hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: fix sqlite3 PreparedStatementExecution.getSql() predicate

Browse Source
This commit is contained in:
Alex Ford
2023-06-28 17:09:43 +01:00
parent f0517028b9
commit ede6b262cd
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ruby/ql/lib/codeql/ruby/frameworks/Sqlite3.qll
View File

@@ -47,7 +47,7 @@ module Sqlite3 {
this.getMethodName() = ["columns", "execute", "execute!", "get_metadata", "types"]
}
override DataFlow::Node getSql() { result = stmt.getReceiver() }
override DataFlow::Node getSql() { result = stmt.getSql() }
}
/** Gets the name of a method called against a database that executes an SQL statement. */

2
ruby/ql/test/library-tests/frameworks/sqlite3/Sqlite3.expected
View File

@@ -5,6 +5,6 @@ sqlite3SqlConstruction
| sqlite3.rb:29:7:29:40 | call to execute | sqlite3.rb:29:19:29:39 | "select * from table" |
sqlite3SqlExecution
| sqlite3.rb:5:1:5:17 | call to execute | sqlite3.rb:5:12:5:17 | <<-SQL |
| sqlite3.rb:14:1:14:12 | call to execute | sqlite3.rb:12:8:12:9 | db |
| sqlite3.rb:14:1:14:12 | call to execute | sqlite3.rb:12:19:12:41 | "select * from numbers" |
| sqlite3.rb:17:3:19:5 | call to execute | sqlite3.rb:17:15:17:35 | "select * from table" |
| sqlite3.rb:29:7:29:40 | call to execute | sqlite3.rb:29:19:29:39 | "select * from table" |