mirror of
https://github.com/github/codeql.git
synced 2026-04-28 02:05:14 +02:00
Ruby: local dataflow step for || and &&
This commit is contained in:
Arthur Baars
@@ -181,6 +181,12 @@ module LocalFlow {
|
||||
) and
|
||||
nodeFrom.asExpr() = for.getValue()
|
||||
)
|
||||
or
|
||||
nodeTo.asExpr() =
|
||||
any(CfgNodes::ExprNodes::BinaryOperationCfgNode op |
|
||||
op.getExpr() instanceof BinaryLogicalOperation and
|
||||
nodeFrom.asExpr() = op.getAPredecessor()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -157,3 +157,89 @@
|
||||
| local_dataflow.rb:87:25:87:25 | [post] x | local_dataflow.rb:87:29:87:29 | x |
|
||||
| local_dataflow.rb:87:25:87:25 | x | local_dataflow.rb:87:29:87:29 | x |
|
||||
| local_dataflow.rb:87:29:87:29 | x | local_dataflow.rb:87:15:87:48 | then ... |
|
||||
| local_dataflow.rb:92:1:109:3 | self (and_or) | local_dataflow.rb:93:7:93:15 | self |
|
||||
| local_dataflow.rb:92:1:109:3 | self in and_or | local_dataflow.rb:92:1:109:3 | self (and_or) |
|
||||
| local_dataflow.rb:93:3:93:28 | ... = ... | local_dataflow.rb:94:8:94:8 | a |
|
||||
| local_dataflow.rb:93:7:93:15 | [post] self | local_dataflow.rb:93:20:93:28 | self |
|
||||
| local_dataflow.rb:93:7:93:15 | [post] self | local_dataflow.rb:94:3:94:9 | self |
|
||||
| local_dataflow.rb:93:7:93:15 | call to source | local_dataflow.rb:93:7:93:28 | ... \|\| ... |
|
||||
| local_dataflow.rb:93:7:93:15 | self | local_dataflow.rb:93:20:93:28 | self |
|
||||
| local_dataflow.rb:93:7:93:15 | self | local_dataflow.rb:94:3:94:9 | self |
|
||||
| local_dataflow.rb:93:7:93:28 | ... \|\| ... | local_dataflow.rb:93:3:93:28 | ... = ... |
|
||||
| local_dataflow.rb:93:7:93:28 | ... \|\| ... | local_dataflow.rb:93:3:93:28 | ... = ... |
|
||||
| local_dataflow.rb:93:20:93:28 | [post] self | local_dataflow.rb:94:3:94:9 | self |
|
||||
| local_dataflow.rb:93:20:93:28 | call to source | local_dataflow.rb:93:7:93:28 | ... \|\| ... |
|
||||
| local_dataflow.rb:93:20:93:28 | self | local_dataflow.rb:94:3:94:9 | self |
|
||||
| local_dataflow.rb:94:3:94:9 | [post] self | local_dataflow.rb:95:8:95:16 | self |
|
||||
| local_dataflow.rb:94:3:94:9 | self | local_dataflow.rb:95:8:95:16 | self |
|
||||
| local_dataflow.rb:95:3:95:30 | ... = ... | local_dataflow.rb:96:8:96:8 | b |
|
||||
| local_dataflow.rb:95:7:95:30 | ( ... ) | local_dataflow.rb:95:3:95:30 | ... = ... |
|
||||
| local_dataflow.rb:95:7:95:30 | ( ... ) | local_dataflow.rb:95:3:95:30 | ... = ... |
|
||||
| local_dataflow.rb:95:8:95:16 | [post] self | local_dataflow.rb:95:21:95:29 | self |
|
||||
| local_dataflow.rb:95:8:95:16 | [post] self | local_dataflow.rb:96:3:96:9 | self |
|
||||
| local_dataflow.rb:95:8:95:16 | call to source | local_dataflow.rb:95:8:95:29 | ... or ... |
|
||||
| local_dataflow.rb:95:8:95:16 | self | local_dataflow.rb:95:21:95:29 | self |
|
||||
| local_dataflow.rb:95:8:95:16 | self | local_dataflow.rb:96:3:96:9 | self |
|
||||
| local_dataflow.rb:95:8:95:29 | ... or ... | local_dataflow.rb:95:7:95:30 | ( ... ) |
|
||||
| local_dataflow.rb:95:21:95:29 | [post] self | local_dataflow.rb:96:3:96:9 | self |
|
||||
| local_dataflow.rb:95:21:95:29 | call to source | local_dataflow.rb:95:8:95:29 | ... or ... |
|
||||
| local_dataflow.rb:95:21:95:29 | self | local_dataflow.rb:96:3:96:9 | self |
|
||||
| local_dataflow.rb:96:3:96:9 | [post] self | local_dataflow.rb:98:7:98:15 | self |
|
||||
| local_dataflow.rb:96:3:96:9 | self | local_dataflow.rb:98:7:98:15 | self |
|
||||
| local_dataflow.rb:98:3:98:28 | ... = ... | local_dataflow.rb:99:8:99:8 | a |
|
||||
