hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

ql format

Browse Source
This commit is contained in:
Alex Ford
2021-10-12 20:40:46 +01:00
parent d7b5e4c779
commit ad5c1f9b32
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ql/lib/codeql/ruby/security/XSS.qll
View File

@@ -185,18 +185,20 @@ private module Shared {
}
pragma[noinline]
private predicate isHelperMethodNameMatch(ActionControllerHelperMethod helperMethod, MethodCall call) {
private predicate isHelperMethodNameMatch(
ActionControllerHelperMethod helperMethod, MethodCall call
) {
helperMethod.getName() = call.getMethodName()
}
private predicate isFlowFromHelperMethod(DataFlow::Node node1, DataFlow::Node node2) {
// flow out of controller helper method into template
exists(ErbFile template |
template = node2.getLocation().getFile() |
exists(ErbFile template | template = node2.getLocation().getFile() |
exists(ActionControllerHelperMethod helperMethod |
helperMethod.getControllerClass() = getAssociatedControllerClass(template) and
// `node1` is an expr node that may be returned by the helper method
exprNodeReturnedFrom(node1, helperMethod) |
exprNodeReturnedFrom(node1, helperMethod)
|
exists(CfgNodes::ExprNodes::MethodCallCfgNode helperMethodCall |
// `node2` is a call to the helper method
node2.asExpr() = helperMethodCall and