Ruby: address review comments on array_flow.rb

2026-04-30 19:26:02 +02:00 · 2022-02-04 11:59:59 +00:00
parent 8248a942ce
commit 161d766ba9
3 changed files with 6019 additions and 5990 deletions
--- a/ruby/ql/lib/codeql/ruby/frameworks/Array.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Array.qll
@@ -479,8 +479,12 @@ module Array {
    CombinationSummary() { this = "combination" }

    override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
-      input = "ArrayElement of Receiver" and
-      output = "ArrayElement[?] of Parameter[0] of BlockArgument" and
+      (
+        input = "ArrayElement of Receiver" and
+        output = "ArrayElement[?] of Parameter[0] of BlockArgument"
+        or
+        input = "Receiver" and output = "ReturnValue"
+      ) and
      preservesValue = true
    }
  }
--- a/ruby/ql/test/library-tests/dataflow/array-flow/array-flow.expected
+++ b/ruby/ql/test/library-tests/dataflow/array-flow/array-flow.expected
--- a/ruby/ql/test/library-tests/dataflow/array-flow/array_flow.rb
+++ b/ruby/ql/test/library-tests/dataflow/array-flow/array_flow.rb
@@ -242,6 +242,7 @@ def m27
        sink x # $ hasValueFlow=27.1
        source 27.2
    end
+    sink a[0] # $ hasValueFlow=27.2
    sink b[0] # $ hasValueFlow=27.2
 end

@@ -256,9 +257,11 @@ end

 def m29
    a = [0, 1, source(29)]
-    a.combination(1) do |x|
+    b = a.combination(1) do |x|
        sink(x[0]) # $ hasValueFlow=29
    end
+    sink b[0]
+    sink b[2] # $ hasValueFlow=29
 end

 def m30
@@ -798,12 +801,7 @@ def m83
    end
 end

-def m84
-    a = [0, 1, source(84)]
-    b = a.old_to_s
-    # TODO should we model `old_to_s` as adding a taint step?
-    sink b
-end
+# m84 deleted (was `old_to_s`)

 def m85
    a = [0, 1, source(85)]