hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into more-shell-taint

Browse Source
This commit is contained in:
erik-krogh
2023-03-15 10:54:30 +01:00
parent 984a589954 e8a7139020
commit 2133d1a5ab
153 changed files with 15917 additions and 1149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ruby/.gitignore vendored
View File

@@ -1,4 +1,4 @@
/target
extractor/target
extractor-pack
.vscode/launch.json
.cache

7
ruby/Cargo.toml
View File

@@ -1,7 +0,0 @@
[workspace]
members = [
"autobuilder",
"extractor",
"generator",
"node-types",
]

4
ruby/actions/create-extractor-pack/action.yml
View File

@@ -10,7 +10,7 @@ runs:
uses: actions/cache@v3
with:
path: ruby/extractor-pack
key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-extractor-${{ hashFiles('ruby/rust-toolchain.toml', 'ruby/scripts/create-extractor-pack.sh', 'ruby/**/Cargo.lock', 'ruby/actions/create-extractor-pack/action.yml') }}-${{ hashFiles('ruby/**/*.rs') }}-${{ hashFiles('ruby/codeql-extractor.yml', 'ruby/downgrades', 'ruby/tools', 'ruby/ql/lib/ruby.dbscheme', 'ruby/ql/lib/ruby.dbscheme.stats') }}
key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-extractor-${{ hashFiles('ruby/extractor/rust-toolchain.toml', 'ruby/scripts/create-extractor-pack.sh', 'ruby/extractor/**/Cargo.lock', 'ruby/actions/create-extractor-pack/action.yml') }}-${{ hashFiles('ruby/extractor/**/*.rs') }}-${{ hashFiles('ruby/codeql-extractor.yml', 'ruby/downgrades', 'ruby/tools', 'ruby/ql/lib/ruby.dbscheme', 'ruby/ql/lib/ruby.dbscheme.stats') }}
- name: Cache cargo
uses: actions/cache@v3
if: steps.cache-extractor.outputs.cache-hit != 'true'
@@ -19,7 +19,7 @@ runs:
~/.cargo/registry
~/.cargo/git
ruby/target
key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-ruby-qltest-cargo-${{ hashFiles('ruby/rust-toolchain.toml', 'ruby/scripts/create-extractor-pack.sh', 'ruby/**/Cargo.lock') }}
key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-ruby-qltest-cargo-${{ hashFiles('ruby/extractor/rust-toolchain.toml', 'ruby/scripts/create-extractor-pack.sh', 'ruby/extractor/**/Cargo.lock') }}
- name: Build Extractor
if: steps.cache-extractor.outputs.cache-hit != 'true'
shell: bash

9
ruby/autobuilder/Cargo.toml
View File

@@ -1,9 +0,0 @@
[package]
name = "ruby-autobuilder"
version = "0.1.0"
authors = ["GitHub"]
edition = "2018"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]

BIN
ruby/Cargo.lock → ruby/extractor/Cargo.lock generated
View File

Binary file not shown.

1
ruby/extractor/Cargo.toml
View File

@@ -8,7 +8,6 @@ edition = "2018"
[dependencies]
flate2 = "1.0"
node-types = { path = "../node-types" }
tree-sitter = "0.20"
tree-sitter-embedded-template = { git = "https://github.com/tree-sitter/tree-sitter-embedded-template.git", rev = "203f7bd3c1bbfbd98fc19add4b8fcb213c059205" }
tree-sitter-ruby = { git = "https://github.com/tree-sitter/tree-sitter-ruby.git", rev = "206c7077164372c596ffa8eaadb9435c28941364" }

