hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10312 from erik-krogh/fix-caseDiff

Browse Source 
ensure consistent casing of names
This commit is contained in:
Erik Krogh Kristensen
2022-09-19 10:43:12 +02:00
committed by GitHub
parent b48808778f 03a325ca31
commit a4cd913aea
234 changed files with 727 additions and 654 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ruby/ql/lib/change-notes/2022-09-12-uppercase.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: deprecated
---
* Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.

7
ruby/ql/lib/codeql/ruby/Concepts.qll
View File

@@ -222,7 +222,7 @@ class HtmlEscaping extends Escaping {
}
/** Provides classes for modeling HTTP-related APIs. */
module HTTP {
module Http {
/** Provides classes for modeling HTTP servers. */
module Server {
/**
@@ -465,7 +465,7 @@ module HTTP {
* Extend this class to model new APIs. If you want to refine existing API models,
* extend `HttpResponse` instead.
*/
abstract class Range extends HTTP::Server::HttpResponse::Range {
abstract class Range extends Http::Server::HttpResponse::Range {
/** Gets the data-flow node that specifies the location of this HTTP redirect response. */
abstract DataFlow::Node getRedirectLocation();
}
@@ -550,6 +550,9 @@ module HTTP {
}
}
/** DEPRECATED: Alias for Http */
deprecated module HTTP = Http;
/**
* A data flow node that executes an operating system command,
* for instance by spawning a new process.

8
ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
View File

@@ -46,7 +46,7 @@ class ActionControllerControllerClass extends ClassDeclaration {
* A public instance method defined within an `ActionController` controller class.
* This may be the target of a route handler, if such a route is defined.
*/
class ActionControllerActionMethod extends Method, HTTP::Server::RequestHandler::Range {
class ActionControllerActionMethod extends Method, Http::Server::RequestHandler::Range {
private ActionControllerControllerClass controllerClass;
ActionControllerActionMethod() { this = controllerClass.getAMethod() and not this.isPrivate() }
@@ -126,7 +126,7 @@ abstract class ParamsCall extends MethodCall {
* A `RemoteFlowSource::Range` to represent accessing the
* ActionController parameters available via the `params` method.
*/
class ParamsSource extends HTTP::Server::RequestInputAccess::Range {
class ParamsSource extends Http::Server::RequestInputAccess::Range {
ParamsSource() { this.asExpr().getExpr() instanceof ParamsCall }
override string getSourceType() { result = "ActionController::Metal#params" }
@@ -143,7 +143,7 @@ abstract class CookiesCall extends MethodCall {
* A `RemoteFlowSource::Range` to represent accessing the
* ActionController parameters available via the `cookies` method.
*/
class CookiesSource extends HTTP::Server::RequestInputAccess::Range {
class CookiesSource extends Http::Server::RequestInputAccess::Range {
CookiesSource() { this.asExpr().getExpr() instanceof CookiesCall }
override string getSourceType() { result = "ActionController::Metal#cookies" }
@@ -211,7 +211,7 @@ class RedirectToCall extends ActionControllerContextCall {
/**
* A call to the `redirect_to` method, as an `HttpRedirectResponse`.
*/
class ActionControllerRedirectResponse extends HTTP::Server::HttpRedirectResponse::Range {
class ActionControllerRedirectResponse extends Http::Server::HttpRedirectResponse::Range {
RedirectToCall redirectToCall;
ActionControllerRedirectResponse() { this.asExpr().getExpr() = redirectToCall }

2
ruby/ql/lib/codeql/ruby/frameworks/ActionView.qll
View File

@@ -127,7 +127,7 @@ abstract class RenderCall extends MethodCall {
* A call to `render`, `render_to_body` or `render_to_string`, seen as an
* `HttpResponse`.
*/
private class RenderCallAsHttpResponse extends DataFlow::CallNode, HTTP::Server::HttpResponse::Range {
private class RenderCallAsHttpResponse extends DataFlow::CallNode, Http::Server::HttpResponse::Range {
RenderCallAsHttpResponse() {
this.asExpr().getExpr() instanceof RenderCall or
this.asExpr().getExpr() instanceof RenderToCall

4
ruby/ql/lib/codeql/ruby/frameworks/ActiveResource.qll
View File

@@ -215,7 +215,7 @@ module ActiveResource {
Collection getCollection() { result = this.getReceiver() }
}
private class ModelClassMethodCallAsHttpRequest extends HTTP::Client::Request::Range,
private class ModelClassMethodCallAsHttpRequest extends Http::Client::Request::Range,
ModelClassMethodCall {
ModelClass cls;
@@ -239,7 +239,7 @@ module ActiveResource {
override DataFlow::Node getResponseBody() { result = this }
}
private class ModelInstanceMethodCallAsHttpRequest extends HTTP::Client::Request::Range,
private class ModelInstanceMethodCallAsHttpRequest extends Http::Client::Request::Range,
ModelInstanceMethodCall {
ModelClass cls;

