hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

changes based on review

Browse Source
This commit is contained in:
erik-krogh
2022-10-11 09:30:18 +02:00
parent 186205bd4b
commit 9fe18e5d73
1 changed files with 19 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
ruby/ql/lib/codeql/ruby/security/KernelOpenQuery.qll
View File

@@ -1,5 +1,5 @@
/**
* Provides a utility classes and predicates for queries reasoning about Kernel.open and related methods.
* Provides utility classes and predicates for reasoning about `Kernel.open` and related methods.
*/
private import codeql.ruby.AST
@@ -9,36 +9,28 @@ private import codeql.ruby.ApiGraphs
private import codeql.ruby.frameworks.core.Kernel::Kernel
/** A call to a method that might access a file or start a process. */
abstract class AmbiguousPathCall extends DataFlow::CallNode {
/** Gets the name for the method being called. */
abstract string getName();
class AmbiguousPathCall extends DataFlow::CallNode {
string name;
/** Gets the name for a safer method that can be used instead. */
abstract string getReplacement();
/** Gets the argument that specifies the path to be accessed. */
abstract DataFlow::Node getPathArgument();
}
private class KernelOpenCall extends KernelMethodCall, AmbiguousPathCall {
KernelOpenCall() { this.getMethodName() = "open" }
override string getName() { result = "Kernel.open" }
override string getReplacement() { result = "File.open" }
override DataFlow::Node getPathArgument() { result = this.getArgument(0) }
}
private class IOReadCall extends DataFlow::CallNode, AmbiguousPathCall {
IOReadCall() {
AmbiguousPathCall() {
this.(KernelMethodCall).getMethodName() = "open" and
name = "Kernel.open"
or
this = API::getTopLevelMember("IO").getAMethodCall("read") and
not this = API::getTopLevelMember("File").getAMethodCall("read") // needed in e.g. opal/opal, where some calls have both paths, but I'm not sure why
not this = API::getTopLevelMember("File").getAMethodCall("read") and // needed in e.g. opal/opal, where some calls have both paths, but I'm not sure why
name = "IO.read"
}
override string getName() { result = "IO.read" }
/** Gets the name for the method being called. */
string getName() { result = name }
override string getReplacement() { result = "File.read" }
/** Gets the name for a safer method that can be used instead. */
string getReplacement() {
result = "File.read" and name = "IO.read"
or
result = "File.open" and name = "Kernel.open"
}
override DataFlow::Node getPathArgument() { result = this.getArgument(0) }
/** Gets the argument that specifies the path to be accessed. */
DataFlow::Node getPathArgument() { result = this.getArgument(0) }
}