hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7920 from github/hmac/string-flow-summaries

Browse Source 
Ruby: Add String flow summaries
This commit is contained in:
Harry Maclean
2022-03-04 09:09:19 +13:00
committed by GitHub
parent b79d08523c 4a43731b83
commit 1181779c10
6 changed files with 1561 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ruby/ql/lib/codeql/ruby/frameworks/Core.qll
View File

@@ -10,6 +10,7 @@ import core.Object::Object
import core.Kernel::Kernel
import core.Module
import core.Array
import core.String
import core.Regexp
/**

583
ruby/ql/lib/codeql/ruby/frameworks/core/String.qll Normal file
View File

@@ -0,0 +1,583 @@
/** Provides flow summaries for the `String` class. */
private import codeql.ruby.AST
private import codeql.ruby.ApiGraphs
private import codeql.ruby.DataFlow
private import codeql.ruby.dataflow.FlowSummary
private import codeql.ruby.dataflow.internal.DataFlowDispatch
/**
* Provides flow summaries for the `String` class.
*
* The summaries are ordered (and implemented) based on
* https://docs.ruby-lang.org/en/3.1/String.html.
*/
module String {
/**
* Taint-preserving (but not value-preserving) flow from the receiver to the return value.
*/
private predicate taintIdentityFlow(string input, string output, boolean preservesValue) {
input = "Receiver" and
output = "ReturnValue" and
preservesValue = false
}
private class NewSummary extends SummarizedCallable {
NewSummary() { this = "String.new" }
override MethodCall getACall() {
result = API::getTopLevelMember("String").getAnInstantiation().getExprNode().getExpr()
}
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Argument[0]" and
output = "ReturnValue" and
preservesValue = true
}
}
private class TryConvertSummary extends SummarizedCallable {
TryConvertSummary() { this = "String.try_convert" }
override MethodCall getACall() {
result =
API::getTopLevelMember("String").getAMethodCall("try_convert").getExprNode().getExpr()
}
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Argument[0]" and
output = "ReturnValue" and
preservesValue = false
}
}
/**
* A flow summary for the `String#%` method.
*/
private class FormatSummary extends SimpleSummarizedCallable {
FormatSummary() { this = "%" }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = ["Receiver", "Argument[0]", "Argument[0].ArrayElement"] and
output = "ReturnValue" and
preservesValue = false
}
}
// TODO: * + << <=>
/**
* A flow summary for the `String#b` method.
*/
private class BSummary extends SimpleSummarizedCallable {
BSummary() { this = "b" }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
}
}
/**
* A flow summary for the `String#byteslice` method.
*/
private class BytesliceSummary extends SimpleSummarizedCallable {
BytesliceSummary() { this = "byteslice" }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
}
}
/**
* A flow summary for `String#capitalize(!)`.
*/
private class CapitalizeSummary extends SimpleSummarizedCallable {
CapitalizeSummary() { this = ["capitalize", "capitalize!"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Receiver" and
preservesValue = false and
output = "ReturnValue"
}
}
/**
* A flow summary for `String#center`, `String#ljust` and `String#rjust`.
*/
private class CenterSummary extends SimpleSummarizedCallable {
CenterSummary() { this = ["center", "ljust", "rjust"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
or
input = "Argument[1]" and
output = "ReturnValue" and
preservesValue = false
}
}
/**
* A flow summary for the `String#chomp`, `String#chomp!`, `String#chop` and `String#chop!` methods.
*/
private class ChompSummary extends SimpleSummarizedCallable {
ChompSummary() { this = ["chomp", "chomp!", "chop", "chop!"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
or
this = ["chomp!", "chop!"] and
input = "Receiver" and
preservesValue = false and
output = "Receiver"
}
}
/**
* This is a placeholder for `String#clear`.
* We can't currently write this summary because there is no `DataFlow::Content` node to refer to (unlike with `Array#clear`).
* We need a `DataFlow::Content` node in order to override `clearsContent`.
*/
private class ClearSummary extends SimpleSummarizedCallable {
ClearSummary() { none() }
}
/**
* A flow summary for `String#concat` and `String#prepend`.
*/
private class ConcatSummary extends SimpleSummarizedCallable {
ConcatSummary() {
// `concat` and `prepend` omitted because they clash with the summaries for
// `Array#concat` and `Array#prepend`.
// this = ["concat", "prepend"]
none()
}
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = ["Receiver", "Argument[_]"] and
output = ["ReturnValue", "Receiver"] and
preservesValue = false
}
}
/**
* A flow summary for `String#delete(!)`, `String#delete_prefix(!)` and `String#delete_suffix(!)`.
*/
private class DeleteSummary extends SimpleSummarizedCallable {
DeleteSummary() { this = ["delete", "delete_prefix", "delete_suffix"] + ["", "!"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
}
}
/**
* A flow summary for `String#downcase(!)`, `String#upcase` and `String#swapcase(!)`.
*/
private class DowncaseSummary extends SimpleSummarizedCallable {
DowncaseSummary() { this = ["downcase", "upcase", "swapcase"] + ["", "!"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
}
}
/**
* A flow summary for `String#dump` and `String#undump`.
*/
private class DumpSummary extends SimpleSummarizedCallable {
DumpSummary() { this = ["dump", "undump"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
}
}
/**
* A flow summary for `String#each_line` and `String#lines`.
* This is split into two summaries below - one for when a block is passed and one for when no block is passed.
*/
abstract private class EachLineSummary extends SummarizedCallable {
MethodCall mc;
bindingset[this]
EachLineSummary() { mc.getMethodName() = ["each_line", "lines"] }
final override MethodCall getACall() { result = mc }
}
/**
* A flow summary for `String#each_line` and `String#lines` when a block is passed.
*/
private class EachLineBlockSummary extends EachLineSummary {
EachLineBlockSummary() { this = "each_line_with_block" and exists(mc.getBlock()) }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
preservesValue = false and
input = "Receiver" and
output = ["BlockArgument.Parameter[0]", "ReturnValue"]
}
}
/**
* A flow summary for `String#each_line` and `String#lines` when no block is passed.
*/
private class EachLineNoBlockSummary extends EachLineSummary {
EachLineNoBlockSummary() { this = "each_line_without_block" and not exists(mc.getBlock()) }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
preservesValue = false and
input = "Receiver" and
output = "ReturnValue.ArrayElement[?]"
}
}
/**
* A flow summary for `String#encode(!)` and `String#unicode_normalize(!)`.
*/
private class EncodeSummary extends SimpleSummarizedCallable {
EncodeSummary() { this = ["encode", "unicode_normalize"] + ["", "!"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
}
}
/**
* A flow summary for `String#force_encoding`.
*/
private class ForceEncodingSummary extends SimpleSummarizedCallable {
ForceEncodingSummary() { this = "force_encoding" }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
}
}
/**
* A flow summary for `String#freeze`.
*/
private class FreezeSummary extends SimpleSummarizedCallable {
FreezeSummary() { this = "freeze" }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
}
}
/**
* A flow summary for `String#gsub(!)` and `String#sub(!)`.
*/
private class GsubSummary extends SimpleSummarizedCallable {
GsubSummary() { this = ["sub", "gsub"] + ["", "!"] }
// str.gsub(pattern, replacement) -> new_str
// str.gsub(pattern) {|match| block } -> new_str
// str.gsub(pattern) -> enumerator of matches
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
// receiver -> return value
// replacement -> return value
// block return -> return value
preservesValue = false and
output = "ReturnValue" and
input = ["Receiver", "Argument[1]", "BlockArgument.ReturnValue"]
}
}
/**
* A flow summary for `String#insert`.
*/
private class InsertSummary extends SimpleSummarizedCallable {
InsertSummary() {
this = "insert" and
// Disabled because it clashes with the summary for Array#insert.
none()
}
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
or
input = "Argument[1]" and output = "ReturnValue" and preservesValue = false
}
}
/**
* A flow summary for `String#inspect`.
*/
private class InspectSummary extends SimpleSummarizedCallable {
InspectSummary() { this = "inspect" }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
}
}
/**
* A flow summary for `String#strip(!)`, `String#lstrip(!)` and `String#rstrip(!)`.
*/
private class StripSummary extends SimpleSummarizedCallable {
StripSummary() { this = ["strip", "lstrip", "rstrip"] + ["", "!"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
}
}
/**
* A flow summary for `String#next(!)` and `String#succ(!)`.
*/
private class NextSummary extends SimpleSummarizedCallable {
NextSummary() { this = ["next", "succ"] + ["", "!"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
}
}
/**
* A flow summary for `String#partition` and `String#rpartition`.
*/
private class PartitionSummary extends SimpleSummarizedCallable {
PartitionSummary() { this = ["partition", "rpartition"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Receiver" and
output = "ReturnValue.ArrayElement[" + [0, 1, 2] + "]" and
preservesValue = false
}
}
/**
* A flow summary for `String#replace`.
*/
private class ReplaceSummary extends SimpleSummarizedCallable {
ReplaceSummary() { this = "replace" }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Argument[0]" and
output = ["ReturnValue", "Receiver"] and
preservesValue = false
}
// TODO: we should also clear any existing content in Receiver
}
/**
* A flow summary for `String#reverse(!)`.
*/
private class ReverseSummary extends SimpleSummarizedCallable {
ReverseSummary() { this = ["reverse", "reverse!"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
}
}
/**
* A flow summary for `String#scan`.
*/
abstract private class ScanSummary extends SummarizedCallable {
MethodCall mc;
bindingset[this]
ScanSummary() { mc.getMethodName() = "scan" }
final override MethodCall getACall() { result = mc }
}
private class ScanBlockSummary extends ScanSummary {
ScanBlockSummary() { this = "scan_with_block" and exists(mc.getBlock()) }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Receiver" and
preservesValue = false and
output =
[
// scan(pattern) -> array
"ReturnValue",
// scan(pattern) {|match, ...| block } -> str
// Parameter[_] doesn't seem to work
"BlockArgument.Parameter[" + [0 .. 10] + "]"
]
}
}
private class ScanNoBlockSummary extends ScanSummary {
ScanNoBlockSummary() { this = "scan_no_block" and not exists(mc.getBlock()) }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
// scan(pattern) -> array
input = "Receiver" and
output = "ReturnValue.ArrayElement[?]" and
preservesValue = false
}
}
/**
* A flow summary for `String#scrub(!)`.
*/
abstract private class ScrubSummary extends SummarizedCallable {
MethodCall mc;
bindingset[this]
ScrubSummary() { mc.getMethodName() = ["scrub", "scrub!"] }
override MethodCall getACall() { result = mc }
}
private class ScrubBlockSummary extends ScrubSummary {
ScrubBlockSummary() { this = "scrub_block" and exists(mc.getBlock()) }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
or
preservesValue = false and
(
input = "Receiver" and
output = "BlockArgument.Parameter[0]"
or
input = "Argument[0]" and output = "ReturnValue"
or
input = "BlockArgument.ReturnValue" and
output = "ReturnValue"
)
}
}
private class ScrubNoBlockSummary extends ScrubSummary {
ScrubNoBlockSummary() { this = "scrub_no_block" and not exists(mc.getBlock()) }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
or
preservesValue = false and
input = "Argument[0]" and
output = "ReturnValue"
}
}
/**
* A flow summary for `String#shellescape`.
