Skip to content

Commit ad2bbfb

Browse files
alexrfordalexrford
committed
Ruby: configsig rb/path-injection
1 parent 867e47b commit ad2bbfb

File tree

2 files changed

+21
-5
lines changed

2 files changed

+21
-5
lines changed

ruby/ql/lib/codeql/ruby/security/PathInjectionQuery.qll

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
* path injection vulnerabilities.
44
*
55
* Note, for performance reasons: only import this file if
6-
* `PathInjection::Configuration` is needed, otherwise
6+
* `PathInjectionFlow` is needed, otherwise
77
* `PathInjectionCustomizations` should be imported instead.
88
*/
99

@@ -15,8 +15,9 @@ private import codeql.ruby.TaintTracking
1515
/**
1616
* A taint-tracking configuration for reasoning about path injection
1717
* vulnerabilities.
18+
* DEPRECATED: Use `PathInjectionFlow`
1819
*/
19-
class Configuration extends TaintTracking::Configuration {
20+
deprecated class Configuration extends TaintTracking::Configuration {
2021
Configuration() { this = "PathInjection" }
2122

2223
override predicate isSource(DataFlow::Node source) { source instanceof PathInjection::Source }
@@ -31,3 +32,18 @@ class Configuration extends TaintTracking::Configuration {
3132
guard instanceof PathInjection::SanitizerGuard
3233
}
3334
}
35+
36+
private module PathInjectionConfig implements DataFlow::ConfigSig {
37+
predicate isSource(DataFlow::Node source) { source instanceof PathInjection::Source }
38+
39+
predicate isSink(DataFlow::Node sink) { sink instanceof PathInjection::Sink }
40+
41+
predicate isBarrier(DataFlow::Node node) {
42+
node instanceof Path::PathSanitization or node instanceof PathInjection::Sanitizer
43+
}
44+
}
45+
46+
/**
47+
* Taint-tracking for detecting path injection vulnerabilities.
48+
*/
49+
module PathInjectionFlow = TaintTracking::Global<PathInjectionConfig>;

ruby/ql/src/queries/security/cwe-022/PathInjection.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,9 +17,9 @@
1717

1818
import ruby
1919
import codeql.ruby.security.PathInjectionQuery
20-
import DataFlow::PathGraph
20+
import PathInjectionFlow::PathGraph
2121

22-
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
23-
where cfg.hasFlowPath(source, sink)
22+
from PathInjectionFlow::PathNode source, PathInjectionFlow::PathNode sink
23+
where PathInjectionFlow::flowPath(source, sink)
2424
select sink.getNode(), source, sink, "This path depends on a $@.", source.getNode(),
2525
"user-provided value"

0 commit comments

Comments
 (0)