6
ruby/ql/lib/codeql/ruby/frameworks/GraphQL.qll
View File

@@ -164,7 +164,7 @@ private class GraphqlResolvableClass extends ClassDeclaration {
* end
* ```
*/
class GraphqlResolveMethod extends Method, HTTP::Server::RequestHandler::Range {
class GraphqlResolveMethod extends Method, Http::Server::RequestHandler::Range {
private GraphqlResolvableClass resolvableClass;
GraphqlResolveMethod() { this = resolvableClass.getMethod("resolve") }
@@ -208,7 +208,7 @@ class GraphqlResolveMethod extends Method, HTTP::Server::RequestHandler::Range {
* end
* ```
*/
class GraphqlLoadMethod extends Method, HTTP::Server::RequestHandler::Range {
class GraphqlLoadMethod extends Method, Http::Server::RequestHandler::Range {
private GraphqlResolvableClass resolvableClass;
GraphqlLoadMethod() {
@@ -340,7 +340,7 @@ private class GraphqlFieldArgumentDefinitionMethodCall extends GraphqlSchemaObje
* end
* ```
*/
class GraphqlFieldResolutionMethod extends Method, HTTP::Server::RequestHandler::Range {
class GraphqlFieldResolutionMethod extends Method, Http::Server::RequestHandler::Range {
private GraphqlSchemaObjectClass schemaObjectClass;
GraphqlFieldResolutionMethod() {

2
ruby/ql/lib/codeql/ruby/frameworks/http_clients/Excon.qll
View File

@@ -24,7 +24,7 @@ private import codeql.ruby.dataflow.internal.DataFlowImplForHttpClientLibraries
* TODO: pipelining, streaming responses
* https://github.com/excon/excon/blob/master/README.md
*/
class ExconHttpRequest extends HTTP::Client::Request::Range, DataFlow::CallNode {
class ExconHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode {
API::Node requestNode;
API::Node connectionNode;
DataFlow::Node connectionUse;

2
ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll
View File

@@ -23,7 +23,7 @@ private import codeql.ruby.dataflow.internal.DataFlowImplForHttpClientLibraries
* connection.get("/").body
* ```
*/
class FaradayHttpRequest extends HTTP::Client::Request::Range, DataFlow::CallNode {
class FaradayHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode {
API::Node requestNode;
API::Node connectionNode;
DataFlow::Node connectionUse;

2
ruby/ql/lib/codeql/ruby/frameworks/http_clients/HttpClient.qll
View File

@@ -15,7 +15,7 @@ private import codeql.ruby.dataflow.internal.DataFlowImplForHttpClientLibraries
* HTTPClient.get_content("http://example.com")
* ```
*/
class HttpClientRequest extends HTTP::Client::Request::Range, DataFlow::CallNode {
class HttpClientRequest extends Http::Client::Request::Range, DataFlow::CallNode {
API::Node requestNode;
API::Node connectionNode;
string method;

2
ruby/ql/lib/codeql/ruby/frameworks/http_clients/Httparty.qll
View File

@@ -24,7 +24,7 @@ private import codeql.ruby.dataflow.internal.DataFlowImplForHttpClientLibraries
* MyClass.new("http://example.com")
* ```
*/
class HttpartyRequest extends HTTP::Client::Request::Range, DataFlow::CallNode {
class HttpartyRequest extends Http::Client::Request::Range, DataFlow::CallNode {
API::Node requestNode;
HttpartyRequest() {

2
ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll
View File

@@ -19,7 +19,7 @@ private import codeql.ruby.dataflow.internal.DataFlowImplForHttpClientLibraries
* response = req.get("/")
* ```
*/
class NetHttpRequest extends HTTP::Client::Request::Range, DataFlow::CallNode {
class NetHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode {
private DataFlow::CallNode request;
private DataFlow::Node responseBody;
private API::Node requestNode;

4
ruby/ql/lib/codeql/ruby/frameworks/http_clients/OpenURI.qll
View File

@@ -19,7 +19,7 @@ private import codeql.ruby.dataflow.internal.DataFlowImplForHttpClientLibraries
* URI.parse("http://example.com").open.read
* ```
*/
class OpenUriRequest extends HTTP::Client::Request::Range, DataFlow::CallNode {
class OpenUriRequest extends Http::Client::Request::Range, DataFlow::CallNode {
API::Node requestNode;
OpenUriRequest() {
@@ -61,7 +61,7 @@ class OpenUriRequest extends HTTP::Client::Request::Range, DataFlow::CallNode {
* Kernel.open("http://example.com").read
* ```
*/
class OpenUriKernelOpenRequest extends HTTP::Client::Request::Range, DataFlow::CallNode {
class OpenUriKernelOpenRequest extends Http::Client::Request::Range, DataFlow::CallNode {
OpenUriKernelOpenRequest() {
this instanceof KernelMethodCall and
this.getMethodName() = "open"

2
ruby/ql/lib/codeql/ruby/frameworks/http_clients/RestClient.qll
View File

@@ -17,7 +17,7 @@ private import codeql.ruby.dataflow.internal.DataFlowImplForHttpClientLibraries
* RestClient::Request.execute(url: "http://example.com").body
* ```
*/
class RestClientHttpRequest extends HTTP::Client::Request::Range, DataFlow::CallNode {
class RestClientHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode {
API::Node requestNode;
API::Node connectionNode;