0
ruby/Cross.toml → ruby/extractor/Cross.toml
View File

0
ruby/rust-toolchain.toml → ruby/extractor/rust-toolchain.toml
View File

0
ruby/autobuilder/src/main.rs → ruby/extractor/src/bin/autobuilder.rs
View File

8
ruby/extractor/src/main.rs → ruby/extractor/src/bin/extractor.rs
View File

@@ -1,8 +1,3 @@
mod diagnostics;
mod extractor;
mod file_paths;
mod trap;
#[macro_use]
extern crate lazy_static;
extern crate num_cpus;
@@ -16,6 +11,8 @@ use std::io::BufRead;
use std::path::{Path, PathBuf};
use tree_sitter::{Language, Parser, Range};
use ruby_extractor::{diagnostics, extractor, file_paths, node_types, trap};
/**
* Gets the number of threads the extractor should use, by reading the
* CODEQL_THREADS environment variable and using it as described in the
@@ -46,6 +43,7 @@ lazy_static! {
static ref CP_NUMBER: regex::Regex = regex::Regex::new("cp([0-9]+)").unwrap();
}
/// Returns the `encoding::Encoding` corresponding to the given encoding name, if one exists.
fn encoding_from_name(encoding_name: &str) -> Option<&(dyn encoding::Encoding + Send + Sync)> {
match encoding::label::encoding_from_whatwg_label(encoding_name) {
s @ Some(_) => s,

22
ruby/generator/src/main.rs → ruby/extractor/src/bin/generator.rs
View File

@@ -1,10 +1,4 @@
mod dbscheme;
mod language;
mod ql;
mod ql_gen;
use clap::arg;
use language::Language;
use std::collections::BTreeMap as Map;
use std::collections::BTreeSet as Set;
use std::fs::File;
@@ -12,6 +6,9 @@ use std::io::LineWriter;
use std::io::Write;
use std::path::PathBuf;
use ruby_extractor::generator::{dbscheme, language::Language, ql, ql_gen};
use ruby_extractor::node_types;
/// Given the name of the parent node, and its field information, returns a pair,
/// the first of which is the field's type. The second is an optional dbscheme
/// entry that should be added.
@@ -573,7 +570,12 @@ fn main() -> std::io::Result<()> {
node_types: tree_sitter_embedded_template::NODE_TYPES,
},
];
let mut dbscheme_writer = LineWriter::new(File::create(dbscheme_path)?);
let dbscheme_file = File::create(dbscheme_path).map_err(|e| {
tracing::error!("Failed to create dbscheme file: {}", e);
e
})?;
let mut dbscheme_writer = LineWriter::new(dbscheme_file);
write!(
dbscheme_writer,
"// CodeQL database schema for {}\n\
@@ -596,7 +598,11 @@ fn main() -> std::io::Result<()> {
],
)?;
let mut ql_writer = LineWriter::new(File::create(ql_library_path)?);
let ql_library_file = File::create(ql_library_path).map_err(|e| {
tracing::error!("Failed to create ql library file: {}", e);
e
})?;
let mut ql_writer = LineWriter::new(ql_library_file);
write!(
ql_writer,
"/**\n\

2
ruby/extractor/src/extractor.rs
View File

@@ -1,7 +1,7 @@
use crate::diagnostics;
use crate::file_paths;
use crate::node_types::{self, EntryKind, Field, NodeTypeMap, Storage, TypeName};
use crate::trap;
use node_types::{EntryKind, Field, NodeTypeMap, Storage, TypeName};
use std::collections::BTreeMap as Map;
use std::collections::BTreeSet as Set;
use std::fmt;

4
ruby/generator/src/dbscheme.rs → ruby/extractor/src/generator/dbscheme.rs
View File

@@ -1,6 +1,8 @@
use crate::ql;
use std::collections::BTreeSet as Set;
use std::fmt;
use crate::generator::ql;
/// Represents a distinct entry in the database schema.
pub enum Entry<'a> {
/// An entry defining a database table.

0
ruby/generator/src/language.rs → ruby/extractor/src/generator/language.rs
View File

4
ruby/extractor/src/generator/mod.rs Normal file
View File

@@ -0,0 +1,4 @@
pub mod dbscheme;
pub mod language;
pub mod ql;
pub mod ql_gen;

0
ruby/generator/src/ql.rs → ruby/extractor/src/generator/ql.rs
View File

3
ruby/generator/src/ql_gen.rs → ruby/extractor/src/generator/ql_gen.rs
View File

@@ -1,6 +1,7 @@
use crate::ql;
use std::collections::BTreeSet;
use crate::{generator::ql, node_types};
/// Creates the hard-coded `AstNode` class that acts as a supertype of all
/// classes we generate.
pub fn create_ast_node_class<'a>(ast_node: &'a str, node_info_table: &'a str) -> ql::Class<'a> {

