hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: Refactor

Browse Source
This commit is contained in:
Harry Maclean
2023-03-14 12:58:32 +13:00
parent 9c3d141c9c
commit d814e15a2f
1 changed files with 4 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll
View File

@@ -214,19 +214,15 @@ class ActiveRecordSqlExecutionRange extends SqlExecution::Range {
this.asExpr().getNode() = mc.getSqlFragmentSinkArgument()
)
or
exists(DataFlow::CallNode executeCall |
executeCall.getReceiver() = activeRecordConnectionInstance() and
executeCall.getMethodName() = "execute" and
this = executeCall.getArgument(0) and
unsafeSqlExpr(this.asExpr().getExpr())
)
this = activeRecordConnectionInstance().getAMethodCall("execute").getArgument(0) and
unsafeSqlExpr(this.asExpr().getExpr())
}
override DataFlow::Node getSql() { result = this }
}
private DataFlow::Node activeRecordConnectionInstance() {
result = activeRecordClassApiNode().getAMethodCall("connection")
private API::Node activeRecordConnectionInstance() {
result = activeRecordClassApiNode().getReturn("connection")
}
// TODO: model `ActiveRecord` sanitizers