*/
private class ShellescapeSummary extends SimpleSummarizedCallable {
ShellescapeSummary() { this = "shellescape" }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
}
}
/**
* A flow summary for `String#shellsplit`.
*/
private class ShellSplitSummary extends SimpleSummarizedCallable {
ShellSplitSummary() { this = "shellsplit" }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Receiver" and
output = "ReturnValue.ArrayElement[?]" and
preservesValue = false
}
}
/**
* A flow summary for `String#slice(!)`, `String#split` and `String#[]`.
*/
private class SliceSummary extends SimpleSummarizedCallable {
SliceSummary() { this = ["slice", "slice!", "split", "[]"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
}
}
/**
* A flow summary for `String#squeeze(!)`.
*/
private class SqueezeSummary extends SimpleSummarizedCallable {
SqueezeSummary() { this = ["squeeze", "squeeze!"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
}
}
/**
* A flow summary for `String#to_s` and `String.to_str`.
*/
private class ToStrSummary extends SimpleSummarizedCallable {
ToStrSummary() { this = ["to_str", "to_s"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
}
}
/**
* A flow summary for `String#tr`.
*/
private class TrSummary extends SimpleSummarizedCallable {
TrSummary() { this = ["tr", "tr_s"] + ["", "!"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
or
input = "Argument[1]" and output = "ReturnValue" and preservesValue = false
}
}
/**
* A flow summary for `String#upto`.
* ```
* String#upto(stop, exclusive=false, &block)
* ```
*/
abstract private class UptoSummary extends SummarizedCallable {
MethodCall mc;
bindingset[this]
UptoSummary() { mc.getMethodName() = "upto" }
override MethodCall getACall() { result = mc }
}
/**
* A flow summary for `String#upto`, when `exclusive = false`.
*/
private class UptoInclusiveSummary extends UptoSummary {
UptoInclusiveSummary() {
this = "upto_inclusive" and
(not exists(mc.getArgument(1)) or mc.getArgument(1).getConstantValue().isBoolean(false))
}
// TODO: if second arg ('exclusive') is true, the first arg is excluded
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
or
input = ["Receiver", "Argument[0]"] and
output = "BlockArgument.Parameter[0]" and
preservesValue = false
or
input = "BlockArgument.ReturnValue" and
output = "ReturnValue.ArrayElement[?]" and
preservesValue = false
}
}
/**
* A flow summary for `String#upto`, when `exclusive = true`.
*/
private class UptoExclusiveSummary extends UptoSummary {
UptoExclusiveSummary() {
this = "upto_exclusive" and
mc.getArgument(1).getConstantValue().isBoolean(true)
}
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Receiver" and
output = "BlockArgument.Parameter[0]" and
preservesValue = false
or
input = "BlockArgument.ReturnValue" and
output = "ReturnValue.ArrayElement[?]" and
preservesValue = false
}
}
}

637
ruby/ql/test/library-tests/dataflow/string-flow/string-flow.expected Normal file
View File

@@ -0,0 +1,637 @@
failures
| string_flow.rb:85:10:85:10 | a | Unexpected result: hasValueFlow=a |
| string_flow.rb:227:10:227:10 | a | Unexpected result: hasValueFlow=a |
edges
| string_flow.rb:2:9:2:18 | call to source : | string_flow.rb:3:21:3:21 | a : |
| string_flow.rb:2:9:2:18 | call to source : | string_flow.rb:3:21:3:21 | a : |
| string_flow.rb:3:21:3:21 | a : | string_flow.rb:3:10:3:22 | call to new |
| string_flow.rb:3:21:3:21 | a : | string_flow.rb:3:10:3:22 | call to new |
| string_flow.rb:7:9:7:18 | call to source : | string_flow.rb:9:29:9:29 | a : |
| string_flow.rb:8:9:8:16 | call to source : | string_flow.rb:10:29:10:29 | b : |
| string_flow.rb:9:29:9:29 | a : | string_flow.rb:9:10:9:30 | call to try_convert |
| string_flow.rb:10:29:10:29 | b : | string_flow.rb:10:10:10:30 | call to try_convert |
| string_flow.rb:14:9:14:18 | call to source : | string_flow.rb:15:10:15:17 | ... % ... |
| string_flow.rb:14:9:14:18 | call to source : | string_flow.rb:15:17:15:17 | a : |
| string_flow.rb:14:9:14:18 | call to source : | string_flow.rb:16:28:16:28 | a : |
| string_flow.rb:14:9:14:18 | call to source : | string_flow.rb:17:10:17:10 | a : |
| string_flow.rb:14:9:14:18 | call to source : | string_flow.rb:17:10:17:18 | ... % ... |
| string_flow.rb:15:17:15:17 | a : | string_flow.rb:15:10:15:17 | ... % ... |
| string_flow.rb:16:28:16:28 | a : | string_flow.rb:16:10:16:29 | ... % ... |
| string_flow.rb:17:10:17:10 | a : | string_flow.rb:17:10:17:18 | ... % ... |
| string_flow.rb:21:9:21:18 | call to source : | string_flow.rb:23:10:23:10 | b |
| string_flow.rb:27:9:27:18 | call to source : | string_flow.rb:29:10:29:10 | b |
| string_flow.rb:33:9:33:18 | call to source : | string_flow.rb:35:10:35:10 | b |
| string_flow.rb:33:9:33:18 | call to source : | string_flow.rb:37:10:37:10 | c |
| string_flow.rb:41:9:41:18 | call to source : | string_flow.rb:42:10:42:10 | a : |
| string_flow.rb:42:10:42:10 | a : | string_flow.rb:42:10:42:12 | call to b |
| string_flow.rb:46:9:46:18 | call to source : | string_flow.rb:47:10:47:10 | a : |
| string_flow.rb:46:9:46:18 | call to source : | string_flow.rb:48:10:48:10 | a : |
| string_flow.rb:46:9:46:18 | call to source : | string_flow.rb:49:10:49:10 | a : |
| string_flow.rb:47:10:47:10 | a : | string_flow.rb:47:10:47:23 | call to byteslice |
| string_flow.rb:48:10:48:10 | a : | string_flow.rb:48:10:48:26 | call to byteslice |
| string_flow.rb:49:10:49:10 | a : | string_flow.rb:49:10:49:26 | call to byteslice |
| string_flow.rb:53:9:53:18 | call to source : | string_flow.rb:54:10:54:10 | a : |
| string_flow.rb:53:9:53:18 | call to source : | string_flow.rb:55:10:55:10 | a : |
| string_flow.rb:54:10:54:10 | a : | string_flow.rb:54:10:54:21 | call to capitalize |
| string_flow.rb:55:10:55:10 | a : | string_flow.rb:55:10:55:22 | call to capitalize! |
| string_flow.rb:59:9:59:18 | call to source : | string_flow.rb:60:10:60:10 | a : |
| string_flow.rb:59:9:59:18 | call to source : | string_flow.rb:61:27:61:27 | a : |
| string_flow.rb:59:9:59:18 | call to source : | string_flow.rb:62:10:62:10 | a : |
| string_flow.rb:59:9:59:18 | call to source : | string_flow.rb:63:26:63:26 | a : |
| string_flow.rb:59:9:59:18 | call to source : | string_flow.rb:64:10:64:10 | a : |
| string_flow.rb:59:9:59:18 | call to source : | string_flow.rb:65:26:65:26 | a : |
| string_flow.rb:60:10:60:10 | a : | string_flow.rb:60:10:60:21 | call to center |
| string_flow.rb:61:27:61:27 | a : | string_flow.rb:61:10:61:28 | call to center |
| string_flow.rb:62:10:62:10 | a : | string_flow.rb:62:10:62:20 | call to ljust |
| string_flow.rb:63:26:63:26 | a : | string_flow.rb:63:10:63:27 | call to ljust |
| string_flow.rb:64:10:64:10 | a : | string_flow.rb:64:10:64:20 | call to rjust |
| string_flow.rb:65:26:65:26 | a : | string_flow.rb:65:10:65:27 | call to rjust |
| string_flow.rb:69:9:69:18 | call to source : | string_flow.rb:70:10:70:10 | a : |
| string_flow.rb:69:9:69:18 | call to source : | string_flow.rb:71:10:71:10 | a : |
| string_flow.rb:70:10:70:10 | a : | string_flow.rb:70:10:70:16 | call to chomp |
| string_flow.rb:71:10:71:10 | a : | string_flow.rb:71:10:71:17 | call to chomp! |
| string_flow.rb:75:9:75:18 | call to source : | string_flow.rb:76:10:76:10 | a : |
| string_flow.rb:75:9:75:18 | call to source : | string_flow.rb:77:10:77:10 | a : |
| string_flow.rb:76:10:76:10 | a : | string_flow.rb:76:10:76:15 | call to chop |
| string_flow.rb:77:10:77:10 | a : | string_flow.rb:77:10:77:16 | call to chop! |
| string_flow.rb:83:9:83:18 | call to source : | string_flow.rb:84:5:84:5 | a : |
| string_flow.rb:83:9:83:18 | call to source : | string_flow.rb:84:5:84:5 | a : |
| string_flow.rb:84:5:84:5 | [post] a : | string_flow.rb:85:10:85:10 | a |
| string_flow.rb:84:5:84:5 | [post] a : | string_flow.rb:85:10:85:10 | a |
| string_flow.rb:84:5:84:5 | a : | string_flow.rb:84:5:84:5 | [post] a : |
| string_flow.rb:84:5:84:5 | a : | string_flow.rb:84:5:84:5 | [post] a : |
| string_flow.rb:108:9:108:18 | call to source : | string_flow.rb:109:10:109:10 | a : |
| string_flow.rb:109:10:109:10 | [post] a : | string_flow.rb:110:10:110:10 | a : |
| string_flow.rb:109:10:109:10 | [post] a : | string_flow.rb:111:10:111:10 | a : |
| string_flow.rb:109:10:109:10 | a : | string_flow.rb:109:10:109:10 | [post] a : |
| string_flow.rb:109:10:109:10 | a : | string_flow.rb:109:10:109:22 | call to delete |
| string_flow.rb:110:10:110:10 | a : | string_flow.rb:110:10:110:29 | call to delete_prefix |
| string_flow.rb:111:10:111:10 | a : | string_flow.rb:111:10:111:29 | call to delete_suffix |
| string_flow.rb:115:9:115:18 | call to source : | string_flow.rb:116:10:116:10 | a : |
| string_flow.rb:115:9:115:18 | call to source : | string_flow.rb:117:10:117:10 | a : |
| string_flow.rb:115:9:115:18 | call to source : | string_flow.rb:118:10:118:10 | a : |
| string_flow.rb:115:9:115:18 | call to source : | string_flow.rb:119:10:119:10 | a : |
| string_flow.rb:115:9:115:18 | call to source : | string_flow.rb:120:10:120:10 | a : |
| string_flow.rb:115:9:115:18 | call to source : | string_flow.rb:121:10:121:10 | a : |
| string_flow.rb:116:10:116:10 | a : | string_flow.rb:116:10:116:19 | call to downcase |
| string_flow.rb:117:10:117:10 | a : | string_flow.rb:117:10:117:20 | call to downcase! |
