-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathArel.qll
More file actions
72 lines (61 loc) · 2.33 KB
/
Arel.qll
File metadata and controls
72 lines (61 loc) · 2.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
/**
* Provides modeling for Arel, a low level SQL library that powers ActiveRecord.
* Version: 7.0.3
* https://api.rubyonrails.org/classes/Arel.html
*/
private import codeql.ruby.ApiGraphs
private import codeql.ruby.dataflow.FlowSummary
private import codeql.ruby.Concepts
/**
* Provides modeling for Arel, a low level SQL library that powers ActiveRecord.
* Version: 7.0.3
* https://api.rubyonrails.org/classes/Arel.html
*/
module Arel {
/**
* Flow summary for `Arel.sql`. This method wraps a SQL string, marking it as
* safe.
*/
private class SqlSummary extends SummarizedCallable::Range {
SqlSummary() { this = "Arel.sql" }
override MethodCall getACall() {
result = API::getTopLevelMember("Arel").getAMethodCall("sql").asExpr().getExpr()
}
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
input = "Argument[0]" and output = "ReturnValue" and preservesValue = false
}
}
/** A call to `Arel.sql`, considered as a SQL construction. */
private class ArelSqlConstruction extends SqlConstruction::Range, DataFlow::CallNode {
ArelSqlConstruction() {
this = DataFlow::getConstant("Arel").getAMethodCall() and
this.getMethodName() = "sql"
}
override DataFlow::Node getSql() { result = this.getArgument(0) }
}
/**
* Flow summary for `Arel::Nodes::SqlLiteral.new`. This method wraps a SQL string, marking it as
* safe.
*/
private class SqlLiteralNewSummary extends SummarizedCallable::Range {
SqlLiteralNewSummary() { this = "Arel::Nodes::SqlLiteral.new" }
override MethodCall getACall() {
result = any(ArelSqlLiteralNewConstruction c).asExpr().getExpr()
}
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
input = "Argument[0]" and output = "ReturnValue" and preservesValue = false
}
}
/** A call to `Arel::Nodes::SqlLiteral.new`, considered as a SQL construction. */
private class ArelSqlLiteralNewConstruction extends SqlConstruction::Range, DataFlow::CallNode {
ArelSqlLiteralNewConstruction() {
this.asExpr() =
API::getTopLevelMember("Arel")
.getMember("Nodes")
.getMember("SqlLiteral")
.getAMethodCall("new")
.asExpr()
}
override DataFlow::Node getSql() { result = this.getArgument(0) }
}
}