From d96153a05ef945a0768888096468662e7cb8656d Mon Sep 17 00:00:00 2001 From: amammad Date: Fri, 24 Feb 2023 09:28:16 +0100 Subject: [PATCH] v1.2 change to PascalCase --- .../experimental/CWE-502/YAMLUnsafeYamlDeserialization.ql | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ruby/ql/src/experimental/CWE-502/YAMLUnsafeYamlDeserialization.ql b/ruby/ql/src/experimental/CWE-502/YAMLUnsafeYamlDeserialization.ql index e8b3fb761f4..7612c556d90 100644 --- a/ruby/ql/src/experimental/CWE-502/YAMLUnsafeYamlDeserialization.ql +++ b/ruby/ql/src/experimental/CWE-502/YAMLUnsafeYamlDeserialization.ql @@ -20,10 +20,10 @@ import codeql.ruby.TaintTracking import DataFlow::PathGraph import codeql.ruby.security.UnsafeDeserializationCustomizations -abstract class YAMLSink extends DataFlow::Node { } +abstract class YamlSink extends DataFlow::Node { } -class YamlunsafeLoadArgument extends YAMLSink { - YamlunsafeLoadArgument() { +class YamlUnsafeLoadArgument extends YamlSink { + YamlUnsafeLoadArgument() { this = API::getTopLevelMember(["YAML", "Psych"]) .getAMethodCall(["unsafe_load_file", "unsafe_load", "load_stream"]) @@ -53,7 +53,7 @@ class Configuration extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink) { // for detecting The CVE we should uncomment following line // sink.getLocation().getFile().toString().matches("%yaml_column%") and - sink instanceof YAMLSink or + sink instanceof YamlSink or sink = API::getTopLevelMember(["YAML", "Psych"]) .getAMethodCall(["parse", "parse_stream", "parse_file"])