Ruby: convert ActiveStorage::Filename model to MaD

2026-04-30 19:26:02 +02:00 · 2022-02-11 20:14:59 +01:00
parent e6a3747656
commit e10e3b9466
1 changed files with 9 additions and 38 deletions
--- a/ruby/ql/lib/codeql/ruby/frameworks/ActiveStorage.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/ActiveStorage.qll
@@ -7,6 +7,7 @@ private import codeql.ruby.ApiGraphs
 private import codeql.ruby.Concepts
 private import codeql.ruby.DataFlow
 private import codeql.ruby.dataflow.FlowSummary
+private import codeql.ruby.frameworks.data.ModelsAsData

 /** A call to `ActiveStorage::Filename#sanitized`, considered as a path sanitizer. */
 class ActiveStorageFilenameSanitizedCall extends Path::PathSanitization::Range, DataFlow::CallNode {
@@ -17,43 +18,13 @@ class ActiveStorageFilenameSanitizedCall extends Path::PathSanitization::Range,
  }
 }

-/** The taint summary for `ActiveStorage::Filename.new`. */
-class ActiveStorageFilenameNewSummary extends SummarizedCallable {
-  ActiveStorageFilenameNewSummary() { this = "ActiveStorage::Filename.new" }
-
-  override MethodCall getACall() {
-    result =
-      API::getTopLevelMember("ActiveStorage")
-          .getMember("Filename")
-          .getAnInstantiation()
-          .asExpr()
-          .getExpr()
-  }
-
-  override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
-    input = "Argument[0]" and
-    output = "ReturnValue" and
-    preservesValue = false
-  }
-}
-
-/** The taint summary for `ActiveStorage::Filename#sanitized`. */
-class ActiveStorageFilenameSanitizedSummary extends SummarizedCallable {
-  ActiveStorageFilenameSanitizedSummary() { this = "ActiveStorage::Filename#sanitized" }
-
-  override MethodCall getACall() {
-    result =
-      API::getTopLevelMember("ActiveStorage")
-          .getMember("Filename")
-          .getInstance()
-          .getAMethodCall("sanitized")
-          .asExpr()
-          .getExpr()
-  }
-
-  override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
-    input = "Argument[-1]" and
-    output = "ReturnValue" and
-    preservesValue = false
+/** Taint related to `ActiveStorage::Filename`. */
+private class Summaries extends ModelInput::SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "activestorage;;Member[ActiveStorage].Member[Filename].Method[new];Argument[0];ReturnValue;taint",
+        "activestorage;;Member[ActiveStorage].Member[Filename].Instance.Method[sanitized];Argument[-1];ReturnValue;taint",
+      ]
  }
 }