mirror of
https://github.com/github/codeql.git
synced 2026-04-30 11:15:13 +02:00
Ruby: Autoformat
This commit is contained in:
Anders Schack-Mulligen
@@ -5,4 +5,3 @@ class AstNode extends @ruby_ast_node {
|
||||
from AstNode ruby_do_block, AstNode body, int index, AstNode child
|
||||
where ruby_do_block_body(ruby_do_block, body) and ruby_body_statement_child(body, index, child)
|
||||
select ruby_do_block, index, child
|
||||
|
||||
|
||||
@@ -5,4 +5,3 @@ class AstNode extends @ruby_ast_node {
|
||||
from AstNode ruby_module, AstNode body, int index, AstNode child
|
||||
where ruby_module_body(ruby_module, body) and ruby_body_statement_child(body, index, child)
|
||||
select ruby_module, index, child
|
||||
|
||||
|
||||
@@ -3,6 +3,7 @@ class AstNode extends @ruby_ast_node {
|
||||
}
|
||||
|
||||
from AstNode ruby_singleton_class, AstNode body, int index, AstNode child
|
||||
where ruby_singleton_class_body(ruby_singleton_class, body) and ruby_body_statement_child(body, index, child)
|
||||
where
|
||||
ruby_singleton_class_body(ruby_singleton_class, body) and
|
||||
ruby_body_statement_child(body, index, child)
|
||||
select ruby_singleton_class, index, child
|
||||
|
||||
|
||||
@@ -212,7 +212,8 @@ module FileSystemWriteAccess {
|
||||
* Extend this class to refine existing API models. If you want to model new APIs,
|
||||
* extend `FileSystemPermissionModification::Range` instead.
|
||||
*/
|
||||
class FileSystemPermissionModification extends DataFlow::Node instanceof FileSystemPermissionModification::Range {
|
||||
class FileSystemPermissionModification extends DataFlow::Node instanceof FileSystemPermissionModification::Range
|
||||
{
|
||||
/**
|
||||
* Gets an argument to this permission modification that is interpreted as a
|
||||
* set of permissions.
|
||||
@@ -468,7 +469,8 @@ module Http {
|
||||
}
|
||||
}
|
||||
|
||||
private class RequestInputAccessAsRemoteFlowSource extends RemoteFlowSource::Range instanceof RequestInputAccess {
|
||||
private class RequestInputAccessAsRemoteFlowSource extends RemoteFlowSource::Range instanceof RequestInputAccess
|
||||
{
|
||||
override string getSourceType() { result = this.(RequestInputAccess).getSourceType() }
|
||||
}
|
||||
|
||||
@@ -957,7 +959,8 @@ module Path {
|
||||
* Extend this class to refine existing API models. If you want to model new APIs,
|
||||
* extend `CookieSecurityConfigurationSetting::Range` instead.
|
||||
*/
|
||||
class CookieSecurityConfigurationSetting extends DataFlow::Node instanceof CookieSecurityConfigurationSetting::Range {
|
||||
class CookieSecurityConfigurationSetting extends DataFlow::Node instanceof CookieSecurityConfigurationSetting::Range
|
||||
{
|
||||
/**
|
||||
* Gets a description of how this cookie setting may weaken application security.
|
||||
* This predicate has no results if the setting is considered to be safe.
|
||||
@@ -1037,7 +1040,8 @@ module Cryptography {
|
||||
* Extend this class to refine existing API models. If you want to model new APIs,
|
||||
* extend `CryptographicOperation::Range` instead.
|
||||
*/
|
||||
class CryptographicOperation extends SC::CryptographicOperation instanceof CryptographicOperation::Range {
|
||||
class CryptographicOperation extends SC::CryptographicOperation instanceof CryptographicOperation::Range
|
||||
{
|
||||
/** DEPRECATED: Use `getAlgorithm().isWeak() or getBlockMode().isWeak()` instead */
|
||||
deprecated predicate isWeak() { super.isWeak() }
|
||||
}
|
||||
|
||||
@@ -199,7 +199,8 @@ class StringTextComponent extends StringComponent instanceof StringTextComponent
|
||||
/**
|
||||
* An escape sequence component of a string or string-like literal.
|
||||
*/
|
||||
class StringEscapeSequenceComponent extends StringComponent instanceof StringEscapeSequenceComponentImpl {
|
||||
class StringEscapeSequenceComponent extends StringComponent instanceof StringEscapeSequenceComponentImpl
|
||||
{
|
||||
final override string getAPrimaryQlClass() { result = "StringEscapeSequenceComponent" }
|
||||
|
||||
/** Gets the text of this component as it appears in the source code. */
|
||||
@@ -209,7 +210,8 @@ class StringEscapeSequenceComponent extends StringComponent instanceof StringEsc
|
||||
/**
|
||||
* An interpolation expression component of a string or string-like literal.
|
||||
*/
|
||||
class StringInterpolationComponent extends StringComponent, StmtSequence instanceof StringInterpolationComponentImpl {
|
||||
class StringInterpolationComponent extends StringComponent, StmtSequence instanceof StringInterpolationComponentImpl
|
||||
{
|
||||
private Ruby::Interpolation g;
|
||||
|
||||
StringInterpolationComponent() { this = TStringInterpolationComponentNonRegexp(g) }
|
||||
@@ -249,14 +251,16 @@ class RegExpTextComponent extends RegExpComponent instanceof RegExpTextComponent
|
||||
/**
|
||||
* An escape sequence component of a regex literal.