| local_dataflow.rb:98:7:98:15 | [post] self | local_dataflow.rb:98:20:98:28 | self |
|
||||
| local_dataflow.rb:98:7:98:15 | [post] self | local_dataflow.rb:99:3:99:9 | self |
|
||||
| local_dataflow.rb:98:7:98:15 | call to source | local_dataflow.rb:98:7:98:28 | ... && ... |
|
||||
| local_dataflow.rb:98:7:98:15 | self | local_dataflow.rb:98:20:98:28 | self |
|
||||
| local_dataflow.rb:98:7:98:15 | self | local_dataflow.rb:99:3:99:9 | self |
|
||||
| local_dataflow.rb:98:7:98:28 | ... && ... | local_dataflow.rb:98:3:98:28 | ... = ... |
|
||||
| local_dataflow.rb:98:7:98:28 | ... && ... | local_dataflow.rb:98:3:98:28 | ... = ... |
|
||||
| local_dataflow.rb:98:20:98:28 | [post] self | local_dataflow.rb:99:3:99:9 | self |
|
||||
| local_dataflow.rb:98:20:98:28 | call to source | local_dataflow.rb:98:7:98:28 | ... && ... |
|
||||
| local_dataflow.rb:98:20:98:28 | self | local_dataflow.rb:99:3:99:9 | self |
|
||||
| local_dataflow.rb:99:3:99:9 | [post] self | local_dataflow.rb:100:8:100:16 | self |
|
||||
| local_dataflow.rb:99:3:99:9 | self | local_dataflow.rb:100:8:100:16 | self |
|
||||
| local_dataflow.rb:100:3:100:31 | ... = ... | local_dataflow.rb:101:8:101:8 | b |
|
||||
| local_dataflow.rb:100:7:100:31 | ( ... ) | local_dataflow.rb:100:3:100:31 | ... = ... |
|
||||
| local_dataflow.rb:100:7:100:31 | ( ... ) | local_dataflow.rb:100:3:100:31 | ... = ... |
|
||||
| local_dataflow.rb:100:8:100:16 | [post] self | local_dataflow.rb:100:22:100:30 | self |
|
||||
| local_dataflow.rb:100:8:100:16 | [post] self | local_dataflow.rb:101:3:101:9 | self |
|
||||
| local_dataflow.rb:100:8:100:16 | call to source | local_dataflow.rb:100:8:100:30 | ... and ... |
|
||||
| local_dataflow.rb:100:8:100:16 | self | local_dataflow.rb:100:22:100:30 | self |
|
||||
| local_dataflow.rb:100:8:100:16 | self | local_dataflow.rb:101:3:101:9 | self |
|
||||
| local_dataflow.rb:100:8:100:30 | ... and ... | local_dataflow.rb:100:7:100:31 | ( ... ) |
|
||||
| local_dataflow.rb:100:22:100:30 | [post] self | local_dataflow.rb:101:3:101:9 | self |
|
||||
| local_dataflow.rb:100:22:100:30 | call to source | local_dataflow.rb:100:8:100:30 | ... and ... |
|
||||
| local_dataflow.rb:100:22:100:30 | self | local_dataflow.rb:101:3:101:9 | self |
|
||||
| local_dataflow.rb:101:3:101:9 | [post] self | local_dataflow.rb:103:7:103:15 | self |
|
||||
| local_dataflow.rb:101:3:101:9 | self | local_dataflow.rb:103:7:103:15 | self |
|
||||
| local_dataflow.rb:103:3:103:15 | ... = ... | local_dataflow.rb:104:3:104:3 | a |
|
||||
| local_dataflow.rb:103:7:103:15 | [post] self | local_dataflow.rb:104:9:104:17 | self |
|
||||
| local_dataflow.rb:103:7:103:15 | [post] self | local_dataflow.rb:105:3:105:9 | self |
|
||||
| local_dataflow.rb:103:7:103:15 | call to source | local_dataflow.rb:103:3:103:15 | ... = ... |
|
||||
| local_dataflow.rb:103:7:103:15 | call to source | local_dataflow.rb:103:3:103:15 | ... = ... |
|
||||
| local_dataflow.rb:103:7:103:15 | self | local_dataflow.rb:104:9:104:17 | self |
|
||||
| local_dataflow.rb:103:7:103:15 | self | local_dataflow.rb:105:3:105:9 | self |
|
||||
| local_dataflow.rb:104:3:104:3 | a | local_dataflow.rb:104:5:104:7 | ... \|\| ... |
|
||||
| local_dataflow.rb:104:3:104:17 | ... = ... | local_dataflow.rb:105:8:105:8 | a |
|
||||
| local_dataflow.rb:104:5:104:7 | ... \|\| ... | local_dataflow.rb:104:3:104:17 | ... = ... |
|
||||
| local_dataflow.rb:104:5:104:7 | ... \|\| ... | local_dataflow.rb:104:3:104:17 | ... = ... |
|
||||
| local_dataflow.rb:104:9:104:17 | [post] self | local_dataflow.rb:105:3:105:9 | self |
