Skip to content

Ruby: fix some more style-guide violations in the alert-messages#10731

Merged
erik-krogh merged 7 commits into
github:mainfrom
erik-krogh:rb-last-msg
Oct 11, 2022
Merged

Ruby: fix some more style-guide violations in the alert-messages#10731
erik-krogh merged 7 commits into
github:mainfrom
erik-krogh:rb-last-msg

Conversation

@erik-krogh

@erik-krogh erik-krogh commented Oct 7, 2022

Copy link
Copy Markdown
Contributor

One last PR, where I went through the alerts produced by QL-for-QL.

Ignore the alerts. I'm also changing JS and Python

Drive-by fix of a deprecation warning that caused the CI to fail on main.

@github-actions github-actions Bot added the Ruby label Oct 7, 2022
Comment on lines 155 to 158

Check warning

Code scanning / CodeQL

Consistent alert message

The rb/hardcoded-credentials query does not have the same alert message as py.
Comment on lines 18 to 32

Check warning

Code scanning / CodeQL

Consistent alert message

The rb/request-without-cert-validation query does not have the same alert message as py.
Comment on lines 19 to 22

Check warning

Code scanning / CodeQL

Consistent alert message

The rb/http-to-file-access query does not have the same alert message as js.
@erik-krogh erik-krogh marked this pull request as ready for review October 7, 2022 11:36
@erik-krogh erik-krogh requested a review from a team as a code owner October 7, 2022 11:36

@aibaars aibaars left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks mostly good.

class YamlLoadArgument extends Sink {
YamlLoadArgument() {
this = API::getTopLevelMember(["YAML", "Psych"]).getAMethodCall("load").getArgument(0)
this = API::getTopLevelMember("YAML").getAMethodCall("load").getArgument(0)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did you remove Psych? Those two modules are the same thing in Ruby 3.0

@erik-krogh erik-krogh Oct 11, 2022

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have no idea why that happened. Maybe it was a bad merge?

Comment thread ruby/ql/src/queries/security/cwe-912/HttpToFileAccess.ql Outdated
Co-authored-by: Arthur Baars <aibaars@github.com>
aibaars
aibaars previously approved these changes Oct 11, 2022
@erik-krogh erik-krogh requested a review from aibaars October 11, 2022 09:38
@erik-krogh erik-krogh merged commit 01bc5f7 into github:main Oct 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants