mirror of
https://github.com/github/codeql.git
synced 2026-05-03 12:45:27 +02:00
Ruby: add queries for measuring taint sources and sinks
This commit is contained in:
Asger Feldthaus
14
ruby/ql/src/queries/meta/TaintSinks.ql
Normal file
14
ruby/ql/src/queries/meta/TaintSinks.ql
Normal file
@@ -0,0 +1,14 @@
|
||||
/**
|
||||
* @name Taint sinks
|
||||
* @description Sinks that are sensitive to untrusted data.
|
||||
* @kind problem
|
||||
* @problem.severity recommendation
|
||||
* @id rb/meta/taint-sinks
|
||||
* @tags meta
|
||||
* @precision very-low
|
||||
*/
|
||||
|
||||
import internal.TaintMetrics
|
||||
|
||||
from string kind
|
||||
select relevantTaintSink(kind), kind + " sink"
|
||||
14
ruby/ql/src/queries/meta/TaintSources.ql
Normal file
14
ruby/ql/src/queries/meta/TaintSources.ql
Normal file
@@ -0,0 +1,14 @@
|
||||
/**
|
||||
* @name Taint sources
|
||||
* @description Sources of untrusted input.
|
||||
* @kind problem
|
||||
* @problem.severity recommendation
|
||||
* @id rb/meta/taint-sources
|
||||
* @tags meta
|
||||
* @precision very-low
|
||||
*/
|
||||
|
||||
import internal.TaintMetrics
|
||||
|
||||
from string kind
|
||||
select relevantTaintSource(kind), kind
|
||||
38
ruby/ql/src/queries/meta/internal/TaintMetrics.qll
Normal file
38
ruby/ql/src/queries/meta/internal/TaintMetrics.qll
Normal file
@@ -0,0 +1,38 @@
|
||||
private import codeql.files.FileSystem
|
||||
private import codeql.ruby.DataFlow
|
||||
private import codeql.ruby.dataflow.RemoteFlowSources
|
||||
private import codeql.ruby.security.CodeInjectionCustomizations
|
||||
private import codeql.ruby.security.CommandInjectionCustomizations
|
||||
private import codeql.ruby.security.XSS
|
||||
private import codeql.ruby.security.PathInjectionCustomizations
|
||||
private import codeql.ruby.security.ServerSideRequestForgeryCustomizations
|
||||
private import codeql.ruby.security.UnsafeDeserializationCustomizations
|
||||
private import codeql.ruby.security.UrlRedirectCustomizations
|
||||
|
||||
class RelevantFile extends File {
|
||||
RelevantFile() { not getRelativePath().regexpMatch(".*/test(case)?s?/.*") }
|
||||
}
|
||||
|
||||
RemoteFlowSource relevantTaintSource(string kind) {
|
||||
result.getLocation().getFile() instanceof RelevantFile and
|
||||
kind = result.getSourceType()
|
||||
}
|
||||
|
||||
DataFlow::Node relevantTaintSink(string kind) {
|
||||
result.getLocation().getFile() instanceof RelevantFile and
|
||||
(
|
||||
kind = "CodeInjection" and result instanceof CodeInjection::Sink
|
||||
or
|
||||
kind = "CommandInjection" and result instanceof CommandInjection::Sink
|
||||
or
|
||||
kind = "XSS" and result instanceof ReflectedXSS::Sink
|
||||
or
|
||||
kind = "PathInjection" and result instanceof PathInjection::Sink
|
||||
or
|
||||
kind = "ServerSideRequestForgery" and result instanceof ServerSideRequestForgery::Sink
|
||||
or
|
||||
kind = "UnsafeDeserialization" and result instanceof UnsafeDeserialization::Sink
|
||||
or
|
||||
kind = "UrlRedirect" and result instanceof UrlRedirect::Sink
|
||||
)
|
||||
}
|
||||
Reference in New Issue
Block a user