hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Capture flow: Take overwrites in nested scopes into account

Browse Source
This commit is contained in:
Tom Hvitved
2024-02-07 14:06:08 +01:00
parent 0c43ad45b4
commit 1ea7717714
6 changed files with 28 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll
View File

@@ -453,6 +453,10 @@ module VariableCapture {
Flow::localFlowStep(asClosureNode(node1), asClosureNode(node2))
}
predicate clearsContent(Node node, Content::CapturedVariableContent c) {
Flow::clearsContent(asClosureNode(node), c.getVariable())
}
class CapturedSsaDefinitionExt extends SsaImpl::DefinitionExt {
CapturedSsaDefinitionExt() { this.getSourceVariable() instanceof CapturedVariable }
}
@@ -1930,6 +1934,8 @@ predicate clearsContent(Node n, ContentSet c) {
c.isKnownOrUnknownElement(TKnownElementContent(cv)) and
cv.isSymbol(name)
)
or
VariableCapture::clearsContent(n, any(Content::CapturedVariableContent v | c.isSingleton(v)))
}
/**

4
ruby/ql/test/library-tests/dataflow/global/Flow.expected
View File

@@ -1,5 +1,4 @@
testFailures
| captured_variables.rb:212:14:212:14 | x | Unexpected result: hasValueFlow=17 |
edges
| blocks.rb:14:12:14:20 | call to source | blocks.rb:8:10:8:14 | yield ... | provenance | |
| captured_variables.rb:9:24:9:24 | x | captured_variables.rb:10:10:10:23 | -> { ... } [captured x] | provenance | |
@@ -117,7 +116,6 @@ edges
| captured_variables.rb:194:1:194:1 | c [@x] | captured_variables.rb:185:5:189:7 | self in baz [@x] | provenance | |
| captured_variables.rb:197:9:197:17 | call to taint | captured_variables.rb:199:10:199:10 | x | provenance | |
| captured_variables.rb:206:13:206:21 | call to taint | captured_variables.rb:208:14:208:14 | x | provenance | |
| captured_variables.rb:206:13:206:21 | call to taint | captured_variables.rb:212:14:212:14 | x | provenance | |
| instance_variables.rb:10:19:10:19 | x | instance_variables.rb:11:18:11:18 | x | provenance | |
| instance_variables.rb:11:18:11:18 | x | instance_variables.rb:11:9:11:14 | [post] self [@field] | provenance | |
| instance_variables.rb:13:5:15:7 | self in get_field [@field] | instance_variables.rb:14:16:14:21 | self [@field] | provenance | |
@@ -376,7 +374,6 @@ nodes
| captured_variables.rb:199:10:199:10 | x | semmle.label | x |
| captured_variables.rb:206:13:206:21 | call to taint | semmle.label | call to taint |
| captured_variables.rb:208:14:208:14 | x | semmle.label | x |
| captured_variables.rb:212:14:212:14 | x | semmle.label | x |
| instance_variables.rb:10:19:10:19 | x | semmle.label | x |
| instance_variables.rb:11:9:11:14 | [post] self [@field] | semmle.label | [post] self [@field] |
| instance_variables.rb:11:18:11:18 | x | semmle.label | x |
@@ -586,7 +583,6 @@ subpaths
| captured_variables.rb:187:18:187:19 | @x | captured_variables.rb:178:14:178:22 | call to taint | captured_variables.rb:187:18:187:19 | @x | $@ | captured_variables.rb:178:14:178:22 | call to taint | call to taint |
| captured_variables.rb:199:10:199:10 | x | captured_variables.rb:197:9:197:17 | call to taint | captured_variables.rb:199:10:199:10 | x | $@ | captured_variables.rb:197:9:197:17 | call to taint | call to taint |
| captured_variables.rb:208:14:208:14 | x | captured_variables.rb:206:13:206:21 | call to taint | captured_variables.rb:208:14:208:14 | x | $@ | captured_variables.rb:206:13:206:21 | call to taint | call to taint |
| captured_variables.rb:212:14:212:14 | x | captured_variables.rb:206:13:206:21 | call to taint | captured_variables.rb:212:14:212:14 | x | $@ | captured_variables.rb:206:13:206:21 | call to taint | call to taint |
| instance_variables.rb:20:10:20:13 | @foo | instance_variables.rb:19:12:19:21 | call to taint | instance_variables.rb:20:10:20:13 | @foo | $@ | instance_variables.rb:19:12:19:21 | call to taint | call to taint |
| instance_variables.rb:36:10:36:33 | call to get_field | instance_variables.rb:36:14:36:22 | call to taint | instance_variables.rb:36:10:36:33 | call to get_field | $@ | instance_variables.rb:36:14:36:22 | call to taint | call to taint |
| instance_variables.rb:39:6:39:33 | call to get_field | instance_variables.rb:39:14:39:22 | call to taint | instance_variables.rb:39:6:39:33 | call to get_field | $@ | instance_variables.rb:39:14:39:22 | call to taint | call to taint |