Skip to content

Commit bc53570

Browse files
alexrfordalexrford
committed
Ruby: fewer mappings from dataflow nodes to ast nodes
1 parent 7c1bd9a commit bc53570

File tree

1 file changed

+12
-15
lines changed

1 file changed

+12
-15
lines changed

ruby/ql/lib/codeql/ruby/security/CleartextLoggingCustomizations.qll

Lines changed: 12 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -41,15 +41,15 @@ module CleartextLogging {
4141
* Holds if `re` may be a regular expression that can be used to sanitize
4242
* sensitive data with a call to `sub`.
4343
*/
44-
private predicate effectiveSubRegExp(RegExpLiteral re) {
44+
private predicate effectiveSubRegExp(CfgNodes::ExprNodes::RegExpLiteralCfgNode re) {
4545
re.getConstantValue().getStringOrSymbol().matches([".*", ".+"])
4646
}
4747

4848
/**
4949
* Holds if `re` may be a regular expression that can be used to sanitize
5050
* sensitive data with a call to `gsub`.
5151
*/
52-
private predicate effectiveGsubRegExp(RegExpLiteral re) {
52+
private predicate effectiveGsubRegExp(CfgNodes::ExprNodes::RegExpLiteralCfgNode re) {
5353
re.getConstantValue().getStringOrSymbol().matches(".")
5454
}
5555

@@ -58,8 +58,8 @@ module CleartextLogging {
5858
*/
5959
private class MaskingReplacerSanitizer extends Sanitizer, DataFlow::CallNode {
6060
MaskingReplacerSanitizer() {
61-
exists(RegExpLiteral re |
62-
re = this.getArgument(0).asExpr().getExpr() and
61+
exists(CfgNodes::ExprNodes::RegExpLiteralCfgNode re |
62+
re = this.getArgument(0).asExpr() and
6363
(
6464
this.getMethodName() = ["sub", "sub!"] and effectiveSubRegExp(re)
6565
or
@@ -124,8 +124,7 @@ module CleartextLogging {
124124
or
125125
// dereferencing a non-sensitive field
126126
this.asExpr()
127-
.getExpr()
128-
.(ElementReference)
127+
.(CfgNodes::ExprNodes::ElementReferenceCfgNode)
129128
.getArgument(0)
130129
.getConstantValue()
131130
.getStringOrSymbol() = name
@@ -136,8 +135,7 @@ module CleartextLogging {
136135
or
137136
// avoid i18n strings
138137
this.asExpr()
139-
.getExpr()
140-
.(ElementReference)
138+
.(CfgNodes::ExprNodes::ElementReferenceCfgNode)
141139
.getReceiver()
142140
.getConstantValue()
143141
.getStringOrSymbol()
@@ -161,13 +159,12 @@ module CleartextLogging {
161159

162160
// `writeNode` assigns pair with key `name` to `val`
163161
private predicate hashKeyWrite(DataFlow::CallNode writeNode, string name, DataFlow::Node val) {
164-
exists(SetterMethodCall setter |
165-
setter = writeNode.asExpr().getExpr() and
166-
// hash[name]
167-
setter.getArgument(0).getConstantValue().getStringOrSymbol() = name and
168-
// val
169-
setter.getArgument(1).(Assignment).getRightOperand() = val.asExpr().getExpr()
170-
)
162+
writeNode.asExpr().getExpr() instanceof SetterMethodCall and
163+
// hash[name]
164+
writeNode.getArgument(0).asExpr().getConstantValue().getStringOrSymbol() = name and
165+
// val
166+
writeNode.getArgument(1).asExpr().(CfgNodes::ExprNodes::AssignExprCfgNode).getRhs() =
167+
val.asExpr()
171168
}
172169

173170
/**

0 commit comments

Comments
 (0)