hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll

Browse Source 
Co-authored-by: Arthur Baars <aibaars@github.com>
This commit is contained in:
Sim4n6
2023-05-20 12:43:05 +01:00
committed by GitHub
parent 69ca49f168
commit eb7e1de65b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll
View File

@@ -50,7 +50,7 @@ class Configuration extends TaintTracking::Configuration {
override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) {
exists(DataFlow::CallNode cn |
cn.getMethodName() = "unicode_normalize" and
cn.getArgument(0).toString() = [":nfkc", ":nfc"] and
cn.getArgument(0).getConstantValue().getSymbol() = [":nfkc", ":nfc"] and
sink = cn.getReceiver()
) and
state instanceof PostValidation