|
||||
*/
|
||||
class RegExpEscapeSequenceComponent extends RegExpComponent instanceof RegExpEscapeSequenceComponentImpl {
|
||||
class RegExpEscapeSequenceComponent extends RegExpComponent instanceof RegExpEscapeSequenceComponentImpl
|
||||
{
|
||||
final override string getAPrimaryQlClass() { result = "RegExpEscapeSequenceComponent" }
|
||||
}
|
||||
|
||||
/**
|
||||
* An interpolation expression component of a regex literal.
|
||||
*/
|
||||
class RegExpInterpolationComponent extends RegExpComponent, StmtSequence instanceof RegExpComponentImpl {
|
||||
class RegExpInterpolationComponent extends RegExpComponent, StmtSequence instanceof RegExpComponentImpl
|
||||
{
|
||||
private Ruby::Interpolation g;
|
||||
|
||||
RegExpInterpolationComponent() { this = TStringInterpolationComponentRegexp(g) }
|
||||
|
||||
@@ -85,7 +85,8 @@ deprecated class PatternParameter extends Parameter, Pattern, TPatternParameter
|
||||
* A parameter defined using a tuple pattern.
|
||||
*/
|
||||
deprecated class TuplePatternParameter extends PatternParameter, TuplePattern,
|
||||
TDestructuredParameter {
|
||||
TDestructuredParameter
|
||||
{
|
||||
final override LocalVariable getAVariable() { result = TuplePattern.super.getAVariable() }
|
||||
}
|
||||
|
||||
|
||||
@@ -101,7 +101,8 @@ abstract class DestructuredLhsExprImpl extends Ruby::AstNode {
|
||||
}
|
||||
|
||||
class DestructuredLeftAssignmentImpl extends DestructuredLhsExprImpl,
|
||||
Ruby::DestructuredLeftAssignment {
|
||||
Ruby::DestructuredLeftAssignment
|
||||
{
|
||||
override Ruby::AstNode getChildNode(int i) { result = this.getChild(i) }
|
||||
}
|
||||
|
||||
|
||||
@@ -326,7 +326,8 @@ private string unescapeTextComponent(string text) {
|
||||
}
|
||||
|
||||
class StringTextComponentStringOrHeredocContent extends StringTextComponentImpl,
|
||||
TStringTextComponentNonRegexpStringOrHeredocContent {
|
||||
TStringTextComponentNonRegexpStringOrHeredocContent
|
||||
{
|
||||
private Ruby::Token g;
|
||||
|
||||
StringTextComponentStringOrHeredocContent() {
|
||||
@@ -341,7 +342,8 @@ class StringTextComponentStringOrHeredocContent extends StringTextComponentImpl,
|
||||
}
|
||||
|
||||
private class StringTextComponentSimpleSymbol extends StringTextComponentImpl,
|
||||
TStringTextComponentNonRegexpSimpleSymbol {
|
||||
TStringTextComponentNonRegexpSimpleSymbol
|
||||
{
|
||||
private Ruby::SimpleSymbol g;
|
||||
|
||||
StringTextComponentSimpleSymbol() { this = TStringTextComponentNonRegexpSimpleSymbol(g) }
|
||||
@@ -355,7 +357,8 @@ private class StringTextComponentSimpleSymbol extends StringTextComponentImpl,
|
||||
}
|
||||
|
||||
private class StringTextComponentHashKeySymbol extends StringTextComponentImpl,
|
||||
TStringTextComponentNonRegexpHashKeySymbol {
|
||||
TStringTextComponentNonRegexpHashKeySymbol
|
||||
{
|
||||
private Ruby::HashKeySymbol g;
|
||||
|
||||
StringTextComponentHashKeySymbol() { this = TStringTextComponentNonRegexpHashKeySymbol(g) }
|
||||
@@ -424,7 +427,8 @@ private string unescapeEscapeSequence(string escaped) {
|
||||
* An escape sequence component of a string or string-like literal.
