Ruby: Add reorder as a SQL sink

In recent versions of Rails this method doesn't seem to be vulnerable, but it may be in previous versions. There's a slight FP risk here, but I think it is small.
2026-04-27 17:55:19 +02:00 · 2023-03-13 08:38:17 +13:00
parent ab58d4c11f
commit c97dccf0de
3 changed files with 27 additions and 21 deletions
--- a/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll
@@ -116,8 +116,8 @@ private Expr sqlFragmentArgument(MethodCall call) {
        [
          "delete_all", "delete_by", "destroy_all", "destroy_by", "exists?", "find_by", "find_by!",
          "find_or_create_by", "find_or_create_by!", "find_or_initialize_by", "find_by_sql", "from",
-          "group", "having", "joins", "lock", "not", "order", "pluck", "where", "rewhere", "select",
-          "reselect", "update_all"
+          "group", "having", "joins", "lock", "not", "order", "reorder", "pluck", "where",
+          "rewhere", "select", "reselect", "update_all"
        ] and
      result = call.getArgument(0)
      or