|
||||
| local_dataflow.rb:104:9:104:17 | call to source | local_dataflow.rb:104:5:104:7 | ... \|\| ... |
|
||||
| local_dataflow.rb:104:9:104:17 | self | local_dataflow.rb:105:3:105:9 | self |
|
||||
| local_dataflow.rb:105:3:105:9 | [post] self | local_dataflow.rb:106:7:106:15 | self |
|
||||
| local_dataflow.rb:105:3:105:9 | self | local_dataflow.rb:106:7:106:15 | self |
|
||||
| local_dataflow.rb:106:3:106:15 | ... = ... | local_dataflow.rb:107:3:107:3 | b |
|
||||
| local_dataflow.rb:106:7:106:15 | [post] self | local_dataflow.rb:107:9:107:17 | self |
|
||||
| local_dataflow.rb:106:7:106:15 | [post] self | local_dataflow.rb:108:3:108:9 | self |
|
||||
| local_dataflow.rb:106:7:106:15 | call to source | local_dataflow.rb:106:3:106:15 | ... = ... |
|
||||
| local_dataflow.rb:106:7:106:15 | call to source | local_dataflow.rb:106:3:106:15 | ... = ... |
|
||||
| local_dataflow.rb:106:7:106:15 | self | local_dataflow.rb:107:9:107:17 | self |
|
||||
| local_dataflow.rb:106:7:106:15 | self | local_dataflow.rb:108:3:108:9 | self |
|
||||
| local_dataflow.rb:107:3:107:3 | b | local_dataflow.rb:107:5:107:7 | ... && ... |
|
||||
| local_dataflow.rb:107:3:107:17 | ... = ... | local_dataflow.rb:108:8:108:8 | b |
|
||||
| local_dataflow.rb:107:5:107:7 | ... && ... | local_dataflow.rb:107:3:107:17 | ... = ... |
|
||||
| local_dataflow.rb:107:5:107:7 | ... && ... | local_dataflow.rb:107:3:107:17 | ... = ... |
|
||||
| local_dataflow.rb:107:9:107:17 | [post] self | local_dataflow.rb:108:3:108:9 | self |
|
||||
| local_dataflow.rb:107:9:107:17 | call to source | local_dataflow.rb:107:5:107:7 | ... && ... |
|
||||
| local_dataflow.rb:107:9:107:17 | self | local_dataflow.rb:108:3:108:9 | self |
|
||||
|
||||
@@ -13,6 +13,7 @@ ret
|
||||
| local_dataflow.rb:51:3:51:15 | break |
|
||||
| local_dataflow.rb:52:3:52:10 | "normal" |
|
||||
| local_dataflow.rb:89:3:89:9 | call to sink |
|
||||
| local_dataflow.rb:108:3:108:9 | call to sink |
|
||||
arg
|
||||
| local_dataflow.rb:3:8:3:10 | self | local_dataflow.rb:3:8:3:10 | call to p | self |
|
||||
| local_dataflow.rb:3:10:3:10 | a | local_dataflow.rb:3:8:3:10 | call to p | position 0 |
|
||||
@@ -75,3 +76,51 @@ arg
|
||||
| local_dataflow.rb:87:25:87:25 | x | local_dataflow.rb:87:20:87:26 | call to sink | position 0 |
|
||||
| local_dataflow.rb:89:3:89:9 | self | local_dataflow.rb:89:3:89:9 | call to sink | self |
|
||||
| local_dataflow.rb:89:8:89:8 | z | local_dataflow.rb:89:3:89:9 | call to sink | position 0 |
|
||||
| local_dataflow.rb:93:7:93:15 | call to source | local_dataflow.rb:93:7:93:28 | ... \|\| ... | self |
|
||||
| local_dataflow.rb:93:7:93:15 | self | local_dataflow.rb:93:7:93:15 | call to source | self |
|
||||
| local_dataflow.rb:93:14:93:14 | 1 | local_dataflow.rb:93:7:93:15 | call to source | position 0 |
|
||||
| local_dataflow.rb:93:20:93:28 | call to source | local_dataflow.rb:93:7:93:28 | ... \|\| ... | position 0 |
|
||||
| local_dataflow.rb:93:20:93:28 | self | local_dataflow.rb:93:20:93:28 | call to source | self |
|
||||
| local_dataflow.rb:93:27:93:27 | 2 | local_dataflow.rb:93:20:93:28 | call to source | position 0 |
|
||||
| local_dataflow.rb:94:3:94:9 | self | local_dataflow.rb:94:3:94:9 | call to sink | self |
|
||||
| local_dataflow.rb:94:8:94:8 | a | local_dataflow.rb:94:3:94:9 | call to sink | position 0 |
|
||||
| local_dataflow.rb:95:8:95:16 | call to source | local_dataflow.rb:95:8:95:29 | ... or ... | self |
|
||||
| local_dataflow.rb:95:8:95:16 | self | local_dataflow.rb:95:8:95:16 | call to source | self |
|
||||
