Ruby: MissingFullAnchor

d10c · d10c · commit 5a8c2c9d19dd · 2025-07-11T14:48:36.000+02:00
diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/MissingFullAnchorQuery.qll b/ruby/ql/lib/codeql/ruby/security/regexp/MissingFullAnchorQuery.qll
@@ -19,7 +19,7 @@ private module MissingFullAnchorConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
 
   predicate observeDiffInformedIncrementalMode() {
-    any() // TODO: Make sure that the location overrides match the query's select clause: Column 7 selects sink.getCallNode (/Users/d10c/src/semmle-code/ql/ruby/ql/src/queries/security/cwe-020/MissingFullAnchor.ql@20:41:20:62), Column 9 selects sink.getRegex (/Users/d10c/src/semmle-code/ql/ruby/ql/src/queries/security/cwe-020/MissingFullAnchor.ql@20:76:20:94)
+    none() // can't be made diff-informed because the locations of Ruby RegExpTerms aren't correct when the regexp is parsed from a string arising from constant folding
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ private module MissingFullAnchorConfig implements DataFlow::ConfigSig {`
`19`	`19`	`predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }`
`20`	`20`
`21`	`21`	`predicate observeDiffInformedIncrementalMode() {`
`22`		`- any() // TODO: Make sure that the location overrides match the query's select clause: Column 7 selects sink.getCallNode (/Users/d10c/src/semmle-code/ql/ruby/ql/src/queries/security/cwe-020/MissingFullAnchor.ql@20:41:20:62), Column 9 selects sink.getRegex (/Users/d10c/src/semmle-code/ql/ruby/ql/src/queries/security/cwe-020/MissingFullAnchor.ql@20:76:20:94)`
	`22`	`+ none() // can't be made diff-informed because the locations of Ruby RegExpTerms aren't correct when the regexp is parsed from a string arising from constant folding`
`23`	`23`	`}`
`24`	`24`	`}`
`25`	`25`