OrmTracking goes through or expressions

alexrford · alexrford · commit fb5cfcc9b0da · 2021-10-07T15:30:36.000+01:00
diff --git a/ql/lib/codeql/ruby/security/XSS.qll b/ql/lib/codeql/ruby/security/XSS.qll
@@ -240,7 +240,7 @@ module ReflectedXSS {
   class RemoteFlowSourceAsSource extends Source, RemoteFlowSource { }
 }
 
-module OrmTracking {
+private module OrmTracking {
   /**
    * A data flow configuration to track flow from finder calls to field accesses.
    */
@@ -257,6 +257,9 @@ module OrmTracking {
       or
       // Propagate flow through arbitrary method calls
       node2.(DataFlow2::CallNode).getReceiver() = node1
+      or
+      // Propagate flow through "or" expressions `or`/`||`
+      node2.asExpr().getExpr().(LogicalOrExpr).getAnOperand() = node1.asExpr().getExpr()
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -240,7 +240,7 @@ module ReflectedXSS {`
`240`	`240`	`class RemoteFlowSourceAsSource extends Source, RemoteFlowSource { }`
`241`	`241`	`}`
`242`	`242`
`243`		`-module OrmTracking {`
	`243`	`+private module OrmTracking {`
`244`	`244`	`/**`
`245`	`245`	`* A data flow configuration to track flow from finder calls to field accesses.`
`246`	`246`	`*/`
`@@ -257,6 +257,9 @@ module OrmTracking {`
`257`	`257`	`or`
`258`	`258`	`// Propagate flow through arbitrary method calls`
`259`	`259`	`node2.(DataFlow2::CallNode).getReceiver() = node1`
	`260`	`+ or`
	`261`	+ // Propagate flow through "or" expressions `or`/`\|\|`
	`262`	`+ node2.asExpr().getExpr().(LogicalOrExpr).getAnOperand() = node1.asExpr().getExpr()`
`260`	`263`	`}`
`261`	`264`	`}`
`262`	`265`	`}`