Skip to content

Commit bf6837c

Browse files
alexrfordalexrford
committed
Revert "Ruby: configsig rb/http-to-file-access"
This reverts commit e77ba15.
1 parent e399eac commit bf6837c

File tree

2 files changed

+6
-20
lines changed

2 files changed

+6
-20
lines changed

ruby/ql/lib/codeql/ruby/security/HttpToFileAccessQuery.qll

Lines changed: 2 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -2,18 +2,16 @@
22
* Provides a taint tracking configuration for reasoning about writing user-controlled data to files.
33
*
44
* Note, for performance reasons: only import this file if
5-
* `HttpToFileAccessFlow` is needed, otherwise
5+
* `HttpToFileAccess::Configuration` is needed, otherwise
66
* `HttpToFileAccessCustomizations` should be imported instead.
77
*/
88

99
private import HttpToFileAccessCustomizations::HttpToFileAccess
1010

1111
/**
1212
* A taint tracking configuration for writing user-controlled data to files.
13-
*
14-
* DEPRECATED: Use `HttpToFileAccessFlow` instead
1513
*/
16-
deprecated class Configuration extends TaintTracking::Configuration {
14+
class Configuration extends TaintTracking::Configuration {
1715
Configuration() { this = "HttpToFileAccess" }
1816

1917
override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -25,16 +23,3 @@ deprecated class Configuration extends TaintTracking::Configuration {
2523
node instanceof Sanitizer
2624
}
2725
}
28-
29-
private module Config implements DataFlow::ConfigSig {
30-
predicate isSource(DataFlow::Node source) { source instanceof Source }
31-
32-
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
33-
34-
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
35-
}
36-
37-
/**
38-
* Taint-tracking for writing user-controlled data to files.
39-
*/
40-
module HttpToFileAccessFlow = TaintTracking::Global<Config>;

ruby/ql/src/queries/security/cwe-912/HttpToFileAccess.ql

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,10 +12,11 @@
1212
*/
1313

1414
import codeql.ruby.AST
15+
import codeql.ruby.DataFlow
16+
import codeql.ruby.DataFlow::DataFlow::PathGraph
1517
import codeql.ruby.security.HttpToFileAccessQuery
16-
import HttpToFileAccessFlow::PathGraph
1718

18-
from HttpToFileAccessFlow::PathNode source, HttpToFileAccessFlow::PathNode sink
19-
where HttpToFileAccessFlow::flowPath(source, sink)
19+
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
20+
where cfg.hasFlowPath(source, sink)
2021
select sink.getNode(), source, sink, "Write to file system depends on $@.", source.getNode(),
2122
"untrusted data"

0 commit comments

Comments
 (0)