| local_dataflow.rb:95:15:95:15 | 1 | local_dataflow.rb:95:8:95:16 | call to source | position 0 |
|
||||
| local_dataflow.rb:95:21:95:29 | call to source | local_dataflow.rb:95:8:95:29 | ... or ... | position 0 |
|
||||
| local_dataflow.rb:95:21:95:29 | self | local_dataflow.rb:95:21:95:29 | call to source | self |
|
||||
| local_dataflow.rb:95:28:95:28 | 2 | local_dataflow.rb:95:21:95:29 | call to source | position 0 |
|
||||
| local_dataflow.rb:96:3:96:9 | self | local_dataflow.rb:96:3:96:9 | call to sink | self |
|
||||
| local_dataflow.rb:96:8:96:8 | b | local_dataflow.rb:96:3:96:9 | call to sink | position 0 |
|
||||
| local_dataflow.rb:98:7:98:15 | call to source | local_dataflow.rb:98:7:98:28 | ... && ... | self |
|
||||
| local_dataflow.rb:98:7:98:15 | self | local_dataflow.rb:98:7:98:15 | call to source | self |
|
||||
| local_dataflow.rb:98:14:98:14 | 1 | local_dataflow.rb:98:7:98:15 | call to source | position 0 |
|
||||
| local_dataflow.rb:98:20:98:28 | call to source | local_dataflow.rb:98:7:98:28 | ... && ... | position 0 |
|
||||
| local_dataflow.rb:98:20:98:28 | self | local_dataflow.rb:98:20:98:28 | call to source | self |
|
||||
| local_dataflow.rb:98:27:98:27 | 2 | local_dataflow.rb:98:20:98:28 | call to source | position 0 |
|
||||
| local_dataflow.rb:99:3:99:9 | self | local_dataflow.rb:99:3:99:9 | call to sink | self |
|
||||
| local_dataflow.rb:99:8:99:8 | a | local_dataflow.rb:99:3:99:9 | call to sink | position 0 |
|
||||
| local_dataflow.rb:100:8:100:16 | call to source | local_dataflow.rb:100:8:100:30 | ... and ... | self |
|
||||
| local_dataflow.rb:100:8:100:16 | self | local_dataflow.rb:100:8:100:16 | call to source | self |
|
||||
| local_dataflow.rb:100:15:100:15 | 1 | local_dataflow.rb:100:8:100:16 | call to source | position 0 |
|
||||
| local_dataflow.rb:100:22:100:30 | call to source | local_dataflow.rb:100:8:100:30 | ... and ... | position 0 |
|
||||
| local_dataflow.rb:100:22:100:30 | self | local_dataflow.rb:100:22:100:30 | call to source | self |
|
||||
| local_dataflow.rb:100:29:100:29 | 2 | local_dataflow.rb:100:22:100:30 | call to source | position 0 |
|
||||
| local_dataflow.rb:101:3:101:9 | self | local_dataflow.rb:101:3:101:9 | call to sink | self |
|
||||
| local_dataflow.rb:101:8:101:8 | b | local_dataflow.rb:101:3:101:9 | call to sink | position 0 |
|
||||
| local_dataflow.rb:103:7:103:15 | self | local_dataflow.rb:103:7:103:15 | call to source | self |
|
||||
| local_dataflow.rb:103:14:103:14 | 5 | local_dataflow.rb:103:7:103:15 | call to source | position 0 |
|
||||
| local_dataflow.rb:104:3:104:3 | a | local_dataflow.rb:104:5:104:7 | ... \|\| ... | self |
|
||||
| local_dataflow.rb:104:9:104:17 | call to source | local_dataflow.rb:104:5:104:7 | ... \|\| ... | position 0 |
|
||||
| local_dataflow.rb:104:9:104:17 | self | local_dataflow.rb:104:9:104:17 | call to source | self |
|
||||
| local_dataflow.rb:104:16:104:16 | 6 | local_dataflow.rb:104:9:104:17 | call to source | position 0 |
|
||||
| local_dataflow.rb:105:3:105:9 | self | local_dataflow.rb:105:3:105:9 | call to sink | self |
|
||||
| local_dataflow.rb:105:8:105:8 | a | local_dataflow.rb:105:3:105:9 | call to sink | position 0 |
|
||||
| local_dataflow.rb:106:7:106:15 | self | local_dataflow.rb:106:7:106:15 | call to source | self |
|
||||
| local_dataflow.rb:106:14:106:14 | 7 | local_dataflow.rb:106:7:106:15 | call to source | position 0 |
|
||||
| local_dataflow.rb:107:3:107:3 | b | local_dataflow.rb:107:5:107:7 | ... && ... | self |
|
||||
| local_dataflow.rb:107:9:107:17 | call to source | local_dataflow.rb:107:5:107:7 | ... && ... | position 0 |
|
||||
| local_dataflow.rb:107:9:107:17 | self | local_dataflow.rb:107:9:107:17 | call to source | self |
|
||||
| local_dataflow.rb:107:16:107:16 | 8 | local_dataflow.rb:107:9:107:17 | call to source | position 0 |
|
||||
| local_dataflow.rb:108:3:108:9 | self | local_dataflow.rb:108:3:108:9 | call to sink | self |
|
||||
| local_dataflow.rb:108:8:108:8 | b | local_dataflow.rb:108:3:108:9 | call to sink | position 0 |
|
||||
|
||||
@@ -9,6 +9,30 @@ edges
|
||||
| local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:86:33:86:33 | g |
|
||||
| local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:87:25:87:25 | x |
|
||||
| local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:89:8:89:8 | z |
|
||||
| local_dataflow.rb:93:7:93:15 | call to source : | local_dataflow.rb:94:8:94:8 | a |
|
||||
| local_dataflow.rb:93:7:93:15 | call to source : | local_dataflow.rb:94:8:94:8 | a |
|
||||
| local_dataflow.rb:93:20:93:28 | call to source : | local_dataflow.rb:94:8:94:8 | a |
|
||||
| local_dataflow.rb:93:20:93:28 | call to source : | local_dataflow.rb:94:8:94:8 | a |
|
||||
| local_dataflow.rb:95:8:95:16 | call to source : | local_dataflow.rb:96:8:96:8 | b |
|
||||
| local_dataflow.rb:95:8:95:16 | call to source : | local_dataflow.rb:96:8:96:8 | b |
|
||||
| local_dataflow.rb:95:21:95:29 | call to source : | local_dataflow.rb:96:8:96:8 | b |
|
||||
| local_dataflow.rb:95:21:95:29 | call to source : | local_dataflow.rb:96:8:96:8 | b |
|
||||
| local_dataflow.rb:98:7:98:15 | call to source : | local_dataflow.rb:99:8:99:8 | a |
|
||||
| local_dataflow.rb:98:7:98:15 | call to source : | local_dataflow.rb:99:8:99:8 | a |
|
||||
| local_dataflow.rb:98:20:98:28 | call to source : | local_dataflow.rb:99:8:99:8 | a |
|
||||
| local_dataflow.rb:98:20:98:28 | call to source : | local_dataflow.rb:99:8:99:8 | a |
|
||||
| local_dataflow.rb:100:8:100:16 | call to source : | local_dataflow.rb:101:8:101:8 | b |
|
||||
| local_dataflow.rb:100:8:100:16 | call to source : | local_dataflow.rb:101:8:101:8 | b |
|
||||
| local_dataflow.rb:100:22:100:30 | call to source : | local_dataflow.rb:101:8:101:8 | b |
|
||||
| local_dataflow.rb:100:22:100:30 | call to source : | local_dataflow.rb:101:8:101:8 | b |
|
||||
| local_dataflow.rb:103:7:103:15 | call to source : | local_dataflow.rb:105:8:105:8 | a |
|
||||
| local_dataflow.rb:103:7:103:15 | call to source : | local_dataflow.rb:105:8:105:8 | a |
|
||||
| local_dataflow.rb:104:9:104:17 | call to source : | local_dataflow.rb:105:8:105:8 | a |
|
||||
| local_dataflow.rb:104:9:104:17 | call to source : | local_dataflow.rb:105:8:105:8 | a |
|
||||
| local_dataflow.rb:106:7:106:15 | call to source : | local_dataflow.rb:108:8:108:8 | b |
|
||||
| local_dataflow.rb:106:7:106:15 | call to source : | local_dataflow.rb:108:8:108:8 | b |
|
||||
| local_dataflow.rb:107:9:107:17 | call to source : | local_dataflow.rb:108:8:108:8 | b |
|
||||
| local_dataflow.rb:107:9:107:17 | call to source : | local_dataflow.rb:108:8:108:8 | b |
|
||||
nodes
|
||||
| local_dataflow.rb:78:12:78:20 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:79:25:79:25 | b | semmle.label | b |
|
||||
@@ -20,6 +44,42 @@ nodes
|
||||
| local_dataflow.rb:86:33:86:33 | g | semmle.label | g |
|
||||
| local_dataflow.rb:87:25:87:25 | x | semmle.label | x |
|
||||
| local_dataflow.rb:89:8:89:8 | z | semmle.label | z |
|
||||
