Ruby: add type-tracking variant of hash-flow test

Ruby: fixup type-tracking hash flow test Fixup! type-tracking hash flow test result
2026-05-02 12:15:17 +02:00 · 2022-10-01 21:47:35 +02:00
parent 9302271c15
commit 00e52ad109
4 changed files with 91 additions and 13 deletions
--- a/ruby/ql/test/TestUtilities/InlineFlowTest.qll
+++ b/ruby/ql/test/TestUtilities/InlineFlowTest.qll
@@ -37,14 +37,7 @@ import codeql.ruby.AST
 import codeql.ruby.DataFlow
 import codeql.ruby.TaintTracking
 import TestUtilities.InlineExpectationsTest
-
-private predicate defaultSource(DataFlow::Node src) {
-  src.asExpr().getExpr().(MethodCall).getMethodName() = ["source", "taint"]
-}
-
-private predicate defaultSink(DataFlow::Node sink) {
-  exists(MethodCall mc | mc.getMethodName() = "sink" | sink.asExpr().getExpr() = mc.getAnArgument())
-}
+import TestUtilities.InlineFlowTestUtil

 class DefaultValueFlowConf extends DataFlow::Configuration {
  DefaultValueFlowConf() { this = "qltest:defaultValueFlowConf" }
@@ -66,11 +59,6 @@ class DefaultTaintFlowConf extends TaintTracking::Configuration {
  override int fieldFlowBranchLimit() { result = 1000 }
 }

-private string getSourceArgString(DataFlow::Node src) {
-  defaultSource(src) and
-  src.asExpr().getExpr().(MethodCall).getAnArgument().getConstantValue().toString() = result
-}
-
 class InlineFlowTest extends InlineExpectationsTest {
  InlineFlowTest() { this = "HasFlowTest" }

