** Gets a string that identifies the framework used for this request. */
        abstract string getFramework();
--- a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Excon.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Excon.qll
@@ -52,7 +52,7 @@ class ExconHttpRequest extends HTTP::Client::Request::Range {

  override DataFlow::Node getResponseBody() { result = requestNode.getAMethodCall("body") }

-  override DataFlow::Node getURL() {
+  override DataFlow::Node getAUrlPart() {
    // For one-off requests, the URL is in the first argument of the request method call.
    // For connection re-use, the URL is split between the first argument of the `new` call
    // and the `path` keyword argument of the request method call.
--- a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll
@@ -45,7 +45,7 @@ class FaradayHttpRequest extends HTTP::Client::Request::Range {

  override DataFlow::Node getResponseBody() { result = requestNode.getAMethodCall("body") }

-  override DataFlow::Node getURL() {
+  override DataFlow::Node getAUrlPart() {
    result = requestUse.getArgument(0) or
    result = connectionUse.(DataFlow::CallNode).getArgument(0) or
    result = connectionUse.(DataFlow::CallNode).getKeywordArgument("url")
--- a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/HttpClient.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/HttpClient.qll
@@ -36,7 +36,7 @@ class HttpClientRequest extends HTTP::Client::Request::Range {
    this = requestUse.asExpr().getExpr()
  }

-  override DataFlow::Node getURL() { result = requestUse.getArgument(0) }
+  override DataFlow::Node getAUrlPart() { result = requestUse.getArgument(0) }

  override DataFlow::Node getResponseBody() {
    // The `get_content` and `post_content` methods return the response body as
--- a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Httparty.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Httparty.qll
@@ -35,7 +35,7 @@ class HttpartyRequest extends HTTP::Client::Request::Range {
    this = requestUse.asExpr().getExpr()
  }

-  override DataFlow::Node getURL() { result = requestUse.getArgument(0) }
+  override DataFlow::Node getAUrlPart() { result = requestUse.getArgument(0) }

  override DataFlow::Node getResponseBody() {
    // If HTTParty can recognise the response type, it will parse and return it
--- a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll
@@ -51,7 +51,7 @@ class NetHttpRequest extends HTTP::Client::Request::Range {
   * Gets the node representing the URL of the request.
   * Currently unused, but may be useful in future, e.g. to filter out certain requests.
   */
-  override DataFlow::Node getURL() { result = request.getArgument(0) }
+  override DataFlow::Node getAUrlPart() { result = request.getArgument(0) }

  override DataFlow::Node getResponseBody() { result = responseBody }

--- a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/OpenURI.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/OpenURI.qll
@@ -32,7 +32,7 @@ class OpenUriRequest extends HTTP::Client::Request::Range {
    this = requestUse.asExpr().getExpr()
  }

-  override DataFlow::Node getURL() { result = requestUse.getArgument(0) }
+  override DataFlow::Node getAUrlPart() { result = requestUse.getArgument(0) }

  override DataFlow::Node getResponseBody() {
    result = requestNode.getAMethodCall(["read", "readlines"])
@@ -65,7 +65,7 @@ class OpenUriKernelOpenRequest extends HTTP::Client::Request::Range {
    this = requestUse.asExpr().getExpr()
  }

-  override DataFlow::Node getURL() { result = requestUse.getArgument(0) }
+  override DataFlow::Node getAUrlPart() { result = requestUse.getArgument(0) }

  override DataFlow::CallNode getResponseBody() {
    result.asExpr().getExpr().(MethodCall).getMethodName() in ["read", "readlines"] and
--- a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/RestClient.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/RestClient.qll
@@ -38,7 +38,7 @@ class RestClientHttpRequest extends HTTP::Client::Request::Range {
    )
  }

-  override DataFlow::Node getURL() {
+  override DataFlow::Node getAUrlPart() {
    result = requestUse.getKeywordArgument("url")
    or
    result = requestUse.getArgument(0) and
--- a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Typhoeus.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Typhoeus.qll
@@ -26,7 +26,7 @@ class TyphoeusHttpRequest extends HTTP::Client::Request::Range {
    this = requestUse.asExpr().getExpr()
  }

-  override DataFlow::Node getURL() { result = requestUse.getArgument(0) }
+  override DataFlow::Node getAUrlPart() { result = requestUse.getArgument(0) }

  override DataFlow::Node getResponseBody() { result = requestNode.getAMethodCall("body") }

--- a/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll
@@ -43,7 +43,7 @@ module ServerSideRequestForgery {

  /** The URL of an HTTP request, considered as a sink. */
  class HttpRequestAsSink extends Sink {
-    HttpRequestAsSink() { exists(HTTP::Client::Request req | req.getURL() = this) }
+    HttpRequestAsSink() { exists(HTTP::Client::Request req | req.getAUrlPart() = this) }
  }

  /** A string interpolation with a fixed prefix, considered as a flow sanitizer. */