Skip to content

Commit c78d02d

Browse files
aibaarsaibaars
committed
Fix module of Parser::Options
1 parent b06bb7a commit c78d02d

File tree

2 files changed

+5
-4
lines changed

2 files changed

+5
-4
lines changed

ql/lib/codeql/ruby/frameworks/XmlParsing.qll

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -93,9 +93,10 @@ private class FeatureDTDLOAD extends Feature, TDTDLOAD {
9393
private API::Node parseOptionsModule() {
9494
result = API::getTopLevelMember("Nokogiri").getMember("XML").getMember("ParseOptions")
9595
or
96-
result = API::getTopLevelMember("LibXML").getMember("XML").getMember("Options")
96+
result =
97+
API::getTopLevelMember("LibXML").getMember("XML").getMember("Parser").getMember("Options")
9798
or
98-
result = API::getTopLevelMember("XML").getMember("Options")
99+
result = API::getTopLevelMember("XML").getMember("Parser").getMember("Options")
99100
}
100101

101102
private predicate bitWiseAndOr(CfgNodes::ExprNodes::OperationCfgNode operation) {

ql/test/query-tests/security/cwe-611/LibXmlRuby.rb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@ class LibXmlRubyXXE < ApplicationController
22

33
content = params[:xml]
44
LibXML::XML::Document.string(content, { options: 2 | 2048, encoding: 'utf-8' })
5-
LibXML::XML::Document.file(content, { options: LibXML::XML::Options::NOENT | 2048})
6-
LibXML::XML::Document.io(content, { options: XML::Options::NOENT| 2048 })
5+
LibXML::XML::Document.file(content, { options: LibXML::XML::Parser::Options::NOENT | 2048})
6+
LibXML::XML::Document.io(content, { options: XML::Parser::Options::NOENT | 2048 })
77
LibXML::XML::Parser.string(content, { options: 2 | 2048 })
88
LibXML::XML::Parser.file(content, { options: 3 | 2048 })
99
LibXML::XML::Parser.io(content, { options: 2 | 2048})

0 commit comments

Comments
 (0)