--- a/ruby/ql/test/TestUtilities/InlineFlowTestUtil.qll
+++ b/ruby/ql/test/TestUtilities/InlineFlowTestUtil.qll
@@ -0,0 +1,22 @@
+/**
+ * Defines the default source and sink recognition for `InlineFlowTest.qll`.
+ *
+ * We reuse these predicates in some type-tracking tests that don't wish to bring in the
+ * test configuration from `InlineFlowTest`.
+ */
+
+import codeql.ruby.AST
+import codeql.ruby.DataFlow
+
+predicate defaultSource(DataFlow::Node src) {
+  src.asExpr().getExpr().(MethodCall).getMethodName() = ["source", "taint"]
+}
+
+predicate defaultSink(DataFlow::Node sink) {
+  exists(MethodCall mc | mc.getMethodName() = "sink" | sink.asExpr().getExpr() = mc.getAnArgument())
+}
+
+string getSourceArgString(DataFlow::Node src) {
+  defaultSource(src) and
+  src.asExpr().getExpr().(MethodCall).getAnArgument().getConstantValue().toString() = result
+}
--- a/ruby/ql/test/library-tests/dataflow/hash-flow/type-tracking-hash-flow.expected
+++ b/ruby/ql/test/library-tests/dataflow/hash-flow/type-tracking-hash-flow.expected
@@ -0,0 +1,35 @@
+| hash_flow.rb:65:21:65:40 | # $ hasValueFlow=3.3 | Missing result:hasValueFlow=3.3 |
+| hash_flow.rb:66:21:66:49 | # $ SPURIOUS hasValueFlow=3.3 | Missing result:hasValueFlow=3.3 |
+| hash_flow.rb:114:10:114:17 | ...[...] | Unexpected result: hasValueFlow=7.2 |
+| hash_flow.rb:117:10:117:17 | ...[...] | Unexpected result: hasValueFlow=7.1 |
+| hash_flow.rb:117:10:117:17 | ...[...] | Unexpected result: hasValueFlow=7.2 |
+| hash_flow.rb:119:10:119:17 | ...[...] | Unexpected result: hasValueFlow=7.1 |
+| hash_flow.rb:152:16:152:36 | # $ hasValueFlow=10.1 | Missing result:hasValueFlow=10.1 |
+| hash_flow.rb:163:10:163:17 | ...[...] | Unexpected result: hasValueFlow=9.1 |
+| hash_flow.rb:187:10:187:17 | ...[...] | Unexpected result: hasValueFlow=12.1 |
+| hash_flow.rb:201:17:201:37 | # $ hasValueFlow=13.1 | Missing result:hasValueFlow=13.1 |
+| hash_flow.rb:219:27:219:47 | # $ hasValueFlow=14.2 | Missing result:hasValueFlow=14.2 |
+| hash_flow.rb:291:10:291:14 | ...[...] | Unexpected result: hasValueFlow=19.1 |
+| hash_flow.rb:294:10:294:14 | ...[...] | Unexpected result: hasValueFlow=19.3 |
+| hash_flow.rb:351:18:351:38 | # $ hasValueFlow=22.1 | Missing result:hasValueFlow=22.1 |
+| hash_flow.rb:396:18:396:38 | # $ hasValueFlow=25.1 | Missing result:hasValueFlow=25.1 |
+| hash_flow.rb:453:22:453:42 | # $ hasValueFlow=27.3 | Missing result:hasValueFlow=27.3 |
+| hash_flow.rb:455:22:455:42 | # $ hasValueFlow=27.4 | Missing result:hasValueFlow=27.4 |
+| hash_flow.rb:467:16:467:36 | # $ hasValueFlow=28.1 | Missing result:hasValueFlow=28.1 |
+| hash_flow.rb:482:16:482:36 | # $ hasValueFlow=29.1 | Missing result:hasValueFlow=29.1 |
+| hash_flow.rb:497:16:497:36 | # $ hasValueFlow=30.1 | Missing result:hasValueFlow=30.1 |
+| hash_flow.rb:513:22:513:42 | # $ hasValueFlow=31.1 | Missing result:hasValueFlow=31.1 |
+| hash_flow.rb:515:10:515:20 | ( ... ) | Unexpected result: hasValueFlow=31.3 |
+| hash_flow.rb:515:22:515:42 | # $ hasValueFlow=31.2 | Missing result:hasValueFlow=31.2 |
+| hash_flow.rb:529:18:529:38 | # $ hasValueFlow=32.1 | Missing result:hasValueFlow=32.1 |
+| hash_flow.rb:559:17:559:57 | # $ hasValueFlow=34.1 $ hasValueFlow=34.2 | Missing result:hasValueFlow=34.1 |
+| hash_flow.rb:559:17:559:57 | # $ hasValueFlow=34.1 $ hasValueFlow=34.2 | Missing result:hasValueFlow=34.2 |
+| hash_flow.rb:571:18:571:38 | # $ hasValueFlow=35.1 | Missing result:hasValueFlow=35.1 |
+| hash_flow.rb:576:18:576:38 | # $ hasValueFlow=35.1 | Missing result:hasValueFlow=35.1 |
+| hash_flow.rb:578:18:578:38 | # $ hasValueFlow=35.2 | Missing result:hasValueFlow=35.2 |
+| hash_flow.rb:591:20:591:60 | # $ hasValueFlow=36.1 $ hasValueFlow=36.2 | Missing result:hasValueFlow=36.1 |
+| hash_flow.rb:591:20:591:60 | # $ hasValueFlow=36.1 $ hasValueFlow=36.2 | Missing result:hasValueFlow=36.2 |
+| hash_flow.rb:668:14:668:18 | value | Unexpected result: hasValueFlow=41.3 |
+| hash_flow.rb:671:10:671:19 | ( ... ) | Unexpected result: hasValueFlow=41.1 |
+| hash_flow.rb:702:22:702:42 | # $ hasValueFlow=42.3 | Missing result:hasValueFlow=42.3 |
+| hash_flow.rb:704:22:704:42 | # $ hasValueFlow=42.4 | Missing result:hasValueFlow=42.4 |
--- a/ruby/ql/test/library-tests/dataflow/hash-flow/type-tracking-hash-flow.ql
+++ b/ruby/ql/test/library-tests/dataflow/hash-flow/type-tracking-hash-flow.ql
@@ -0,0 +1,33 @@
+import ruby
+import TestUtilities.InlineExpectationsTest
+import TestUtilities.InlineFlowTestUtil
+private import codeql.ruby.typetracking.TypeTracker
+
+private DataFlow::LocalSourceNode track(TypeTracker t, DataFlow::CallNode source) {
+  t.start() and
+  defaultSource(source) and
+  result = source
+  or
+  exists(TypeTracker t2 | result = track(t2, source).track(t2, t))
+}
+
+DataFlow::LocalSourceNode track(DataFlow::CallNode source) {
+  result = track(TypeTracker::end(), source)
+}
+
+class TypeTrackingFlowTest extends InlineExpectationsTest {
+  TypeTrackingFlowTest() { this = "TypeTrackingFlowTest" }
+
+  override string getARelevantTag() { result = "hasValueFlow" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(DataFlow::Node sink, DataFlow::Node source |
+      defaultSink(sink) and
+      track(source).flowsTo(sink) and
+      location = sink.getLocation() and
+      element = sink.toString() and
+      tag = "hasValueFlow" and
+      value = getSourceArgString(source)
+    )
+  }
+}