|
||||
*/
|
||||
class StringEscapeSequenceComponentImpl extends StringComponentImpl,
|
||||
TStringEscapeSequenceComponentNonRegexp {
|
||||
TStringEscapeSequenceComponentNonRegexp
|
||||
{
|
||||
private Ruby::EscapeSequence g;
|
||||
|
||||
StringEscapeSequenceComponentImpl() { this = TStringEscapeSequenceComponentNonRegexp(g) }
|
||||
@@ -439,7 +443,8 @@ class StringEscapeSequenceComponentImpl extends StringComponentImpl,
|
||||
}
|
||||
|
||||
class StringInterpolationComponentImpl extends StringComponentImpl,
|
||||
TStringInterpolationComponentNonRegexp {
|
||||
TStringInterpolationComponentNonRegexp
|
||||
{
|
||||
private Ruby::Interpolation g;
|
||||
|
||||
StringInterpolationComponentImpl() { this = TStringInterpolationComponentNonRegexp(g) }
|
||||
@@ -472,7 +477,8 @@ class RegExpTextComponentImpl extends RegExpComponentImpl, TStringTextComponentR
|
||||
}
|
||||
|
||||
class RegExpEscapeSequenceComponentImpl extends RegExpComponentImpl,
|
||||
TStringEscapeSequenceComponentRegexp {
|
||||
TStringEscapeSequenceComponentRegexp
|
||||
{
|
||||
private Ruby::EscapeSequence g;
|
||||
|
||||
RegExpEscapeSequenceComponentImpl() { this = TStringEscapeSequenceComponentRegexp(g) }
|
||||
@@ -488,7 +494,8 @@ class RegExpEscapeSequenceComponentImpl extends RegExpComponentImpl,
|
||||
}
|
||||
|
||||
class RegExpInterpolationComponentImpl extends RegExpComponentImpl,
|
||||
TStringInterpolationComponentRegexp {
|
||||
TStringInterpolationComponentRegexp
|
||||
{
|
||||
private Ruby::Interpolation g;
|
||||
|
||||
RegExpInterpolationComponentImpl() { this = TStringInterpolationComponentRegexp(g) }
|
||||
|
||||
@@ -607,7 +607,8 @@ private class GlobalVariableAccessReal extends GlobalVariableAccessImpl, TGlobal
|
||||
final override string toString() { result = g.getValue() }
|
||||
}
|
||||
|
||||
private class GlobalVariableAccessSynth extends GlobalVariableAccessImpl, TGlobalVariableAccessSynth {
|
||||
private class GlobalVariableAccessSynth extends GlobalVariableAccessImpl, TGlobalVariableAccessSynth
|
||||
{
|
||||
private GlobalVariable v;
|
||||
|
||||
GlobalVariableAccessSynth() { this = TGlobalVariableAccessSynth(_, _, v) }
|
||||
@@ -624,7 +625,8 @@ module InstanceVariableAccess {
|
||||
abstract class InstanceVariableAccessImpl extends VariableAccessImpl, TInstanceVariableAccess { }
|
||||
|
||||
private class InstanceVariableAccessReal extends InstanceVariableAccessImpl,
|
||||
TInstanceVariableAccessReal {
|
||||
TInstanceVariableAccessReal
|
||||
{
|
||||
private Ruby::InstanceVariable g;
|
||||
private InstanceVariable v;
|
||||
|
||||
@@ -636,7 +638,8 @@ private class InstanceVariableAccessReal extends InstanceVariableAccessImpl,
|
||||
}
|
||||
|
||||
private class InstanceVariableAccessSynth extends InstanceVariableAccessImpl,
|
||||
TInstanceVariableAccessSynth {
|
||||
TInstanceVariableAccessSynth
|
||||
{
|
||||
private InstanceVariable v;
|
||||
|
||||
InstanceVariableAccessSynth() { this = TInstanceVariableAccessSynth(_, _, v) }
|
||||
@@ -664,7 +667,8 @@ private class ClassVariableAccessReal extends ClassVariableAccessRealImpl, TClas
|
||||
}
|
||||
|
||||
private class ClassVariableAccessSynth extends ClassVariableAccessRealImpl,
|
||||
TClassVariableAccessSynth {
|
||||
TClassVariableAccessSynth
|
||||
{
|
||||
private ClassVariable v;
|
||||
|
||||
ClassVariableAccessSynth() { this = TClassVariableAccessSynth(_, _, v) }
|
||||
|
||||
@@ -284,7 +284,8 @@ abstract class ConditionalCompletion extends NormalCompletion {
|
||||
* A completion that represents evaluation of an expression
|
||||
* with a Boolean value.
|
||||
*/
|
||||
class BooleanCompletion extends ConditionalCompletion, NonNestedNormalCompletion, TBooleanCompletion {
|
||||
class BooleanCompletion extends ConditionalCompletion, NonNestedNormalCompletion, TBooleanCompletion
|
||||
{
|
||||
BooleanCompletion() { this = TBooleanCompletion(value) }
|
||||
|
||||
/** Gets the dual Boolean completion. */
|
||||
|
||||
@@ -465,7 +465,8 @@ module Trees {
|
||||
}
|
||||
|
||||
private class PatternVariableAccessTree extends LocalVariableAccessTree, LocalVariableWriteAccess,
|
||||
CasePattern {
|
||||
CasePattern
|
||||
{
|
||||
final override predicate last(AstNode last, Completion c) {
|
||||
super.last(last, c) and
|
||||
c.(MatchingCompletion).getValue() = true
|
||||
|
||||
@@ -92,7 +92,8 @@ class StringConstCompareBarrier extends DataFlow::Node {
|
||||
* in the `order` call.
|
||||
*/
|
||||
deprecated class StringConstCompare extends DataFlow::BarrierGuard,
|
||||
CfgNodes::ExprNodes::ComparisonOperationCfgNode {
|
||||
CfgNodes::ExprNodes::ComparisonOperationCfgNode
|
||||
{
|
||||
private CfgNode checkedNode;
|
||||
// The value of the condition that results in the node being validated.
|
||||
private boolean checkedBranch;
|
||||
@@ -160,7 +161,8 @@ class StringConstArrayInclusionCallBarrier extends DataFlow::Node {
|
||||
* in the `find_by` call.