| string_flow.rb:118:10:118:10 | a : | string_flow.rb:118:10:118:19 | call to swapcase |
| string_flow.rb:119:10:119:10 | a : | string_flow.rb:119:10:119:20 | call to swapcase! |
| string_flow.rb:120:10:120:10 | a : | string_flow.rb:120:10:120:17 | call to upcase |
| string_flow.rb:121:10:121:10 | a : | string_flow.rb:121:10:121:18 | call to upcase! |
| string_flow.rb:125:9:125:18 | call to source : | string_flow.rb:126:9:126:9 | a : |
| string_flow.rb:126:9:126:9 | a : | string_flow.rb:126:9:126:14 | call to dump : |
| string_flow.rb:126:9:126:14 | call to dump : | string_flow.rb:127:10:127:10 | b |
| string_flow.rb:126:9:126:14 | call to dump : | string_flow.rb:128:10:128:10 | b : |
| string_flow.rb:128:10:128:10 | b : | string_flow.rb:128:10:128:17 | call to undump |
| string_flow.rb:132:9:132:18 | call to source : | string_flow.rb:133:9:133:9 | a : |
| string_flow.rb:132:9:132:18 | call to source : | string_flow.rb:135:9:135:9 | a : |
| string_flow.rb:133:9:133:9 | a : | string_flow.rb:133:9:133:40 | call to each_line : |
| string_flow.rb:133:9:133:9 | a : | string_flow.rb:133:24:133:27 | line : |
| string_flow.rb:133:9:133:40 | call to each_line : | string_flow.rb:134:10:134:10 | b |
| string_flow.rb:133:24:133:27 | line : | string_flow.rb:133:35:133:38 | line |
| string_flow.rb:135:9:135:9 | a : | string_flow.rb:135:9:135:19 | call to each_line [array element] : |
| string_flow.rb:135:9:135:19 | call to each_line [array element] : | string_flow.rb:136:10:136:10 | c [array element] : |
| string_flow.rb:136:10:136:10 | c [array element] : | string_flow.rb:136:10:136:15 | call to to_a [array element] : |
| string_flow.rb:136:10:136:15 | call to to_a [array element] : | string_flow.rb:136:10:136:18 | ...[...] |
| string_flow.rb:140:9:140:18 | call to source : | string_flow.rb:141:9:141:9 | a : |
| string_flow.rb:140:9:140:18 | call to source : | string_flow.rb:143:9:143:9 | a : |
| string_flow.rb:141:9:141:9 | a : | string_flow.rb:141:9:141:36 | call to lines : |
| string_flow.rb:141:9:141:9 | a : | string_flow.rb:141:20:141:23 | line : |
| string_flow.rb:141:9:141:36 | call to lines : | string_flow.rb:142:10:142:10 | b |
| string_flow.rb:141:20:141:23 | line : | string_flow.rb:141:31:141:34 | line |
| string_flow.rb:143:9:143:9 | a : | string_flow.rb:143:9:143:15 | call to lines [array element] : |
| string_flow.rb:143:9:143:15 | call to lines [array element] : | string_flow.rb:144:10:144:10 | c [array element] : |
| string_flow.rb:144:10:144:10 | c [array element] : | string_flow.rb:144:10:144:13 | ...[...] |
| string_flow.rb:148:9:148:18 | call to source : | string_flow.rb:149:10:149:10 | a : |
| string_flow.rb:148:9:148:18 | call to source : | string_flow.rb:150:10:150:10 | a : |
| string_flow.rb:148:9:148:18 | call to source : | string_flow.rb:151:10:151:10 | a : |
| string_flow.rb:148:9:148:18 | call to source : | string_flow.rb:152:10:152:10 | a : |
| string_flow.rb:149:10:149:10 | a : | string_flow.rb:149:10:149:26 | call to encode |
| string_flow.rb:150:10:150:10 | a : | string_flow.rb:150:10:150:27 | call to encode! |
| string_flow.rb:151:10:151:10 | a : | string_flow.rb:151:10:151:28 | call to unicode_normalize |
| string_flow.rb:152:10:152:10 | a : | string_flow.rb:152:10:152:29 | call to unicode_normalize! |
| string_flow.rb:156:9:156:18 | call to source : | string_flow.rb:157:10:157:10 | a : |
| string_flow.rb:157:10:157:10 | a : | string_flow.rb:157:10:157:34 | call to force_encoding |
| string_flow.rb:161:9:161:18 | call to source : | string_flow.rb:162:10:162:10 | a : |
| string_flow.rb:162:10:162:10 | a : | string_flow.rb:162:10:162:17 | call to freeze |
| string_flow.rb:166:9:166:18 | call to source : | string_flow.rb:168:10:168:10 | a : |
| string_flow.rb:166:9:166:18 | call to source : | string_flow.rb:169:10:169:10 | a : |
| string_flow.rb:166:9:166:18 | call to source : | string_flow.rb:170:10:170:10 | a : |
| string_flow.rb:166:9:166:18 | call to source : | string_flow.rb:171:10:171:10 | a : |
| string_flow.rb:167:9:167:18 | call to source : | string_flow.rb:168:22:168:22 | c : |
| string_flow.rb:167:9:167:18 | call to source : | string_flow.rb:169:23:169:23 | c : |
| string_flow.rb:168:10:168:10 | a : | string_flow.rb:168:10:168:23 | call to gsub |
| string_flow.rb:168:22:168:22 | c : | string_flow.rb:168:10:168:23 | call to gsub |
| string_flow.rb:169:10:169:10 | a : | string_flow.rb:169:10:169:24 | call to gsub! |
| string_flow.rb:169:23:169:23 | c : | string_flow.rb:169:10:169:24 | call to gsub! |
| string_flow.rb:170:10:170:10 | a : | string_flow.rb:170:10:170:43 | call to gsub |
| string_flow.rb:170:32:170:41 | call to source : | string_flow.rb:170:10:170:43 | call to gsub |
| string_flow.rb:171:10:171:10 | a : | string_flow.rb:171:10:171:44 | call to gsub! |
| string_flow.rb:171:33:171:42 | call to source : | string_flow.rb:171:10:171:44 | call to gsub! |
| string_flow.rb:175:9:175:18 | call to source : | string_flow.rb:177:10:177:10 | a : |
| string_flow.rb:175:9:175:18 | call to source : | string_flow.rb:178:10:178:10 | a : |
| string_flow.rb:175:9:175:18 | call to source : | string_flow.rb:179:10:179:10 | a : |
| string_flow.rb:175:9:175:18 | call to source : | string_flow.rb:180:10:180:10 | a : |
| string_flow.rb:176:9:176:18 | call to source : | string_flow.rb:177:21:177:21 | c : |
| string_flow.rb:176:9:176:18 | call to source : | string_flow.rb:178:22:178:22 | c : |
| string_flow.rb:177:10:177:10 | a : | string_flow.rb:177:10:177:22 | call to sub |
| string_flow.rb:177:21:177:21 | c : | string_flow.rb:177:10:177:22 | call to sub |
| string_flow.rb:178:10:178:10 | a : | string_flow.rb:178:10:178:23 | call to sub! |
| string_flow.rb:178:22:178:22 | c : | string_flow.rb:178:10:178:23 | call to sub! |
| string_flow.rb:179:10:179:10 | a : | string_flow.rb:179:10:179:42 | call to sub |
| string_flow.rb:179:31:179:40 | call to source : | string_flow.rb:179:10:179:42 | call to sub |
| string_flow.rb:180:10:180:10 | a : | string_flow.rb:180:10:180:43 | call to sub! |
| string_flow.rb:180:32:180:41 | call to source : | string_flow.rb:180:10:180:43 | call to sub! |
| string_flow.rb:191:9:191:18 | call to source : | string_flow.rb:192:10:192:10 | a : |
| string_flow.rb:192:10:192:10 | a : | string_flow.rb:192:10:192:18 | call to inspect |
| string_flow.rb:196:9:196:18 | call to source : | string_flow.rb:197:10:197:10 | a : |
| string_flow.rb:196:9:196:18 | call to source : | string_flow.rb:198:10:198:10 | a : |
| string_flow.rb:196:9:196:18 | call to source : | string_flow.rb:199:10:199:10 | a : |
| string_flow.rb:196:9:196:18 | call to source : | string_flow.rb:200:10:200:10 | a : |
| string_flow.rb:196:9:196:18 | call to source : | string_flow.rb:201:10:201:10 | a : |
| string_flow.rb:196:9:196:18 | call to source : | string_flow.rb:202:10:202:10 | a : |
| string_flow.rb:197:10:197:10 | a : | string_flow.rb:197:10:197:16 | call to strip |
| string_flow.rb:198:10:198:10 | a : | string_flow.rb:198:10:198:17 | call to strip! |
| string_flow.rb:199:10:199:10 | a : | string_flow.rb:199:10:199:17 | call to lstrip |
| string_flow.rb:200:10:200:10 | a : | string_flow.rb:200:10:200:18 | call to lstrip! |
| string_flow.rb:201:10:201:10 | a : | string_flow.rb:201:10:201:17 | call to rstrip |
| string_flow.rb:202:10:202:10 | a : | string_flow.rb:202:10:202:18 | call to rstrip! |
| string_flow.rb:206:9:206:18 | call to source : | string_flow.rb:207:10:207:10 | a : |
| string_flow.rb:206:9:206:18 | call to source : | string_flow.rb:208:10:208:10 | a : |
| string_flow.rb:206:9:206:18 | call to source : | string_flow.rb:209:10:209:10 | a : |
| string_flow.rb:206:9:206:18 | call to source : | string_flow.rb:210:10:210:10 | a : |
| string_flow.rb:207:10:207:10 | a : | string_flow.rb:207:10:207:15 | call to next |
| string_flow.rb:208:10:208:10 | a : | string_flow.rb:208:10:208:16 | call to next! |
| string_flow.rb:209:10:209:10 | a : | string_flow.rb:209:10:209:15 | call to succ |
| string_flow.rb:210:10:210:10 | a : | string_flow.rb:210:10:210:16 | call to succ! |
| string_flow.rb:214:9:214:18 | call to source : | string_flow.rb:215:9:215:9 | a : |
| string_flow.rb:215:9:215:9 | a : | string_flow.rb:215:9:215:24 | call to partition [array element 0] : |
| string_flow.rb:215:9:215:9 | a : | string_flow.rb:215:9:215:24 | call to partition [array element 1] : |
| string_flow.rb:215:9:215:9 | a : | string_flow.rb:215:9:215:24 | call to partition [array element 2] : |
| string_flow.rb:215:9:215:24 | call to partition [array element 0] : | string_flow.rb:216:10:216:10 | b [array element 0] : |
| string_flow.rb:215:9:215:24 | call to partition [array element 1] : | string_flow.rb:217:10:217:10 | b [array element 1] : |
| string_flow.rb:215:9:215:24 | call to partition [array element 2] : | string_flow.rb:218:10:218:10 | b [array element 2] : |
| string_flow.rb:216:10:216:10 | b [array element 0] : | string_flow.rb:216:10:216:13 | ...[...] |
| string_flow.rb:217:10:217:10 | b [array element 1] : | string_flow.rb:217:10:217:13 | ...[...] |
| string_flow.rb:218:10:218:10 | b [array element 2] : | string_flow.rb:218:10:218:13 | ...[...] |
| string_flow.rb:223:9:223:18 | call to source : | string_flow.rb:225:10:225:10 | a : |
