hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Model the Typhoeus http client

Browse Source
This commit is contained in:
Harry Maclean
2021-09-27 16:08:19 +01:00
parent b5dec5e8cf
commit b34fcc65d1
5 changed files with 62 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ql/lib/codeql/ruby/frameworks/HTTPClients.qll
View File

@@ -9,3 +9,4 @@ private import codeql.ruby.frameworks.http_clients.RestClient
private import codeql.ruby.frameworks.http_clients.HTTParty
private import codeql.ruby.frameworks.http_clients.HTTPClient
private import codeql.ruby.frameworks.http_clients.OpenURI
private import codeql.ruby.frameworks.http_clients.Typhoeus

28
ql/lib/codeql/ruby/frameworks/http_clients/Typhoeus.qll Normal file
View File

@@ -0,0 +1,28 @@
private import ruby
private import codeql.ruby.Concepts
private import codeql.ruby.ApiGraphs
/**
* A call that makes an HTTP request using `Typhoeus`.
* ```ruby
* Typhoeus.get("http://example.com").body
* ```
*/
class TyphoeusHTTPRequest extends HTTP::Client::Request::Range {
DataFlow::Node request;
DataFlow::CallNode responseBody;
TyphoeusHTTPRequest() {
exists(API::Node requestNode | request = requestNode.getAnImmediateUse() |
requestNode =
API::getTopLevelMember("Typhoeus")
.getReturn(["get", "head", "delete", "options", "post", "put", "patch"]) and
responseBody = requestNode.getAMethodCall("body") and
this = request.asExpr().getExpr()
)
}
override DataFlow::Node getResponseBody() { result = responseBody }
override string getFramework() { result = "Typhoeus" }
}

7
ql/test/library-tests/frameworks/http_clients/Typhoeus.expected Normal file
View File

@@ -0,0 +1,7 @@
| Typhoeus.rb:3:9:3:43 | call to get | Typhoeus.rb:4:1:4:10 | call to body |
| Typhoeus.rb:6:9:6:63 | call to post | Typhoeus.rb:7:1:7:10 | call to body |
| Typhoeus.rb:9:9:9:62 | call to put | Typhoeus.rb:10:1:10:10 | call to body |
| Typhoeus.rb:12:9:12:64 | call to patch | Typhoeus.rb:13:1:13:10 | call to body |
| Typhoeus.rb:15:9:15:46 | call to delete | Typhoeus.rb:16:1:16:10 | call to body |
| Typhoeus.rb:18:9:18:44 | call to head | Typhoeus.rb:19:1:19:10 | call to body |
| Typhoeus.rb:21:9:21:47 | call to options | Typhoeus.rb:22:1:22:10 | call to body |

4
ql/test/library-tests/frameworks/http_clients/Typhoeus.ql Normal file
View File

@@ -0,0 +1,4 @@
import codeql.ruby.frameworks.http_clients.Typhoeus
import codeql.ruby.DataFlow
query DataFlow::Node typhoeusHTTPRequests(TyphoeusHTTPRequest e) { result = e.getResponseBody() }

22
ql/test/library-tests/frameworks/http_clients/Typhoeus.rb Normal file
View File

@@ -0,0 +1,22 @@
require "typhoeus"
resp1 = Typhoeus.get("http://example.com/")
resp1.body
resp2 = Typhoeus.post("http://example.com/", body: "some_data")
resp2.body
resp3 = Typhoeus.put("http://example.com/", body: "some_data")
resp3.body
resp4 = Typhoeus.patch("http://example.com/", body: "some_data")
resp4.body
resp5 = Typhoeus.delete("http://example.com/")
resp5.body
resp6 = Typhoeus.head("http://example.com/")
resp6.body
resp7 = Typhoeus.options("http://example.com/")
resp7.body