Skip to content

Commit 9c2fc1b

Browse files
RasmusWLRasmusWL
committed
Ruby: client request: getUrl => getAUrlPart
This is a port of the same change in Python from f8fc583 The description of that commit was: > I think `getUrl` is a bit too misleading, since from the name, I would > only ever expect ONE result for one request being made. > > `getAUrlPart` captures that there could be multiple results, and that > they might not constitute a whole URl. > > Which is the same naming I used when I tried to model this a long time ago > https://github.com/github/codeql/blob/a80860cdc6b06b363b0d0919600ab383a470b449/python/ql/lib/semmle/python/web/Http.qll#L102-L111
1 parent ea065b7 commit 9c2fc1b

File tree

10 files changed

+17
-17
lines changed

10 files changed

+17
-17
lines changed

ruby/ql/lib/codeql/ruby/Concepts.qll

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -485,10 +485,10 @@ module HTTP {
485485
DataFlow::Node getResponseBody() { result = super.getResponseBody() }
486486

487487
/**
488-
* Gets a node that contributes to the URL of the request.
488+
* Gets a data-flow node that contributes to the URL of the request.
489489
* Depending on the framework, a request may have multiple nodes which contribute to the URL.
490490
*/
491-
DataFlow::Node getURL() { result = super.getURL() }
491+
DataFlow::Node getAUrlPart() { result = super.getAUrlPart() }
492492

493493
/** Gets a string that identifies the framework used for this request. */
494494
string getFramework() { result = super.getFramework() }
@@ -515,11 +515,11 @@ module HTTP {
515515
/** Gets a node which returns the body of the response */
516516
abstract DataFlow::Node getResponseBody();
517517

518-
/**
519-
* Gets a node that contributes to the URL of the request.
520-
* Depending on the framework, a request may have multiple nodes which contribute to the URL.
521-
*/
522-
abstract DataFlow::Node getURL();
518+
/**
519+
* Gets a data-flow node that contributes to the URL of the request.
520+
* Depending on the framework, a request may have multiple nodes which contribute to the URL.
521+
*/
522+
abstract DataFlow::Node getAUrlPart();
523523

524524
/** Gets a string that identifies the framework used for this request. */
525525
abstract string getFramework();

ruby/ql/lib/codeql/ruby/frameworks/http_clients/Excon.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ class ExconHttpRequest extends HTTP::Client::Request::Range {
5252

5353
override DataFlow::Node getResponseBody() { result = requestNode.getAMethodCall("body") }
5454

55-
override DataFlow::Node getURL() {
55+
override DataFlow::Node getAUrlPart() {
5656
// For one-off requests, the URL is in the first argument of the request method call.
5757
// For connection re-use, the URL is split between the first argument of the `new` call
5858
// and the `path` keyword argument of the request method call.

ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ class FaradayHttpRequest extends HTTP::Client::Request::Range {
4545

4646
override DataFlow::Node getResponseBody() { result = requestNode.getAMethodCall("body") }
4747

48-
override DataFlow::Node getURL() {
48+
override DataFlow::Node getAUrlPart() {
4949
result = requestUse.getArgument(0) or
5050
result = connectionUse.(DataFlow::CallNode).getArgument(0) or
5151
result = connectionUse.(DataFlow::CallNode).getKeywordArgument("url")

ruby/ql/lib/codeql/ruby/frameworks/http_clients/HttpClient.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ class HttpClientRequest extends HTTP::Client::Request::Range {
3636
this = requestUse.asExpr().getExpr()
3737
}
3838

39-
override DataFlow::Node getURL() { result = requestUse.getArgument(0) }
39+
override DataFlow::Node getAUrlPart() { result = requestUse.getArgument(0) }
4040

4141
override DataFlow::Node getResponseBody() {
4242
// The `get_content` and `post_content` methods return the response body as

ruby/ql/lib/codeql/ruby/frameworks/http_clients/Httparty.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ class HttpartyRequest extends HTTP::Client::Request::Range {
3535
this = requestUse.asExpr().getExpr()
3636
}
3737

38-
override DataFlow::Node getURL() { result = requestUse.getArgument(0) }
38+
override DataFlow::Node getAUrlPart() { result = requestUse.getArgument(0) }
3939

4040
override DataFlow::Node getResponseBody() {
4141
// If HTTParty can recognise the response type, it will parse and return it

ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ class NetHttpRequest extends HTTP::Client::Request::Range {
5151
* Gets the node representing the URL of the request.
5252
* Currently unused, but may be useful in future, e.g. to filter out certain requests.
5353
*/
54-
override DataFlow::Node getURL() { result = request.getArgument(0) }
54+
override DataFlow::Node getAUrlPart() { result = request.getArgument(0) }
5555

5656
override DataFlow::Node getResponseBody() { result = responseBody }
5757

ruby/ql/lib/codeql/ruby/frameworks/http_clients/OpenURI.qll

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ class OpenUriRequest extends HTTP::Client::Request::Range {
3232
this = requestUse.asExpr().getExpr()
3333
}
3434

35-
override DataFlow::Node getURL() { result = requestUse.getArgument(0) }
35+
override DataFlow::Node getAUrlPart() { result = requestUse.getArgument(0) }
3636

3737
override DataFlow::Node getResponseBody() {
3838
result = requestNode.getAMethodCall(["read", "readlines"])
@@ -65,7 +65,7 @@ class OpenUriKernelOpenRequest extends HTTP::Client::Request::Range {
6565
this = requestUse.asExpr().getExpr()
6666
}
6767

68-
override DataFlow::Node getURL() { result = requestUse.getArgument(0) }
68+
override DataFlow::Node getAUrlPart() { result = requestUse.getArgument(0) }
6969

7070
override DataFlow::CallNode getResponseBody() {
7171
result.asExpr().getExpr().(MethodCall).getMethodName() in ["read", "readlines"] and

ruby/ql/lib/codeql/ruby/frameworks/http_clients/RestClient.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ class RestClientHttpRequest extends HTTP::Client::Request::Range {
3838
)
3939
}
4040

41-
override DataFlow::Node getURL() {
41+
override DataFlow::Node getAUrlPart() {
4242
result = requestUse.getKeywordArgument("url")
4343
or
4444
result = requestUse.getArgument(0) and

ruby/ql/lib/codeql/ruby/frameworks/http_clients/Typhoeus.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ class TyphoeusHttpRequest extends HTTP::Client::Request::Range {
2626
this = requestUse.asExpr().getExpr()
2727
}
2828

29-
override DataFlow::Node getURL() { result = requestUse.getArgument(0) }
29+
override DataFlow::Node getAUrlPart() { result = requestUse.getArgument(0) }
3030

3131
override DataFlow::Node getResponseBody() { result = requestNode.getAMethodCall("body") }
3232

ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ module ServerSideRequestForgery {
4343

4444
/** The URL of an HTTP request, considered as a sink. */
4545
class HttpRequestAsSink extends Sink {
46-
HttpRequestAsSink() { exists(HTTP::Client::Request req | req.getURL() = this) }
46+
HttpRequestAsSink() { exists(HTTP::Client::Request req | req.getAUrlPart() = this) }
4747
}
4848

4949
/** A string interpolation with a fixed prefix, considered as a flow sanitizer. */

0 commit comments

Comments
 (0)