|
||||
*/
|
||||
deprecated class StringConstArrayInclusionCall extends DataFlow::BarrierGuard,
|
||||
CfgNodes::ExprNodes::MethodCallCfgNode {
|
||||
CfgNodes::ExprNodes::MethodCallCfgNode
|
||||
{
|
||||
private CfgNode checkedNode;
|
||||
|
||||
StringConstArrayInclusionCall() { stringConstArrayInclusionCall(this, checkedNode, true) }
|
||||
|
||||
@@ -224,7 +224,8 @@ private module Request {
|
||||
}
|
||||
|
||||
abstract private class RequestInputAccess extends RequestMethodCall,
|
||||
Http::Server::RequestInputAccess::Range {
|
||||
Http::Server::RequestInputAccess::Range
|
||||
{
|
||||
override string getSourceType() { result = "ActionDispatch::Request#" + this.getMethodName() }
|
||||
}
|
||||
|
||||
@@ -556,7 +557,8 @@ class ActionControllerSkipForgeryProtectionCall extends CsrfProtectionSetting::R
|
||||
* A call to `protect_from_forgery`.
|
||||
*/
|
||||
private class ActionControllerProtectFromForgeryCall extends CsrfProtectionSetting::Range,
|
||||
DataFlow::CallNode {
|
||||
DataFlow::CallNode
|
||||
{
|
||||
ActionControllerProtectFromForgeryCall() {
|
||||
this = actionControllerInstance().getAMethodCall("protect_from_forgery")
|
||||
}
|
||||
@@ -576,7 +578,8 @@ private class ActionControllerProtectFromForgeryCall extends CsrfProtectionSetti
|
||||
* A call to `send_file`, which sends the file at the given path to the client.
|
||||
*/
|
||||
private class SendFile extends FileSystemAccess::Range, Http::Server::HttpResponse::Range,
|
||||
DataFlow::CallNode {
|
||||
DataFlow::CallNode
|
||||
{
|
||||
SendFile() {
|
||||
this = [actionControllerInstance(), Response::response()].getAMethodCall("send_file")
|
||||
}
|
||||
|
||||
@@ -93,7 +93,8 @@ private class ActionViewCookiesCall extends ActionViewContextCall, CookiesCallIm
|
||||
* A call to `render`, `render_to_body` or `render_to_string`, seen as an
|
||||
* `HttpResponse`.
|
||||
*/
|
||||
private class RenderCallAsHttpResponse extends DataFlow::CallNode, Http::Server::HttpResponse::Range {
|
||||
private class RenderCallAsHttpResponse extends DataFlow::CallNode, Http::Server::HttpResponse::Range
|
||||
{
|
||||
RenderCallAsHttpResponse() {
|
||||
this.asExpr().getExpr() instanceof Rails::RenderCall or
|
||||
this.asExpr().getExpr() instanceof Rails::RenderToCall
|
||||
|
||||
@@ -219,7 +219,8 @@ class ActiveRecordSqlExecutionRange extends SqlExecution::Range {
|
||||
* A node that may evaluate to one or more `ActiveRecordModelClass` instances.
|
||||
*/
|
||||
abstract class ActiveRecordModelInstantiation extends OrmInstantiation::Range,
|
||||
DataFlow::LocalSourceNode {
|
||||
DataFlow::LocalSourceNode
|
||||
{
|
||||
/**
|
||||
* Gets the `ActiveRecordModelClass` that this instance belongs to.
|
||||
*/
|
||||
@@ -272,7 +273,8 @@ private Expr getUltimateReceiver(MethodCall call) {
|
||||
}
|
||||
|
||||
// A call to `find`, `where`, etc. that may return active record model object(s)
|
||||
private class ActiveRecordModelFinderCall extends ActiveRecordModelInstantiation, DataFlow::CallNode {
|
||||
private class ActiveRecordModelFinderCall extends ActiveRecordModelInstantiation, DataFlow::CallNode
|
||||
{
|
||||
private ActiveRecordModelClass cls;
|
||||
|
||||
ActiveRecordModelFinderCall() {
|
||||
@@ -305,7 +307,8 @@ private class ActiveRecordModelFinderCall extends ActiveRecordModelInstantiation
|
||||
|
||||
// A `self` reference that may resolve to an active record model object
|
||||
private class ActiveRecordModelClassSelfReference extends ActiveRecordModelInstantiation,
|
||||
SsaSelfDefinitionNode {
|
||||
SsaSelfDefinitionNode
|
||||
{
|
||||
private ActiveRecordModelClass cls;
|
||||
|
||||
ActiveRecordModelClassSelfReference() {
|
||||
@@ -465,7 +468,8 @@ private module Persistence {
|
||||
|
||||
/** A call to e.g. `user.update(name: "foo")` */
|
||||
private class UpdateLikeInstanceMethodCall extends PersistentWriteAccess::Range,
|
||||
ActiveRecordInstanceMethodCall {
|
||||
ActiveRecordInstanceMethodCall
|
||||
{
|
||||
UpdateLikeInstanceMethodCall() {
|
||||
this.getMethodName() = ["update", "update!", "update_attributes", "update_attributes!"]
|
||||
}
|
||||
@@ -485,7 +489,8 @@ private module Persistence {
|
||||
|
||||
/** A call to e.g. `user.update_attribute(name, "foo")` */
|
||||
private class UpdateAttributeCall extends PersistentWriteAccess::Range,
|
||||
ActiveRecordInstanceMethodCall {
|
||||
ActiveRecordInstanceMethodCall
|
||||
{
|
||||
UpdateAttributeCall() { this.getMethodName() = "update_attribute" }
|
||||
|
||||
override DataFlow::Node getValue() {
|
||||
@@ -688,7 +693,8 @@ private class ActiveRecordCollectionProxyMethodCall extends DataFlow::CallNode {
|
||||
/**
|
||||
* A call to an association method which yields ActiveRecord instances.
