rename runsImmediately to runsArbitraryCode

erik-krogh · erik-krogh · commit 24916f853859 · 2022-10-20T10:10:11.000+02:00
diff --git a/ruby/ql/lib/codeql/ruby/Concepts.qll b/ruby/ql/lib/codeql/ruby/Concepts.qll
@@ -702,8 +702,8 @@ class CodeExecution extends DataFlow::Node instanceof CodeExecution::Range {
   /** Gets the argument that specifies the code to be executed. */
   DataFlow::Node getCode() { result = super.getCode() }
 
-  /** Holds if this execution immediately runs the input as code, as opposed to loading some code using the input as a "path". */
-  predicate runsImmediately() { super.runsImmediately() }
+  /** Holds if this execution runs arbitary code, as opposed to some restricted subset. E.g. `Object.send` will only run any method on an object. */
+  predicate runsArbitraryCode() { super.runsArbitraryCode() }
 }
 
 /** Provides a class for modeling new dynamic code execution APIs. */
@@ -718,8 +718,8 @@ module CodeExecution {
     /** Gets the argument that specifies the code to be executed. */
     abstract DataFlow::Node getCode();
 
-    /** Holds if this execution immediately runs the input as code, as opposed to loading some code using the input as a "path". */
-    predicate runsImmediately() { any() }
+    /** Holds if this execution runs arbitary code, as opposed to some restricted subset. E.g. `Object.send` will only run any method on an object. */
+    predicate runsArbitraryCode() { any() }
   }
 }
 
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveJob.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveJob.qll
@@ -26,7 +26,7 @@ module ActiveJob {
 
       override DataFlow::Node getCode() { result = this.getArgument(0) }
 
-      override predicate runsImmediately() { none() }
+      override predicate runsArbitraryCode() { none() }
     }
   }
 }
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveStorage.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveStorage.qll
@@ -222,6 +222,6 @@ module ActiveStorage {
 
     override DataFlow::Node getCode() { result = this.getArgument(0) }
 
-    override predicate runsImmediately() { none() }
+    override predicate runsArbitraryCode() { none() }
   }
 }
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
@@ -36,7 +36,7 @@ module ActiveSupport {
 
         override DataFlow::Node getCode() { result = this.getReceiver() }
 
-        override predicate runsImmediately() { none() }
+        override predicate runsArbitraryCode() { none() }
       }
 
       /**
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
@@ -167,7 +167,7 @@ module Kernel {
 
     override DataFlow::Node getCode() { result = this.getArgument(0) }
 
-    override predicate runsImmediately() { none() }
+    override predicate runsArbitraryCode() { none() }
   }
 
   private class TapSummary extends SimpleSummarizedCallable {
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Module.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Module.qll
@@ -43,6 +43,6 @@ module Module {
 
     override DataFlow::Node getCode() { result = this.getArgument(0) }
 
-    override predicate runsImmediately() { none() }
+    override predicate runsArbitraryCode() { none() }
   }
 }
diff --git a/ruby/ql/lib/codeql/ruby/security/CodeInjectionCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/CodeInjectionCustomizations.qll
@@ -69,7 +69,7 @@ module CodeInjection {
 
     /** Gets a flow state for which this is a sink. */
     override DataFlow::FlowState getAFlowState() {
-      if c.runsImmediately()
+      if c.runsArbitraryCode()
       then result = [FlowState::substring(), FlowState::full()] // If it runs immediately, then it's always vulnerable.
       else result = FlowState::full() // If it "just" loads something, then it's only vulnerable if the attacker controls the entire string.
     }

Original file line number	Diff line number	Diff line change
`@@ -702,8 +702,8 @@ class CodeExecution extends DataFlow::Node instanceof CodeExecution::Range {`
`702`	`702`	`/** Gets the argument that specifies the code to be executed. */`
`703`	`703`	`DataFlow::Node getCode() { result = super.getCode() }`
`704`	`704`
`705`		`- /** Holds if this execution immediately runs the input as code, as opposed to loading some code using the input as a "path". */`
`706`		`- predicate runsImmediately() { super.runsImmediately() }`
	`705`	+ /** Holds if this execution runs arbitary code, as opposed to some restricted subset. E.g. `Object.send` will only run any method on an object. */
	`706`	`+ predicate runsArbitraryCode() { super.runsArbitraryCode() }`
`707`	`707`	`}`
`708`	`708`
`709`	`709`	`/** Provides a class for modeling new dynamic code execution APIs. */`
`@@ -718,8 +718,8 @@ module CodeExecution {`
`718`	`718`	`/** Gets the argument that specifies the code to be executed. */`
`719`	`719`	`abstract DataFlow::Node getCode();`
`720`	`720`
`721`		`- /** Holds if this execution immediately runs the input as code, as opposed to loading some code using the input as a "path". */`
`722`		`- predicate runsImmediately() { any() }`
	`721`	+ /** Holds if this execution runs arbitary code, as opposed to some restricted subset. E.g. `Object.send` will only run any method on an object. */
	`722`	`+ predicate runsArbitraryCode() { any() }`
`723`	`723`	`}`
`724`	`724`	`}`
`725`	`725`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ module ActiveJob {`
`26`	`26`
`27`	`27`	`override DataFlow::Node getCode() { result = this.getArgument(0) }`
`28`	`28`
`29`		`- override predicate runsImmediately() { none() }`
	`29`	`+ override predicate runsArbitraryCode() { none() }`
`30`	`30`	`}`
`31`	`31`	`}`
`32`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -222,6 +222,6 @@ module ActiveStorage {`
`222`	`222`
`223`	`223`	`override DataFlow::Node getCode() { result = this.getArgument(0) }`
`224`	`224`
`225`		`- override predicate runsImmediately() { none() }`
	`225`	`+ override predicate runsArbitraryCode() { none() }`
`226`	`226`	`}`
`227`	`227`	`}`
Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ module ActiveSupport {`
`36`	`36`
`37`	`37`	`override DataFlow::Node getCode() { result = this.getReceiver() }`
`38`	`38`
`39`		`- override predicate runsImmediately() { none() }`
	`39`	`+ override predicate runsArbitraryCode() { none() }`
`40`	`40`	`}`
`41`	`41`
`42`	`42`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -167,7 +167,7 @@ module Kernel {`
`167`	`167`
`168`	`168`	`override DataFlow::Node getCode() { result = this.getArgument(0) }`
`169`	`169`
`170`		`- override predicate runsImmediately() { none() }`
	`170`	`+ override predicate runsArbitraryCode() { none() }`
`171`	`171`	`}`
`172`	`172`
`173`	`173`	`private class TapSummary extends SimpleSummarizedCallable {`
Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,6 @@ module Module {`
`43`	`43`
`44`	`44`	`override DataFlow::Node getCode() { result = this.getArgument(0) }`
`45`	`45`
`46`		`- override predicate runsImmediately() { none() }`
	`46`	`+ override predicate runsArbitraryCode() { none() }`
`47`	`47`	`}`
`48`	`48`	`}`
Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ module CodeInjection {`
`69`	`69`
`70`	`70`	`/** Gets a flow state for which this is a sink. */`
`71`	`71`	`override DataFlow::FlowState getAFlowState() {`
`72`		`- if c.runsImmediately()`
	`72`	`+ if c.runsArbitraryCode()`
`73`	`73`	`then result = [FlowState::substring(), FlowState::full()] // If it runs immediately, then it's always vulnerable.`
`74`	`74`	`else result = FlowState::full() // If it "just" loads something, then it's only vulnerable if the attacker controls the entire string.`
`75`	`75`	`}`