Skip to content

Commit

Permalink
Merge pull request #14225 from hvitved/ruby/fix-bad-join
Browse files Browse the repository at this point in the history
Ruby: Fix a bad join
  • Loading branch information
hvitved authored Sep 15, 2023
2 parents 7304803 + c83a29c commit 14561c4
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion ruby/ql/lib/codeql/ruby/frameworks/Sinatra.qll
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,12 @@ module Sinatra {
}
}

bindingset[local]
pragma[inline_late]
private predicate isPairKey(string local) {
local = any(Pair p).getKey().getConstantValue().getStringlikeValue()
}

/**
* A summary for accessing a local variable in an ERB template.
* This is the second half of the modeling of the flow from the `locals`
Expand All @@ -192,7 +198,7 @@ module Sinatra {
ErbLocalsAccessSummary() {
this = "sinatra_erb_locals_access()" + global.getId() + "#" + local and
local = any(MethodCall c | c.getLocation().getFile() = global.getErbFile()).getMethodName() and
local = any(Pair p).getKey().getConstantValue().getStringlikeValue()
isPairKey(local)
}

override MethodCall getACall() {
Expand Down

0 comments on commit 14561c4

Please sign in to comment.