| string_flow.rb:223:9:223:18 | call to source : | string_flow.rb:225:10:225:10 | a : |
| string_flow.rb:224:9:224:18 | call to source : | string_flow.rb:225:20:225:20 | b : |
| string_flow.rb:225:10:225:10 | [post] a : | string_flow.rb:227:10:227:10 | a |
| string_flow.rb:225:10:225:10 | [post] a : | string_flow.rb:227:10:227:10 | a |
| string_flow.rb:225:10:225:10 | a : | string_flow.rb:225:10:225:10 | [post] a : |
| string_flow.rb:225:10:225:10 | a : | string_flow.rb:225:10:225:10 | [post] a : |
| string_flow.rb:225:20:225:20 | b : | string_flow.rb:225:10:225:10 | [post] a : |
| string_flow.rb:225:20:225:20 | b : | string_flow.rb:225:10:225:21 | call to replace |
| string_flow.rb:231:9:231:18 | call to source : | string_flow.rb:232:10:232:10 | a : |
| string_flow.rb:232:10:232:10 | a : | string_flow.rb:232:10:232:18 | call to reverse |
| string_flow.rb:236:9:236:18 | call to source : | string_flow.rb:237:9:237:9 | a : |
| string_flow.rb:236:9:236:18 | call to source : | string_flow.rb:238:9:238:9 | a : |
| string_flow.rb:236:9:236:18 | call to source : | string_flow.rb:240:9:240:9 | a : |
| string_flow.rb:237:9:237:9 | a : | string_flow.rb:237:24:237:24 | x : |
| string_flow.rb:237:24:237:24 | x : | string_flow.rb:237:35:237:35 | x |
| string_flow.rb:238:9:238:9 | a : | string_flow.rb:238:9:238:37 | call to scan : |
| string_flow.rb:238:9:238:9 | a : | string_flow.rb:238:27:238:27 | y : |
| string_flow.rb:238:9:238:37 | call to scan : | string_flow.rb:239:10:239:10 | b |
| string_flow.rb:238:27:238:27 | y : | string_flow.rb:238:35:238:35 | y |
| string_flow.rb:240:9:240:9 | a : | string_flow.rb:240:9:240:19 | call to scan [array element] : |
| string_flow.rb:240:9:240:19 | call to scan [array element] : | string_flow.rb:241:10:241:10 | b [array element] : |
| string_flow.rb:240:9:240:19 | call to scan [array element] : | string_flow.rb:242:10:242:10 | b [array element] : |
| string_flow.rb:241:10:241:10 | b [array element] : | string_flow.rb:241:10:241:13 | ...[...] |
| string_flow.rb:242:10:242:10 | b [array element] : | string_flow.rb:242:10:242:13 | ...[...] |
| string_flow.rb:246:5:246:18 | ... = ... : | string_flow.rb:250:26:250:26 | a : |
| string_flow.rb:246:5:246:18 | ... = ... : | string_flow.rb:258:27:258:27 | a : |
| string_flow.rb:246:9:246:18 | call to source : | string_flow.rb:246:5:246:18 | ... = ... : |
| string_flow.rb:246:9:246:18 | call to source : | string_flow.rb:247:10:247:10 | a : |
| string_flow.rb:246:9:246:18 | call to source : | string_flow.rb:248:20:248:20 | a : |
| string_flow.rb:246:9:246:18 | call to source : | string_flow.rb:249:5:249:5 | a : |
| string_flow.rb:246:9:246:18 | call to source : | string_flow.rb:252:10:252:10 | a : |
| string_flow.rb:246:9:246:18 | call to source : | string_flow.rb:253:21:253:21 | a : |
| string_flow.rb:247:10:247:10 | a : | string_flow.rb:247:10:247:21 | call to scrub |
| string_flow.rb:248:20:248:20 | a : | string_flow.rb:248:10:248:21 | call to scrub |
| string_flow.rb:249:5:249:5 | a : | string_flow.rb:249:16:249:16 | x : |
| string_flow.rb:249:16:249:16 | x : | string_flow.rb:249:24:249:24 | x |
| string_flow.rb:250:26:250:26 | a : | string_flow.rb:250:10:250:28 | call to scrub |
| string_flow.rb:252:10:252:10 | a : | string_flow.rb:252:10:252:22 | call to scrub! |
| string_flow.rb:253:21:253:21 | a : | string_flow.rb:253:10:253:22 | call to scrub! |
| string_flow.rb:255:5:255:18 | ... = ... : | string_flow.rb:250:26:250:26 | a : |
| string_flow.rb:255:5:255:18 | ... = ... : | string_flow.rb:258:27:258:27 | a : |
| string_flow.rb:255:9:255:18 | call to source : | string_flow.rb:255:5:255:18 | ... = ... : |
| string_flow.rb:255:9:255:18 | call to source : | string_flow.rb:256:5:256:5 | a : |
| string_flow.rb:256:5:256:5 | a : | string_flow.rb:256:17:256:17 | x : |
| string_flow.rb:256:17:256:17 | x : | string_flow.rb:256:25:256:25 | x |
| string_flow.rb:258:27:258:27 | a : | string_flow.rb:258:10:258:29 | call to scrub! |
| string_flow.rb:262:9:262:18 | call to source : | string_flow.rb:263:10:263:10 | a : |
| string_flow.rb:263:10:263:10 | a : | string_flow.rb:263:10:263:22 | call to shellescape |
| string_flow.rb:267:9:267:18 | call to source : | string_flow.rb:268:9:268:9 | a : |
| string_flow.rb:268:9:268:9 | a : | string_flow.rb:268:9:268:20 | call to shellsplit [array element] : |
| string_flow.rb:268:9:268:20 | call to shellsplit [array element] : | string_flow.rb:269:10:269:10 | b [array element] : |
| string_flow.rb:269:10:269:10 | b [array element] : | string_flow.rb:269:10:269:13 | ...[...] |
| string_flow.rb:273:9:273:18 | call to source : | string_flow.rb:274:9:274:9 | a : |
| string_flow.rb:273:9:273:18 | call to source : | string_flow.rb:277:9:277:9 | a : |
| string_flow.rb:274:9:274:9 | a : | string_flow.rb:274:9:274:18 | call to slice : |
| string_flow.rb:274:9:274:18 | call to slice : | string_flow.rb:275:10:275:10 | b : |
| string_flow.rb:275:10:275:10 | b : | string_flow.rb:275:10:275:13 | ...[...] |
| string_flow.rb:277:9:277:9 | [post] a : | string_flow.rb:280:9:280:9 | a : |
| string_flow.rb:277:9:277:9 | [post] a : | string_flow.rb:283:9:283:9 | a : |
| string_flow.rb:277:9:277:9 | [post] a [array element 1] : | string_flow.rb:283:9:283:9 | a [array element 1] : |
| string_flow.rb:277:9:277:9 | [post] a [array element 2] : | string_flow.rb:283:9:283:9 | a [array element 2] : |
| string_flow.rb:277:9:277:9 | [post] a [array element] : | string_flow.rb:283:9:283:9 | a [array element] : |
| string_flow.rb:277:9:277:9 | a : | string_flow.rb:277:9:277:9 | [post] a : |
| string_flow.rb:277:9:277:9 | a : | string_flow.rb:277:9:277:9 | [post] a [array element 1] : |
| string_flow.rb:277:9:277:9 | a : | string_flow.rb:277:9:277:9 | [post] a [array element 2] : |
| string_flow.rb:277:9:277:9 | a : | string_flow.rb:277:9:277:9 | [post] a [array element] : |
| string_flow.rb:277:9:277:9 | a : | string_flow.rb:277:9:277:19 | call to slice! : |
| string_flow.rb:277:9:277:19 | call to slice! : | string_flow.rb:278:10:278:10 | b : |
| string_flow.rb:278:10:278:10 | b : | string_flow.rb:278:10:278:13 | ...[...] |
| string_flow.rb:280:9:280:9 | a : | string_flow.rb:280:9:280:20 | call to split : |
| string_flow.rb:280:9:280:20 | call to split : | string_flow.rb:281:10:281:10 | b : |
| string_flow.rb:281:10:281:10 | b : | string_flow.rb:281:10:281:13 | ...[...] |
| string_flow.rb:283:9:283:9 | a : | string_flow.rb:283:9:283:14 | ...[...] : |
| string_flow.rb:283:9:283:9 | a : | string_flow.rb:283:9:283:14 | ...[...] [array element 0] : |
| string_flow.rb:283:9:283:9 | a : | string_flow.rb:283:9:283:14 | ...[...] [array element 1] : |
| string_flow.rb:283:9:283:9 | a : | string_flow.rb:283:9:283:14 | ...[...] [array element] : |
| string_flow.rb:283:9:283:9 | a [array element 1] : | string_flow.rb:283:9:283:14 | ...[...] [array element 0] : |
| string_flow.rb:283:9:283:9 | a [array element 2] : | string_flow.rb:283:9:283:14 | ...[...] [array element 1] : |
| string_flow.rb:283:9:283:9 | a [array element] : | string_flow.rb:283:9:283:14 | ...[...] [array element] : |
| string_flow.rb:283:9:283:14 | ...[...] : | string_flow.rb:284:10:284:10 | b : |
| string_flow.rb:283:9:283:14 | ...[...] [array element 0] : | string_flow.rb:284:10:284:10 | b [array element 0] : |
| string_flow.rb:283:9:283:14 | ...[...] [array element 1] : | string_flow.rb:284:10:284:10 | b [array element 1] : |
| string_flow.rb:283:9:283:14 | ...[...] [array element] : | string_flow.rb:284:10:284:10 | b [array element] : |
| string_flow.rb:284:10:284:10 | b : | string_flow.rb:284:10:284:13 | ...[...] |
| string_flow.rb:284:10:284:10 | b [array element 0] : | string_flow.rb:284:10:284:13 | ...[...] |
| string_flow.rb:284:10:284:10 | b [array element 1] : | string_flow.rb:284:10:284:13 | ...[...] |
| string_flow.rb:284:10:284:10 | b [array element] : | string_flow.rb:284:10:284:13 | ...[...] |
| string_flow.rb:288:9:288:18 | call to source : | string_flow.rb:289:10:289:10 | a : |
| string_flow.rb:288:9:288:18 | call to source : | string_flow.rb:290:10:290:10 | a : |
| string_flow.rb:288:9:288:18 | call to source : | string_flow.rb:291:10:291:10 | a : |
| string_flow.rb:288:9:288:18 | call to source : | string_flow.rb:292:10:292:10 | a : |
| string_flow.rb:289:10:289:10 | a : | string_flow.rb:289:10:289:18 | call to squeeze |
| string_flow.rb:290:10:290:10 | a : | string_flow.rb:290:10:290:23 | call to squeeze |
| string_flow.rb:291:10:291:10 | a : | string_flow.rb:291:10:291:19 | call to squeeze! |
| string_flow.rb:292:10:292:10 | a : | string_flow.rb:292:10:292:24 | call to squeeze! |
| string_flow.rb:296:9:296:18 | call to source : | string_flow.rb:297:10:297:10 | a : |
| string_flow.rb:296:9:296:18 | call to source : | string_flow.rb:298:10:298:10 | a : |
| string_flow.rb:297:10:297:10 | a : | string_flow.rb:297:10:297:17 | call to to_str |
| string_flow.rb:298:10:298:10 | a : | string_flow.rb:298:10:298:15 | call to to_s |
| string_flow.rb:302:9:302:18 | call to source : | string_flow.rb:303:10:303:10 | a : |
| string_flow.rb:302:9:302:18 | call to source : | string_flow.rb:304:22:304:22 | a : |
| string_flow.rb:302:9:302:18 | call to source : | string_flow.rb:305:10:305:10 | a : |
