Update names and qldoc for params taint predicates

joefarebrother · joefarebrother · commit 8c5fff2d110a · 2024-03-15T14:43:29.000Z
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
@@ -506,25 +506,25 @@ private module ParamsSummaries {
       ]
   }
 
-  /** Gets a field of an instance of `ActionController::Parameters` */
-  private DataFlow::LocalSourceNode paramsField() {
+  /** Gets a node that may be tainted from an `ActionController::Parameters` instance, through field accesses and hash/array element reads. */
+  private DataFlow::LocalSourceNode taintFromParamsBase() {
     result =
       [
         paramsInstance(),
         paramsInstance().getAMethodCall(methodReturnsTaintFromSelf()).getAnElementRead*()
       ]
   }
 
-  private DataFlow::LocalSourceNode paramsFieldType(TypeTracker t) {
+  private DataFlow::LocalSourceNode taintFromParamsType(TypeTracker t) {
     t.start() and
-    result = paramsField()
+    result = taintFromParamsBase()
     or
-    exists(TypeTracker t2 | result = paramsFieldType(t2).track(t2, t))
+    exists(TypeTracker t2 | result = taintFromParamsType(t2).track(t2, t))
   }
 
-  /** Gets a node with a type that can be a field of `ActionController::Parameters` */
-  private DataFlow::LocalSourceNode paramsFieldType() {
-    paramsFieldType(TypeTracker::end()).flowsTo(result)
+  /** Gets a node with a type that may be tainted from an `ActionController::Parameters` instance. */
+  private DataFlow::LocalSourceNode taintFromParamsType() {
+    taintFromParamsType(TypeTracker::end()).flowsTo(result)
   }
 
   /**
@@ -602,7 +602,7 @@ private module ParamsSummaries {
 
       override MethodCall getACall() {
         result =
-          paramsFieldType()
+          taintFromParamsType()
               .getAMethodCall(["original_filename", "content_type", "headers"])
               .asExpr()
               .getExpr() and
@@ -622,7 +622,7 @@ private module ParamsSummaries {
       UploadedFileReadSummary() { this = "ActionDispatch::Http::UploadedFile#read" }
 
       override MethodCall getACall() {
-        result = paramsFieldType().getAMethodCall("read").asExpr().getExpr() and
+        result = taintFromParamsType().getAMethodCall("read").asExpr().getExpr() and
         result.getNumberOfArguments() in [0 .. 2]
       }
 

Original file line number	Diff line number	Diff line change
`@@ -506,25 +506,25 @@ private module ParamsSummaries {`
`506`	`506`	`]`
`507`	`507`	`}`
`508`	`508`
`509`		- /** Gets a field of an instance of `ActionController::Parameters` */
`510`		`- private DataFlow::LocalSourceNode paramsField() {`
	`509`	+ /** Gets a node that may be tainted from an `ActionController::Parameters` instance, through field accesses and hash/array element reads. */
	`510`	`+ private DataFlow::LocalSourceNode taintFromParamsBase() {`
`511`	`511`	`result =`
`512`	`512`	`[`
`513`	`513`	`paramsInstance(),`
`514`	`514`	`paramsInstance().getAMethodCall(methodReturnsTaintFromSelf()).getAnElementRead*()`
`515`	`515`	`]`
`516`	`516`	`}`
`517`	`517`
`518`		`- private DataFlow::LocalSourceNode paramsFieldType(TypeTracker t) {`
	`518`	`+ private DataFlow::LocalSourceNode taintFromParamsType(TypeTracker t) {`
`519`	`519`	`t.start() and`
`520`		`- result = paramsField()`
	`520`	`+ result = taintFromParamsBase()`
`521`	`521`	`or`
`522`		`- exists(TypeTracker t2 \| result = paramsFieldType(t2).track(t2, t))`
	`522`	`+ exists(TypeTracker t2 \| result = taintFromParamsType(t2).track(t2, t))`
`523`	`523`	`}`
`524`	`524`
`525`		- /** Gets a node with a type that can be a field of `ActionController::Parameters` */
`526`		`- private DataFlow::LocalSourceNode paramsFieldType() {`
`527`		`- paramsFieldType(TypeTracker::end()).flowsTo(result)`
	`525`	+ /** Gets a node with a type that may be tainted from an `ActionController::Parameters` instance. */
	`526`	`+ private DataFlow::LocalSourceNode taintFromParamsType() {`
	`527`	`+ taintFromParamsType(TypeTracker::end()).flowsTo(result)`
`528`	`528`	`}`
`529`	`529`
`530`	`530`	`/**`
`@@ -602,7 +602,7 @@ private module ParamsSummaries {`
`602`	`602`
`603`	`603`	`override MethodCall getACall() {`
`604`	`604`	`result =`
`605`		`- paramsFieldType()`
	`605`	`+ taintFromParamsType()`
`606`	`606`	`.getAMethodCall(["original_filename", "content_type", "headers"])`
`607`	`607`	`.asExpr()`
`608`	`608`	`.getExpr() and`
`@@ -622,7 +622,7 @@ private module ParamsSummaries {`
`622`	`622`	`UploadedFileReadSummary() { this = "ActionDispatch::Http::UploadedFile#read" }`
`623`	`623`
`624`	`624`	`override MethodCall getACall() {`
`625`		`- result = paramsFieldType().getAMethodCall("read").asExpr().getExpr() and`
	`625`	`+ result = taintFromParamsType().getAMethodCall("read").asExpr().getExpr() and`
`626`	`626`	`result.getNumberOfArguments() in [0 .. 2]`
`627`	`627`	`}`
`628`	`628`