Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ruby: Add additional sql sinks for ActiveRecord connection methods #15619

Merged
merged 3 commits into from
Feb 22, 2024
Merged

Ruby: Add additional sql sinks for ActiveRecord connection methods #15619

merged 3 commits into from
Feb 22, 2024

Conversation

joefarebrother
Copy link
Contributor

@github-actions github-actions bot added the Ruby label Feb 14, 2024
@joefarebrother joefarebrother marked this pull request as ready for review February 15, 2024 13:55
@joefarebrother joefarebrother requested a review from a team as a code owner February 15, 2024 13:55
@joefarebrother joefarebrother changed the title Ruby: Add additional sinks for connection methods Ruby: Add additional sinks for ActiveRecord connection methods Feb 15, 2024
@joefarebrother joefarebrother force-pushed the ruby-activerecord-connection branch 2 times, most recently from 25f229d to 1eea99e Compare February 15, 2024 14:11
@joefarebrother joefarebrother changed the title Ruby: Add additional sinks for ActiveRecord connection methods Ruby: Add additional sql sinks for ActiveRecord connection methods Feb 15, 2024
@joefarebrother joefarebrother force-pushed the ruby-activerecord-connection branch from 1eea99e to e36b9f4 Compare February 15, 2024 15:26
alexrford
alexrford requested changes Feb 21, 2024
View reviewed changes
Copy link
Contributor

@alexrford alexrford left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the delay in reviewing this! One minor comment, otherwise looks great.

ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll
call = activeRecordConnectionInstance().getAMethodCall("execute") and
call =
activeRecordConnectionInstance()
.getAMethodCall([
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can add create (an alias for insert) to this.

I think we can also remove select_update? I can't find this as a query execution method.

@hmac
Copy link
Contributor

hmac commented Feb 22, 2024

Ah it looks like you need an explicit re-approval from @alexrford to merge this - I thought my approval would be enough. Sorry!

@joefarebrother joefarebrother merged commit 67e8f17 into github:main Feb 22, 2024
22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sidshank sidshank sidshank left review comments

@alexrford alexrford alexrford approved these changes

@hmac hmac hmac approved these changes

Assignees

@hmac hmac

@alexrford alexrford

Labels
documentation Ruby
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@joefarebrother @hmac @sidshank @alexrford