6
ruby/extractor/src/lib.rs Normal file
View File

@@ -0,0 +1,6 @@
pub mod diagnostics;
pub mod extractor;
pub mod file_paths;
pub mod generator;
pub mod node_types;
pub mod trap;

0
ruby/node-types/src/lib.rs → ruby/extractor/src/node_types.rs
View File

15
ruby/generator/Cargo.toml
View File

@@ -1,15 +0,0 @@
[package]
name = "ruby-generator"
version = "0.1.0"
authors = ["GitHub"]
edition = "2018"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
clap = "3.0"
node-types = { path = "../node-types" }
tracing = "0.1"
tracing-subscriber = { version = "0.3.3", features = ["env-filter"] }
tree-sitter-embedded-template = { git = "https://github.com/tree-sitter/tree-sitter-embedded-template.git", rev = "203f7bd3c1bbfbd98fc19add4b8fcb213c059205" }
tree-sitter-ruby = { git = "https://github.com/tree-sitter/tree-sitter-ruby.git", rev = "206c7077164372c596ffa8eaadb9435c28941364" }

11
ruby/node-types/Cargo.toml
View File

@@ -1,11 +0,0 @@
[package]
name = "node-types"
version = "0.1.0"
authors = ["GitHub"]
edition = "2018"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"

4
ruby/ql/lib/change-notes/2023-03-13-initalize-flow.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Data flow through `initialize` methods is now taken into account also when the receiver of a `new` call is an (implicit or explicit) `self`.

6
ruby/ql/lib/change-notes/2023-03-13-rails-sinks.md Normal file
View File

@@ -0,0 +1,6 @@
---
category: minorAnalysis
---
* The Active Record query methods `reorder` and `count_by_sql` are now recognised as SQL executions.
* Calls to `ActiveRecord::Connection#execute`, including those via subclasses, are now recognised as SQL executions.
* Data flow through `ActionController::Parameters#require` is now tracked properly.

67
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
View File

@@ -299,10 +299,7 @@ private Callable viableSourceCallableNonInit(RelevantCall call) {
not call.getExpr() instanceof YieldCall // handled by `lambdaCreation`/`lambdaCall`
}
private Callable viableSourceCallableInit(RelevantCall call) {
result = getInitializeTarget(call) and
not isUserDefinedNew(getTarget(call))
}
private Callable viableSourceCallableInit(RelevantCall call) { result = getInitializeTarget(call) }
/** Holds if `call` may resolve to the returned source-code method. */
private Callable viableSourceCallable(RelevantCall call) {
@@ -374,9 +371,14 @@ private module Cached {
*/
cached
Method getInitializeTarget(RelevantCall new) {
exists(Module m |
moduleFlowsToMethodCallReceiver(new, m, "new") and
result = lookupMethod(m, "initialize")
exists(Module m, boolean exact |
isStandardNewCall(new, m, exact) and
result = lookupMethod(m, "initialize", exact) and
// In the case where `exact = false`, we need to check that there is
// no user-defined `new` method in between `m` and the enclosing module
// of the `initialize` method (`isStandardNewCall` already checks that
// there is no user-defined `new` method in `m` or any of `m`'s ancestors)
not hasUserDefinedNew(result.getEnclosingModule().getModule())
)
}
@@ -481,6 +483,35 @@ private predicate hasUserDefinedNew(Module m) {
)
}
/**
* Holds if `new` is a call to `new`, targeting a class of type `m` (or a
* sub class, when `exact = false`), where there is no user-defined
* `self.new` on `m`.
*/
pragma[nomagic]
private predicate isStandardNewCall(RelevantCall new, Module m, boolean exact) {
exists(DataFlow::LocalSourceNode sourceNode |
flowsToMethodCallReceiver(new, sourceNode, "new") and
// `m` should not have a user-defined `self.new` method
not hasUserDefinedNew(m)
|
// `C.new`
sourceNode = trackModuleAccess(m) and
exact = true
or
// `self.new` inside a module
selfInModule(sourceNode.(SsaSelfDefinitionNode).getVariable(), m) and
exact = true
or
// `self.new` inside a singleton method
exists(MethodBase caller |
selfInMethod(sourceNode.(SsaSelfDefinitionNode).getVariable(), caller, m) and
singletonMethod(caller, _, _) and
exact = false
)
)
}
/** Holds if `n` is an instance of type `tp`. */
private predicate isInstance(DataFlow::Node n, Module tp, boolean exact) {
n.asExpr().getExpr() instanceof NilLiteral and
@@ -535,27 +566,7 @@ private predicate isInstance(DataFlow::Node n, Module tp, boolean exact) {
tp = TResolved("Proc") and
exact = true
or
exists(RelevantCall call, DataFlow::LocalSourceNode sourceNode |
flowsToMethodCallReceiver(call, sourceNode, "new") and
n.asExpr() = call and
// `tp` should not have a user-defined `self.new` method
not hasUserDefinedNew(tp)
|
// `C.new`
sourceNode = trackModuleAccess(tp) and
exact = true
or
// `self.new` inside a module
selfInModule(sourceNode.(SsaSelfDefinitionNode).getVariable(), tp) and
exact = true
or
// `self.new` inside a singleton method
exists(MethodBase caller |
selfInMethod(sourceNode.(SsaSelfDefinitionNode).getVariable(), caller, tp) and
singletonMethod(caller, _, _) and
exact = false
)
)
isStandardNewCall(n.asExpr(), tp, exact)
or
// `self` reference in method or top-level (but not in module or singleton method,
// where instance methods cannot be called; only singleton methods)

