hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-19 08:23:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

v1.1

Browse Source
This commit is contained in:
amammad
2023-02-23 21:45:33 +01:00
committed by Harry Maclean
parent 486a5ac96f
commit e4b8a0e06d
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ruby/ql/src/experimental/CWE-502/YAMLUnsafeYamlDeserialization.ql
View File

@@ -18,6 +18,7 @@ import codeql.ruby.DataFlow
import codeql.ruby.dataflow.RemoteFlowSources
import codeql.ruby.TaintTracking
import DataFlow::PathGraph
import codeql.ruby.security.UnsafeDeserializationCustomizations
abstract class YAMLSink extends DataFlow::Node { }
@@ -45,8 +46,8 @@ class Configuration extends TaintTracking::Configuration {
override predicate isSource(DataFlow::Node source) {
// for detecting The CVE we should uncomment following line instead of current RemoteFlowSource
source instanceof DataFlow::LocalSourceNode
// source instanceof RemoteFlowSource
// source instanceof DataFlow::LocalSourceNode
source instanceof UnsafeDeserialization::Source
}
override predicate isSink(DataFlow::Node sink) {