From a5d8db6317d99656ab15993ebfcdf6a050905596 Mon Sep 17 00:00:00 2001 From: Alex Ford Date: Wed, 7 Jun 2023 15:55:01 +0100 Subject: [PATCH] Ruby: fix qldoc --- ruby/ql/lib/codeql/ruby/frameworks/Rack.qll | 4 ++++ ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll | 4 ++++ ruby/ql/lib/codeql/ruby/frameworks/rack/internal/Mime.qll | 7 ++++++- .../lib/codeql/ruby/frameworks/rack/internal/Response.qll | 6 ++++++ 4 files changed, 20 insertions(+), 1 deletion(-) diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Rack.qll b/ruby/ql/lib/codeql/ruby/frameworks/Rack.qll index 64ca7cc0b60..74553476d17 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/Rack.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/Rack.qll @@ -1,3 +1,7 @@ +/** + * Provides modeling for the Rack library. + */ + /** * Provides modeling for the Rack library. */ diff --git a/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll b/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll index 35a12c8e3eb..0a344f46dc8 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll @@ -1,3 +1,7 @@ +/** + * Provides modeling for Rack applications. + */ + private import codeql.ruby.ApiGraphs private import codeql.ruby.DataFlow private import codeql.ruby.typetracking.TypeTracker diff --git a/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/Mime.qll b/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/Mime.qll index d40895a2f13..2aceebffbcd 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/Mime.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/Mime.qll @@ -1,3 +1,7 @@ +/** + * Provides modeling for the `Mime` component of the `Rack` library. + */ + private import codeql.ruby.ApiGraphs private import codeql.ruby.DataFlow @@ -1288,7 +1292,7 @@ private predicate mimeTypeMatches(string ext, string mimeType) { } /** - * Provides modeling for the `Response` component of the `Rack` library. + * Provides modeling for the `Mime` component of the `Rack` library. */ module Mime { class MimetypeCall extends DataFlow::CallNode { @@ -1300,6 +1304,7 @@ module Mime { result = this.getArgument(0).getConstantValue().getStringlikeValue() } + /** Gets the canonical MIME type string returned by this call. */ string getMimeType() { mimeTypeMatches(this.getExtension(), result) } } } diff --git a/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/Response.qll b/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/Response.qll index 983d50aaeec..26162a8d306 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/Response.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/Response.qll @@ -1,3 +1,7 @@ +/** + * Provides modeling for the `Response` component of the `Rack` library. + */ + private import codeql.ruby.AST private import codeql.ruby.ApiGraphs private import codeql.ruby.Concepts @@ -17,6 +21,7 @@ module Private { private DataFlow::Node trackInt(int i) { trackInt(TypeTracker::end(), i).flowsTo(result) } + /** A `DataFlow::Node` that may be a rack response. This is detected heuristically, if something "looks like" a rack response syntactically then we consider it to be a potential response node. */ class PotentialResponseNode extends DataFlow::ArrayLiteralNode { // [status, headers, body] PotentialResponseNode() { @@ -83,6 +88,7 @@ module Public { override string getMimetypeDefault() { none() } } + /** A `DataFlow::Node` returned from a rack request that has a redirect HTTP status code. */ class RedirectResponse extends ResponseNode, Http::Server::HttpRedirectResponse::Range { RedirectResponse() { this.getAStatusCode() = [300, 301, 302, 303, 307, 308] }