hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-08 19:21:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
655aa700bc25636bd8a334bcb8c19ccc9a09fcff
codeql/ruby/ql/test/library-tests/frameworks/rack/Rack.ql
Harry Maclean 0626d693f5 Ruby: Recognise rack applications 
This is a basic first step in modelling rack apps. We recognise classes
that look like rack applications and then treat the argument to `call`
in the same way that we treat `request.env` in ActionController classes.

This finds a TP in CVE-2021-43840.
2023-01-12 11:28:31 +13:00

5 lines
177 B
Plaintext
Raw Blame History

private import codeql.ruby.frameworks.Rack
private import codeql.ruby.DataFlow
query predicate rackApps(Rack::AppCandidate c, DataFlow::ParameterNode env) { env = c.getEnv() }
Reference in New Issue View Git Blame Copy Permalink