Ruby: handle Regexp.quote wherever we handle Regexp.escape

nickrolfe · nickrolfe · commit 4b42c4447b31 · 2021-11-22T17:12:01.000Z
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll b/ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll
@@ -335,12 +335,12 @@ class ModuleEvalCallCodeExecution extends CodeExecution::Range, DataFlow::CallNo
   override DataFlow::Node getCode() { result = this.getArgument(0) }
 }
 
-/** Flow summary for `Regexp.escape`. */
+/** Flow summary for `Regexp.escape` and its alias, `Regexp.quote`. */
 class RegexpEscapeSummary extends SummarizedCallable {
   RegexpEscapeSummary() { this = "Regexp.escape" }
 
   override MethodCall getACall() {
-    result = API::getTopLevelMember("Regexp").getAMethodCall("escape").asExpr().getExpr()
+    result = API::getTopLevelMember("Regexp").getAMethodCall(["escape", "quote"]).asExpr().getExpr()
   }
 
   override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
diff --git a/ruby/ql/lib/codeql/ruby/security/performance/RegExpInjectionCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/performance/RegExpInjectionCustomizations.qll
@@ -70,9 +70,12 @@ module RegExpInjection {
     StringConstArrayInclusionCall { }
 
   /**
-   * A call to `Regexp.escape`, considered as a sanitizer.
+   * A call to `Regexp.escape` (or its alias, `Regexp.quote`), considered as a
+   * sanitizer.
    */
   class RegexpEscapeSanitization extends Sanitizer {
-    RegexpEscapeSanitization() { this = API::getTopLevelMember("Regexp").getAMethodCall("escape") }
+    RegexpEscapeSanitization() {
+      this = API::getTopLevelMember("Regexp").getAMethodCall(["escape", "quote"])
+    }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -335,12 +335,12 @@ class ModuleEvalCallCodeExecution extends CodeExecution::Range, DataFlow::CallNo`
`335`	`335`	`override DataFlow::Node getCode() { result = this.getArgument(0) }`
`336`	`336`	`}`
`337`	`337`
`338`		-/** Flow summary for `Regexp.escape`. */
	`338`	+/** Flow summary for `Regexp.escape` and its alias, `Regexp.quote`. */
`339`	`339`	`class RegexpEscapeSummary extends SummarizedCallable {`
`340`	`340`	`RegexpEscapeSummary() { this = "Regexp.escape" }`
`341`	`341`
`342`	`342`	`override MethodCall getACall() {`
`343`		`- result = API::getTopLevelMember("Regexp").getAMethodCall("escape").asExpr().getExpr()`
	`343`	`+ result = API::getTopLevelMember("Regexp").getAMethodCall(["escape", "quote"]).asExpr().getExpr()`
`344`	`344`	`}`
`345`	`345`
`346`	`346`	`override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {`
Original file line number	Diff line number	Diff line change
`@@ -70,9 +70,12 @@ module RegExpInjection {`
`70`	`70`	`StringConstArrayInclusionCall { }`
`71`	`71`
`72`	`72`	`/**`
`73`		- * A call to `Regexp.escape`, considered as a sanitizer.
	`73`	+ * A call to `Regexp.escape` (or its alias, `Regexp.quote`), considered as a
	`74`	`+ * sanitizer.`
`74`	`75`	`*/`
`75`	`76`	`class RegexpEscapeSanitization extends Sanitizer {`
`76`		`- RegexpEscapeSanitization() { this = API::getTopLevelMember("Regexp").getAMethodCall("escape") }`
	`77`	`+ RegexpEscapeSanitization() {`
	`78`	`+ this = API::getTopLevelMember("Regexp").getAMethodCall(["escape", "quote"])`
	`79`	`+ }`
`77`	`80`	`}`
`78`	`81`	`}`