|
||||
*/
|
||||
private class ActiveRecordAssociationModelInstantiation extends ActiveRecordModelInstantiation instanceof ActiveRecordAssociationMethodCall {
|
||||
private class ActiveRecordAssociationModelInstantiation extends ActiveRecordModelInstantiation instanceof ActiveRecordAssociationMethodCall
|
||||
{
|
||||
override ActiveRecordModelClass getClass() {
|
||||
result = this.(ActiveRecordAssociationMethodCall).getAssociation().getTargetClass()
|
||||
}
|
||||
@@ -697,7 +703,8 @@ private class ActiveRecordAssociationModelInstantiation extends ActiveRecordMode
|
||||
/**
|
||||
* A call to a method on a collection proxy which yields ActiveRecord instances.
|
||||
*/
|
||||
private class ActiveRecordCollectionProxyModelInstantiation extends ActiveRecordModelInstantiation instanceof ActiveRecordCollectionProxyMethodCall {
|
||||
private class ActiveRecordCollectionProxyModelInstantiation extends ActiveRecordModelInstantiation instanceof ActiveRecordCollectionProxyMethodCall
|
||||
{
|
||||
override ActiveRecordModelClass getClass() {
|
||||
result = this.(ActiveRecordCollectionProxyMethodCall).getAssociation().getTargetClass()
|
||||
}
|
||||
|
||||
@@ -215,7 +215,8 @@ module ActiveResource {
|
||||
}
|
||||
|
||||
private class ModelClassMethodCallAsHttpRequest extends Http::Client::Request::Range,
|
||||
ModelClassMethodCall {
|
||||
ModelClassMethodCall
|
||||
{
|
||||
ModelClass cls;
|
||||
|
||||
ModelClassMethodCallAsHttpRequest() {
|
||||
@@ -239,7 +240,8 @@ module ActiveResource {
|
||||
}
|
||||
|
||||
private class ModelInstanceMethodCallAsHttpRequest extends Http::Client::Request::Range,
|
||||
ModelInstanceMethodCall {
|
||||
ModelInstanceMethodCall
|
||||
{
|
||||
ModelClass cls;
|
||||
|
||||
ModelInstanceMethodCallAsHttpRequest() {
|
||||
|
||||
@@ -166,7 +166,8 @@ module ActiveStorage {
|
||||
* A call on an ActiveStorage object that results in an image transformation.
|
||||
* Arguments to these calls may be executed as system commands.
|
||||
*/
|
||||
private class ImageProcessingCall extends SystemCommandExecution::Range instanceof DataFlow::CallNode {
|
||||
private class ImageProcessingCall extends SystemCommandExecution::Range instanceof DataFlow::CallNode
|
||||
{
|
||||
ImageProcessingCall() {
|
||||
this.getReceiver() instanceof BlobInstance and
|
||||
this.getMethodName() = ["variant", "preview", "representation"]
|
||||
|
||||
@@ -81,7 +81,8 @@ module File {
|
||||
}
|
||||
|
||||
private class FileModulePermissionModification extends FileSystemPermissionModification::Range,
|
||||
DataFlow::CallNode {
|
||||
DataFlow::CallNode
|
||||
{
|
||||
private DataFlow::Node permissionArg;
|
||||
|
||||
FileModulePermissionModification() {
|
||||
@@ -164,7 +165,8 @@ module FileUtils {
|
||||
}
|
||||
|
||||
private class FileUtilsPermissionModification extends FileSystemPermissionModification::Range,
|
||||
DataFlow::CallNode {
|
||||
DataFlow::CallNode
|
||||
{
|
||||
private DataFlow::Node permissionArg;
|
||||
|
||||
FileUtilsPermissionModification() {
|
||||
|
||||
@@ -227,7 +227,8 @@ private module Settings {
|
||||
* production code.
|
||||
*/
|
||||
private class AllowForgeryProtectionSetting extends Settings::BooleanSetting,
|
||||
CsrfProtectionSetting::Range {
|
||||
CsrfProtectionSetting::Range
|
||||
{
|
||||
AllowForgeryProtectionSetting() {
|
||||
this = Config::actionController().getAMethodCall("allow_forgery_protection=")
|
||||
}
|
||||
@@ -241,7 +242,8 @@ private class AllowForgeryProtectionSetting extends Settings::BooleanSetting,
|
||||
* https://ruby-doc.org/stdlib-2.7.1/libdoc/openssl/rdoc/OpenSSL/Cipher.html
|
||||
*/
|
||||
private class EncryptedCookieCipherSetting extends Settings::StringlikeSetting,
|
||||
CookieSecurityConfigurationSetting::Range {
|
||||
CookieSecurityConfigurationSetting::Range
|
||||
{
|
||||
EncryptedCookieCipherSetting() {
|
||||
this = Config::actionDispatch().getAMethodCall("encrypted_cookie_cipher=")
|
||||
}
|
||||
@@ -261,7 +263,8 @@ private class EncryptedCookieCipherSetting extends Settings::StringlikeSetting,
|
||||
* than the older AES-256-CBC cipher. Defaults to true.
