hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-22 15:25:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: Reduce alerts produced by MassAssignment.ql

Browse Source
This commit is contained in:
Tom Hvitved
2024-04-03 19:58:51 +02:00
parent 3c96bf6b22
commit c2d771b334
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ruby/ql/lib/codeql/ruby/security/MassAssignmentQuery.qll
View File

@@ -43,6 +43,11 @@ private module Config implements DataFlow::StateConfigSig {
state instanceof FlowState::Permitted
}
predicate isBarrierIn(DataFlow::Node node, FlowState state) {
node instanceof MassAssignment::Source and
state instanceof FlowState::Unpermitted
}
predicate isBarrier(DataFlow::Node node) { node instanceof MassAssignment::Sanitizer }
predicate isAdditionalFlowStep(