Skip to content

Commit

Permalink
Ruby: drop in-barriers from url-redirect and server-side-request-forg…
Browse files Browse the repository at this point in the history 
…ery queries
  • Loading branch information
@alexrford
alexrford committed Sep 20, 2023
1 parent 32ad3fd commit 1f470f2
Show file tree
Hide file tree
Showing 4 changed files with 0 additions and 32 deletions.
12 changes: 0 additions & 12 deletions ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,6 @@ module ServerSideRequestForgery {
*/
abstract class Sanitizer extends DataFlow::Node { }

/**
* An in-sanitizer for server side request forgery vulnerabilities.
*/
abstract class SanitizerIn extends DataFlow::Node { }

/**
* A out-sanitizer for server side request forgery vulnerabilities.
*/
Expand Down Expand Up @@ -67,13 +62,6 @@ module ServerSideRequestForgery {
HostnameSanitizer() { this = DataFlow::BarrierGuard<hostnameGuard/3>::getABarrierNode() }
}

/**
* An in-sanitizer for the hostname of a URL.
*/
class HostnameSanitizerIn extends SanitizerIn {
HostnameSanitizerIn() { hostnameSanitizingPrefixEdge(_, this) }
}

/**
* An out-sanitizer for the hostname of a URL.
*/
Expand Down
4 changes: 0 additions & 4 deletions ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryQuery.qll
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,6 @@ deprecated class Configuration extends TaintTracking::Configuration {
node instanceof StringConstArrayInclusionCallBarrier
}

override predicate isSanitizerIn(DataFlow::Node node) { node instanceof SanitizerIn }

override predicate isSanitizerOut(DataFlow::Node node) { node instanceof SanitizerOut }

deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
Expand All @@ -50,8 +48,6 @@ private module ServerSideRequestForgeryConfig implements DataFlow::ConfigSig {
node instanceof StringConstArrayInclusionCallBarrier
}

predicate isBarrierIn(DataFlow::Node node) { node instanceof SanitizerIn }

predicate isBarrierOut(DataFlow::Node node) { node instanceof SanitizerOut }
}

Expand Down
12 changes: 0 additions & 12 deletions ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,11 +34,6 @@ module UrlRedirect {
*/
abstract class Sanitizer extends DataFlow::Node { }

/**
* An in-sanitizer for "URL redirection" vulnerabilities.
*/
abstract class SanitizerIn extends DataFlow::Node { }

/**
* An out-sanitizer for "URL redirection" vulnerabilities.
*/
Expand Down Expand Up @@ -139,13 +134,6 @@ module UrlRedirect {
HostnameSanitizer() { this = DataFlow::BarrierGuard<hostnameGuard/3>::getABarrierNode() }
}

/**
* An in-sanitizer for the hostname of a URL.
*/
class HostnameSanitizerIn extends SanitizerIn {
HostnameSanitizerIn() { hostnameSanitizingPrefixEdge(_, this) }
}

/**
* An out-sanitizer for the hostname of a URL.
*/
Expand Down
4 changes: 0 additions & 4 deletions ruby/ql/lib/codeql/ruby/security/UrlRedirectQuery.qll
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,6 @@ deprecated class Configuration extends TaintTracking::Configuration {

override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }

override predicate isSanitizerIn(DataFlow::Node node) { node instanceof SanitizerIn }

override predicate isSanitizerOut(DataFlow::Node node) { node instanceof SanitizerOut }

deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
Expand All @@ -45,8 +43,6 @@ private module UrlRedirectConfig implements DataFlow::ConfigSig {

predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }

predicate isBarrierIn(DataFlow::Node node) { node instanceof SanitizerIn }

predicate isBarrierOut(DataFlow::Node node) { node instanceof SanitizerOut }

predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
Expand Down

0 comments on commit 1f470f2

Please sign in to comment.