hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-19 16:33:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

v1.2 change to PascalCase

Browse Source
This commit is contained in:
amammad
2023-02-24 09:28:16 +01:00
committed by Harry Maclean
parent e4b8a0e06d
commit d96153a05e
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ruby/ql/src/experimental/CWE-502/YAMLUnsafeYamlDeserialization.ql
View File

@@ -20,10 +20,10 @@ import codeql.ruby.TaintTracking
import DataFlow::PathGraph
import codeql.ruby.security.UnsafeDeserializationCustomizations
abstract class YAMLSink extends DataFlow::Node { }
abstract class YamlSink extends DataFlow::Node { }
class YamlunsafeLoadArgument extends YAMLSink {
YamlunsafeLoadArgument() {
class YamlUnsafeLoadArgument extends YamlSink {
YamlUnsafeLoadArgument() {
this =
API::getTopLevelMember(["YAML", "Psych"])
.getAMethodCall(["unsafe_load_file", "unsafe_load", "load_stream"])
@@ -53,7 +53,7 @@ class Configuration extends TaintTracking::Configuration {
override predicate isSink(DataFlow::Node sink) {
// for detecting The CVE we should uncomment following line
// sink.getLocation().getFile().toString().matches("%yaml_column%") and
sink instanceof YAMLSink or
sink instanceof YamlSink or
sink =
API::getTopLevelMember(["YAML", "Psych"])
.getAMethodCall(["parse", "parse_stream", "parse_file"])