From 646395bd11b370322fdcc48e26ff8c22eb5b216a Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 16 Dec 2024 15:13:37 +0100 Subject: [PATCH] Ruby: use in SensitiveDataHashing --- .../codeql/ruby/security/WeakSensitiveDataHashingQuery.qll | 4 +--- .../queries/security/cwe-327/WeakSensitiveDataHashing.ql | 6 ++---- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/security/WeakSensitiveDataHashingQuery.qll b/ruby/ql/lib/codeql/ruby/security/WeakSensitiveDataHashingQuery.qll index dd9c389b4c34..33218b8e8e84 100644 --- a/ruby/ql/lib/codeql/ruby/security/WeakSensitiveDataHashingQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/WeakSensitiveDataHashingQuery.qll @@ -68,9 +68,7 @@ module ComputationallyExpensiveHashFunction { * `computationallyExpensiveHashFunctionFlowPath`. */ module WeakSensitiveDataHashingFlow = - DataFlow::MergePathGraph; + DataFlow::MergeFlows; /** Holds if data can flow from `source` to `sink` with `NormalHashFunction::Flow`. */ predicate normalHashFunctionFlowPath( diff --git a/ruby/ql/src/queries/security/cwe-327/WeakSensitiveDataHashing.ql b/ruby/ql/src/queries/security/cwe-327/WeakSensitiveDataHashing.ql index 64d9615837df..14a87df80169 100644 --- a/ruby/ql/src/queries/security/cwe-327/WeakSensitiveDataHashing.ql +++ b/ruby/ql/src/queries/security/cwe-327/WeakSensitiveDataHashing.ql @@ -14,11 +14,9 @@ import ruby import codeql.ruby.security.WeakSensitiveDataHashingQuery -import WeakSensitiveDataHashingFlow::PathGraph +import WeakSensitiveDataHashingFlow -from - WeakSensitiveDataHashingFlow::PathNode source, WeakSensitiveDataHashingFlow::PathNode sink, - string ending, string algorithmName, string classification +from PathNode source, PathNode sink, string ending, string algorithmName, string classification where normalHashFunctionFlowPath(source, sink) and algorithmName = sink.getNode().(NormalHashFunction::Sink).getAlgorithmName() and