Skip to content

Commit 1dbba19

Browse files
alexrfordalexrford
committed
Ruby: use new dataflow api in Excon.qll
1 parent 489f598 commit 1dbba19

File tree

1 file changed

+7
-13
lines changed
  • ruby/ql/lib/codeql/ruby/frameworks/http_clients

1 file changed

+7
-13
lines changed

ruby/ql/lib/codeql/ruby/frameworks/http_clients/Excon.qll

Lines changed: 7 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,6 @@ private import codeql.ruby.CFG
77
private import codeql.ruby.Concepts
88
private import codeql.ruby.ApiGraphs
99
private import codeql.ruby.DataFlow
10-
private import codeql.ruby.dataflow.internal.DataFlowImplForHttpClientLibraries as DataFlowImplForHttpClientLibraries
1110

1211
/**
1312
* A call that makes an HTTP request using `Excon`.
@@ -72,8 +71,7 @@ class ExconHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode
7271
override predicate disablesCertificateValidation(
7372
DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
7473
) {
75-
any(ExconDisablesCertificateValidationConfiguration config)
76-
.hasFlow(argumentOrigin, disablingNode) and
74+
ExconDisablesCertificateValidationFlow::flow(argumentOrigin, disablingNode) and
7775
disablingNode = this.getCertificateValidationControllingValue()
7876
or
7977
// We set `Excon.defaults[:ssl_verify_peer]` or `Excon.ssl_verify_peer` = false`
@@ -114,17 +112,13 @@ class ExconHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode
114112
}
115113

116114
/** A configuration to track values that can disable certificate validation for Excon. */
117-
private class ExconDisablesCertificateValidationConfiguration extends DataFlowImplForHttpClientLibraries::Configuration
118-
{
119-
ExconDisablesCertificateValidationConfiguration() {
120-
this = "ExconDisablesCertificateValidationConfiguration"
121-
}
122-
123-
override predicate isSource(DataFlow::Node source) {
124-
source.asExpr().getExpr().(BooleanLiteral).isFalse()
125-
}
115+
private module ExconDisablesCertificateValidationConfig implements DataFlow::ConfigSig {
116+
predicate isSource(DataFlow::Node source) { source.asExpr().getExpr().(BooleanLiteral).isFalse() }
126117

127-
override predicate isSink(DataFlow::Node sink) {
118+
predicate isSink(DataFlow::Node sink) {
128119
sink = any(ExconHttpRequest req).getCertificateValidationControllingValue()
129120
}
130121
}
122+
123+
private module ExconDisablesCertificateValidationFlow =
124+
DataFlow::Global<ExconDisablesCertificateValidationConfig>;

0 commit comments

Comments
 (0)