From 1f470f2d313b2c1823ae1d0147f67920e1492864 Mon Sep 17 00:00:00 2001 From: Alex Ford Date: Wed, 20 Sep 2023 11:06:17 +0100 Subject: [PATCH] Ruby: drop in-barriers from url-redirect and server-side-request-forgery queries --- .../ServerSideRequestForgeryCustomizations.qll | 12 ------------ .../ruby/security/ServerSideRequestForgeryQuery.qll | 4 ---- .../ruby/security/UrlRedirectCustomizations.qll | 12 ------------ .../ql/lib/codeql/ruby/security/UrlRedirectQuery.qll | 4 ---- 4 files changed, 32 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll index 40a73c0b202a..e7b665896022 100644 --- a/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll +++ b/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll @@ -32,11 +32,6 @@ module ServerSideRequestForgery { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * An in-sanitizer for server side request forgery vulnerabilities. - */ - abstract class SanitizerIn extends DataFlow::Node { } - /** * A out-sanitizer for server side request forgery vulnerabilities. */ @@ -67,13 +62,6 @@ module ServerSideRequestForgery { HostnameSanitizer() { this = DataFlow::BarrierGuard::getABarrierNode() } } - /** - * An in-sanitizer for the hostname of a URL. - */ - class HostnameSanitizerIn extends SanitizerIn { - HostnameSanitizerIn() { hostnameSanitizingPrefixEdge(_, this) } - } - /** * An out-sanitizer for the hostname of a URL. */ diff --git a/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryQuery.qll b/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryQuery.qll index 90a67e5b8b80..475ca0491b66 100644 --- a/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryQuery.qll @@ -30,8 +30,6 @@ deprecated class Configuration extends TaintTracking::Configuration { node instanceof StringConstArrayInclusionCallBarrier } - override predicate isSanitizerIn(DataFlow::Node node) { node instanceof SanitizerIn } - override predicate isSanitizerOut(DataFlow::Node node) { node instanceof SanitizerOut } deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { @@ -50,8 +48,6 @@ private module ServerSideRequestForgeryConfig implements DataFlow::ConfigSig { node instanceof StringConstArrayInclusionCallBarrier } - predicate isBarrierIn(DataFlow::Node node) { node instanceof SanitizerIn } - predicate isBarrierOut(DataFlow::Node node) { node instanceof SanitizerOut } } diff --git a/ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll index f9a48745ebc6..f63c410fa326 100644 --- a/ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll +++ b/ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll @@ -34,11 +34,6 @@ module UrlRedirect { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * An in-sanitizer for "URL redirection" vulnerabilities. - */ - abstract class SanitizerIn extends DataFlow::Node { } - /** * An out-sanitizer for "URL redirection" vulnerabilities. */ @@ -139,13 +134,6 @@ module UrlRedirect { HostnameSanitizer() { this = DataFlow::BarrierGuard::getABarrierNode() } } - /** - * An in-sanitizer for the hostname of a URL. - */ - class HostnameSanitizerIn extends SanitizerIn { - HostnameSanitizerIn() { hostnameSanitizingPrefixEdge(_, this) } - } - /** * An out-sanitizer for the hostname of a URL. */ diff --git a/ruby/ql/lib/codeql/ruby/security/UrlRedirectQuery.qll b/ruby/ql/lib/codeql/ruby/security/UrlRedirectQuery.qll index ce35ee15a6b0..24c37f9457f3 100644 --- a/ruby/ql/lib/codeql/ruby/security/UrlRedirectQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/UrlRedirectQuery.qll @@ -25,8 +25,6 @@ deprecated class Configuration extends TaintTracking::Configuration { override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - override predicate isSanitizerIn(DataFlow::Node node) { node instanceof SanitizerIn } - override predicate isSanitizerOut(DataFlow::Node node) { node instanceof SanitizerOut } deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { @@ -45,8 +43,6 @@ private module UrlRedirectConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } - predicate isBarrierIn(DataFlow::Node node) { node instanceof SanitizerIn } - predicate isBarrierOut(DataFlow::Node node) { node instanceof SanitizerOut } predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {