Skip to content

Commit ffda527

Browse files
nickrolfenickrolfe
committed
Tidy up
1 parent 1ce458f commit ffda527

File tree

3 files changed

+41
-34
lines changed

3 files changed

+41
-34
lines changed

ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll

Lines changed: 15 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -71,14 +71,19 @@ private predicate isSslOptionsPairDisablingValidation(Pair p) {
7171
exists(DataFlow::Node key, DataFlow::Node value |
7272
key.asExpr().getExpr() = p.getKey() and value.asExpr().getExpr() = p.getValue()
7373
|
74-
exists(DataFlow::LocalSourceNode literal |
75-
literal.asExpr().getExpr().(SymbolLiteral).getValueText() = "ssl" and
76-
literal.flowsTo(key)
77-
) and
74+
isSymbolLiteral(key, "ssl") and
7875
(isHashWithVerifyFalse(value) or isHashWithVerifyModeNone(value))
7976
)
8077
}
8178

79+
/** Holds if `node` represents the symbol literal with the given `valueText`. */
80+
private predicate isSymbolLiteral(DataFlow::Node node, string valueText) {
81+
exists(DataFlow::LocalSourceNode literal |
82+
literal.asExpr().getExpr().(SymbolLiteral).getValueText() = valueText and
83+
literal.flowsTo(node)
84+
)
85+
}
86+
8287
/**
8388
* Holds if `node` represents a hash containing the key-value pair
8489
* `verify: false`.
@@ -109,10 +114,7 @@ private predicate isVerifyModeNonePair(Pair p) {
109114
exists(DataFlow::Node key, DataFlow::Node value |
110115
key.asExpr().getExpr() = p.getKey() and value.asExpr().getExpr() = p.getValue()
111116
|
112-
exists(DataFlow::LocalSourceNode literal |
113-
literal.asExpr().getExpr().(SymbolLiteral).getValueText() = "verify_mode" and
114-
literal.flowsTo(key)
115-
) and
117+
isSymbolLiteral(key, "verify_mode") and
116118
value = API::getTopLevelMember("OpenSSL").getMember("SSL").getMember("VERIFY_NONE").getAUse()
117119
)
118120
}
@@ -124,21 +126,15 @@ private predicate isVerifyFalsePair(Pair p) {
124126
exists(DataFlow::Node key, DataFlow::Node value |
125127
key.asExpr().getExpr() = p.getKey() and value.asExpr().getExpr() = p.getValue()
126128
|
127-
exists(DataFlow::LocalSourceNode literal |
128-
literal.asExpr().getExpr().(SymbolLiteral).getValueText() = "verify" and
129-
literal.flowsTo(key)
130-
) and
131-
isFalsey(value)
129+
isSymbolLiteral(key, "verify") and
130+
isFalse(value)
132131
)
133132
}
134133

135-
/** Holds if `node` contains `0` or `false`. */
136-
private predicate isFalsey(DataFlow::Node node) {
134+
/** Holds if `node` can contain the Boolean value `false`. */
135+
private predicate isFalse(DataFlow::Node node) {
137136
exists(DataFlow::LocalSourceNode literal |
138-
(
139-
literal.asExpr().getExpr().(BooleanLiteral).isFalse() or
140-
literal.asExpr().getExpr().(IntegerLiteral).getValue() = 0
141-
) and
137+
literal.asExpr().getExpr().(BooleanLiteral).isFalse() and
142138
literal.flowsTo(node)
143139
)
144140
}

ql/lib/codeql/ruby/frameworks/http_clients/Httparty.qll

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -74,13 +74,10 @@ private predicate isVerifyLiteral(DataFlow::Node node) {
7474
)
7575
}
7676

77-
/** Holds if `node` contains `0` or `false`. */
78-
private predicate isFalsey(DataFlow::Node node) {
77+
/** Holds if `node` can contain the Boolean value `false`. */
78+
private predicate isFalse(DataFlow::Node node) {
7979
exists(DataFlow::LocalSourceNode literal |
80-
(
81-
literal.asExpr().getExpr().(BooleanLiteral).isFalse() or
82-
literal.asExpr().getExpr().(IntegerLiteral).getValue() = 0
83-
) and
80+
literal.asExpr().getExpr().(BooleanLiteral).isFalse() and
8481
literal.flowsTo(node)
8582
)
8683
}
@@ -93,6 +90,6 @@ private predicate isVerifyFalsePair(Pair p) {
9390
key.asExpr().getExpr() = p.getKey() and value.asExpr().getExpr() = p.getValue()
9491
|
9592
isVerifyLiteral(key) and
96-
isFalsey(value)
93+
isFalse(value)
9794
)
9895
}

ql/lib/codeql/ruby/frameworks/http_clients/Typhoeus.qll

Lines changed: 22 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -46,15 +46,29 @@ class TyphoeusHttpRequest extends HTTP::Client::Request::Range {
4646
override string getFramework() { result = "Typhoeus" }
4747
}
4848

49-
// Holds if `p` is the pair `ssl_verifypeer: false`.
49+
/** Holds if `p` is the pair `ssl_verifypeer: false`. */
5050
private predicate isSslVerifyPeerFalsePair(Pair p) {
51-
p.getKey().(SymbolLiteral).getValueText() = "ssl_verifypeer" and
52-
exists(DataFlow::LocalSourceNode literal, DataFlow::Node value |
53-
(
54-
literal.asExpr().getExpr().(BooleanLiteral).isFalse() or
55-
literal.asExpr().getExpr().(IntegerLiteral).getValue() = 0
56-
) and
57-
literal.flowsTo(value) and
51+
exists(DataFlow::Node key, DataFlow::Node value |
52+
key.asExpr().getExpr() = p.getKey() and
5853
value.asExpr().getExpr() = p.getValue()
54+
|
55+
isSslVerifyPeerLiteral(key) and
56+
isFalse(value)
57+
)
58+
}
59+
60+
/** Holds if `node` represents the symbol literal `verify` or `verify_peer`. */
61+
private predicate isSslVerifyPeerLiteral(DataFlow::Node node) {
62+
exists(DataFlow::LocalSourceNode literal |
63+
literal.asExpr().getExpr().(SymbolLiteral).getValueText() = "ssl_verifypeer" and
64+
literal.flowsTo(node)
65+
)
66+
}
67+
68+
/** Holds if `node` can contain the Boolean value `false`. */
69+
private predicate isFalse(DataFlow::Node node) {
70+
exists(DataFlow::LocalSourceNode literal |
71+
literal.asExpr().getExpr().(BooleanLiteral).isFalse() and
72+
literal.flowsTo(node)
5973
)
6074
}

0 commit comments

Comments
 (0)