|
||||
*/
|
||||
private class UseAuthenticatedCookieEncryptionSetting extends Settings::BooleanSetting,
|
||||
CookieSecurityConfigurationSetting::Range {
|
||||
CookieSecurityConfigurationSetting::Range
|
||||
{
|
||||
UseAuthenticatedCookieEncryptionSetting() {
|
||||
this = Config::actionDispatch().getAMethodCall("use_authenticated_cookie_encryption=")
|
||||
}
|
||||
@@ -283,7 +286,8 @@ private class UseAuthenticatedCookieEncryptionSetting extends Settings::BooleanS
|
||||
* https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#strict
|
||||
*/
|
||||
private class CookiesSameSiteProtectionSetting extends Settings::NillableStringlikeSetting,
|
||||
CookieSecurityConfigurationSetting::Range {
|
||||
CookieSecurityConfigurationSetting::Range
|
||||
{
|
||||
CookiesSameSiteProtectionSetting() {
|
||||
this = Config::actionDispatch().getAMethodCall("cookies_same_site_protection=")
|
||||
}
|
||||
|
||||
@@ -27,7 +27,8 @@ module Railties {
|
||||
* A call to `Rails::Generators::Actions#execute_command`.
|
||||
* This method concatenates its first and second arguments and executes the result as a shell command.
|
||||
*/
|
||||
private class ExecuteCommandCall extends SystemCommandExecution::Range instanceof DataFlow::CallNode {
|
||||
private class ExecuteCommandCall extends SystemCommandExecution::Range instanceof DataFlow::CallNode
|
||||
{
|
||||
ExecuteCommandCall() {
|
||||
this = generatorsActionsClass().getAnInstanceSelf().getAMethodCall("execute_command")
|
||||
}
|
||||
@@ -40,7 +41,8 @@ module Railties {
|
||||
/**
|
||||
* A call to a method in `Rails::Generators::Actions` which delegates to `execute_command`.
|
||||
*/
|
||||
private class ExecuteCommandWrapperCall extends SystemCommandExecution::Range instanceof DataFlow::CallNode {
|
||||
private class ExecuteCommandWrapperCall extends SystemCommandExecution::Range instanceof DataFlow::CallNode
|
||||
{
|
||||
ExecuteCommandWrapperCall() {
|
||||
this =
|
||||
generatorsActionsClass()
|
||||
|
||||
@@ -73,7 +73,8 @@ module Twirp {
|
||||
|
||||
/** A parameter that will receive parts of the url when handling an incoming request. */
|
||||
class UnmarshaledParameter extends Http::Server::RequestInputAccess::Range,
|
||||
DataFlow::ParameterNode {
|
||||
DataFlow::ParameterNode
|
||||
{
|
||||
UnmarshaledParameter() {
|
||||
exists(ServiceInstantiation i | i.getAHandlerMethod().getParameter(0) = this.asParameter())
|
||||
}
|
||||
|
||||
@@ -15,7 +15,8 @@ private API::Node digest(Cryptography::HashingAlgorithm algo) {
|
||||
}
|
||||
|
||||
/** A call that hashes some input using a hashing algorithm from the `Digest` module. */
|
||||
private class DigestCall extends Cryptography::CryptographicOperation::Range instanceof DataFlow::CallNode {
|
||||
private class DigestCall extends Cryptography::CryptographicOperation::Range instanceof DataFlow::CallNode
|
||||
{
|
||||
Cryptography::HashingAlgorithm algo;
|
||||
|
||||
DigestCall() {
|
||||
|
||||
@@ -114,7 +114,8 @@ module String {
|
||||
}
|
||||
|
||||
abstract private class SimpleSummarizedCallable extends SummarizedCallable,
|
||||
FlowSummary::SimpleSummarizedCallable {
|
||||
FlowSummary::SimpleSummarizedCallable
|
||||
{
|
||||
bindingset[this]
|
||||
SimpleSummarizedCallable() { any() }
|
||||
}
|
||||
|
||||
@@ -116,7 +116,8 @@ class ExconHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode
|
||||
}
|
||||
|
||||
/** A configuration to track values that can disable certificate validation for Excon. */
|
||||
private class ExconDisablesCertificateValidationConfiguration extends DataFlowImplForHttpClientLibraries::Configuration {
|
||||
private class ExconDisablesCertificateValidationConfiguration extends DataFlowImplForHttpClientLibraries::Configuration
|
||||
{
|
||||
ExconDisablesCertificateValidationConfiguration() {
|
||||
this = "ExconDisablesCertificateValidationConfiguration"
|
||||
}
|
||||
|
||||
@@ -87,7 +87,8 @@ class FaradayHttpRequest extends Http::Client::Request::Range, DataFlow::CallNod
|
||||
}
|
||||
|
||||
/** A configuration to track values that can disable certificate validation for Faraday. */
|
||||
private class FaradayDisablesCertificateValidationConfiguration extends DataFlowImplForHttpClientLibraries::Configuration {
|
||||
private class FaradayDisablesCertificateValidationConfiguration extends DataFlowImplForHttpClientLibraries::Configuration
|
||||
{
|
||||
FaradayDisablesCertificateValidationConfiguration() {
|
||||
