Ruby: configsig rb/sensitive-get-query

2026-04-26 17:25:19 +02:00 · 2023-09-01 15:51:20 +01:00
parent 593d9a48d4
commit df9173502e
2 changed files with 25 additions and 9 deletions
--- a/ruby/ql/lib/codeql/ruby/security/SensitiveGetQueryQuery.qll
+++ b/ruby/ql/lib/codeql/ruby/security/SensitiveGetQueryQuery.qll
@@ -2,9 +2,9 @@
 * Provides a taint-tracking configuration for detecting flow of query string
 * data to sensitive actions in GET query request handlers.
 *
- * Note, for performance reasons: only import this file if `Configuration` is
- * needed, otherwise `SensitiveGetQueryCustomizations` should be imported
- * instead.
+ * Note, for performance reasons: only import this file if
+ * `SensitiveGetQueryFlow` is needed, otherwise
+ * `SensitiveGetQueryCustomizations` should be imported instead.
 */

 private import ruby
@@ -13,15 +13,16 @@ private import codeql.ruby.TaintTracking
 /**
 * Provides a taint-tracking configuration for detecting flow of query string
 * data to sensitive actions in GET query request handlers.
+ * DEPRECATED: Use `SensitiveGetQueryFlow`
 */
-module SensitiveGetQuery {
+deprecated module SensitiveGetQuery {
  import SensitiveGetQueryCustomizations::SensitiveGetQuery

  /**
   * A taint-tracking configuration for reasoning about use of sensitive data
   * from a GET request query string.
   */
-  class Configuration extends TaintTracking::Configuration {
+  deprecated class Configuration extends TaintTracking::Configuration {
    Configuration() { this = "SensitiveGetQuery" }

    override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -29,3 +30,17 @@ module SensitiveGetQuery {
    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
  }
 }
+
+private module SensitiveGetQueryConfig implements DataFlow::ConfigSig {
+  import SensitiveGetQueryCustomizations::SensitiveGetQuery
+
+  predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+}
+
+/**
+ * Taint-tracking for reasoning about use of sensitive data from a
+ *  GET request query string.
+ */
+module SensitiveGetQueryFlow = TaintTracking::Global<SensitiveGetQueryConfig>;
--- a/ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.ql
+++ b/ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.ql
@@ -13,9 +13,10 @@

 import ruby
 import codeql.ruby.security.SensitiveGetQueryQuery
+import codeql.ruby.security.SensitiveGetQueryCustomizations::SensitiveGetQuery
 import codeql.ruby.security.SensitiveActions

-from DataFlow::Node source, DataFlow::Node sink, SensitiveGetQuery::Configuration config
-where config.hasFlow(source, sink)
-select source, "$@ for GET requests uses query parameter as sensitive data.",
-  source.(SensitiveGetQuery::Source).getHandler(), "Route handler"
+from Source source, DataFlow::Node sink
+where SensitiveGetQueryFlow::flow(source, sink)
+select source, "$@ for GET requests uses query parameter as sensitive data.", source.getHandler(),
+  "Route handler"