CodeQL library for Ruby
codeql/ruby-all 0.8.15-dev (changelog, source)
Index
Search

Module TaintedFormatString

Provides default sources, sinks and sanitizers for reasoning about format injections, as well as extension points for adding your own.

Import path

import codeql.ruby.security.TaintedFormatStringCustomizations

Imports

TaintedFormatStringSpecific

Provides Ruby-specific imports and classes needed for TaintedFormatStringQuery and TaintedFormatStringCustomizations.

Classes

FormatSink

A format argument to a printf-like function, considered as a flow sink for format injection.

RemoteSource

A source of remote user input, considered as a flow source for format injection.

Sanitizer

A sanitizer for format injections.

Sink

A data flow sink for format injections.

Source

A data flow source for format injections.