Ruby: limit rb/sensitive-get-query to data from query params

alexrford · alexrford · commit 084efe062a81 · 2022-10-05T12:57:57.000+01:00
diff --git a/ruby/ql/lib/codeql/ruby/security/SensitiveGetQueryCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/SensitiveGetQueryCustomizations.qll
@@ -32,7 +32,8 @@ module SensitiveGetQuery {
 
     RequestInputAccessSource() {
       handler = this.asExpr().getExpr().getEnclosingMethod() and
-      handler.getAnHttpMethod() = "get"
+      handler.getAnHttpMethod() = "get" and
+      this.getSourceType().matches(["%params%", "%parameters%"])
     }
 
     override Http::Server::RequestHandler getHandler() { result = handler }

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,8 @@ module SensitiveGetQuery {`
`32`	`32`
`33`	`33`	`RequestInputAccessSource() {`
`34`	`34`	`handler = this.asExpr().getExpr().getEnclosingMethod() and`
`35`		`- handler.getAnHttpMethod() = "get"`
	`35`	`+ handler.getAnHttpMethod() = "get" and`
	`36`	`+ this.getSourceType().matches(["%params%", "%parameters%"])`
`36`	`37`	`}`
`37`	`38`
`38`	`39`	`override Http::Server::RequestHandler getHandler() { result = handler }`