Ruby: Block flow into flow sources #15483

hmac · 2024-01-31T10:24:46Z

This restricts alert paths to the minimum necessary.

ruby/ql/lib/codeql/ruby/security/HttpToFileAccessQuery.qll

ruby/ql/lib/codeql/ruby/security/TaintedFormatStringQuery.qll

ruby/ql/lib/codeql/ruby/security/HttpToFileAccessQuery.qll

ruby/ql/lib/codeql/ruby/security/TaintedFormatStringQuery.qll

This restricts alert paths to the minimum necessary.

ruby/ql/lib/codeql/ruby/security/HttpToFileAccessQuery.qll

@@ -34,6 +34,8 @@

  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }

+  predicate isBarrierIn(DataFlow::Node node) { this.isSource(node) }


ruby/ql/lib/codeql/ruby/security/TaintedFormatStringQuery.qll

@@ -40,4 +40,6 @@
    super.isSanitizer(node) or
    node instanceof Sanitizer
  }
+
+  predicate isBarrierIn(DataFlow::Node node) { this.isSource(node) }


github-actions bot added the Ruby label Jan 31, 2024

github-advanced-security bot found potential problems Jan 31, 2024

View reviewed changes

hmac force-pushed the barrier-in-source branch from 3ce3fbf to c6738cc Compare January 31, 2024 10:31

Ruby: Block flow into flow sources

ca9faae

This restricts alert paths to the minimum necessary.

hmac force-pushed the barrier-in-source branch from 618cad7 to ca9faae Compare February 13, 2024 13:57

github-advanced-security bot found potential problems Feb 13, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Ruby: Block flow into flow sources #15483

Ruby: Block flow into flow sources #15483

hmac commented Jan 31, 2024

Check warning

Check warning

		@@ -34,6 +34,8 @@

		override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }

		predicate isBarrierIn(DataFlow::Node node) { this.isSource(node) }

Ruby: Block flow into flow sources #15483

Are you sure you want to change the base?

Ruby: Block flow into flow sources #15483

Conversation

hmac commented Jan 31, 2024

Check warning

Check warning