Ruby: add RequestInputAccess#getKind predicate

Author: alexrford

ruby/ql/lib/codeql/ruby/Concepts.qll

@@ -314,6 +314,14 @@ module Http {
        * This is typically the name of the method that gives rise to this input.
        */
       string getSourceType() { result = super.getSourceType() }
+
+      /**
+       * Gets the kind of the accessed input,
+       * Can be one of "parameter", "header", "body", "url", "cookie".
+       *
+       * Note that this predicate is functional.
+       */
+      string getKind() { result = super.getKind() }
     }
 
     /** Provides a class for modeling new HTTP request inputs. */
@@ -331,6 +339,14 @@ module Http {
          * This is typically the name of the method that gives rise to this input.
          */
         abstract string getSourceType();
+
+        /**
+         * Gets the kind of the accessed input,
+         * Can be one of "parameter", "header", "body", "url", "cookie".
+         *
+         * Note that this predicate is functional.
+         */
+        abstract string getKind();
       }
     }
 
@@ -411,6 +427,8 @@ module Http {
       RoutedParameter() { this.getParameter() = handler.getARoutedParameter() }
 
       override string getSourceType() { result = handler.getFramework() + " RoutedParameter" }
+
+      override string getKind() { result = "url" }
     }
 
     /**

ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll

@@ -141,6 +141,8 @@ class ParamsSource extends Http::Server::RequestInputAccess::Range {
   ParamsSource() { this.asExpr().getExpr() instanceof Rails::ParamsCall }
 
   override string getSourceType() { result = "ActionController::Metal#params" }
+
+  override string getKind() { result = "parameter" }
 }
 
 /**
@@ -151,6 +153,8 @@ class CookiesSource extends Http::Server::RequestInputAccess::Range {
   CookiesSource() { this.asExpr().getExpr() instanceof Rails::CookiesCall }
 
   override string getSourceType() { result = "ActionController::Metal#cookies" }
+
+  override string getKind() { result = "cookie" }
 }
 
 /** A call to `cookies` from within a controller. */

ruby/ql/lib/codeql/ruby/security/SensitiveGetQueryCustomizations.qll

@@ -33,7 +33,7 @@ module SensitiveGetQuery {
     RequestInputAccessSource() {
       handler = this.asExpr().getExpr().getEnclosingMethod() and
       handler.getAnHttpMethod() = "get" and
-      this.getSourceType().matches(["%params%", "%parameters%"])
+      this.getKind() = "parameter"
     }
 
     override Http::Server::RequestHandler getHandler() { result = handler }