Module UnsafeCodeConstruction
Module containing sources, sinks, and sanitizers for code constructed from library input.
Import path
import codeql.ruby.security.UnsafeCodeConstructionCustomizations
Predicates
getANodeExecutedAsCode | Gets a node that is eventually executed as code at |
Classes
ArrayJoin | A string constructed using a |
Sink | A sink for code constructed from library input vulnerabilities. |
Source | A source for code constructed from library input vulnerabilities. |
StringConcatAsSink | A component of a string-concatenation (e.g. |
StringInterpolationAsSink | A string constructed from a string-literal (e.g. |
TaintedFormatStringAsSink | A string constructed from a printf-style call, where the resulting string ends up being executed as a code. |
Aliases
TaintedFormat | Provides Ruby-specific imports and classes needed for |