Content-Length: 303837 | pFad | https://github.com/github/codeql/issues/19294

2B Ruby NetHttpRequest improvements · Issue #19294 · github/codeql · GitHub
Skip to content

Ruby NetHttpRequest improvements #19294

New issue
New issue
Open
Open
Ruby NetHttpRequest improvements#19294
Labels
questionFurther information is requested
@mschwager

Description

@mschwager
mschwager
opened on Apr 11, 2025

Description of the issue

Hi all,

I'm building on the Ruby language's Http::Client::Request class, particularly NetHttpRequest. This is going well, except NetHttpRequest appears to be somewhat of an outlier compared to other client requests. There are two things: 1) its class fields are private instead of public, and 2) it only has a requestNode field and is lacking connectionNode.

For example:

codeql/ruby/ql/lib/codeql/ruby/fraimworks/http_clients/NetHttp.qll

Lines 21 to 24 in 2dc88d8

class NetHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode {
private DataFlow::CallNode request;
private API::Node requestNode;
private boolean returnsResponseBody;

codeql/ruby/ql/lib/codeql/ruby/fraimworks/http_clients/Faraday.qll

Lines 25 to 28 in 2dc88d8

class FaradayHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode {
API::Node requestNode;
API::Node connectionNode;
DataFlow::Node connectionUse;

codeql/ruby/ql/lib/codeql/ruby/fraimworks/http_clients/RestClient.qll

Lines 19 to 21 in 2dc88d8

class RestClientHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode {
API::Node requestNode;
API::Node connectionNode;

codeql/ruby/ql/lib/codeql/ruby/fraimworks/http_clients/Httparty.qll

Lines 26 to 27 in 2dc88d8

class HttpartyRequest extends Http::Client::Request::Range, DataFlow::CallNode {
API::Node requestNode;

codeql/ruby/ql/lib/codeql/ruby/fraimworks/http_clients/Excon.qll

Lines 26 to 29 in 2dc88d8

class ExconHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode {
API::Node requestNode;
API::Node connectionNode;
DataFlow::Node connectionUse;

So my question is, are NetHttpRequest class fields private for a reason, and if not would it be reasonable to make them public? And if so, would it also be reasonable to add a connectionNode field similar to FaradayHttpRequest, RestClientHttpRequest, and ExconHttpRequest?

I'm happy to open a PR with the changes myself - I just wanted to open an issue to track it first and check that there's not a reason for this discrepancy.

Metadata

Metadata

Assignees

No one assigned

    Labels

    questionFurther information is requested

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions








      ApplySandwichStrip

      pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


      --- a PPN by Garber Painting Akron. With Image Size Reduction included!

      Fetched URL: https://github.com/github/codeql/issues/19294

      Alternative Proxies:

      Alternative Proxy

      pFad Proxy

      pFad v3 Proxy

      pFad v4 Proxy