Ruby: Fix bug in disablesCertificateValidation

hmac · hmac · commit 6fff02817d4d · 2022-09-02T13:15:02.000+12:00
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveResource.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveResource.qll
@@ -93,7 +93,13 @@ module ActiveResource {
 
     /** Holds if this site value specifies HTTP rather than HTTPS. */
     predicate disablesCertificateValidation() {
-      this.getAUrlPart().asExpr().getConstantValue().getString().regexpMatch("^http(^s)")
+      this.getAUrlPart()
+          .asExpr()
+          .(ExprNodes::AssignExprCfgNode)
+          .getRhs()
+          .getConstantValue()
+          .getString()
+          .regexpMatch("^http[^s].+")
     }
   }
 
diff --git a/ruby/ql/test/library-tests/frameworks/active_resource/ActiveResource.expected b/ruby/ql/test/library-tests/frameworks/active_resource/ActiveResource.expected
@@ -1,6 +1,6 @@
 modelClasses
 | active_resource.rb:1:1:3:3 | Person | active_resource.rb:2:3:2:11 | call to site= | false |
-| active_resource.rb:29:1:31:3 | Post | active_resource.rb:30:3:30:11 | call to site= | false |
+| active_resource.rb:29:1:31:3 | Post | active_resource.rb:30:3:30:11 | call to site= | true |
 modelClassMethodCalls
 | active_resource.rb:2:3:2:11 | call to site= |
 | active_resource.rb:5:9:5:33 | call to new |

Original file line number	Diff line number	Diff line change
`@@ -93,7 +93,13 @@ module ActiveResource {`
`93`	`93`
`94`	`94`	`/** Holds if this site value specifies HTTP rather than HTTPS. */`
`95`	`95`	`predicate disablesCertificateValidation() {`
`96`		`- this.getAUrlPart().asExpr().getConstantValue().getString().regexpMatch("^http(^s)")`
	`96`	`+ this.getAUrlPart()`
	`97`	`+ .asExpr()`
	`98`	`+ .(ExprNodes::AssignExprCfgNode)`
	`99`	`+ .getRhs()`
	`100`	`+ .getConstantValue()`
	`101`	`+ .getString()`
	`102`	`+ .regexpMatch("^http[^s].+")`
`97`	`103`	`}`
`98`	`104`	`}`
`99`	`105`