Ruby: fix 'inefficient string comparison' alert

nickrolfe · nickrolfe · commit 52d46552af25 · 2022-08-26T09:58:22.000+01:00
diff --git a/ruby/ql/lib/codeql/ruby/security/HardcodedDataInterpretedAsCodeCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/HardcodedDataInterpretedAsCodeCustomizations.qll
@@ -79,7 +79,7 @@ module HardcodedDataInterpretedAsCode {
       forex(StringComponentCfgNode c |
         c = this.asExpr().(ExprNodes::StringlikeLiteralCfgNode).getAComponent()
       |
-        c.getNode().(AST::StringEscapeSequenceComponent).getRawText().prefix(2) = "\\x"
+        c.getNode().(AST::StringEscapeSequenceComponent).getRawText().matches("\\x%")
       )
     }
   }

Original file line number	Diff line number	Diff line change
`@@ -79,7 +79,7 @@ module HardcodedDataInterpretedAsCode {`
`79`	`79`	`forex(StringComponentCfgNode c \|`
`80`	`80`	`c = this.asExpr().(ExprNodes::StringlikeLiteralCfgNode).getAComponent()`
`81`	`81`	`\|`
`82`		`- c.getNode().(AST::StringEscapeSequenceComponent).getRawText().prefix(2) = "\\x"`
	`82`	`+ c.getNode().(AST::StringEscapeSequenceComponent).getRawText().matches("\\x%")`
`83`	`83`	`)`
`84`	`84`	`}`
`85`	`85`	`}`