Ruby: Add Server-Side Request Forgery query #7015
Draft
Conversation
This test shows that `CallCfgNode.getKeywordArgument(string keyword)` doesn't return any results.
This predicate now produces results.
This member predicate gets dataflow nodes which contribute to the URL of the request. Also consolidate the identical tests for each HTTP client.
owen-mc
changed the title
intrigus-lgtm
reviewed
Nov 1, 2021
| * otherwise `ServerSideRequestForgeryCustomizations` should be imported instead. | ||
| */ | ||
|
|
||
| import codeql.ruby.DataFlow::DataFlow::PathGraph |
Is this missing import ruby as the first import statement?
AFAIK import ruby should be the first statement for caching (?) reasons.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
This closes github/codeql-team#502
The query finds cases where user input flows to the URL in an outgoing HTTP request.
We use the same sanitizer as with URL redirection: prefixing user input with some non-user-controlled string is treated as sanitizing it, because the user no longer has complete control over the URL of the request.
This PR also fixes a bug with
CallExprCfgNode.getKeywordArgument, which was previously not giving any results.The text was updated successfully, but these errors were encountered: