hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: Add more callback flow tests

Browse Source
This commit is contained in:
Tom Hvitved
2023-09-23 14:10:15 +02:00
parent ca05697365
commit 07910b09d0
3 changed files with 71 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
ruby/ql/test/library-tests/dataflow/global/Flow.expected
View File

@@ -5,6 +5,22 @@ edges
| blocks.rb:18:11:18:11 | x | blocks.rb:24:18:24:18 | x | provenance | |
| blocks.rb:24:3:24:11 | call to source | blocks.rb:17:10:17:10 | x | provenance | |
| blocks.rb:24:18:24:18 | x | blocks.rb:25:8:25:8 | x | provenance | |
| callbacks.rb:9:15:9:15 | x | callbacks.rb:10:12:10:12 | x | provenance | |
| callbacks.rb:10:12:10:12 | x | callbacks.rb:17:15:17:15 | x | provenance | |
| callbacks.rb:10:12:10:12 | x | callbacks.rb:18:15:18:15 | x | provenance | |
| callbacks.rb:13:20:13:20 | x | callbacks.rb:14:14:14:14 | x | provenance | |
| callbacks.rb:14:14:14:14 | x | callbacks.rb:9:15:9:15 | x | provenance | |
| callbacks.rb:17:15:17:15 | x | callbacks.rb:17:25:17:25 | x | provenance | |
| callbacks.rb:17:31:17:38 | call to taint | callbacks.rb:13:20:13:20 | x | provenance | |
| callbacks.rb:18:15:18:15 | x | callbacks.rb:18:25:18:25 | x | provenance | |
| callbacks.rb:20:17:20:17 | x | callbacks.rb:21:11:21:11 | x | provenance | |
| callbacks.rb:21:11:21:11 | x | callbacks.rb:28:31:28:31 | x | provenance | |
| callbacks.rb:21:11:21:11 | x | callbacks.rb:29:29:29:29 | x | provenance | |
| callbacks.rb:24:23:24:23 | x | callbacks.rb:25:17:25:17 | x | provenance | |
| callbacks.rb:25:17:25:17 | x | callbacks.rb:20:17:20:17 | x | provenance | |
| callbacks.rb:28:18:28:25 | call to taint | callbacks.rb:24:23:24:23 | x | provenance | |
| callbacks.rb:28:31:28:31 | x | callbacks.rb:28:39:28:39 | x | provenance | |
| callbacks.rb:29:29:29:29 | x | callbacks.rb:29:37:29:37 | x | provenance | |
| captured_variables.rb:9:24:9:24 | x | captured_variables.rb:11:5:11:6 | fn : [lambda] [captured x] | provenance | |
| captured_variables.rb:11:5:11:6 | fn : [lambda] [captured x] | captured_variables.rb:10:20:10:20 | x | provenance | |
| captured_variables.rb:13:20:13:29 | call to taint | captured_variables.rb:9:24:9:24 | x | provenance | |
@@ -272,6 +288,24 @@ nodes
| blocks.rb:24:3:24:11 | call to source | semmle.label | call to source |
| blocks.rb:24:18:24:18 | x | semmle.label | x |
| blocks.rb:25:8:25:8 | x | semmle.label | x |
| callbacks.rb:9:15:9:15 | x | semmle.label | x |
| callbacks.rb:10:12:10:12 | x | semmle.label | x |
| callbacks.rb:13:20:13:20 | x | semmle.label | x |
| callbacks.rb:14:14:14:14 | x | semmle.label | x |
| callbacks.rb:17:15:17:15 | x | semmle.label | x |
| callbacks.rb:17:25:17:25 | x | semmle.label | x |
| callbacks.rb:17:31:17:38 | call to taint | semmle.label | call to taint |
| callbacks.rb:18:15:18:15 | x | semmle.label | x |
| callbacks.rb:18:25:18:25 | x | semmle.label | x |
| callbacks.rb:20:17:20:17 | x | semmle.label | x |
| callbacks.rb:21:11:21:11 | x | semmle.label | x |
| callbacks.rb:24:23:24:23 | x | semmle.label | x |
| callbacks.rb:25:17:25:17 | x | semmle.label | x |
| callbacks.rb:28:18:28:25 | call to taint | semmle.label | call to taint |
| callbacks.rb:28:31:28:31 | x | semmle.label | x |
| callbacks.rb:28:39:28:39 | x | semmle.label | x |
| callbacks.rb:29:29:29:29 | x | semmle.label | x |
| callbacks.rb:29:37:29:37 | x | semmle.label | x |
| captured_variables.rb:9:24:9:24 | x | semmle.label | x |
| captured_variables.rb:10:20:10:20 | x | semmle.label | x |
| captured_variables.rb:11:5:11:6 | fn : [lambda] [captured x] | semmle.label | fn : [lambda] [captured x] |
@@ -582,9 +616,15 @@ subpaths
| instance_variables.rb:120:6:120:10 | foo16 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | captured_variables.rb:61:9:61:21 | return | instance_variables.rb:120:6:120:20 | call to get_field |
| instance_variables.rb:120:6:120:10 | foo16 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | instance_variables.rb:14:9:14:21 | return | instance_variables.rb:120:6:120:20 | call to get_field |
testFailures
| callbacks.rb:18:25:18:25 | x | Unexpected result: hasValueFlow=1 |
| callbacks.rb:29:37:29:37 | x | Unexpected result: hasValueFlow=2 |
#select
| blocks.rb:8:10:8:14 | yield ... | blocks.rb:14:12:14:20 | call to source | blocks.rb:8:10:8:14 | yield ... | $@ | blocks.rb:14:12:14:20 | call to source | call to source |
| blocks.rb:25:8:25:8 | x | blocks.rb:24:3:24:11 | call to source | blocks.rb:25:8:25:8 | x | $@ | blocks.rb:24:3:24:11 | call to source | call to source |
| callbacks.rb:17:25:17:25 | x | callbacks.rb:17:31:17:38 | call to taint | callbacks.rb:17:25:17:25 | x | $@ | callbacks.rb:17:31:17:38 | call to taint | call to taint |
| callbacks.rb:18:25:18:25 | x | callbacks.rb:17:31:17:38 | call to taint | callbacks.rb:18:25:18:25 | x | $@ | callbacks.rb:17:31:17:38 | call to taint | call to taint |
| callbacks.rb:28:39:28:39 | x | callbacks.rb:28:18:28:25 | call to taint | callbacks.rb:28:39:28:39 | x | $@ | callbacks.rb:28:18:28:25 | call to taint | call to taint |
| callbacks.rb:29:37:29:37 | x | callbacks.rb:28:18:28:25 | call to taint | callbacks.rb:29:37:29:37 | x | $@ | callbacks.rb:28:18:28:25 | call to taint | call to taint |
| captured_variables.rb:10:20:10:20 | x | captured_variables.rb:13:20:13:29 | call to taint | captured_variables.rb:10:20:10:20 | x | $@ | captured_variables.rb:13:20:13:29 | call to taint | call to taint |
| captured_variables.rb:17:14:17:14 | x | captured_variables.rb:20:25:20:34 | call to taint | captured_variables.rb:17:14:17:14 | x | $@ | captured_variables.rb:20:25:20:34 | call to taint | call to taint |
| captured_variables.rb:24:14:24:14 | x | captured_variables.rb:27:48:27:57 | call to taint | captured_variables.rb:24:14:24:14 | x | $@ | captured_variables.rb:27:48:27:57 | call to taint | call to taint |

2
ruby/ql/test/library-tests/dataflow/global/TypeTrackingInlineTest.expected
View File

@@ -1,4 +1,6 @@
| blocks.rb:4:10:4:10 | r | Fixed missing result: hasValueFlow=1 |
| callbacks.rb:17:41:17:58 | # $ hasValueFlow=1 | Missing result: hasValueFlow=1 |
| callbacks.rb:29:37:29:37 | x | Unexpected result: hasValueFlow=2 |
| captured_variables.rb:50:10:50:10 | x | Fixed missing result: hasValueFlow=2 |
| captured_variables.rb:68:25:68:68 | # $ hasValueFlow=3 $ MISSING: hasValueFlow=4 | Missing result: hasValueFlow=3 |
| captured_variables.rb:72:21:72:66 | # $ hasValueFlow=4 $ SPURIOUS: hasValueFlow=3 | Fixed spurious result: hasValueFlow=3 |

29
ruby/ql/test/library-tests/dataflow/global/callbacks.rb Normal file
View File

@@ -0,0 +1,29 @@
def taint x
x
end
def sink x
puts "SINK: #{x}"
end
def apply (f, x)
f.call(x)
end
def apply_wrap (f, x)
apply(f, x)
end
apply_wrap(->(x) { sink(x) }, taint(1)) # $ hasValueFlow=1
apply_wrap(->(x) { sink(x) }, "safe")
def apply_block x
yield x
end
def apply_block_wrap (x, &block)
apply_block(x, &block)
end
apply_block_wrap(taint(2)) { |x| sink(x) } # $ hasValueFlow=2
apply_block_wrap("safe") { |x| sink(x) }