hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

use of all normalization forms without the ":" prefix

Browse Source
This commit is contained in:
Sim4n6
2023-05-20 17:59:08 +01:00
parent f5ff50880c
commit ad754f1385
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll
View File

@@ -50,7 +50,7 @@ class Configuration extends TaintTracking::Configuration {
override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) {
exists(DataFlow::CallNode cn |
cn.getMethodName() = "unicode_normalize" and
cn.getArgument(0).getConstantValue().getSymbol() = [":nfkc", ":nfc", ":nfkd", ":nfd"] and
cn.getArgument(0).getConstantValue().getSymbol() = ["nfkc", "nfc", "nfkd", "nfd"] and
sink = cn.getReceiver()
) and
state instanceof PostValidation