hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Ruby: configsig rb/http-to-file-access"

Browse Source 
This reverts commit e77ba1589663905c952cdb643ab66885760b27bd.
This commit is contained in:
Alex Ford
2023-09-03 17:17:10 +01:00
parent e399eac2b3
commit bf6837cca0
2 changed files with 6 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
ruby/ql/lib/codeql/ruby/security/HttpToFileAccessQuery.qll
View File

@@ -2,7 +2,7 @@
* Provides a taint tracking configuration for reasoning about writing user-controlled data to files.
*
* Note, for performance reasons: only import this file if
* `HttpToFileAccessFlow` is needed, otherwise
* `HttpToFileAccess::Configuration` is needed, otherwise
* `HttpToFileAccessCustomizations` should be imported instead.
*/
@@ -10,10 +10,8 @@ private import HttpToFileAccessCustomizations::HttpToFileAccess
/**
* A taint tracking configuration for writing user-controlled data to files.
*
* DEPRECATED: Use `HttpToFileAccessFlow` instead
*/
deprecated class Configuration extends TaintTracking::Configuration {
class Configuration extends TaintTracking::Configuration {
Configuration() { this = "HttpToFileAccess" }
override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -25,16 +23,3 @@ deprecated class Configuration extends TaintTracking::Configuration {
node instanceof Sanitizer
}
}
private module Config implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof Source }
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
}
/**
* Taint-tracking for writing user-controlled data to files.
*/
module HttpToFileAccessFlow = TaintTracking::Global<Config>;

7
ruby/ql/src/queries/security/cwe-912/HttpToFileAccess.ql
View File

@@ -12,10 +12,11 @@
*/
import codeql.ruby.AST
import codeql.ruby.DataFlow
import codeql.ruby.DataFlow::DataFlow::PathGraph
import codeql.ruby.security.HttpToFileAccessQuery
import HttpToFileAccessFlow::PathGraph
from HttpToFileAccessFlow::PathNode source, HttpToFileAccessFlow::PathNode sink
where HttpToFileAccessFlow::flowPath(source, sink)
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
where cfg.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "Write to file system depends on $@.", source.getNode(),
"untrusted data"