this = "FaradayDisablesCertificateValidationConfiguration"
|
||||
}
|
||||
|
||||
@@ -74,7 +74,8 @@ class HttpClientRequest extends Http::Client::Request::Range, DataFlow::CallNode
|
||||
}
|
||||
|
||||
/** A configuration to track values that can disable certificate validation for HttpClient. */
|
||||
private class HttpClientDisablesCertificateValidationConfiguration extends DataFlowImplForHttpClientLibraries::Configuration {
|
||||
private class HttpClientDisablesCertificateValidationConfiguration extends DataFlowImplForHttpClientLibraries::Configuration
|
||||
{
|
||||
HttpClientDisablesCertificateValidationConfiguration() {
|
||||
this = "HttpClientDisablesCertificateValidationConfiguration"
|
||||
}
|
||||
|
||||
@@ -66,7 +66,8 @@ class HttpartyRequest extends Http::Client::Request::Range, DataFlow::CallNode {
|
||||
}
|
||||
|
||||
/** A configuration to track values that can disable certificate validation for Httparty. */
|
||||
private class HttpartyDisablesCertificateValidationConfiguration extends DataFlowImplForHttpClientLibraries::Configuration {
|
||||
private class HttpartyDisablesCertificateValidationConfiguration extends DataFlowImplForHttpClientLibraries::Configuration
|
||||
{
|
||||
HttpartyDisablesCertificateValidationConfiguration() {
|
||||
this = "HttpartyDisablesCertificateValidationConfiguration"
|
||||
}
|
||||
|
||||
@@ -93,7 +93,8 @@ class NetHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode {
|
||||
}
|
||||
|
||||
/** A configuration to track values that can disable certificate validation for NetHttp. */
|
||||
private class NetHttpDisablesCertificateValidationConfiguration extends DataFlowImplForHttpClientLibraries::Configuration {
|
||||
private class NetHttpDisablesCertificateValidationConfiguration extends DataFlowImplForHttpClientLibraries::Configuration
|
||||
{
|
||||
NetHttpDisablesCertificateValidationConfiguration() {
|
||||
this = "NetHttpDisablesCertificateValidationConfiguration"
|
||||
}
|
||||
|
||||
@@ -62,7 +62,8 @@ class OpenUriRequest extends Http::Client::Request::Range, DataFlow::CallNode {
|
||||
* Kernel.open("http://example.com").read
|
||||
* ```
|
||||
*/
|
||||
class OpenUriKernelOpenRequest extends Http::Client::Request::Range, DataFlow::CallNode instanceof KernelMethodCall {
|
||||
class OpenUriKernelOpenRequest extends Http::Client::Request::Range, DataFlow::CallNode instanceof KernelMethodCall
|
||||
{
|
||||
OpenUriKernelOpenRequest() { this.getMethodName() = "open" }
|
||||
|
||||
override DataFlow::Node getAUrlPart() { result = this.getArgument(0) }
|
||||
@@ -102,7 +103,8 @@ class OpenUriKernelOpenRequest extends Http::Client::Request::Range, DataFlow::C
|
||||
}
|
||||
|
||||
/** A configuration to track values that can disable certificate validation for OpenURI. */
|
||||
private class OpenUriDisablesCertificateValidationConfiguration extends DataFlowImplForHttpClientLibraries::Configuration {
|
||||
private class OpenUriDisablesCertificateValidationConfiguration extends DataFlowImplForHttpClientLibraries::Configuration
|
||||
{
|
||||
OpenUriDisablesCertificateValidationConfiguration() {
|
||||
this = "OpenUriDisablesCertificateValidationConfiguration"
|
||||
}
|
||||
|
||||
@@ -67,7 +67,8 @@ class RestClientHttpRequest extends Http::Client::Request::Range, DataFlow::Call
|
||||
}
|
||||
|
||||
/** A configuration to track values that can disable certificate validation for RestClient. */
|
||||
private class RestClientDisablesCertificateValidationConfiguration extends DataFlowImplForHttpClientLibraries::Configuration {
|
||||
private class RestClientDisablesCertificateValidationConfiguration extends DataFlowImplForHttpClientLibraries::Configuration
|
||||
{
|
||||
RestClientDisablesCertificateValidationConfiguration() {
|
||||
this = "RestClientDisablesCertificateValidationConfiguration"
|
||||
}
|
||||
|
||||
@@ -47,7 +47,8 @@ class TyphoeusHttpRequest extends Http::Client::Request::Range, DataFlow::CallNo
|
||||
}
|
||||
|
||||
/** A configuration to track values that can disable certificate validation for Typhoeus. */
|
||||
private class TyphoeusDisablesCertificateValidationConfiguration extends DataFlowImplForHttpClientLibraries::Configuration {
|
||||
private class TyphoeusDisablesCertificateValidationConfiguration extends DataFlowImplForHttpClientLibraries::Configuration
|
||||
{
|
||||
TyphoeusDisablesCertificateValidationConfiguration() {
|
||||
this = "TyphoeusDisablesCertificateValidationConfiguration"
