Ruby: Bugfix after HTTP::Client::Request change

RasmusWL · RasmusWL · commit 979059498467 · 2022-08-19T16:25:47.000+02:00
I guess this is not 100% accurate any longer since the base class is
only a `DataFlow::Node` now... I guess we could make it a
`DataFlow::CallNode` in the Concept definition.
diff --git a/ruby/ql/lib/codeql/ruby/security/InsecureDownloadCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/InsecureDownloadCustomizations.qll
@@ -143,7 +143,7 @@ module InsecureDownload {
       hasUnsafeExtension(req.getAUrlPart().asExpr().getConstantValue().getString())
     }
 
-    override DataFlow::Node getDownloadCall() { result.asExpr().getExpr() = req }
+    override DataFlow::Node getDownloadCall() { result = req }
 
     override DataFlow::FlowState getALabel() {
       result instanceof Label::SensitiveInsecure
@@ -193,6 +193,6 @@ module InsecureDownload {
 
     override DataFlow::FlowState getALabel() { result instanceof Label::Insecure }
 
-    override DataFlow::Node getDownloadCall() { result.asExpr().getExpr() = request }
+    override DataFlow::Node getDownloadCall() { result = request }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -143,7 +143,7 @@ module InsecureDownload {`
`143`	`143`	`hasUnsafeExtension(req.getAUrlPart().asExpr().getConstantValue().getString())`
`144`	`144`	`}`
`145`	`145`
`146`		`- override DataFlow::Node getDownloadCall() { result.asExpr().getExpr() = req }`
	`146`	`+ override DataFlow::Node getDownloadCall() { result = req }`
`147`	`147`
`148`	`148`	`override DataFlow::FlowState getALabel() {`
`149`	`149`	`result instanceof Label::SensitiveInsecure`
`@@ -193,6 +193,6 @@ module InsecureDownload {`
`193`	`193`
`194`	`194`	`override DataFlow::FlowState getALabel() { result instanceof Label::Insecure }`
`195`	`195`
`196`		`- override DataFlow::Node getDownloadCall() { result.asExpr().getExpr() = request }`
	`196`	`+ override DataFlow::Node getDownloadCall() { result = request }`
`197`	`197`	`}`
`198`	`198`	`}`