hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2c5129e72091edc5dc2fd211095555a4e6cb1717
codeql/ruby/ql/lib/codeql/ruby/security/SensitiveGetQueryQuery.qll
Alex Ford 43fec9dfc8 Revert "Ruby: switch rb/sensitive-get-query back to using local flow" 
This reverts commit fa58c51810.
2022-10-09 13:06:13 +01:00

32 lines
1018 B
Plaintext
Raw Blame History

/**
* Provides a taint-tracking configuration for detecting flow of query string
* data to sensitive actions in GET query request handlers.
*
* Note, for performance reasons: only import this file if `Configuration` is
* needed, otherwise `SensitiveGetQueryCustomizations` should be imported
* instead.
*/
private import ruby
private import codeql.ruby.TaintTracking
/**
* Provides a taint-tracking configuration for detecting flow of query string
* data to sensitive actions in GET query request handlers.
*/
module SensitiveGetQuery {
import SensitiveGetQueryCustomizations::SensitiveGetQuery
/**
* A taint-tracking configuration for reasoning about use of sensitive data
* from a GET request query string.
*/
class Configuration extends TaintTracking::Configuration {
Configuration() { this = "SensitiveGetQuery" }
override predicate isSource(DataFlow::Node source) { source instanceof Source }
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
}
}
Reference in New Issue View Git Blame Copy Permalink