hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-10 04:01:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
655aa700bc25636bd8a334bcb8c19ccc9a09fcff
codeql/ruby/ql/test/query-tests/security/cwe-116/IncompleteMultiCharacterSanitization/IncompleteMultiCharacterSanitization.ql
Tony Torralba c9d1cd97fb Ruby: Remove omittable exists variables
2023-01-10 13:39:49 +01:00

40 lines
1.1 KiB
Plaintext
Raw Blame History

/**
* @kind problem
*/
import codeql.ruby.AST
import codeql.ruby.regexp.RegExpTreeView as RETV
import codeql.ruby.DataFlow
import codeql.ruby.security.IncompleteMultiCharacterSanitizationQuery as Query
import TestUtilities.InlineExpectationsTest
class Test extends InlineExpectationsTest {
Test() { this = "IncompleteMultiCharacterSanitizationTest" }
override string getARelevantTag() { result = "hasResult" }
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "hasResult" and
hasResult(location, element, value)
}
}
predicate hasResult(Location location, string element, string value) {
exists(DataFlow::Node replace, string kind |
replace.getLocation() = location and
element = replace.toString() and
value = shortKind(kind)
|
Query::isResult(replace, _, _, kind)
)
}
bindingset[kind]
string shortKind(string kind) {
kind = "an HTML element injection vulnerability" and result = "html"
or
kind = "a path injection vulnerability" and result = "path"
or
kind = "an HTML attribute injection vulnerability" and result = "attr"
}
Reference in New Issue View Git Blame Copy Permalink