A string constructed from a string-literal (e.g. "foo #{sink}"
),
where the resulting string ends up being executed as a code.
Import path
import codeql.ruby.security.UnsafeCodeConstructionCustomizations
Direct supertypes
Fields
Predicates
getCodeSink | Gets the node where the unsafe code is executed. |
getSinkType | Gets the type of sink. |
Inherited predicates
asCallable | Gets the callable corresponding to this block, lambda expression, or call to | from Node |
asExpr | Gets the expression corresponding to this node, if any. | from Node |
asParameter | Gets the parameter corresponding to this node, if any. | from Node |
backtrack | Starts backtracking from this node using API graphs. | from Node |
getALocalSource | Gets a local source node from which data may flow to this node in zero or more local data-flow steps. | from Node |
getAPredecessor | Gets a data flow node from which data may flow to this node in one local step. | from Node |
getASuccessor | Gets a data flow node to which data may flow from this node in one local step. | from Node |
getConstantValue | Gets the constant value of this expression, if any. | from Node |
getEnclosingMethod | Gets the enclosing method, if any. | from Node |
getLocation | Gets the location of this node. | from Node |
hasLocationInfo | Holds if this element is at the specified location. The location spans column | from Node |
toString | Gets a textual representation of this node. | from Node |