Ruby: configsig rb/weak-params

Author: alexrford

ruby/ql/src/experimental/weak-params/WeakParams.ql

@@ -15,7 +15,6 @@ import codeql.ruby.Concepts
 import codeql.ruby.DataFlow
 import codeql.ruby.TaintTracking
 import codeql.ruby.frameworks.ActionController
-import DataFlow::PathGraph
 
 /**
  * Gets a call to `request` in an ActionController controller class.
@@ -42,16 +41,18 @@ class WeakParams extends DataFlow::CallNode {
  * A Taint tracking config where the source is a weak params access in a controller and the sink
  * is a method call of a model class
  */
-class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "WeakParamsConfiguration" }
-
-  override predicate isSource(DataFlow::Node node) { node instanceof WeakParams }
+private module WeakParamsConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node node) { node instanceof WeakParams }
 
   // the sink is an instance of a Model class that receives a method call
-  override predicate isSink(DataFlow::Node node) { node = any(PersistentWriteAccess a).getValue() }
+  predicate isSink(DataFlow::Node node) { node = any(PersistentWriteAccess a).getValue() }
 }
 
-from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+private module WeakParamsFlow = TaintTracking::Global<WeakParamsConfig>;
+
+private import WeakParamsFlow::PathGraph
+
+from WeakParamsFlow::PathNode source, WeakParamsFlow::PathNode sink
+where WeakParamsFlow::flowPath(source, sink)
 select sink.getNode(), source, sink,
   "By exposing all keys in request parameters or by blindy accessing them, unintended parameters could be used and lead to mass-assignment or have other unexpected side-effects. It is safer to follow the 'strong parameters' pattern in Rails, which is outlined here: https://api.rubyonrails.org/classes/ActionController/StrongParameters.html"