| string_flow.rb:302:9:302:18 | call to source : | string_flow.rb:306:23:306:23 | a : |
| string_flow.rb:302:9:302:18 | call to source : | string_flow.rb:307:10:307:10 | a : |
| string_flow.rb:302:9:302:18 | call to source : | string_flow.rb:308:24:308:24 | a : |
| string_flow.rb:302:9:302:18 | call to source : | string_flow.rb:309:10:309:10 | a : |
| string_flow.rb:302:9:302:18 | call to source : | string_flow.rb:310:25:310:25 | a : |
| string_flow.rb:303:10:303:10 | a : | string_flow.rb:303:10:303:23 | call to tr |
| string_flow.rb:304:22:304:22 | a : | string_flow.rb:304:10:304:23 | call to tr |
| string_flow.rb:305:10:305:10 | a : | string_flow.rb:305:10:305:24 | call to tr! |
| string_flow.rb:306:23:306:23 | a : | string_flow.rb:306:10:306:24 | call to tr! |
| string_flow.rb:307:10:307:10 | a : | string_flow.rb:307:10:307:25 | call to tr_s |
| string_flow.rb:308:24:308:24 | a : | string_flow.rb:308:10:308:25 | call to tr_s |
| string_flow.rb:309:10:309:10 | a : | string_flow.rb:309:10:309:26 | call to tr_s! |
| string_flow.rb:310:25:310:25 | a : | string_flow.rb:310:10:310:26 | call to tr_s! |
| string_flow.rb:314:9:314:18 | call to source : | string_flow.rb:315:5:315:5 | a : |
| string_flow.rb:314:9:314:18 | call to source : | string_flow.rb:316:5:316:5 | a : |
| string_flow.rb:314:9:314:18 | call to source : | string_flow.rb:317:14:317:14 | a : |
| string_flow.rb:315:5:315:5 | a : | string_flow.rb:315:20:315:20 | x : |
| string_flow.rb:315:20:315:20 | x : | string_flow.rb:315:28:315:28 | x |
| string_flow.rb:316:5:316:5 | a : | string_flow.rb:316:26:316:26 | x : |
| string_flow.rb:316:26:316:26 | x : | string_flow.rb:316:34:316:34 | x |
| string_flow.rb:317:14:317:14 | a : | string_flow.rb:317:20:317:20 | x : |
| string_flow.rb:317:20:317:20 | x : | string_flow.rb:317:28:317:28 | x |
nodes
| string_flow.rb:2:9:2:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:2:9:2:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:3:10:3:22 | call to new | semmle.label | call to new |
| string_flow.rb:3:10:3:22 | call to new | semmle.label | call to new |
| string_flow.rb:3:21:3:21 | a : | semmle.label | a : |
| string_flow.rb:3:21:3:21 | a : | semmle.label | a : |
| string_flow.rb:7:9:7:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:8:9:8:16 | call to source : | semmle.label | call to source : |
| string_flow.rb:9:10:9:30 | call to try_convert | semmle.label | call to try_convert |
| string_flow.rb:9:29:9:29 | a : | semmle.label | a : |
| string_flow.rb:10:10:10:30 | call to try_convert | semmle.label | call to try_convert |
| string_flow.rb:10:29:10:29 | b : | semmle.label | b : |
| string_flow.rb:14:9:14:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:15:10:15:17 | ... % ... | semmle.label | ... % ... |
| string_flow.rb:15:17:15:17 | a : | semmle.label | a : |
| string_flow.rb:16:10:16:29 | ... % ... | semmle.label | ... % ... |
| string_flow.rb:16:28:16:28 | a : | semmle.label | a : |
| string_flow.rb:17:10:17:10 | a : | semmle.label | a : |
| string_flow.rb:17:10:17:18 | ... % ... | semmle.label | ... % ... |
| string_flow.rb:21:9:21:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:23:10:23:10 | b | semmle.label | b |
| string_flow.rb:27:9:27:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:29:10:29:10 | b | semmle.label | b |
| string_flow.rb:33:9:33:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:35:10:35:10 | b | semmle.label | b |
| string_flow.rb:37:10:37:10 | c | semmle.label | c |
| string_flow.rb:41:9:41:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:42:10:42:10 | a : | semmle.label | a : |
| string_flow.rb:42:10:42:12 | call to b | semmle.label | call to b |
| string_flow.rb:46:9:46:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:47:10:47:10 | a : | semmle.label | a : |
| string_flow.rb:47:10:47:23 | call to byteslice | semmle.label | call to byteslice |
| string_flow.rb:48:10:48:10 | a : | semmle.label | a : |
| string_flow.rb:48:10:48:26 | call to byteslice | semmle.label | call to byteslice |
| string_flow.rb:49:10:49:10 | a : | semmle.label | a : |
| string_flow.rb:49:10:49:26 | call to byteslice | semmle.label | call to byteslice |
| string_flow.rb:53:9:53:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:54:10:54:10 | a : | semmle.label | a : |
| string_flow.rb:54:10:54:21 | call to capitalize | semmle.label | call to capitalize |
| string_flow.rb:55:10:55:10 | a : | semmle.label | a : |
| string_flow.rb:55:10:55:22 | call to capitalize! | semmle.label | call to capitalize! |
| string_flow.rb:59:9:59:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:60:10:60:10 | a : | semmle.label | a : |
| string_flow.rb:60:10:60:21 | call to center | semmle.label | call to center |
| string_flow.rb:61:10:61:28 | call to center | semmle.label | call to center |
| string_flow.rb:61:27:61:27 | a : | semmle.label | a : |
| string_flow.rb:62:10:62:10 | a : | semmle.label | a : |
| string_flow.rb:62:10:62:20 | call to ljust | semmle.label | call to ljust |
| string_flow.rb:63:10:63:27 | call to ljust | semmle.label | call to ljust |
| string_flow.rb:63:26:63:26 | a : | semmle.label | a : |
| string_flow.rb:64:10:64:10 | a : | semmle.label | a : |
| string_flow.rb:64:10:64:20 | call to rjust | semmle.label | call to rjust |
| string_flow.rb:65:10:65:27 | call to rjust | semmle.label | call to rjust |
| string_flow.rb:65:26:65:26 | a : | semmle.label | a : |
| string_flow.rb:69:9:69:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:70:10:70:10 | a : | semmle.label | a : |
| string_flow.rb:70:10:70:16 | call to chomp | semmle.label | call to chomp |
| string_flow.rb:71:10:71:10 | a : | semmle.label | a : |
| string_flow.rb:71:10:71:17 | call to chomp! | semmle.label | call to chomp! |
| string_flow.rb:75:9:75:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:76:10:76:10 | a : | semmle.label | a : |
| string_flow.rb:76:10:76:15 | call to chop | semmle.label | call to chop |
| string_flow.rb:77:10:77:10 | a : | semmle.label | a : |
| string_flow.rb:77:10:77:16 | call to chop! | semmle.label | call to chop! |
| string_flow.rb:83:9:83:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:83:9:83:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:84:5:84:5 | [post] a : | semmle.label | [post] a : |
| string_flow.rb:84:5:84:5 | [post] a : | semmle.label | [post] a : |
| string_flow.rb:84:5:84:5 | a : | semmle.label | a : |
| string_flow.rb:84:5:84:5 | a : | semmle.label | a : |
| string_flow.rb:85:10:85:10 | a | semmle.label | a |
| string_flow.rb:85:10:85:10 | a | semmle.label | a |
| string_flow.rb:108:9:108:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:109:10:109:10 | [post] a : | semmle.label | [post] a : |
| string_flow.rb:109:10:109:10 | a : | semmle.label | a : |
| string_flow.rb:109:10:109:22 | call to delete | semmle.label | call to delete |
| string_flow.rb:110:10:110:10 | a : | semmle.label | a : |
| string_flow.rb:110:10:110:29 | call to delete_prefix | semmle.label | call to delete_prefix |
| string_flow.rb:111:10:111:10 | a : | semmle.label | a : |
| string_flow.rb:111:10:111:29 | call to delete_suffix | semmle.label | call to delete_suffix |
| string_flow.rb:115:9:115:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:116:10:116:10 | a : | semmle.label | a : |
| string_flow.rb:116:10:116:19 | call to downcase | semmle.label | call to downcase |
| string_flow.rb:117:10:117:10 | a : | semmle.label | a : |
| string_flow.rb:117:10:117:20 | call to downcase! | semmle.label | call to downcase! |
| string_flow.rb:118:10:118:10 | a : | semmle.label | a : |
| string_flow.rb:118:10:118:19 | call to swapcase | semmle.label | call to swapcase |
| string_flow.rb:119:10:119:10 | a : | semmle.label | a : |
| string_flow.rb:119:10:119:20 | call to swapcase! | semmle.label | call to swapcase! |
| string_flow.rb:120:10:120:10 | a : | semmle.label | a : |
| string_flow.rb:120:10:120:17 | call to upcase | semmle.label | call to upcase |
| string_flow.rb:121:10:121:10 | a : | semmle.label | a : |
| string_flow.rb:121:10:121:18 | call to upcase! | semmle.label | call to upcase! |
| string_flow.rb:125:9:125:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:126:9:126:9 | a : | semmle.label | a : |
| string_flow.rb:126:9:126:14 | call to dump : | semmle.label | call to dump : |
| string_flow.rb:127:10:127:10 | b | semmle.label | b |
| string_flow.rb:128:10:128:10 | b : | semmle.label | b : |
| string_flow.rb:128:10:128:17 | call to undump | semmle.label | call to undump |
| string_flow.rb:132:9:132:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:133:9:133:9 | a : | semmle.label | a : |
| string_flow.rb:133:9:133:40 | call to each_line : | semmle.label | call to each_line : |
| string_flow.rb:133:24:133:27 | line : | semmle.label | line : |
| string_flow.rb:133:35:133:38 | line | semmle.label | line |
| string_flow.rb:134:10:134:10 | b | semmle.label | b |
| string_flow.rb:135:9:135:9 | a : | semmle.label | a : |
| string_flow.rb:135:9:135:19 | call to each_line [array element] : | semmle.label | call to each_line [array element] : |
| string_flow.rb:136:10:136:10 | c [array element] : | semmle.label | c [array element] : |
