Skip to content

Commit 3e4f42f

Browse files
committed
Move Mysql2 flow model to MaD and remove ql sanitizer
1 parent fc429c1 commit 3e4f42f

File tree

3 files changed

+19
-22
lines changed

3 files changed

+19
-22
lines changed
Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
extensions:
2+
- addsTo:
3+
pack: codeql/ruby-all
4+
extensible: summaryModel
5+
data:
6+
- ['Mysql2::Client!', 'Method[escape]', 'Argument[0]', 'ReturnValue', 'taint']

ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll

Lines changed: 0 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -48,26 +48,4 @@ module Mysql2 {
4848

4949
override DataFlow::Node getSql() { result = query }
5050
}
51-
52-
/**
53-
* A call to `Mysql2::Client.escape`, considered as a sanitizer for SQL statements.
54-
*/
55-
private class Mysql2EscapeSanitization extends SqlSanitization::Range {
56-
Mysql2EscapeSanitization() {
57-
this = API::getTopLevelMember("Mysql2").getMember("Client").getAMethodCall("escape")
58-
}
59-
}
60-
61-
/**
62-
* Flow summary for `Mysql2::Client.escape()`.
63-
*/
64-
private class EscapeSummary extends SummarizedCallable::Range {
65-
EscapeSummary() { this = "Mysql2::Client.escape()" }
66-
67-
override MethodCall getACall() { result = any(Mysql2EscapeSanitization c).asExpr().getExpr() }
68-
69-
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
70-
input = "Argument[0]" and output = "ReturnValue" and preservesValue = false
71-
}
72-
}
7351
}
Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,28 @@
11
#select
22
| Mysql2.rb:13:27:13:72 | "SELECT * FROM users WHERE use..." | Mysql2.rb:3:12:3:17 | call to params | Mysql2.rb:13:27:13:72 | "SELECT * FROM users WHERE use..." | This SQL query depends on a $@. | Mysql2.rb:3:12:3:17 | call to params | user-provided value |
3+
| Mysql2.rb:17:27:17:75 | "SELECT * FROM users WHERE use..." | Mysql2.rb:3:12:3:17 | call to params | Mysql2.rb:17:27:17:75 | "SELECT * FROM users WHERE use..." | This SQL query depends on a $@. | Mysql2.rb:3:12:3:17 | call to params | user-provided value |
34
| Mysql2.rb:24:31:24:93 | "SELECT * FROM users WHERE use..." | Mysql2.rb:3:12:3:17 | call to params | Mysql2.rb:24:31:24:93 | "SELECT * FROM users WHERE use..." | This SQL query depends on a $@. | Mysql2.rb:3:12:3:17 | call to params | user-provided value |
45
edges
56
| Mysql2.rb:3:5:3:8 | name | Mysql2.rb:13:27:13:72 | "SELECT * FROM users WHERE use..." | provenance | AdditionalTaintStep |
7+
| Mysql2.rb:3:5:3:8 | name | Mysql2.rb:16:37:16:40 | name | provenance | |
68
| Mysql2.rb:3:5:3:8 | name | Mysql2.rb:24:31:24:93 | "SELECT * FROM users WHERE use..." | provenance | AdditionalTaintStep |
79
| Mysql2.rb:3:12:3:17 | call to params | Mysql2.rb:3:12:3:29 | ...[...] | provenance | |
810
| Mysql2.rb:3:12:3:29 | ...[...] | Mysql2.rb:3:5:3:8 | name | provenance | |
11+
| Mysql2.rb:16:5:16:11 | escaped | Mysql2.rb:17:27:17:75 | "SELECT * FROM users WHERE use..." | provenance | AdditionalTaintStep |
12+
| Mysql2.rb:16:15:16:41 | call to escape | Mysql2.rb:16:5:16:11 | escaped | provenance | |
13+
| Mysql2.rb:16:37:16:40 | name | Mysql2.rb:16:15:16:41 | call to escape | provenance | MaD:1 |
14+
models
15+
| 1 | Summary: Mysql2::Client!; Method[escape]; Argument[0]; ReturnValue; taint |
916
nodes
1017
| Mysql2.rb:3:5:3:8 | name | semmle.label | name |
1118
| Mysql2.rb:3:12:3:17 | call to params | semmle.label | call to params |
1219
| Mysql2.rb:3:12:3:29 | ...[...] | semmle.label | ...[...] |
1320
| Mysql2.rb:13:27:13:72 | "SELECT * FROM users WHERE use..." | semmle.label | "SELECT * FROM users WHERE use..." |
21+
| Mysql2.rb:16:5:16:11 | escaped | semmle.label | escaped |
22+
| Mysql2.rb:16:15:16:41 | call to escape | semmle.label | call to escape |
23+
| Mysql2.rb:16:37:16:40 | name | semmle.label | name |
24+
| Mysql2.rb:17:27:17:75 | "SELECT * FROM users WHERE use..." | semmle.label | "SELECT * FROM users WHERE use..." |
1425
| Mysql2.rb:24:31:24:93 | "SELECT * FROM users WHERE use..." | semmle.label | "SELECT * FROM users WHERE use..." |
1526
subpaths
27+
testFailures
28+
| Mysql2.rb:17:27:17:75 | "SELECT * FROM users WHERE use..." | Unexpected result: Alert |

0 commit comments

Comments
 (0)