| local_dataflow.rb:93:7:93:15 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:93:7:93:15 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:93:20:93:28 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:93:20:93:28 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:94:8:94:8 | a | semmle.label | a |
|
||||
| local_dataflow.rb:94:8:94:8 | a | semmle.label | a |
|
||||
| local_dataflow.rb:95:8:95:16 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:95:8:95:16 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:95:21:95:29 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:95:21:95:29 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:96:8:96:8 | b | semmle.label | b |
|
||||
| local_dataflow.rb:96:8:96:8 | b | semmle.label | b |
|
||||
| local_dataflow.rb:98:7:98:15 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:98:7:98:15 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:98:20:98:28 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:98:20:98:28 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:99:8:99:8 | a | semmle.label | a |
|
||||
| local_dataflow.rb:99:8:99:8 | a | semmle.label | a |
|
||||
| local_dataflow.rb:100:8:100:16 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:100:8:100:16 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:100:22:100:30 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:100:22:100:30 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:101:8:101:8 | b | semmle.label | b |
|
||||
| local_dataflow.rb:101:8:101:8 | b | semmle.label | b |
|
||||
| local_dataflow.rb:103:7:103:15 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:103:7:103:15 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:104:9:104:17 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:104:9:104:17 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:105:8:105:8 | a | semmle.label | a |
|
||||
| local_dataflow.rb:105:8:105:8 | a | semmle.label | a |
|
||||
| local_dataflow.rb:106:7:106:15 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:106:7:106:15 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:107:9:107:17 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:107:9:107:17 | call to source : | semmle.label | call to source : |
|
||||
| local_dataflow.rb:108:8:108:8 | b | semmle.label | b |
|
||||
| local_dataflow.rb:108:8:108:8 | b | semmle.label | b |
|
||||
subpaths
|
||||
#select
|
||||
| local_dataflow.rb:79:25:79:25 | b | local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:79:25:79:25 | b | $@ | local_dataflow.rb:78:12:78:20 | call to source : | call to source : |
|
||||
@@ -31,3 +91,15 @@ subpaths
|
||||
| local_dataflow.rb:86:33:86:33 | g | local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:86:33:86:33 | g | $@ | local_dataflow.rb:78:12:78:20 | call to source : | call to source : |
|
||||
| local_dataflow.rb:87:25:87:25 | x | local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:87:25:87:25 | x | $@ | local_dataflow.rb:78:12:78:20 | call to source : | call to source : |
|
||||
| local_dataflow.rb:89:8:89:8 | z | local_dataflow.rb:78:12:78:20 | call to source : | local_dataflow.rb:89:8:89:8 | z | $@ | local_dataflow.rb:78:12:78:20 | call to source : | call to source : |
|
||||
| local_dataflow.rb:94:8:94:8 | a | local_dataflow.rb:93:7:93:15 | call to source : | local_dataflow.rb:94:8:94:8 | a | $@ | local_dataflow.rb:93:7:93:15 | call to source : | call to source : |
|
||||
| local_dataflow.rb:94:8:94:8 | a | local_dataflow.rb:93:20:93:28 | call to source : | local_dataflow.rb:94:8:94:8 | a | $@ | local_dataflow.rb:93:20:93:28 | call to source : | call to source : |
|
||||
