Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0da367f

Browse files
alexrfordalexrford
committed
Ruby: address QL4QL alerts for rb/sensitive-get-query
1 parent f84035a commit 0da367f

3 files changed

Lines changed: 7 additions & 7 deletions

File tree

ruby/ql/lib/codeql/ruby/frameworks/GraphQL.qll

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,7 @@ private class GraphqlSchemaResolverClass extends ClassDeclaration {
8686
}
8787

8888
/** Gets an HTTP method that is supported for querying a GraphQL server. */
89-
private string getASupportedHTTPMethod() { result = ["get", "post"] }
89+
private string getASupportedHttpMethod() { result = ["get", "post"] }
9090

9191
/**
9292
* A `ClassDeclaration` for a class that extends `GraphQL::Schema::Object`.
@@ -176,7 +176,7 @@ class GraphqlResolveMethod extends Method, HTTP::Server::RequestHandler::Range {
176176

177177
override string getFramework() { result = "GraphQL" }
178178

179-
override string getAnHttpMethod() { result = getASupportedHTTPMethod() }
179+
override string getAnHttpMethod() { result = getASupportedHttpMethod() }
180180

181181
/** Gets the mutation class containing this method. */
182182
GraphqlResolvableClass getMutationClass() { result = resolvableClass }
@@ -225,7 +225,7 @@ class GraphqlLoadMethod extends Method, HTTP::Server::RequestHandler::Range {
225225

226226
override string getFramework() { result = "GraphQL" }
227227

228-
override string getAnHttpMethod() { result = getASupportedHTTPMethod() }
228+
override string getAnHttpMethod() { result = getASupportedHttpMethod() }
229229

230230
/** Gets the mutation class containing this method. */
231231
GraphqlResolvableClass getMutationClass() { result = resolvableClass }
@@ -396,7 +396,7 @@ class GraphqlFieldResolutionMethod extends Method, HTTP::Server::RequestHandler:
396396

397397
override string getFramework() { result = "GraphQL" }
398398

399-
override string getAnHttpMethod() { result = getASupportedHTTPMethod() }
399+
override string getAnHttpMethod() { result = getASupportedHttpMethod() }
400400

401401
/** Gets the class containing this method. */
402402
GraphqlSchemaObjectClass getGraphqlClass() { result = schemaObjectClass }

ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,4 +41,4 @@ where
4141
sensitive.asExpr().getExpr() instanceof SensitiveExpr and
4242
localFlowWithElementReference(input, sensitive)
4343
select input, "$@ for GET requests uses query parameter as sensitive data.", handler,
44-
"Request handler"
44+
"Route handler"

ruby/ql/test/query-tests/security/cwe-598/SensitiveGetQuery.expected

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
1-
| app/controllers/users_controller.rb:4:16:4:21 | call to params | $@ for GET requests uses query parameter as sensitive data. | app/controllers/users_controller.rb:3:3:6:5 | login_get | Request handler |
2-
| app/controllers/users_controller.rb:5:23:5:28 | call to params | $@ for GET requests uses query parameter as sensitive data. | app/controllers/users_controller.rb:3:3:6:5 | login_get | Request handler |
1+
| app/controllers/users_controller.rb:4:16:4:21 | call to params | $@ for GET requests uses query parameter as sensitive data. | app/controllers/users_controller.rb:3:3:6:5 | login_get | Route handler |
2+
| app/controllers/users_controller.rb:5:23:5:28 | call to params | $@ for GET requests uses query parameter as sensitive data. | app/controllers/users_controller.rb:3:3:6:5 | login_get | Route handler |

0 commit comments

Comments
 (0)