Skip to content

Commit 1ffcf4b

Browse files
alexrfordalexrford
committed
Ruby: use new dataflow api in Faraday.qll
1 parent 1dbba19 commit 1ffcf4b

File tree

1 file changed

+8
-12
lines changed
  • ruby/ql/lib/codeql/ruby/frameworks/http_clients

1 file changed

+8
-12
lines changed

ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll

Lines changed: 8 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,6 @@ private import codeql.ruby.CFG
77
private import codeql.ruby.Concepts
88
private import codeql.ruby.ApiGraphs
99
private import codeql.ruby.DataFlow
10-
private import codeql.ruby.dataflow.internal.DataFlowImplForHttpClientLibraries as DataFlowImplForHttpClientLibraries
1110

1211
/**
1312
* A call that makes an HTTP request using `Faraday`.
@@ -78,32 +77,29 @@ class FaradayHttpRequest extends Http::Client::Request::Range, DataFlow::CallNod
7877
override predicate disablesCertificateValidation(
7978
DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
8079
) {
81-
any(FaradayDisablesCertificateValidationConfiguration config)
82-
.hasFlow(argumentOrigin, disablingNode) and
80+
FaradayDisablesCertificateValidationFlow::flow(argumentOrigin, disablingNode) and
8381
disablingNode = this.getCertificateValidationControllingValue(_)
8482
}
8583

8684
override string getFramework() { result = "Faraday" }
8785
}
8886

8987
/** A configuration to track values that can disable certificate validation for Faraday. */
90-
private class FaradayDisablesCertificateValidationConfiguration extends DataFlowImplForHttpClientLibraries::Configuration
91-
{
92-
FaradayDisablesCertificateValidationConfiguration() {
93-
this = "FaradayDisablesCertificateValidationConfiguration"
94-
}
88+
private module FaradayDisablesCertificateValidationConfig implements DataFlow::StateConfigSig {
89+
class FlowState = string;
9590

96-
override predicate isSource(
97-
DataFlow::Node source, DataFlowImplForHttpClientLibraries::FlowState state
98-
) {
91+
predicate isSource(DataFlow::Node source, FlowState state) {
9992
source.asExpr().getExpr().(BooleanLiteral).isFalse() and
10093
state = "verify"
10194
or
10295
source = API::getTopLevelMember("OpenSSL").getMember("SSL").getMember("VERIFY_NONE").asSource() and
10396
state = "verify_mode"
10497
}
10598

106-
override predicate isSink(DataFlow::Node sink, DataFlowImplForHttpClientLibraries::FlowState state) {
99+
predicate isSink(DataFlow::Node sink, FlowState state) {
107100
sink = any(FaradayHttpRequest req).getCertificateValidationControllingValue(state)
108101
}
109102
}
103+
104+
private module FaradayDisablesCertificateValidationFlow =
105+
DataFlow::GlobalWithState<FaradayDisablesCertificateValidationConfig>;

0 commit comments

Comments
 (0)