hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix rb/code-injection

Browse Source
This commit is contained in:
erik-krogh
2022-10-25 14:44:23 +02:00
parent b9f1cc5c6f
commit e8dce25cc2
4 changed files with 24 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ruby/ql/src/queries/security/cwe-094/CodeInjection.ql
View File

@@ -25,9 +25,10 @@ where
// removing duplications of the same path, but different flow-labels.
sink =
min(DataFlow::PathNode otherSink |
config.hasFlowPath(any(DataFlow::PathNode s | s.getNode() = source.getNode()), otherSink)
config.hasFlowPath(any(DataFlow::PathNode s | s.getNode() = sourceNode), otherSink) and
otherSink.getNode() = sink.getNode()
|
otherSink order by otherSink.getState()
)
select sink.getNode(), source, sink, "This code execution depends on a $@.", source.getNode(),
select sink.getNode(), source, sink, "This code execution depends on a $@.", sourceNode,
"user-provided value"