| string_flow.rb:136:10:136:15 | call to to_a [array element] : | semmle.label | call to to_a [array element] : |
| string_flow.rb:136:10:136:18 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:140:9:140:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:141:9:141:9 | a : | semmle.label | a : |
| string_flow.rb:141:9:141:36 | call to lines : | semmle.label | call to lines : |
| string_flow.rb:141:20:141:23 | line : | semmle.label | line : |
| string_flow.rb:141:31:141:34 | line | semmle.label | line |
| string_flow.rb:142:10:142:10 | b | semmle.label | b |
| string_flow.rb:143:9:143:9 | a : | semmle.label | a : |
| string_flow.rb:143:9:143:15 | call to lines [array element] : | semmle.label | call to lines [array element] : |
| string_flow.rb:144:10:144:10 | c [array element] : | semmle.label | c [array element] : |
| string_flow.rb:144:10:144:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:148:9:148:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:149:10:149:10 | a : | semmle.label | a : |
| string_flow.rb:149:10:149:26 | call to encode | semmle.label | call to encode |
| string_flow.rb:150:10:150:10 | a : | semmle.label | a : |
| string_flow.rb:150:10:150:27 | call to encode! | semmle.label | call to encode! |
| string_flow.rb:151:10:151:10 | a : | semmle.label | a : |
| string_flow.rb:151:10:151:28 | call to unicode_normalize | semmle.label | call to unicode_normalize |
| string_flow.rb:152:10:152:10 | a : | semmle.label | a : |
| string_flow.rb:152:10:152:29 | call to unicode_normalize! | semmle.label | call to unicode_normalize! |
| string_flow.rb:156:9:156:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:157:10:157:10 | a : | semmle.label | a : |
| string_flow.rb:157:10:157:34 | call to force_encoding | semmle.label | call to force_encoding |
| string_flow.rb:161:9:161:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:162:10:162:10 | a : | semmle.label | a : |
| string_flow.rb:162:10:162:17 | call to freeze | semmle.label | call to freeze |
| string_flow.rb:166:9:166:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:167:9:167:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:168:10:168:10 | a : | semmle.label | a : |
| string_flow.rb:168:10:168:23 | call to gsub | semmle.label | call to gsub |
| string_flow.rb:168:22:168:22 | c : | semmle.label | c : |
| string_flow.rb:169:10:169:10 | a : | semmle.label | a : |
| string_flow.rb:169:10:169:24 | call to gsub! | semmle.label | call to gsub! |
| string_flow.rb:169:23:169:23 | c : | semmle.label | c : |
| string_flow.rb:170:10:170:10 | a : | semmle.label | a : |
| string_flow.rb:170:10:170:43 | call to gsub | semmle.label | call to gsub |
| string_flow.rb:170:32:170:41 | call to source : | semmle.label | call to source : |
| string_flow.rb:171:10:171:10 | a : | semmle.label | a : |
| string_flow.rb:171:10:171:44 | call to gsub! | semmle.label | call to gsub! |
| string_flow.rb:171:33:171:42 | call to source : | semmle.label | call to source : |
| string_flow.rb:175:9:175:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:176:9:176:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:177:10:177:10 | a : | semmle.label | a : |
| string_flow.rb:177:10:177:22 | call to sub | semmle.label | call to sub |
| string_flow.rb:177:21:177:21 | c : | semmle.label | c : |
| string_flow.rb:178:10:178:10 | a : | semmle.label | a : |
| string_flow.rb:178:10:178:23 | call to sub! | semmle.label | call to sub! |
| string_flow.rb:178:22:178:22 | c : | semmle.label | c : |
| string_flow.rb:179:10:179:10 | a : | semmle.label | a : |
| string_flow.rb:179:10:179:42 | call to sub | semmle.label | call to sub |
| string_flow.rb:179:31:179:40 | call to source : | semmle.label | call to source : |
| string_flow.rb:180:10:180:10 | a : | semmle.label | a : |
| string_flow.rb:180:10:180:43 | call to sub! | semmle.label | call to sub! |
| string_flow.rb:180:32:180:41 | call to source : | semmle.label | call to source : |
| string_flow.rb:191:9:191:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:192:10:192:10 | a : | semmle.label | a : |
| string_flow.rb:192:10:192:18 | call to inspect | semmle.label | call to inspect |
| string_flow.rb:196:9:196:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:197:10:197:10 | a : | semmle.label | a : |
| string_flow.rb:197:10:197:16 | call to strip | semmle.label | call to strip |
| string_flow.rb:198:10:198:10 | a : | semmle.label | a : |
| string_flow.rb:198:10:198:17 | call to strip! | semmle.label | call to strip! |
| string_flow.rb:199:10:199:10 | a : | semmle.label | a : |
| string_flow.rb:199:10:199:17 | call to lstrip | semmle.label | call to lstrip |
| string_flow.rb:200:10:200:10 | a : | semmle.label | a : |
| string_flow.rb:200:10:200:18 | call to lstrip! | semmle.label | call to lstrip! |
| string_flow.rb:201:10:201:10 | a : | semmle.label | a : |
| string_flow.rb:201:10:201:17 | call to rstrip | semmle.label | call to rstrip |
| string_flow.rb:202:10:202:10 | a : | semmle.label | a : |
| string_flow.rb:202:10:202:18 | call to rstrip! | semmle.label | call to rstrip! |
| string_flow.rb:206:9:206:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:207:10:207:10 | a : | semmle.label | a : |
| string_flow.rb:207:10:207:15 | call to next | semmle.label | call to next |
| string_flow.rb:208:10:208:10 | a : | semmle.label | a : |
| string_flow.rb:208:10:208:16 | call to next! | semmle.label | call to next! |
| string_flow.rb:209:10:209:10 | a : | semmle.label | a : |
| string_flow.rb:209:10:209:15 | call to succ | semmle.label | call to succ |
| string_flow.rb:210:10:210:10 | a : | semmle.label | a : |
| string_flow.rb:210:10:210:16 | call to succ! | semmle.label | call to succ! |
| string_flow.rb:214:9:214:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:215:9:215:9 | a : | semmle.label | a : |
| string_flow.rb:215:9:215:24 | call to partition [array element 0] : | semmle.label | call to partition [array element 0] : |
| string_flow.rb:215:9:215:24 | call to partition [array element 1] : | semmle.label | call to partition [array element 1] : |
| string_flow.rb:215:9:215:24 | call to partition [array element 2] : | semmle.label | call to partition [array element 2] : |
| string_flow.rb:216:10:216:10 | b [array element 0] : | semmle.label | b [array element 0] : |
| string_flow.rb:216:10:216:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:217:10:217:10 | b [array element 1] : | semmle.label | b [array element 1] : |
| string_flow.rb:217:10:217:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:218:10:218:10 | b [array element 2] : | semmle.label | b [array element 2] : |
| string_flow.rb:218:10:218:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:223:9:223:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:223:9:223:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:224:9:224:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:225:10:225:10 | [post] a : | semmle.label | [post] a : |
| string_flow.rb:225:10:225:10 | [post] a : | semmle.label | [post] a : |
| string_flow.rb:225:10:225:10 | a : | semmle.label | a : |
| string_flow.rb:225:10:225:10 | a : | semmle.label | a : |
| string_flow.rb:225:10:225:21 | call to replace | semmle.label | call to replace |
| string_flow.rb:225:20:225:20 | b : | semmle.label | b : |
| string_flow.rb:227:10:227:10 | a | semmle.label | a |
| string_flow.rb:227:10:227:10 | a | semmle.label | a |
| string_flow.rb:231:9:231:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:232:10:232:10 | a : | semmle.label | a : |
| string_flow.rb:232:10:232:18 | call to reverse | semmle.label | call to reverse |
| string_flow.rb:236:9:236:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:237:9:237:9 | a : | semmle.label | a : |
| string_flow.rb:237:24:237:24 | x : | semmle.label | x : |
| string_flow.rb:237:35:237:35 | x | semmle.label | x |
| string_flow.rb:238:9:238:9 | a : | semmle.label | a : |
| string_flow.rb:238:9:238:37 | call to scan : | semmle.label | call to scan : |
| string_flow.rb:238:27:238:27 | y : | semmle.label | y : |
| string_flow.rb:238:35:238:35 | y | semmle.label | y |
| string_flow.rb:239:10:239:10 | b | semmle.label | b |
| string_flow.rb:240:9:240:9 | a : | semmle.label | a : |
| string_flow.rb:240:9:240:19 | call to scan [array element] : | semmle.label | call to scan [array element] : |
| string_flow.rb:241:10:241:10 | b [array element] : | semmle.label | b [array element] : |
| string_flow.rb:241:10:241:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:242:10:242:10 | b [array element] : | semmle.label | b [array element] : |
| string_flow.rb:242:10:242:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:246:5:246:18 | ... = ... : | semmle.label | ... = ... : |
| string_flow.rb:246:9:246:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:247:10:247:10 | a : | semmle.label | a : |
| string_flow.rb:247:10:247:21 | call to scrub | semmle.label | call to scrub |
| string_flow.rb:248:10:248:21 | call to scrub | semmle.label | call to scrub |
| string_flow.rb:248:20:248:20 | a : | semmle.label | a : |
| string_flow.rb:249:5:249:5 | a : | semmle.label | a : |
| string_flow.rb:249:16:249:16 | x : | semmle.label | x : |
| string_flow.rb:249:24:249:24 | x | semmle.label | x |
