Skip to content

Commit 7b8603c

Browse files
hmachmac
committed
Ruby: Model Arel.sql
1 parent 4101676 commit 7b8603c

File tree

5 files changed

+60
-0
lines changed

5 files changed

+60
-0
lines changed

ruby/ql/lib/codeql/ruby/Frameworks.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ private import codeql.ruby.frameworks.ActiveStorage
1010
private import codeql.ruby.frameworks.ActionView
1111
private import codeql.ruby.frameworks.ActiveSupport
1212
private import codeql.ruby.frameworks.Archive
13+
private import codeql.ruby.frameworks.Arel
1314
private import codeql.ruby.frameworks.GraphQL
1415
private import codeql.ruby.frameworks.Rails
1516
private import codeql.ruby.frameworks.Railties

ruby/ql/lib/codeql/ruby/frameworks/Arel.qll

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
/**
2+
* Provides modeling for Arel, a low level SQL library that powers ActiveRecord.
3+
* Version: 7.0.3
4+
* https://api.rubyonrails.org/classes/Arel.html
5+
*/
6+
7+
private import codeql.ruby.ApiGraphs
8+
private import codeql.ruby.dataflow.FlowSummary
9+
10+
/**
11+
* Provides modeling for Arel, a low level SQL library that powers ActiveRecord.
12+
* Version: 7.0.3
13+
* https://api.rubyonrails.org/classes/Arel.html
14+
*/
15+
module Arel {
16+
/**
17+
* Flow summary for `Arel.sql`. This method wraps a SQL string, marking it as
18+
* safe.
19+
*/
20+
private class SqlSummary extends SummarizedCallable {
21+
SqlSummary() { this = "Arel.sql" }
22+
23+
override MethodCall getACall() {
24+
result = API::getTopLevelMember("Arel").getAMethodCall("sql").asExpr().getExpr()
25+
}
26+
27+
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
28+
input = "Argument[0]" and output = "ReturnValue" and preservesValue = false
29+
}
30+
}
31+
}

ruby/ql/test/library-tests/frameworks/arel/Arel.expected

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
failures
2+
#select
3+
| arel.rb:3:8:3:18 | call to sql | arel.rb:2:7:2:14 | call to source : | arel.rb:3:8:3:18 | call to sql | $@ | arel.rb:2:7:2:14 | call to source : | call to source : |

ruby/ql/test/library-tests/frameworks/arel/Arel.ql

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
/**
2+
* @kind path-problem
3+
*/
4+
5+
import codeql.ruby.frameworks.Arel
6+
import ruby
7+
import TestUtilities.InlineFlowTest
8+
9+
from DataFlow::PathNode source, DataFlow::PathNode sink, DefaultTaintFlowConf conf
10+
where conf.hasFlowPath(source, sink)
11+
select sink, source, sink, "$@", source, source.toString()

ruby/ql/test/library-tests/frameworks/arel/arel.rb

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
def m1
2+
x = source 1
3+
sink(Arel.sql(x)) # $hasTaintFlow=1
4+
end
5+
6+
def m2
7+
x = 1
8+
sink(Arel.sql(x))
9+
end
10+
11+
def m3
12+
x = source 1
13+
sink(Unrelated.method(x))
14+
end

0 commit comments

Comments
 (0)