| local_dataflow.rb:96:8:96:8 | b | local_dataflow.rb:95:8:95:16 | call to source : | local_dataflow.rb:96:8:96:8 | b | $@ | local_dataflow.rb:95:8:95:16 | call to source : | call to source : |
|
||||
| local_dataflow.rb:96:8:96:8 | b | local_dataflow.rb:95:21:95:29 | call to source : | local_dataflow.rb:96:8:96:8 | b | $@ | local_dataflow.rb:95:21:95:29 | call to source : | call to source : |
|
||||
| local_dataflow.rb:99:8:99:8 | a | local_dataflow.rb:98:7:98:15 | call to source : | local_dataflow.rb:99:8:99:8 | a | $@ | local_dataflow.rb:98:7:98:15 | call to source : | call to source : |
|
||||
| local_dataflow.rb:99:8:99:8 | a | local_dataflow.rb:98:20:98:28 | call to source : | local_dataflow.rb:99:8:99:8 | a | $@ | local_dataflow.rb:98:20:98:28 | call to source : | call to source : |
|
||||
| local_dataflow.rb:101:8:101:8 | b | local_dataflow.rb:100:8:100:16 | call to source : | local_dataflow.rb:101:8:101:8 | b | $@ | local_dataflow.rb:100:8:100:16 | call to source : | call to source : |
|
||||
| local_dataflow.rb:101:8:101:8 | b | local_dataflow.rb:100:22:100:30 | call to source : | local_dataflow.rb:101:8:101:8 | b | $@ | local_dataflow.rb:100:22:100:30 | call to source : | call to source : |
|
||||
| local_dataflow.rb:105:8:105:8 | a | local_dataflow.rb:103:7:103:15 | call to source : | local_dataflow.rb:105:8:105:8 | a | $@ | local_dataflow.rb:103:7:103:15 | call to source : | call to source : |
|
||||
| local_dataflow.rb:105:8:105:8 | a | local_dataflow.rb:104:9:104:17 | call to source : | local_dataflow.rb:105:8:105:8 | a | $@ | local_dataflow.rb:104:9:104:17 | call to source : | call to source : |
|
||||
| local_dataflow.rb:108:8:108:8 | b | local_dataflow.rb:106:7:106:15 | call to source : | local_dataflow.rb:108:8:108:8 | b | $@ | local_dataflow.rb:106:7:106:15 | call to source : | call to source : |
|
||||
| local_dataflow.rb:108:8:108:8 | b | local_dataflow.rb:107:9:107:17 | call to source : | local_dataflow.rb:108:8:108:8 | b | $@ | local_dataflow.rb:107:9:107:17 | call to source : | call to source : |
|
||||
|
||||
@@ -89,3 +89,21 @@ def test_case x
|
||||
sink(z) # $ hasTaintFlow=1
|
||||
end
|
||||
|
||||
def and_or
|
||||
a = source(1) || source(2)
|
||||
sink(a) # $ hasValueFlow=1 hasValueFlow=2
|
||||
b = (source(1) or source(2))
|
||||
sink(b) # $ hasValueFlow=1 hasValueFlow=2
|
||||
|
||||
a = source(1) && source(2)
|
||||
sink(a) # $ hasValueFlow=1 hasValueFlow=2
|
||||
b = (source(1) and source(2))
|
||||
sink(b) # $ hasValueFlow=1 hasValueFlow=2
|
||||
|
||||
a = source(5)
|
||||
a ||= source(6)
|
||||
sink(a) # $ hasValueFlow=5 hasValueFlow=6
|
||||
b = source(7)
|
||||
b &&= source(8)
|
||||
sink(b) # $ hasValueFlow=7 hasValueFlow=8
|
||||
end
|
||||
|
||||
@@ -2,7 +2,7 @@ edges
|
||||
| app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read : | app/controllers/foo/stores_controller.rb:9:22:9:23 | dt : |
|
||||
| app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read : | app/controllers/foo/stores_controller.rb:13:55:13:56 | dt : |
|
||||
| app/controllers/foo/stores_controller.rb:9:22:9:23 | dt : | app/views/foo/stores/show.html.erb:38:3:38:16 | @instance_text |
|
||||
| app/controllers/foo/stores_controller.rb:12:28:12:48 | call to raw_name : | app/views/foo/stores/show.html.erb:84:5:84:24 | @other_user_raw_name |
|
||||
| app/controllers/foo/stores_controller.rb:12:28:12:48 | call to raw_name : | app/views/foo/stores/show.html.erb:83:5:83:24 | @other_user_raw_name |
|
||||
| app/controllers/foo/stores_controller.rb:13:55:13:56 | dt : | app/views/foo/stores/show.html.erb:2:9:2:20 | call to display_text |
|
||||
