Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 377570f

Browse files
alexrfordalexrford
committed
Ruby: configsig rb/command-line-injection
1 parent b1a49dd commit 377570f

2 files changed

Lines changed: 23 additions & 5 deletions

File tree

ruby/ql/lib/codeql/ruby/security/CommandInjectionQuery.qll

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
* command-injection vulnerabilities (CWE-078).
44
*
55
* Note, for performance reasons: only import this file if
6-
* `CommandInjection::Configuration` is needed, otherwise
6+
* `CommandInjectionFlow` is needed, otherwise
77
* `CommandInjectionCustomizations` should be imported instead.
88
*/
99

@@ -15,8 +15,9 @@ import codeql.ruby.dataflow.BarrierGuards
1515

1616
/**
1717
* A taint-tracking configuration for reasoning about command-injection vulnerabilities.
18+
* DEPRECATED: Use `CommandInjectionFlow` instead
1819
*/
19-
class Configuration extends TaintTracking::Configuration {
20+
deprecated class Configuration extends TaintTracking::Configuration {
2021
Configuration() { this = "CommandInjection" }
2122

2223
override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -29,3 +30,20 @@ class Configuration extends TaintTracking::Configuration {
2930
node instanceof StringConstArrayInclusionCallBarrier
3031
}
3132
}
33+
34+
private module Config implements DataFlow::ConfigSig {
35+
predicate isSource(DataFlow::Node source) { source instanceof Source }
36+
37+
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
38+
39+
predicate isBarrier(DataFlow::Node node) {
40+
node instanceof Sanitizer or
41+
node instanceof StringConstCompareBarrier or
42+
node instanceof StringConstArrayInclusionCallBarrier
43+
}
44+
}
45+
46+
/**
47+
* Taint-tracking for reasoning about command-injection vulnerabilities.
48+
*/
49+
module CommandInjectionFlow = TaintTracking::Global<Config>;

ruby/ql/src/queries/security/cwe-078/CommandInjection.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,11 +15,11 @@
1515

1616
import codeql.ruby.AST
1717
import codeql.ruby.security.CommandInjectionQuery
18-
import DataFlow::PathGraph
18+
import CommandInjectionFlow::PathGraph
1919

20-
from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink, Source sourceNode
20+
from CommandInjectionFlow::PathNode source, CommandInjectionFlow::PathNode sink, Source sourceNode
2121
where
22-
config.hasFlowPath(source, sink) and
22+
CommandInjectionFlow::flowPath(source, sink) and
2323
sourceNode = source.getNode()
2424
select sink.getNode(), source, sink, "This command depends on a $@.", sourceNode,
2525
sourceNode.getSourceType()

0 commit comments

Comments
 (0)