-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathTaintedNodes.ql
More file actions
32 lines (25 loc) · 954 Bytes
/
TaintedNodes.ql
File metadata and controls
32 lines (25 loc) · 954 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
/**
* @name Tainted nodes
* @description Nodes reachable from a remote flow source via default taint-tracking steps.
* @kind problem
* @problem.severity recommendation
* @id rb/meta/tainted-nodes
* @tags meta
* @precision very-low
*/
import internal.TaintMetrics
import codeql.ruby.DataFlow
import codeql.ruby.TaintTracking
private module BasicTaintConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { node = relevantTaintSource(_) }
predicate isSink(DataFlow::Node node) {
// To reduce noise from synthetic nodes, only count nodes that have an associated expression.
exists(node.asExpr().getExpr())
}
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSourceLocation(DataFlow::Node source) { none() }
}
private module BasicTaintFlow = TaintTracking::Global<BasicTaintConfig>;
from DataFlow::Node node
where BasicTaintFlow::flowTo(node)
select node, "Tainted node"