Skip to content

Commit ac5a1d6

Browse files
asgerfasgerf
authored
Merge pull request github#11170 from asgerf/rb/taint-known-or-unknown
Ruby: handle knownOrUnkown in default taint step
2 parents cfbaf5e + f4b2af7 commit ac5a1d6

File tree

2 files changed

+3
-0
lines changed

2 files changed

+3
-0
lines changed

ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,8 @@ private module Cached {
105105
exists(DataFlow::ContentSet c | readStep(nodeFrom, c, nodeTo) |
106106
c.isSingleton(any(DataFlow::Content::ElementContent ec))
107107
or
108+
c.isKnownOrUnknownElement(_)
109+
or
108110
c.isAnyElement()
109111
)
110112
}

ruby/ql/test/library-tests/dataflow/local/TaintStep.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
| file://:0:0:0:0 | [summary] read: argument position 0.any element in Hash[] | file://:0:0:0:0 | [summary] read: argument position 0.any element.element 1 or unknown in Hash[] |
12
| file://:0:0:0:0 | parameter any of ;Pathname;Method[join] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[join] |
23
| file://:0:0:0:0 | parameter position 0 of & | file://:0:0:0:0 | [summary] read: argument position 0.any element in & |
34
| file://:0:0:0:0 | parameter position 0 of + | file://:0:0:0:0 | [summary] read: argument position 0.any element in + |

0 commit comments

Comments
 (0)