Review suggestions - rename sink class and add barrier out

github · Apr 10, 2024 · 976ca48 · 976ca48
1 parent c2d771b
commit 976ca48
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 6 deletions.
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll
@@ -806,8 +806,8 @@ private module MassAssignmentSinks {
   }
 
   /** A call to a method that sets attributes of an database record using a hash. */
-  private class MassAssignmentCall extends MassAssignment::Sink {
-    MassAssignmentCall() {
+  private class MassAssignmentSink extends MassAssignment::Sink {
+    MassAssignmentSink() {
       exists(DataFlow::CallNode call, string name | massAssignmentCall(call, name) |
         name =
           [

diff --git a/ruby/ql/lib/codeql/ruby/security/MassAssignmentQuery.qll b/ruby/ql/lib/codeql/ruby/security/MassAssignmentQuery.qll
@@ -43,10 +43,9 @@ private module Config implements DataFlow::StateConfigSig {
     state instanceof FlowState::Permitted
   }
 
-  predicate isBarrierIn(DataFlow::Node node, FlowState state) {
-    node instanceof MassAssignment::Source and
-    state instanceof FlowState::Unpermitted
-  }
+  predicate isBarrierIn(DataFlow::Node node, FlowState state) { isSource(node, state) }
+
+  predicate isBarrierOut(DataFlow::Node node, FlowState state) { isSink(node, state) }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof MassAssignment::Sanitizer }