1
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll
View File

@@ -182,6 +182,7 @@ private module LambdaFlow {
boolean toJump, DataFlowCallOption lastCall
) {
revLambdaFlow0(lambdaCall, kind, node, t, toReturn, toJump, lastCall) and
not expectsContent(node, _) and
if castNode(node) or node instanceof ArgNode or node instanceof ReturnNode
then compatibleTypes(t, getNodeDataFlowType(node))
else any()

6
ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
View File

@@ -632,9 +632,9 @@ private module ParamsSummaries {
// dig doesn't always return a Parameters instance, but it will if the
// given key refers to a nested hash parameter.
"dig", "each", "each_key", "each_pair", "each_value", "except", "keep_if", "merge",
"merge!", "permit", "reject", "reject!", "reverse_merge", "reverse_merge!", "select",
"select!", "slice", "slice!", "transform_keys", "transform_keys!", "transform_values",
"transform_values!", "with_defaults", "with_defaults!"
"merge!", "permit", "reject", "reject!", "require", "reverse_merge", "reverse_merge!",
"select", "select!", "slice", "slice!", "transform_keys", "transform_keys!",
"transform_values", "transform_values!", "with_defaults", "with_defaults!"
]
}

34
ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll
View File

@@ -31,6 +31,18 @@ private predicate isBuiltInMethodForActiveRecordModelInstance(string methodName)
methodName = objectInstanceMethodName()
}
private API::Node activeRecordClassApiNode() {
result =
// class Foo < ActiveRecord::Base
// class Bar < Foo
[
API::getTopLevelMember("ActiveRecord").getMember("Base"),
// In Rails applications `ApplicationRecord` typically extends `ActiveRecord::Base`, but we
// treat it separately in case the `ApplicationRecord` definition is not in the database.
API::getTopLevelMember("ApplicationRecord")
].getASubclass()
}
/**
* A `ClassDeclaration` for a class that inherits from `ActiveRecord::Base`. For example,
*
@@ -45,15 +57,8 @@ private predicate isBuiltInMethodForActiveRecordModelInstance(string methodName)
*/
class ActiveRecordModelClass extends ClassDeclaration {
ActiveRecordModelClass() {
// class Foo < ActiveRecord::Base
// class Bar < Foo
this.getSuperclassExpr() =
[
API::getTopLevelMember("ActiveRecord").getMember("Base"),
// In Rails applications `ApplicationRecord` typically extends `ActiveRecord::Base`, but we
// treat it separately in case the `ApplicationRecord` definition is not in the database.
API::getTopLevelMember("ApplicationRecord")
].getASubclass().getAValueReachableFromSource().asExpr().getExpr()
activeRecordClassApiNode().getAValueReachableFromSource().asExpr().getExpr()
}
// Gets the class declaration for this class and all of its super classes
@@ -116,14 +121,14 @@ private Expr sqlFragmentArgument(MethodCall call) {
[
"delete_all", "delete_by", "destroy_all", "destroy_by", "exists?", "find_by", "find_by!",
"find_or_create_by", "find_or_create_by!", "find_or_initialize_by", "find_by_sql", "from",
"group", "having", "joins", "lock", "not", "order", "pluck", "where", "rewhere", "select",
"reselect", "update_all"
"group", "having", "joins", "lock", "not", "order", "reorder", "pluck", "where",
