CodeQL library for Ruby
codeql/ruby-all 0.8.15-dev (changelog, source)
Index
Search

Module UrlRedirect

Provides default sources, sinks and sanitizers for detecting “URL redirection” vulnerabilities, as well as extension points for adding your own.

Import path

import codeql.ruby.security.UrlRedirectCustomizations

Predicates

actionControllerTaintedMethod

These methods return a new ActionController::Parameters or a Hash containing a subset of the original values. This may still contain user input, so the results are tainted. TODO: flesh this out to cover the whole API.

hashTaintedMethod

These Hash methods preserve taint because they return a new hash which may still contain keys with user input. TODO: flesh this out to cover the whole API.

isAdditionalTaintStep

Additional taint steps for “URL redirection” vulnerabilities.

taintStepViaMethodCallReturnValue

Some methods will propagate taint to their return values. Here we cover a few common ones related to ActionController::Parameters. TODO: use ApiGraphs or something to restrict these method calls to the correct receiver, rather than matching on method name alone.

Classes

HttpRequestInputAccessAsSource

A source of remote user input, considered as a flow source.

RedirectLocationAsSink

A HTTP redirect response, considered as a flow sink.

Sanitizer

A sanitizer for “URL redirection” vulnerabilities.

Sink

A data flow sink for “URL redirection” vulnerabilities.

Source

A data flow source for “URL redirection” vulnerabilities.

StringConstArrayInclusionAsSanitizer

A string concatenation against a constant list, considered as a sanitizer-guard.

StringConstCompareAsSanitizer

A comparison with a constant string, considered as a sanitizer-guard.

StringInterpolationAsSanitizer

A string interpolation, seen as a sanitizer for “URL redirection” vulnerabilities.