Merge pull request github#15866 from hvitved/ruby/orm-tracking-ap-limit

hvitved · web-flow · commit 4085c8ec8f49 · 2024-03-13T10:57:09.000+01:00
Ruby: Lower access path limit to 1 for `OrmTracking`
diff --git a/ruby/ql/lib/codeql/ruby/security/XSS.qll b/ruby/ql/lib/codeql/ruby/security/XSS.qll
@@ -299,6 +299,8 @@ private module OrmTracking {
     }
 
     predicate isBarrierIn(DataFlow::Node node) { node instanceof DataFlow::SelfParameterNode }
+
+    int accessPathLimit() { result = 1 }
   }
 
   import DataFlow::Global<Config>

Original file line number	Diff line number	Diff line change
`@@ -299,6 +299,8 @@ private module OrmTracking {`
`299`	`299`	`}`
`300`	`300`
`301`	`301`	`predicate isBarrierIn(DataFlow::Node node) { node instanceof DataFlow::SelfParameterNode }`
	`302`	`+`
	`303`	`+ int accessPathLimit() { result = 1 }`
`302`	`304`	`}`
`303`	`305`
`304`	`306`	`import DataFlow::Global<Config>`