2
ruby/ql/lib/codeql/ruby/frameworks/http_clients/Typhoeus.qll
View File

@@ -15,7 +15,7 @@ private import codeql.ruby.dataflow.internal.DataFlowImplForHttpClientLibraries
* Typhoeus.get("http://example.com").body
* ```
*/
class TyphoeusHttpRequest extends HTTP::Client::Request::Range, DataFlow::CallNode {
class TyphoeusHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode {
API::Node requestNode;
TyphoeusHttpRequest() {

4
ruby/ql/lib/codeql/ruby/security/HttpToFileAccessSpecific.qll
View File

@@ -12,10 +12,10 @@ private import HttpToFileAccessCustomizations::HttpToFileAccess
/**
* An access to a user-controlled HTTP request input, considered as a flow source for writing user-controlled data to files
*/
private class RequestInputAccessAsSource extends Source instanceof HTTP::Server::RequestInputAccess {
private class RequestInputAccessAsSource extends Source instanceof Http::Server::RequestInputAccess {
}
/** A response from an outgoing HTTP request, considered as a flow source for writing user-controlled data to files. */
private class HttpResponseAsSource extends Source {
HttpResponseAsSource() { this = any(HTTP::Client::Request r).getResponseBody() }
HttpResponseAsSource() { this = any(Http::Client::Request r).getResponseBody() }
}

6
ruby/ql/lib/codeql/ruby/security/InsecureDownloadCustomizations.qll
View File

@@ -135,7 +135,7 @@ module InsecureDownload {
* In other words, if the URL is HTTP and the extension is in `unsafeExtension()`.
*/
private class HttpResponseAsSink extends Sink {
private HTTP::Client::Request req;
private Http::Client::Request req;
HttpResponseAsSink() {
this = req.getAUrlPart() and
@@ -155,7 +155,7 @@ module InsecureDownload {
/**
* Gets a node for the response from `request`, type-tracked using `t`.
*/
DataFlow::LocalSourceNode clientRequestResponse(TypeTracker t, HTTP::Client::Request request) {
DataFlow::LocalSourceNode clientRequestResponse(TypeTracker t, Http::Client::Request request) {
t.start() and
result = request.getResponseBody()
or
@@ -166,7 +166,7 @@ module InsecureDownload {
* A url that is downloaded through an insecure connection, where the result ends up being saved to a sensitive location.
*/
class FileWriteSink extends Sink {
HTTP::Client::Request request;
Http::Client::Request request;
FileWriteSink() {
// For example, in:

2
ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll
View File

@@ -45,7 +45,7 @@ module ServerSideRequestForgery {
/** The URL of an HTTP request, considered as a sink. */
class HttpRequestAsSink extends Sink {
HttpRequestAsSink() { exists(HTTP::Client::Request req | req.getAUrlPart() = this) }
HttpRequestAsSink() { exists(Http::Client::Request req | req.getAUrlPart() = this) }
}
/** A string interpolation with a fixed prefix, considered as a flow sanitizer. */

2
ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll
View File

@@ -57,7 +57,7 @@ module UrlRedirect {
*/
class RedirectLocationAsSink extends Sink {
RedirectLocationAsSink() {
exists(HTTP::Server::HttpRedirectResponse e, MethodBase method |
exists(Http::Server::HttpRedirectResponse e, MethodBase method |
this = e.getRedirectLocation() and
// We only want handlers for GET requests.
// Handlers for other HTTP methods are not as vulnerable to URL

2
ruby/ql/src/queries/security/cwe-295/RequestWithoutValidation.ql
View File

@@ -16,7 +16,7 @@ import codeql.ruby.Concepts
import codeql.ruby.DataFlow
from
HTTP::Client::Request request, DataFlow::Node disablingNode, DataFlow::Node origin, string ending
Http::Client::Request request, DataFlow::Node disablingNode, DataFlow::Node origin, string ending
where
request.disablesCertificateValidation(disablingNode, origin) and
// Showing the origin is only useful when it's a different node than the one disabling

2
ruby/ql/test/library-tests/frameworks/ActionView.ql
View File

@@ -13,6 +13,6 @@ query predicate renderToCalls(RenderToCall c) { any() }
query predicate linkToCalls(LinkToCall c) { any() }
query predicate httpResponses(HTTP::Server::HttpResponse r, DataFlow::Node body, string mimeType) {
query predicate httpResponses(Http::Server::HttpResponse r, DataFlow::Node body, string mimeType) {
r.getBody() = body and r.getMimetype() = mimeType
}

2
ruby/ql/test/library-tests/frameworks/http_clients/HttpClients.ql
View File

@@ -2,7 +2,7 @@ import codeql.ruby.Concepts
import codeql.ruby.DataFlow
query predicate httpRequests(
HTTP::Client::Request r, string framework, DataFlow::Node urlPart, DataFlow::Node responseBody
Http::Client::Request r, string framework, DataFlow::Node urlPart, DataFlow::Node responseBody
) {
r.getFramework() = framework and
r.getAUrlPart() = urlPart and