Skip to content

Commit 9885173

Browse files
alexrfordalexrford
committed
Revert "Ruby: configsig rb/tainted-format-string"
This reverts commit f5860cb.
1 parent bf6837c commit 9885173

File tree

2 files changed

+7
-21
lines changed

2 files changed

+7
-21
lines changed

ruby/ql/lib/codeql/ruby/security/TaintedFormatStringQuery.qll

Lines changed: 4 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,19 @@
11
/**
2-
* Provides a taint-tracking configuration for reasoning about format string
2+
* Provides a taint-tracking configuration for reasoning about format
33
* injections.
44
*
55
*
66
* Note, for performance reasons: only import this file if
7-
* `TaintedFormatStringFlow` is needed, otherwise
7+
* `TaintedFormatString::Configuration` is needed, otherwise
88
* `TaintedFormatStringCustomizations` should be imported instead.
99
*/
1010

1111
private import TaintedFormatStringCustomizations::TaintedFormatString
1212

1313
/**
14-
* A taint-tracking configuration for format string injections.
15-
* DEPRECATED: Use `TaintedFormatStringFlow`
14+
* A taint-tracking configuration for format injections.
1615
*/
17-
deprecated class Configuration extends TaintTracking::Configuration {
16+
class Configuration extends TaintTracking::Configuration {
1817
Configuration() { this = "TaintedFormatString" }
1918

2019
override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -26,16 +25,3 @@ deprecated class Configuration extends TaintTracking::Configuration {
2625
node instanceof Sanitizer
2726
}
2827
}
29-
30-
private module TaintedFormatStringConfig implements DataFlow::ConfigSig {
31-
predicate isSource(DataFlow::Node source) { source instanceof Source }
32-
33-
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
34-
35-
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
36-
}
37-
38-
/**
39-
* Taint-tracking for format string injections.
40-
*/
41-
module TaintedFormatStringFlow = TaintTracking::Global<TaintedFormatStringConfig>;

ruby/ql/src/queries/security/cwe-134/TaintedFormatString.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,9 +13,9 @@
1313
import codeql.ruby.AST
1414
import codeql.ruby.DataFlow
1515
import codeql.ruby.security.TaintedFormatStringQuery
16-
import TaintedFormatStringFlow::PathGraph
16+
import DataFlow::PathGraph
1717

18-
from TaintedFormatStringFlow::PathNode source, TaintedFormatStringFlow::PathNode sink
19-
where TaintedFormatStringFlow::flowPath(source, sink)
18+
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
19+
where cfg.hasFlowPath(source, sink)
2020
select sink.getNode(), source, sink, "Format string depends on a $@.", source.getNode(),
2121
"user-provided value"

0 commit comments

Comments
 (0)