| app/controllers/foo/stores_controller.rb:13:55:13:56 | dt : | app/views/foo/stores/show.html.erb:5:9:5:36 | ...[...] |
|
||||
| app/controllers/foo/stores_controller.rb:13:55:13:56 | dt : | app/views/foo/stores/show.html.erb:9:9:9:26 | ...[...] |
|
||||
@@ -29,7 +29,8 @@ nodes
|
||||
| app/views/foo/stores/show.html.erb:50:5:50:18 | call to raw_name | semmle.label | call to raw_name |
|
||||
| app/views/foo/stores/show.html.erb:64:3:64:18 | call to handle | semmle.label | call to handle |
|
||||
| app/views/foo/stores/show.html.erb:70:3:70:20 | call to raw_name | semmle.label | call to raw_name |
|
||||
| app/views/foo/stores/show.html.erb:84:5:84:24 | @other_user_raw_name | semmle.label | @other_user_raw_name |
|
||||
| app/views/foo/stores/show.html.erb:80:5:80:22 | call to display_name | semmle.label | call to display_name |
|
||||
| app/views/foo/stores/show.html.erb:83:5:83:24 | @other_user_raw_name | semmle.label | @other_user_raw_name |
|
||||
subpaths
|
||||
#select
|
||||
| app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read : | app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | stored value |
|
||||
@@ -43,4 +44,5 @@ subpaths
|
||||
| app/views/foo/stores/show.html.erb:50:5:50:18 | call to raw_name | app/views/foo/stores/show.html.erb:50:5:50:18 | call to raw_name | app/views/foo/stores/show.html.erb:50:5:50:18 | call to raw_name | Stored cross-site scripting vulnerability due to $@. | app/views/foo/stores/show.html.erb:50:5:50:18 | call to raw_name | stored value |
|
||||
| app/views/foo/stores/show.html.erb:64:3:64:18 | call to handle | app/views/foo/stores/show.html.erb:64:3:64:18 | call to handle | app/views/foo/stores/show.html.erb:64:3:64:18 | call to handle | Stored cross-site scripting vulnerability due to $@. | app/views/foo/stores/show.html.erb:64:3:64:18 | call to handle | stored value |
|
||||
| app/views/foo/stores/show.html.erb:70:3:70:20 | call to raw_name | app/views/foo/stores/show.html.erb:70:3:70:20 | call to raw_name | app/views/foo/stores/show.html.erb:70:3:70:20 | call to raw_name | Stored cross-site scripting vulnerability due to $@. | app/views/foo/stores/show.html.erb:70:3:70:20 | call to raw_name | stored value |
|
||||
| app/views/foo/stores/show.html.erb:84:5:84:24 | @other_user_raw_name | app/controllers/foo/stores_controller.rb:12:28:12:48 | call to raw_name : | app/views/foo/stores/show.html.erb:84:5:84:24 | @other_user_raw_name | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:12:28:12:48 | call to raw_name | stored value |
|
||||
| app/views/foo/stores/show.html.erb:80:5:80:22 | call to display_name | app/views/foo/stores/show.html.erb:80:5:80:22 | call to display_name | app/views/foo/stores/show.html.erb:80:5:80:22 | call to display_name | Stored cross-site scripting vulnerability due to $@. | app/views/foo/stores/show.html.erb:80:5:80:22 | call to display_name | stored value |
|
||||
| app/views/foo/stores/show.html.erb:83:5:83:24 | @other_user_raw_name | app/controllers/foo/stores_controller.rb:12:28:12:48 | call to raw_name : | app/views/foo/stores/show.html.erb:83:5:83:24 | @other_user_raw_name | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:12:28:12:48 | call to raw_name | stored value |
|
||||
|
||||
@@ -77,7 +77,6 @@
|
||||
%>
|
||||
|
||||
<%# BAD: Indirect to a database value without escaping %>
|
||||
<%# TODO: we do not detect that `display_name` can return a DB field %>
|
||||
<%= @user.display_name.html_safe %>
|
||||
|
||||
<%# BAD: Indirect to a database value without escaping %>
|
||||
|
||||
Reference in New Issue
Block a user