hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7326 from github/ginsbach/FixInstanceof

Browse Source 
fix dependency cycle by removing superfluous classes
This commit is contained in:
Alex Ford
2021-12-07 17:05:26 +00:00
committed by GitHub
parent a2dc505c26 b2c1b55c0c
commit bf0ecded04
1 changed files with 6 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
ruby/ql/lib/codeql/ruby/security/XSS.qll
View File

@@ -266,26 +266,13 @@ module ReflectedXSS {
abstract class Source extends Shared::Source { }
/** A data flow sink for stored XSS vulnerabilities. */
abstract class Sink extends Shared::Sink { }
class Sink = Shared::Sink;
/** A sanitizer for stored XSS vulnerabilities. */
abstract class Sanitizer extends Shared::Sanitizer { }
class Sanitizer = Shared::Sanitizer;
/** A sanitizer guard for stored XSS vulnerabilities. */
abstract class SanitizerGuard extends Shared::SanitizerGuard { }
// Consider all arbitrary XSS sinks to be reflected XSS sinks
private class AnySink extends Sink instanceof Shared::Sink { }
// Consider all arbitrary XSS sanitizers to be reflected XSS sanitizers
private class AnySanitizer extends Sanitizer instanceof Shared::Sanitizer { }
// Consider all arbitrary XSS sanitizer guards to be reflected XSS sanitizer guards
private class AnySanitizerGuard extends SanitizerGuard instanceof Shared::SanitizerGuard {
override predicate checks(CfgNode expr, boolean branch) {
Shared::SanitizerGuard.super.checks(expr, branch)
}
}
class SanitizerGuard = Shared::SanitizerGuard;
/**
* An additional step that is preserves dataflow in the context of reflected XSS.
@@ -327,26 +314,13 @@ module StoredXSS {
abstract class Source extends Shared::Source { }
/** A data flow sink for stored XSS vulnerabilities. */
abstract class Sink extends Shared::Sink { }
class Sink = Shared::Sink;
/** A sanitizer for stored XSS vulnerabilities. */
abstract class Sanitizer extends Shared::Sanitizer { }
class Sanitizer = Shared::Sanitizer;
/** A sanitizer guard for stored XSS vulnerabilities. */
abstract class SanitizerGuard extends Shared::SanitizerGuard { }
// Consider all arbitrary XSS sinks to be stored XSS sinks
private class AnySink extends Sink instanceof Shared::Sink { }
// Consider all arbitrary XSS sanitizers to be stored XSS sanitizers
private class AnySanitizer extends Sanitizer instanceof Shared::Sanitizer { }
// Consider all arbitrary XSS sanitizer guards to be stored XSS sanitizer guards
private class AnySanitizerGuard extends SanitizerGuard instanceof Shared::SanitizerGuard {
override predicate checks(CfgNode expr, boolean branch) {
Shared::SanitizerGuard.super.checks(expr, branch)
}
}
class SanitizerGuard = Shared::SanitizerGuard;
/**
* An additional step that preserves dataflow in the context of stored XSS.