Skip to content

Commit cc3efcd

Browse files
erik-krogherik-krogh
committed
also restrict allowImplicitRead in unsafe-code-construction
1 parent 2133d1a commit cc3efcd

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

ruby/ql/lib/codeql/ruby/security/UnsafeCodeConstructionQuery.qll

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,8 +31,11 @@ class Configuration extends TaintTracking::Configuration {
3131
result instanceof DataFlow::FeatureHasSourceCallContext
3232
}
3333

34-
override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
34+
override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet set) {
35+
// allow implicit reads of array elements
3536
this.isSink(node) and
36-
c.isKnownOrUnknownElement(_)
37+
set.isKnownOrUnknownElement(any(DataFlow::Content::KnownElementContent content |
38+
content.getIndex().getValueType() = "int"
39+
))
3740
}
3841
}

0 commit comments

Comments
 (0)