Skip to content

Commit 4aee99f

Browse files
committed
Reinstate SQLite3 sanitizer in MaD
1 parent 5df695b commit 4aee99f

File tree

2 files changed

+5
-13
lines changed

2 files changed

+5
-13
lines changed

ruby/ql/lib/codeql/ruby/frameworks/Sqlite3.model.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,3 +4,8 @@ extensions:
44
extensible: summaryModel
55
data:
66
- ['SQLite3::Database!', 'Method[quote]', 'Argument[0]', 'ReturnValue', 'taint']
7+
- addsTo:
8+
pack: codeql/ruby-all
9+
extensible: barrierModel
10+
data:
11+
- ['SQLite3::Database!', 'Method[quote].ReturnValue', 'sql-injection']
Lines changed: 0 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,25 +1,12 @@
11
#select
22
| sqlite3.rb:29:16:29:67 | "select * from table where cat..." | sqlite3.rb:25:16:25:21 | call to params | sqlite3.rb:29:16:29:67 | "select * from table where cat..." | This SQL query depends on a $@. | sqlite3.rb:25:16:25:21 | call to params | user-provided value |
3-
| sqlite3.rb:33:16:33:77 | "select * from table where cat..." | sqlite3.rb:25:16:25:21 | call to params | sqlite3.rb:33:16:33:77 | "select * from table where cat..." | This SQL query depends on a $@. | sqlite3.rb:25:16:25:21 | call to params | user-provided value |
43
edges
54
| sqlite3.rb:25:5:25:12 | category | sqlite3.rb:29:16:29:67 | "select * from table where cat..." | provenance | AdditionalTaintStep |
6-
| sqlite3.rb:25:5:25:12 | category | sqlite3.rb:32:50:32:57 | category | provenance | |
75
| sqlite3.rb:25:16:25:21 | call to params | sqlite3.rb:25:16:25:32 | ...[...] | provenance | |
86
| sqlite3.rb:25:16:25:32 | ...[...] | sqlite3.rb:25:5:25:12 | category | provenance | |
9-
| sqlite3.rb:32:5:32:22 | sanitized_category | sqlite3.rb:33:16:33:77 | "select * from table where cat..." | provenance | AdditionalTaintStep |
10-
| sqlite3.rb:32:26:32:58 | call to quote | sqlite3.rb:32:5:32:22 | sanitized_category | provenance | |
11-
| sqlite3.rb:32:50:32:57 | category | sqlite3.rb:32:26:32:58 | call to quote | provenance | MaD:1 |
12-
models
13-
| 1 | Summary: SQLite3::Database!; Method[quote]; Argument[0]; ReturnValue; taint |
147
nodes
158
| sqlite3.rb:25:5:25:12 | category | semmle.label | category |
169
| sqlite3.rb:25:16:25:21 | call to params | semmle.label | call to params |
1710
| sqlite3.rb:25:16:25:32 | ...[...] | semmle.label | ...[...] |
1811
| sqlite3.rb:29:16:29:67 | "select * from table where cat..." | semmle.label | "select * from table where cat..." |
19-
| sqlite3.rb:32:5:32:22 | sanitized_category | semmle.label | sanitized_category |
20-
| sqlite3.rb:32:26:32:58 | call to quote | semmle.label | call to quote |
21-
| sqlite3.rb:32:50:32:57 | category | semmle.label | category |
22-
| sqlite3.rb:33:16:33:77 | "select * from table where cat..." | semmle.label | "select * from table where cat..." |
2312
subpaths
24-
testFailures
25-
| sqlite3.rb:33:16:33:77 | "select * from table where cat..." | Unexpected result: Alert |

0 commit comments

Comments
 (0)