| string_flow.rb:250:10:250:28 | call to scrub | semmle.label | call to scrub |
| string_flow.rb:250:26:250:26 | a : | semmle.label | a : |
| string_flow.rb:252:10:252:10 | a : | semmle.label | a : |
| string_flow.rb:252:10:252:22 | call to scrub! | semmle.label | call to scrub! |
| string_flow.rb:253:10:253:22 | call to scrub! | semmle.label | call to scrub! |
| string_flow.rb:253:21:253:21 | a : | semmle.label | a : |
| string_flow.rb:255:5:255:18 | ... = ... : | semmle.label | ... = ... : |
| string_flow.rb:255:9:255:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:256:5:256:5 | a : | semmle.label | a : |
| string_flow.rb:256:17:256:17 | x : | semmle.label | x : |
| string_flow.rb:256:25:256:25 | x | semmle.label | x |
| string_flow.rb:258:10:258:29 | call to scrub! | semmle.label | call to scrub! |
| string_flow.rb:258:27:258:27 | a : | semmle.label | a : |
| string_flow.rb:262:9:262:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:263:10:263:10 | a : | semmle.label | a : |
| string_flow.rb:263:10:263:22 | call to shellescape | semmle.label | call to shellescape |
| string_flow.rb:267:9:267:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:268:9:268:9 | a : | semmle.label | a : |
| string_flow.rb:268:9:268:20 | call to shellsplit [array element] : | semmle.label | call to shellsplit [array element] : |
| string_flow.rb:269:10:269:10 | b [array element] : | semmle.label | b [array element] : |
| string_flow.rb:269:10:269:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:273:9:273:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:274:9:274:9 | a : | semmle.label | a : |
| string_flow.rb:274:9:274:18 | call to slice : | semmle.label | call to slice : |
| string_flow.rb:275:10:275:10 | b : | semmle.label | b : |
| string_flow.rb:275:10:275:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:277:9:277:9 | [post] a : | semmle.label | [post] a : |
| string_flow.rb:277:9:277:9 | [post] a [array element 1] : | semmle.label | [post] a [array element 1] : |
| string_flow.rb:277:9:277:9 | [post] a [array element 2] : | semmle.label | [post] a [array element 2] : |
| string_flow.rb:277:9:277:9 | [post] a [array element] : | semmle.label | [post] a [array element] : |
| string_flow.rb:277:9:277:9 | a : | semmle.label | a : |
| string_flow.rb:277:9:277:19 | call to slice! : | semmle.label | call to slice! : |
| string_flow.rb:278:10:278:10 | b : | semmle.label | b : |
| string_flow.rb:278:10:278:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:280:9:280:9 | a : | semmle.label | a : |
| string_flow.rb:280:9:280:20 | call to split : | semmle.label | call to split : |
| string_flow.rb:281:10:281:10 | b : | semmle.label | b : |
| string_flow.rb:281:10:281:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:283:9:283:9 | a : | semmle.label | a : |
| string_flow.rb:283:9:283:9 | a [array element 1] : | semmle.label | a [array element 1] : |
| string_flow.rb:283:9:283:9 | a [array element 2] : | semmle.label | a [array element 2] : |
| string_flow.rb:283:9:283:9 | a [array element] : | semmle.label | a [array element] : |
| string_flow.rb:283:9:283:14 | ...[...] : | semmle.label | ...[...] : |
| string_flow.rb:283:9:283:14 | ...[...] [array element 0] : | semmle.label | ...[...] [array element 0] : |
| string_flow.rb:283:9:283:14 | ...[...] [array element 1] : | semmle.label | ...[...] [array element 1] : |
| string_flow.rb:283:9:283:14 | ...[...] [array element] : | semmle.label | ...[...] [array element] : |
| string_flow.rb:284:10:284:10 | b : | semmle.label | b : |
| string_flow.rb:284:10:284:10 | b [array element 0] : | semmle.label | b [array element 0] : |
| string_flow.rb:284:10:284:10 | b [array element 1] : | semmle.label | b [array element 1] : |
| string_flow.rb:284:10:284:10 | b [array element] : | semmle.label | b [array element] : |
| string_flow.rb:284:10:284:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:288:9:288:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:289:10:289:10 | a : | semmle.label | a : |
| string_flow.rb:289:10:289:18 | call to squeeze | semmle.label | call to squeeze |
| string_flow.rb:290:10:290:10 | a : | semmle.label | a : |
| string_flow.rb:290:10:290:23 | call to squeeze | semmle.label | call to squeeze |
| string_flow.rb:291:10:291:10 | a : | semmle.label | a : |
| string_flow.rb:291:10:291:19 | call to squeeze! | semmle.label | call to squeeze! |
| string_flow.rb:292:10:292:10 | a : | semmle.label | a : |
| string_flow.rb:292:10:292:24 | call to squeeze! | semmle.label | call to squeeze! |
| string_flow.rb:296:9:296:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:297:10:297:10 | a : | semmle.label | a : |
| string_flow.rb:297:10:297:17 | call to to_str | semmle.label | call to to_str |
| string_flow.rb:298:10:298:10 | a : | semmle.label | a : |
| string_flow.rb:298:10:298:15 | call to to_s | semmle.label | call to to_s |
| string_flow.rb:302:9:302:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:303:10:303:10 | a : | semmle.label | a : |
| string_flow.rb:303:10:303:23 | call to tr | semmle.label | call to tr |
| string_flow.rb:304:10:304:23 | call to tr | semmle.label | call to tr |
| string_flow.rb:304:22:304:22 | a : | semmle.label | a : |
| string_flow.rb:305:10:305:10 | a : | semmle.label | a : |
| string_flow.rb:305:10:305:24 | call to tr! | semmle.label | call to tr! |
| string_flow.rb:306:10:306:24 | call to tr! | semmle.label | call to tr! |
| string_flow.rb:306:23:306:23 | a : | semmle.label | a : |
| string_flow.rb:307:10:307:10 | a : | semmle.label | a : |
| string_flow.rb:307:10:307:25 | call to tr_s | semmle.label | call to tr_s |
| string_flow.rb:308:10:308:25 | call to tr_s | semmle.label | call to tr_s |
| string_flow.rb:308:24:308:24 | a : | semmle.label | a : |
| string_flow.rb:309:10:309:10 | a : | semmle.label | a : |
| string_flow.rb:309:10:309:26 | call to tr_s! | semmle.label | call to tr_s! |
| string_flow.rb:310:10:310:26 | call to tr_s! | semmle.label | call to tr_s! |
| string_flow.rb:310:25:310:25 | a : | semmle.label | a : |
| string_flow.rb:314:9:314:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:315:5:315:5 | a : | semmle.label | a : |
| string_flow.rb:315:20:315:20 | x : | semmle.label | x : |
| string_flow.rb:315:28:315:28 | x | semmle.label | x |
| string_flow.rb:316:5:316:5 | a : | semmle.label | a : |
| string_flow.rb:316:26:316:26 | x : | semmle.label | x : |
| string_flow.rb:316:34:316:34 | x | semmle.label | x |
| string_flow.rb:317:14:317:14 | a : | semmle.label | a : |
| string_flow.rb:317:20:317:20 | x : | semmle.label | x : |
| string_flow.rb:317:28:317:28 | x | semmle.label | x |
subpaths
#select
| string_flow.rb:3:10:3:22 | call to new | string_flow.rb:2:9:2:18 | call to source : | string_flow.rb:3:10:3:22 | call to new | $@ | string_flow.rb:2:9:2:18 | call to source : | call to source : |
| string_flow.rb:85:10:85:10 | a | string_flow.rb:83:9:83:18 | call to source : | string_flow.rb:85:10:85:10 | a | $@ | string_flow.rb:83:9:83:18 | call to source : | call to source : |
| string_flow.rb:227:10:227:10 | a | string_flow.rb:223:9:223:18 | call to source : | string_flow.rb:227:10:227:10 | a | $@ | string_flow.rb:223:9:223:18 | call to source : | call to source : |

11
ruby/ql/test/library-tests/dataflow/string-flow/string-flow.ql Normal file
View File

@@ -0,0 +1,11 @@
/**
* @kind path-problem
*/
import ruby
import TestUtilities.InlineFlowTest
import PathGraph
from DataFlow::PathNode source, DataFlow::PathNode sink, DefaultValueFlowConf conf
where conf.hasFlowPath(source, sink)
select sink, source, sink, "$@", source, source.toString()

319
ruby/ql/test/library-tests/dataflow/string-flow/string_flow.rb Normal file
View File

@@ -0,0 +1,319 @@
def m_new
a = source "a"
sink String.new(a) # $ hasValueFlow=a
end
def m_try_convert
a = source "a"
b = source 1
sink String.try_convert(a) # $ hasTaintFlow=a
sink String.try_convert(b) # $ hasTaintFlow=1
end
def m_format
a = source "a"
sink "%s" % a # $ hasTaintFlow=a
sink "%s %s" % ["foo", a] # $ hasTaintFlow=a
sink a % "foo" # $ hasTaintFlow=a
end
def m_plus
a = source "a"
b = a + "b"
sink b # $ hasTaintFlow=a
end
def m_mult
a = source "a"
b = a * 5
sink b # $ hasTaintFlow=a
end
def m_push
a = source "a"
b = a << "b"
sink b # $ hasTaintFlow=a
c = "c" << a
sink c # $ hasTaintFlow=a
end
def m_b
a = source "a"
sink a.b # $ hasTaintFlow=a
end
def m_byteslice
a = source "a"
sink a.byteslice(1) # $ hasTaintFlow=a
sink a.byteslice(1, 2) # $ hasTaintFlow=a
sink a.byteslice(1..2) # $ hasTaintFlow=a
end
def m_capitalize
a = source "a"
sink a.capitalize # $ hasTaintFlow=a
sink a.capitalize! # $ hasTaintFlow=a
end
def m_center
a = source "a"
sink a.center(10) # $ hasTaintFlow=a
sink "foo".center(10, a) # $ hasTaintFlow=a
sink a.ljust(10) # $ hasTaintFlow=a
sink "foo".ljust(10, a) # $ hasTaintFlow=a
sink a.rjust(10) # $ hasTaintFlow=a
sink "foo".rjust(10, a) # $ hasTaintFlow=a
end
def m_chomp
a = source "a"
sink a.chomp # $ hasTaintFlow=a
sink a.chomp! # $ hasTaintFlow=a
end
def m_chomp
a = source "a"
sink a.chop # $ hasTaintFlow=a
sink a.chop! # $ hasTaintFlow=a
end
# TODO: this currently doesn't work because the flow summary for Array#clear
# only clears array content.
def m_clear
a = source "a"
