Ruby: rack - start modelling request inputs

alexrford · alexrford · commit cc6f6418f5fa · 2023-07-05T12:18:52.000+01:00
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Rack.qll b/ruby/ql/lib/codeql/ruby/frameworks/Rack.qll
@@ -7,6 +7,7 @@
  */
 module Rack {
   import rack.internal.App
+  import rack.internal.Request
   import rack.internal.Response::Public as Response
 
   /** DEPRECATED: Alias for App::AppCandidate */
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/Request.qll b/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/Request.qll
@@ -0,0 +1,37 @@
+/**
+ * Provides modeling for the `Request` component of the `Rack` library.
+ */
+
+private import codeql.ruby.AST
+private import codeql.ruby.ApiGraphs
+private import codeql.ruby.Concepts
+private import codeql.ruby.DataFlow
+
+/**
+ * Provides modeling for the `Request` component of the `Rack` library.
+ */
+module Request {
+  private class RackRequest extends API::Node {
+    RackRequest() { this = API::getTopLevelMember("Rack").getMember("Request").getInstance() }
+  }
+
+  private class RackRequestParamsAccess extends Http::Server::RequestInputAccess::Range {
+    RackRequestParamsAccess() {
+      this = any(RackRequest req).getAMethodCall(["params", "query_string", "[]", "fullpath"])
+    }
+
+    override string getSourceType() { result = "Rack::Request#params" }
+
+    override Http::Server::RequestInputKind getKind() {
+      result = Http::Server::parameterInputKind()
+    }
+  }
+
+  private class RackRequestCookiesAccess extends Http::Server::RequestInputAccess::Range {
+    RackRequestCookiesAccess() { this = any(RackRequest req).getAMethodCall("cookies") }
+
+    override string getSourceType() { result = "Rack::Request#cookies" }
+
+    override Http::Server::RequestInputKind getKind() { result = Http::Server::cookieInputKind() }
+  }
+}
