hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: configsig rb/http-to-file-access

Browse Source
This commit is contained in:
Alex Ford
2023-08-31 16:30:22 +01:00
parent 2536f1a0cd
commit c973fc1274
2 changed files with 20 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
ruby/ql/lib/codeql/ruby/security/HttpToFileAccessQuery.qll
View File

@@ -2,7 +2,7 @@
* Provides a taint tracking configuration for reasoning about writing user-controlled data to files.
*
* Note, for performance reasons: only import this file if
* `HttpToFileAccess::Configuration` is needed, otherwise
* `HttpToFileAccessFlow` is needed, otherwise
* `HttpToFileAccessCustomizations` should be imported instead.
*/
@@ -10,8 +10,10 @@ private import HttpToFileAccessCustomizations::HttpToFileAccess
/**
* A taint tracking configuration for writing user-controlled data to files.
*
* DEPRECATED: Use `HttpToFileAccessFlow` instead
*/
class Configuration extends TaintTracking::Configuration {
deprecated class Configuration extends TaintTracking::Configuration {
Configuration() { this = "HttpToFileAccess" }
override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -23,3 +25,16 @@ class Configuration extends TaintTracking::Configuration {
node instanceof Sanitizer
}
}
private module Config implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof Source }
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
}
/**
* Taint-tracking for writing user-controlled data to files.
*/
module HttpToFileAccessFlow = TaintTracking::Global<Config>;

7
ruby/ql/src/queries/security/cwe-912/HttpToFileAccess.ql
View File

@@ -12,11 +12,10 @@
*/
import codeql.ruby.AST
import codeql.ruby.DataFlow
import codeql.ruby.DataFlow::DataFlow::PathGraph
import codeql.ruby.security.HttpToFileAccessQuery
import HttpToFileAccessFlow::PathGraph
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
where cfg.hasFlowPath(source, sink)
from HttpToFileAccessFlow::PathNode source, HttpToFileAccessFlow::PathNode sink
where HttpToFileAccessFlow::flowPath(source, sink)
select sink.getNode(), source, sink, "Write to file system depends on $@.", source.getNode(),
"untrusted data"