Ruby: Restrict Rails Setting nodes to SetterMethodCalls

alexrford · alexrford · commit da8c745bd899 · 2022-01-05T14:11:07.000Z
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Rails.qll b/ruby/ql/lib/codeql/ruby/frameworks/Rails.qll
@@ -131,7 +131,8 @@ private module Settings {
     Setting() {
       // exclude some test configuration
       not isInTestConfiguration(this.getLocation()) and
-      this.getReceiver+() instanceof Config::Node
+      this.getReceiver+() instanceof Config::Node and
+      this.asExpr().getExpr() instanceof SetterMethodCall
     }
   }
 

Original file line number	Diff line number	Diff line change
`@@ -131,7 +131,8 @@ private module Settings {`
`131`	`131`	`Setting() {`
`132`	`132`	`// exclude some test configuration`
`133`	`133`	`not isInTestConfiguration(this.getLocation()) and`
`134`		`- this.getReceiver+() instanceof Config::Node`
	`134`	`+ this.getReceiver+() instanceof Config::Node and`
	`135`	`+ this.asExpr().getExpr() instanceof SetterMethodCall`
`135`	`136`	`}`
`136`	`137`	`}`
`137`	`138`