a.clear
sink a
end
# concat and prepend omitted because they clash with the summaries for
# Array#concat and Array#prepend.
#
# def m_concat
# a = source "a"
# b = source "b"
# c = "c"
# sink c.concat(a, b) # $ hasValueFlow=a hasValueFlow=b
# sink c # $ hasValueFlow=a hasValueFlow=b
# end
# def m_prepend
# a = source "a"
# b = source "b"
# c = "c"
# sink c.prepend(a, b) # $ hasValueFlow=a hasValueFlow=b
# sink c # $ hasValueFlow=a hasValueFlow=b
# end
def m_delete
a = source "a"
sink a.delete("b") # $ hasTaintFlow=a
sink a.delete_prefix("b") # $ hasTaintFlow=a
sink a.delete_suffix("b") # $ hasTaintFlow=a
end
def m_downcase
a = source "a"
sink a.downcase # $ hasTaintFlow=a
sink a.downcase! # $ hasTaintFlow=a
sink a.swapcase # $ hasTaintFlow=a
sink a.swapcase! # $ hasTaintFlow=a
sink a.upcase # $ hasTaintFlow=a
sink a.upcase! # $ hasTaintFlow=a
end
def m_dump
a = source "a"
b = a.dump
sink b # $ hasTaintFlow=a
sink b.undump # $ hasTaintFlow=a
end
def m_each_line
a = source "a"
b = a.each_line { |line| sink line } # $ hasTaintFlow=a
sink b # $ hasTaintFlow=a
c = a.each_line
sink c.to_a[0] # $ hasTaintFlow=a
end
def m_lines
a = source "a"
b = a.lines { |line| sink line } # $ hasTaintFlow=a
sink b # $ hasTaintFlow=a
c = a.lines
sink c[0] # $ hasTaintFlow=a
end
def m_encode
a = source "a"
sink a.encode("ASCII") # $ hasTaintFlow=a
sink a.encode!("ASCII") # $ hasTaintFlow=a
sink a.unicode_normalize # $ hasTaintFlow=a
sink a.unicode_normalize! # $ hasTaintFlow=a
end
def m_force_encoding
a = source "a"
sink a.force_encoding("ASCII") # $ hasTaintFlow=a
end
def m_freeze
a = source "a"
sink a.freeze # $ hasTaintFlow=a
end
def m_gsub
a = source "a"
c = source "c"
sink a.gsub("b", c) # $ hasTaintFlow=a hasTaintFlow=c
sink a.gsub!("b", c) # $ hasTaintFlow=a hasTaintFlow=c
sink a.gsub("b") { |match| source "b" } # $ hasTaintFlow=a hasTaintFlow=b
sink a.gsub!("b") { |match| source "b" } # $ hasTaintFlow=a hasTaintFlow=b
end
def m_sub
a = source "a"
c = source "c"
sink a.sub("b", c) # $ hasTaintFlow=a hasTaintFlow=c
sink a.sub!("b", c) # $ hasTaintFlow=a hasTaintFlow=c
sink a.sub("b") { |match| source "b" } # $ hasTaintFlow=a hasTaintFlow=b
sink a.sub!("b") { |match| source "b" } # $ hasTaintFlow=a hasTaintFlow=b
end
# omitted because it clashes with the summary for Array#insert
# def m_insert
# a = source "a"
# sink a.insert(1, "c") # $ hasTaintFlow=a
# sink "c".insert(1, a) # $ hasValueFlow=a
# end
def m_inspect
a = source "a"
sink a.inspect # $ hasTaintFlow=a
end
def m_strip
a = source "a"
sink a.strip # $ hasTaintFlow=a
sink a.strip! # $ hasTaintFlow=a
sink a.lstrip # $ hasTaintFlow=a
sink a.lstrip! # $ hasTaintFlow=a
sink a.rstrip # $ hasTaintFlow=a
sink a.rstrip! # $ hasTaintFlow=a
end
def m_next
a = source "a"
sink a.next # $ hasTaintFlow=a
sink a.next! # $ hasTaintFlow=a
sink a.succ # $ hasTaintFlow=a
sink a.succ! # $ hasTaintFlow=a
end
def m_partition
a = source "a"
b = a.partition("b")
sink b[0] # $ hasTaintFlow=a
sink b[1] # $ hasTaintFlow=a
sink b[2] # $ hasTaintFlow=a
sink b[3]
end
def m_replace
a = source "a"
b = source "b"
sink a.replace(b) # $ hasTaintFlow=b
# TODO: currently we get value flow for a, because we don't clear content
sink a # $ hasTaintFlow=b
end
def m_reverse
a = source "a"
sink a.reverse # $ hasTaintFlow=a
end
def m_scan(i)
a = source "a"
b = a.scan(/b/) { |x, y| sink x } # $ hasTaintFlow=a
b = a.scan(/b/) { |x, y| sink y } # $ hasTaintFlow=a
sink b # $ hasTaintFlow=a
b = a.scan(/b/)
sink b[0] # $ hasTaintFlow=a
sink b[i] # $ hasTaintFlow=a
end
def m_scrub
a = source "a"
sink a.scrub("b") # $ hasTaintFlow=a
sink "b".scrub(a) # $ hasTaintFlow=a
a.scrub { |x| sink x } # $ hasTaintFlow=a
sink("b".scrub { |x| a }) # $ hasTaintFlow=a
sink a.scrub!("b") # $ hasTaintFlow=a
sink "b".scrub!(a) # $ hasTaintFlow=a
a = source "a"
a.scrub! { |x| sink x } # $ hasTaintFlow=a
sink("b".scrub! { |x| a }) # $ hasTaintFlow=a
end
def m_shellescape
a = source "a"
sink a.shellescape # $ hasTaintFlow=a
end
def m_shellsplit(i)
a = source "a"
b = a.shellsplit
sink b[i] # $ hasTaintFlow=a
end
def m_slice(i)
a = source "a"
b = a.slice(1)
sink b[i] # $ hasTaintFlow=a
b = a.slice!(1)
sink b[i] # $ hasTaintFlow=a
b = a.split("b")
sink b[i] # $ hasTaintFlow=a
b = a[1,2]
sink b[i] # $ hasTaintFlow=a
end
def m_squeeze
a = source "a"
sink a.squeeze # $ hasTaintFlow=a
sink a.squeeze("b") # $ hasTaintFlow=a
sink a.squeeze! # $ hasTaintFlow=a
sink a.squeeze!("b") # $ hasTaintFlow=a
end
def m_to_str
a = source "a"
sink a.to_str # $ hasTaintFlow=a
sink a.to_s # $ hasTaintFlow=a
end
def m_tr
a = source "a"
sink a.tr("c", "d") # $ hasTaintFlow=a
sink "b".tr("c", a) # $ hasTaintFlow=a
sink a.tr!("c", "d") # $ hasTaintFlow=a
sink "b".tr!("c", a) # $ hasTaintFlow=a
sink a.tr_s("c", "d") # $ hasTaintFlow=a
sink "b".tr_s("c", a) # $ hasTaintFlow=a
sink a.tr_s!("c", "d") # $ hasTaintFlow=a
sink "b".tr_s!("c", a) # $ hasTaintFlow=a
end
def m_upto(i)
a = source "a"
a.upto("b") { |x| sink x } # $ hasTaintFlow=a
a.upto("b", true) { |x| sink x } # $ hasTaintFlow=a
"b".upto(a) { |x| sink x } # $ hasTaintFlow=a
"b".upto(a, true) { |x| sink x }
end

10
ruby/ql/test/query-tests/security/cwe-312/CleartextLogging.expected
View File

@@ -13,9 +13,13 @@ edges
| logging.rb:30:8:30:55 | call to [] : | logging.rb:37:20:37:23 | hsh1 : |
| logging.rb:34:1:34:15 | call to []= : | logging.rb:39:20:39:34 | ...[...] |
| logging.rb:37:20:37:23 | hsh1 : | logging.rb:37:20:37:34 | ...[...] |
| logging.rb:59:35:59:68 | "ca497451f5e883662fb1a37bc9ec7838" : | logging.rb:63:35:63:65 | password_masked_ineffective_sub : |
| logging.rb:60:38:60:71 | "ca497451f5e883662fb1a37bc9ec7838" : | logging.rb:73:20:73:53 | password_masked_ineffective_sub_ex |
| logging.rb:61:36:61:69 | "a7e3747b19930d4f4b8181047194832f" : | logging.rb:65:36:65:67 | password_masked_ineffective_gsub : |
| logging.rb:62:39:62:72 | "a7e3747b19930d4f4b8181047194832f" : | logging.rb:75:20:75:54 | password_masked_ineffective_gsub_ex |
| logging.rb:63:35:63:65 | password_masked_ineffective_sub : | logging.rb:63:35:63:88 | call to sub : |
| logging.rb:63:35:63:88 | call to sub : | logging.rb:69:20:69:50 | password_masked_ineffective_sub |
| logging.rb:65:36:65:67 | password_masked_ineffective_gsub : | logging.rb:65:36:65:86 | call to gsub : |
| logging.rb:65:36:65:86 | call to gsub : | logging.rb:71:20:71:51 | password_masked_ineffective_gsub |
| logging.rb:77:9:77:16 | password : | logging.rb:79:15:79:22 | password |
| logging.rb:82:16:82:49 | "65f2950df2f0e2c38d7ba2ccca767291" : | logging.rb:83:5:83:16 | password_arg : |
@@ -38,9 +42,13 @@ nodes
| logging.rb:37:20:37:23 | hsh1 : | semmle.label | hsh1 : |
| logging.rb:37:20:37:34 | ...[...] | semmle.label | ...[...] |
| logging.rb:39:20:39:34 | ...[...] | semmle.label | ...[...] |
| logging.rb:59:35:59:68 | "ca497451f5e883662fb1a37bc9ec7838" : | semmle.label | "ca497451f5e883662fb1a37bc9ec7838" : |
| logging.rb:60:38:60:71 | "ca497451f5e883662fb1a37bc9ec7838" : | semmle.label | "ca497451f5e883662fb1a37bc9ec7838" : |
| logging.rb:61:36:61:69 | "a7e3747b19930d4f4b8181047194832f" : | semmle.label | "a7e3747b19930d4f4b8181047194832f" : |
| logging.rb:62:39:62:72 | "a7e3747b19930d4f4b8181047194832f" : | semmle.label | "a7e3747b19930d4f4b8181047194832f" : |
| logging.rb:63:35:63:65 | password_masked_ineffective_sub : | semmle.label | password_masked_ineffective_sub : |
| logging.rb:63:35:63:88 | call to sub : | semmle.label | call to sub : |
| logging.rb:65:36:65:67 | password_masked_ineffective_gsub : | semmle.label | password_masked_ineffective_gsub : |
| logging.rb:65:36:65:86 | call to gsub : | semmle.label | call to gsub : |
| logging.rb:69:20:69:50 | password_masked_ineffective_sub | semmle.label | password_masked_ineffective_sub |
| logging.rb:71:20:71:51 | password_masked_ineffective_gsub | semmle.label | password_masked_ineffective_gsub |
@@ -65,7 +73,9 @@ subpaths
| logging.rb:28:26:28:33 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" : | logging.rb:28:26:28:33 | password | Sensitive data returned by $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
| logging.rb:37:20:37:34 | ...[...] | logging.rb:30:8:30:55 | call to [] : | logging.rb:37:20:37:34 | ...[...] | Sensitive data returned by $@ is logged here. | logging.rb:30:8:30:55 | call to [] | an write to password |
| logging.rb:39:20:39:34 | ...[...] | logging.rb:34:1:34:15 | call to []= : | logging.rb:39:20:39:34 | ...[...] | Sensitive data returned by $@ is logged here. | logging.rb:34:1:34:15 | call to []= | a write to password |
| logging.rb:69:20:69:50 | password_masked_ineffective_sub | logging.rb:59:35:59:68 | "ca497451f5e883662fb1a37bc9ec7838" : | logging.rb:69:20:69:50 | password_masked_ineffective_sub | Sensitive data returned by $@ is logged here. | logging.rb:59:35:59:68 | "ca497451f5e883662fb1a37bc9ec7838" | an assignment to password_masked_ineffective_sub |
| logging.rb:69:20:69:50 | password_masked_ineffective_sub | logging.rb:63:35:63:88 | call to sub : | logging.rb:69:20:69:50 | password_masked_ineffective_sub | Sensitive data returned by $@ is logged here. | logging.rb:63:35:63:88 | call to sub | an assignment to password_masked_ineffective_sub |
| logging.rb:71:20:71:51 | password_masked_ineffective_gsub | logging.rb:61:36:61:69 | "a7e3747b19930d4f4b8181047194832f" : | logging.rb:71:20:71:51 | password_masked_ineffective_gsub | Sensitive data returned by $@ is logged here. | logging.rb:61:36:61:69 | "a7e3747b19930d4f4b8181047194832f" | an assignment to password_masked_ineffective_gsub |
| logging.rb:71:20:71:51 | password_masked_ineffective_gsub | logging.rb:65:36:65:86 | call to gsub : | logging.rb:71:20:71:51 | password_masked_ineffective_gsub | Sensitive data returned by $@ is logged here. | logging.rb:65:36:65:86 | call to gsub | an assignment to password_masked_ineffective_gsub |
| logging.rb:73:20:73:53 | password_masked_ineffective_sub_ex | logging.rb:60:38:60:71 | "ca497451f5e883662fb1a37bc9ec7838" : | logging.rb:73:20:73:53 | password_masked_ineffective_sub_ex | Sensitive data returned by $@ is logged here. | logging.rb:60:38:60:71 | "ca497451f5e883662fb1a37bc9ec7838" | an assignment to password_masked_ineffective_sub_ex |
| logging.rb:75:20:75:54 | password_masked_ineffective_gsub_ex | logging.rb:62:39:62:72 | "a7e3747b19930d4f4b8181047194832f" : | logging.rb:75:20:75:54 | password_masked_ineffective_gsub_ex | Sensitive data returned by $@ is logged here. | logging.rb:62:39:62:72 | "a7e3747b19930d4f4b8181047194832f" | an assignment to password_masked_ineffective_gsub_ex |