|
||||
}
|
||||
|
||||
@@ -100,7 +100,8 @@ module Pathname {
|
||||
}
|
||||
|
||||
private class PathnamePermissionModification extends FileSystemPermissionModification::Range,
|
||||
PathnameCall {
|
||||
PathnameCall
|
||||
{
|
||||
private DataFlow::Node permissionArg;
|
||||
|
||||
PathnamePermissionModification() {
|
||||
|
||||
@@ -557,7 +557,8 @@ private class CipherNode extends DataFlow::Node {
|
||||
|
||||
/** An operation using the OpenSSL library that uses a cipher. */
|
||||
private class CipherOperation extends Cryptography::CryptographicOperation::Range,
|
||||
DataFlow::CallNode {
|
||||
DataFlow::CallNode
|
||||
{
|
||||
private CipherNode cipherNode;
|
||||
|
||||
CipherOperation() {
|
||||
@@ -587,7 +588,8 @@ private module Digest {
|
||||
private import codeql.ruby.ApiGraphs
|
||||
|
||||
/** A call that hashes some input using a hashing algorithm from the `OpenSSL::Digest` module. */
|
||||
private class DigestCall extends Cryptography::CryptographicOperation::Range instanceof DataFlow::CallNode {
|
||||
private class DigestCall extends Cryptography::CryptographicOperation::Range instanceof DataFlow::CallNode
|
||||
{
|
||||
Cryptography::HashingAlgorithm algo;
|
||||
|
||||
DigestCall() {
|
||||
@@ -612,7 +614,8 @@ private module Digest {
|
||||
}
|
||||
|
||||
/** A call to `OpenSSL::Digest.digest` that hashes input directly without constructing a digest instance. */
|
||||
private class DigestCallDirect extends Cryptography::CryptographicOperation::Range instanceof DataFlow::CallNode {
|
||||
private class DigestCallDirect extends Cryptography::CryptographicOperation::Range instanceof DataFlow::CallNode
|
||||
{
|
||||
Cryptography::HashingAlgorithm algo;
|
||||
|
||||
DigestCallDirect() {
|
||||
|
||||
@@ -57,5 +57,6 @@ module PathInjection {
|
||||
* sanitizer-guard.
|
||||
*/
|
||||
class StringConstArrayInclusionCallAsSanitizer extends Sanitizer,
|
||||
StringConstArrayInclusionCallBarrier { }
|
||||
StringConstArrayInclusionCallBarrier
|
||||
{ }
|
||||
}
|
||||
|
||||
@@ -51,5 +51,6 @@ module SqlInjection {
|
||||
* sanitizer-guard.
|
||||
*/
|
||||
class StringConstArrayInclusionCallAsSanitizer extends Sanitizer,
|
||||
StringConstArrayInclusionCallBarrier { }
|
||||
StringConstArrayInclusionCallBarrier
|
||||
{ }
|
||||
}
|
||||
|
||||
@@ -89,7 +89,8 @@ private module Shared {
|
||||
* tag.
|
||||
*/
|
||||
class ArgumentInterpretedAsUrlAsSink extends Sink, ErbOutputMethodCallArgumentNode,
|
||||
ActionView::ArgumentInterpretedAsUrl { }
|
||||
ActionView::ArgumentInterpretedAsUrl
|
||||
{ }
|
||||
|
||||
/**
|
||||
* A argument to a call to the `link_to` method, which does not expect
|
||||
@@ -128,13 +129,15 @@ private module Shared {
|
||||
* An inclusion check against an array of constant strings, considered as a sanitizer-guard.
|
||||
*/
|
||||
class StringConstArrayInclusionCallAsSanitizer extends Sanitizer,
|
||||
StringConstArrayInclusionCallBarrier { }
|
||||
StringConstArrayInclusionCallBarrier
|
||||
{ }
|
||||
|
||||
/**
|
||||
* A `VariableWriteAccessCfgNode` that is not succeeded (locally) by another
|
||||
* write to that variable.
|
||||
*/
|
||||
private class FinalInstanceVarWrite extends CfgNodes::ExprNodes::InstanceVariableWriteAccessCfgNode {
|
||||
private class FinalInstanceVarWrite extends CfgNodes::ExprNodes::InstanceVariableWriteAccessCfgNode
|
||||
{
|
||||
private InstanceVariable var;
|
||||
|
||||
FinalInstanceVarWrite() {
|
||||
|
||||
@@ -73,7 +73,8 @@ module RegExpInjection {
|
||||
* sanitizer-guard.
|
||||
*/
|
||||
class StringConstArrayInclusionCallAsSanitizer extends Sanitizer,
|
||||
StringConstArrayInclusionCallBarrier { }
|
||||
StringConstArrayInclusionCallBarrier
|
||||
{ }
|
||||
|
||||
/**
|
||||
* A call to `Regexp.escape` (or its alias, `Regexp.quote`), considered as a
|
||||
|
||||
@@ -19,7 +19,8 @@ private import codeql.regex.MissingRegExpAnchor as MissingRegExpAnchor
|
||||
private import codeql.ruby.regexp.RegExpTreeView::RegexTreeView as TreeImpl
|
||||
|
||||
private module Impl implements
|
||||
MissingRegExpAnchor::MissingRegExpAnchorSig<TreeImpl, HostnameRegexp::Impl> {
|
||||
MissingRegExpAnchor::MissingRegExpAnchorSig<TreeImpl, HostnameRegexp::Impl>
|
||||
{
|
||||
predicate isUsedAsReplace(RegExpPatternSource pattern) {
|
||||
exists(DataFlow::CallNode mcn, DataFlow::Node arg, string name |
|
||||
name = mcn.getMethodName() and
|
||||
|
||||
Reference in New Issue
Block a user