hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: add missing qldoc comments for SQL injection query

Browse Source
This commit is contained in:
Nick Rolfe
2022-11-10 15:26:42 +00:00
parent 511fb97273
commit b91b3148a4
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll
View File

@@ -13,10 +13,13 @@ private import codeql.ruby.dataflow.RemoteFlowSources
* vulnerabilities, as well as extension points for adding your own.
*/
module SqlInjection {
/** A data flow source for SQL injection vulnerabilities. */
abstract class Source extends DataFlow::Node { }
/** A data flow sink for SQL injection vulnerabilities. */
abstract class Sink extends DataFlow::Node { }
/** A sanitizer for SQL injection vulnerabilities. */
abstract class Sanitizer extends DataFlow::Node { }
/**

3
ruby/ql/lib/codeql/ruby/security/SqlInjectionQuery.qll
View File

@@ -7,6 +7,9 @@ private import codeql.ruby.DataFlow
private import codeql.ruby.TaintTracking
import SqlInjectionCustomizations::SqlInjection
/**
* A taint-tracking configuration for detecting SQL injection vulnerabilities.
*/
class Configuration extends TaintTracking::Configuration {
Configuration() { this = "SqlInjectionConfiguration" }