Module HardcodedDataInterpretedAsCodeQuery

Provides a taint-tracking configuration for reasoning about hard-coded data being interpreted as code.

Note, for performance reasons: only import this file if HardcodedDataInterpretedAsCodeFlow is needed, otherwise HardcodedDataInterpretedAsCodeCustomizations should be imported instead.

Import path

import codeql.ruby.security.HardcodedDataInterpretedAsCodeQuery

Imports

HardcodedDataInterpretedAsCode

Provides default sources, sinks and sanitizers for reasoning about hard-coded data being interpreted as code, as well as extension points for adding your own.

Classes

Configuration

A taint-tracking configuration for reasoning about hard-coded data being interpreted as code.

Aliases

HardcodedDataInterpretedAsCodeFlow

Taint-tracking for reasoning about hard-coded data being interpreted as code. We implement DataFlow::GlobalWithState rather than TaintTracking::GlobalWithState, so that we can set the flow state to Taint() on a taint step.