CodeQL library for Ruby
codeql/ruby-all 5.1.9-dev (changelog, source)
Index
Search

Module UnsafeCodeConstruction

Module containing sources, sinks, and sanitizers for code constructed from library input.

Import path

import codeql.ruby.security.UnsafeCodeConstructionCustomizations

Predicates

getANodeExecutedAsCode

Gets a node that is eventually executed as code at codeExec.

Classes

ArrayJoin

A string constructed using a .join(...) call, where the resulting string ends up being executed as code.

Sink

A sink for code constructed from library input vulnerabilities.

Source

A source for code constructed from library input vulnerabilities.

StringConcatAsSink

A component of a string-concatenation (e.g. "foo " + sink), where the resulting string ends up being executed as a code.

StringInterpolationAsSink

A string constructed from a string-literal (e.g. "foo #{sink}"), where the resulting string ends up being executed as a code.

TaintedFormatStringAsSink

A string constructed from a printf-style call, where the resulting string ends up being executed as a code.

Aliases

TaintedFormat

Provides Ruby-specific imports and classes needed for TaintedFormatStringQuery and TaintedFormatStringCustomizations.