File tree Expand file tree Collapse file tree 1 file changed +3
-2
lines changed
ruby/ql/src/experimental/decompression-api Expand file tree Collapse file tree 1 file changed +3
-2
lines changed Original file line number Diff line number Diff line change @@ -19,7 +19,7 @@ import DataFlow::PathGraph
1919class DecompressionApiUse extends DataFlow:: Node {
2020 private DataFlow:: CallNode call ;
2121
22- // this should find the first argument of Zlib::Inflate.inflate
22+ // this should find the first argument in calls to Zlib::Inflate.inflate or Zip::File.open_buffer
2323 DecompressionApiUse ( ) {
2424 this = call .getArgument ( 0 ) and
2525 (
@@ -28,6 +28,7 @@ class DecompressionApiUse extends DataFlow::Node {
2828 )
2929 }
3030
31+ // returns calls to Zlib::Inflate.inflate or Zip::File.open_buffer
3132 DataFlow:: CallNode getCall ( ) { result = call }
3233}
3334
@@ -37,7 +38,7 @@ class Configuration extends TaintTracking::Configuration {
3738 // this predicate will be used to constrain our query to find instances where only remote user-controlled data flows to the sink
3839 override predicate isSource ( DataFlow:: Node source ) { source instanceof RemoteFlowSource }
3940
40- // our Decompression APIs defined above will the the sinks we use for this query
41+ // our Decompression APIs defined above will be the sinks we use for this query
4142 override predicate isSink ( DataFlow:: Node sink ) {
4243 sink instanceof DecompressionApiUse
4344 }
You can’t perform that action at this time.
0 commit comments