Merge pull request #16377 from hmac/hmac-sanitization-fp

Ruby: Fix StringSubstitutionCall charpred
2026-04-30 03:05:15 +02:00 · 2024-05-02 13:31:01 +01:00
parent 9bfb189fa7 f7fc2e0b00
commit ef88f3ed09
2 changed files with 10 additions and 3 deletions
--- a/ruby/ql/test/query-tests/security/cwe-116/IncompleteSanitization/tst.rb
+++ b/ruby/ql/test/query-tests/security/cwe-116/IncompleteSanitization/tst.rb
@@ -268,3 +268,8 @@ def bad_path_sanitizer(p1, p2)
  p1.sub! "/../", "" # NOT OK
  p2.sub  "/../", "" # NOT OK
 end
+
+def each_line_sanitizer(p1)
+  p1.each_line("\n") do |l| # OK - does no sanitization
+  end
+end