update predicate visibility

alexrford · alexrford · commit d7b5e4c779c9 · 2021-10-12T20:43:20.000+01:00
diff --git a/ql/lib/codeql/ruby/security/XSS.qll b/ql/lib/codeql/ruby/security/XSS.qll
@@ -122,7 +122,7 @@ private module Shared {
     AssignExpr getAnAssignExpr() { result.getLeftOperand() = this.getExpr() }
   }
 
-  predicate isFlowFromLocals(DataFlow::Node node1, DataFlow::Node node2) {
+  private predicate isFlowFromLocals(DataFlow::Node node1, DataFlow::Node node2) {
     // node1 is a `locals` argument to a render call...
     exists(RenderCall call, Pair kvPair, string hashKey |
       call.getLocals().getAKeyValuePair() = kvPair and
@@ -153,7 +153,7 @@ private module Shared {
     )
   }
 
-  predicate isFlowFromControllerInstanceVariable(DataFlow::Node node1, DataFlow::Node node2) {
+  private predicate isFlowFromControllerInstanceVariable(DataFlow::Node node1, DataFlow::Node node2) {
     // instance variables in the controller
     exists(
       ActionControllerActionMethod action, VariableReadAccess viewVarRead, AssignExpr ae,
@@ -170,7 +170,7 @@ private module Shared {
     )
   }
 
-  predicate isFlowIntoHelperMethod(DataFlow::Node node1, DataFlow::Node node2) {
+  private predicate isFlowIntoHelperMethod(DataFlow::Node node1, DataFlow::Node node2) {
     // flow from template into controller helper method
     exists(
       ErbFile template, ActionControllerHelperMethod helperMethod,
@@ -185,11 +185,11 @@ private module Shared {
   }
 
   pragma[noinline]
-  predicate isHelperMethodNameMatch(ActionControllerHelperMethod helperMethod, MethodCall call) {
+  private predicate isHelperMethodNameMatch(ActionControllerHelperMethod helperMethod, MethodCall call) {
     helperMethod.getName() = call.getMethodName()
   }
 
-  predicate isFlowFromHelperMethod(DataFlow::Node node1, DataFlow::Node node2) {
+  private predicate isFlowFromHelperMethod(DataFlow::Node node1, DataFlow::Node node2) {
     // flow out of controller helper method into template
     exists(ErbFile template |
       template = node2.getLocation().getFile() |

Original file line number	Diff line number	Diff line change
`@@ -122,7 +122,7 @@ private module Shared {`
`122`	`122`	`AssignExpr getAnAssignExpr() { result.getLeftOperand() = this.getExpr() }`
`123`	`123`	`}`
`124`	`124`
`125`		`- predicate isFlowFromLocals(DataFlow::Node node1, DataFlow::Node node2) {`
	`125`	`+ private predicate isFlowFromLocals(DataFlow::Node node1, DataFlow::Node node2) {`
`126`	`126`	// node1 is a `locals` argument to a render call...
`127`	`127`	`exists(RenderCall call, Pair kvPair, string hashKey \|`
`128`	`128`	`call.getLocals().getAKeyValuePair() = kvPair and`
`@@ -153,7 +153,7 @@ private module Shared {`
`153`	`153`	`)`
`154`	`154`	`}`
`155`	`155`
`156`		`- predicate isFlowFromControllerInstanceVariable(DataFlow::Node node1, DataFlow::Node node2) {`
	`156`	`+ private predicate isFlowFromControllerInstanceVariable(DataFlow::Node node1, DataFlow::Node node2) {`
`157`	`157`	`// instance variables in the controller`
`158`	`158`	`exists(`
`159`	`159`	`ActionControllerActionMethod action, VariableReadAccess viewVarRead, AssignExpr ae,`
`@@ -170,7 +170,7 @@ private module Shared {`
`170`	`170`	`)`
`171`	`171`	`}`
`172`	`172`
`173`		`- predicate isFlowIntoHelperMethod(DataFlow::Node node1, DataFlow::Node node2) {`
	`173`	`+ private predicate isFlowIntoHelperMethod(DataFlow::Node node1, DataFlow::Node node2) {`
`174`	`174`	`// flow from template into controller helper method`
`175`	`175`	`exists(`
`176`	`176`	`ErbFile template, ActionControllerHelperMethod helperMethod,`
`@@ -185,11 +185,11 @@ private module Shared {`
`185`	`185`	`}`
`186`	`186`
`187`	`187`	`pragma[noinline]`
`188`		`- predicate isHelperMethodNameMatch(ActionControllerHelperMethod helperMethod, MethodCall call) {`
	`188`	`+ private predicate isHelperMethodNameMatch(ActionControllerHelperMethod helperMethod, MethodCall call) {`
`189`	`189`	`helperMethod.getName() = call.getMethodName()`
`190`	`190`	`}`
`191`	`191`
`192`		`- predicate isFlowFromHelperMethod(DataFlow::Node node1, DataFlow::Node node2) {`
	`192`	`+ private predicate isFlowFromHelperMethod(DataFlow::Node node1, DataFlow::Node node2) {`
`193`	`193`	`// flow out of controller helper method into template`
`194`	`194`	`exists(ErbFile template \|`
`195`	`195`	`template = node2.getLocation().getFile() \|`