Skip to content

Commit 35da921

Browse files
alexrfordalexrford
committed
format
1 parent 50b0bb8 commit 35da921

File tree

1 file changed

+20
-20
lines changed

1 file changed

+20
-20
lines changed

ql/lib/codeql/ruby/security/ReflectedXSSCustomizations.qll

Lines changed: 20 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -101,26 +101,26 @@ module ReflectedXSS {
101101
class StringConstArrayInclusionCallAsSanitizerGuard extends SanitizerGuard,
102102
StringConstArrayInclusionCall { }
103103

104-
/**
105-
* A `VariableWriteAccessCfgNode` that is not succeeded (locally) by another
106-
* write to that variable.
107-
*/
108-
private class FinalInstanceVarWrite extends CfgNodes::ExprNodes::InstanceVariableWriteAccessCfgNode {
109-
private InstanceVariable var;
110-
111-
FinalInstanceVarWrite() {
112-
var = this.getExpr().getVariable() and
113-
not exists(CfgNodes::ExprNodes::InstanceVariableWriteAccessCfgNode succWrite |
114-
succWrite.getExpr().getVariable() = var |
115-
succWrite = this.getASuccessor+()
116-
)
117-
}
118-
119-
InstanceVariable getVariable() { result = var }
120-
121-
AssignExpr getAnAssignExpr() { result.getLeftOperand() = this.getExpr() }
104+
/**
105+
* A `VariableWriteAccessCfgNode` that is not succeeded (locally) by another
106+
* write to that variable.
107+
*/
108+
private class FinalInstanceVarWrite extends CfgNodes::ExprNodes::InstanceVariableWriteAccessCfgNode {
109+
private InstanceVariable var;
110+
111+
FinalInstanceVarWrite() {
112+
var = this.getExpr().getVariable() and
113+
not exists(CfgNodes::ExprNodes::InstanceVariableWriteAccessCfgNode succWrite |
114+
succWrite.getExpr().getVariable() = var
115+
|
116+
succWrite = this.getASuccessor+()
117+
)
122118
}
123119

120+
InstanceVariable getVariable() { result = var }
121+
122+
AssignExpr getAnAssignExpr() { result.getLeftOperand() = this.getExpr() }
123+
}
124124

125125
/**
126126
* An additional step that is taint-preserving in the context of reflected XSS.
@@ -157,8 +157,8 @@ module ReflectedXSS {
157157
or
158158
// instance variables in the controller
159159
exists(
160-
ActionControllerActionMethod action, VariableReadAccess viewVarRead,
161-
AssignExpr ae, FinalInstanceVarWrite controllerVarWrite
160+
ActionControllerActionMethod action, VariableReadAccess viewVarRead, AssignExpr ae,
161+
FinalInstanceVarWrite controllerVarWrite
162162
|
163163
viewVarRead = node2.asExpr().(CfgNodes::ExprNodes::VariableReadAccessCfgNode).getExpr() and
164164
action.getDefaultTemplateFile() = viewVarRead.getLocation().getFile() and

0 commit comments

Comments
 (0)