"rewhere", "select", "reselect", "update_all"
] and
result = call.getArgument(0)
or
methodName = "calculate" and result = call.getArgument(1)
or
methodName in ["average", "count", "maximum", "minimum", "sum"] and
methodName in ["average", "count", "maximum", "minimum", "sum", "count_by_sql"] and
result = call.getArgument(0)
or
// This format was supported until Rails 2.3.8
@@ -208,11 +213,18 @@ class ActiveRecordSqlExecutionRange extends SqlExecution::Range {
exists(PotentiallyUnsafeSqlExecutingMethodCall mc |
this.asExpr().getNode() = mc.getSqlFragmentSinkArgument()
)
or
this = activeRecordConnectionInstance().getAMethodCall("execute").getArgument(0) and
unsafeSqlExpr(this.asExpr().getExpr())
}
override DataFlow::Node getSql() { result = this }
}
private API::Node activeRecordConnectionInstance() {
result = activeRecordClassApiNode().getReturn("connection")
}
// TODO: model `ActiveRecord` sanitizers
// https://api.rubyonrails.org/classes/ActiveRecord/Sanitization/ClassMethods.html
/**

283
ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected
View File

@@ -106,6 +106,10 @@ edges
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:105:10:105:10 | x |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:106:13:106:13 | x : |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:106:13:106:13 | x : |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:106:13:106:13 | x : |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:106:13:106:13 | x : |
| call_sensitivity.rb:104:18:104:18 | x : | call_sensitivity.rb:106:13:106:13 | x : |
@@ -114,40 +118,48 @@ edges
| call_sensitivity.rb:106:13:106:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:106:13:106:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:106:13:106:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:110:11:110:20 | ( ... ) : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:110:11:110:20 | ( ... ) : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:110:12:110:19 | call to taint : | call_sensitivity.rb:110:11:110:20 | ( ... ) : |
| call_sensitivity.rb:110:12:110:19 | call to taint : | call_sensitivity.rb:110:11:110:20 | ( ... ) : |
| call_sensitivity.rb:111:11:111:18 | call to taint : | call_sensitivity.rb:54:15:54:15 | x : |
| call_sensitivity.rb:111:11:111:18 | call to taint : | call_sensitivity.rb:54:15:54:15 | x : |
| call_sensitivity.rb:112:16:112:23 | call to taint : | call_sensitivity.rb:58:20:58:20 | x : |
| call_sensitivity.rb:112:16:112:23 | call to taint : | call_sensitivity.rb:58:20:58:20 | x : |
| call_sensitivity.rb:113:14:113:22 | call to taint : | call_sensitivity.rb:62:18:62:18 | y : |
| call_sensitivity.rb:113:14:113:22 | call to taint : | call_sensitivity.rb:62:18:62:18 | y : |
| call_sensitivity.rb:114:16:114:24 | call to taint : | call_sensitivity.rb:66:20:66:20 | x : |
| call_sensitivity.rb:114:16:114:24 | call to taint : | call_sensitivity.rb:66:20:66:20 | x : |
| call_sensitivity.rb:115:14:115:22 | call to taint : | call_sensitivity.rb:74:18:74:18 | y : |
| call_sensitivity.rb:115:14:115:22 | call to taint : | call_sensitivity.rb:74:18:74:18 | y : |
| call_sensitivity.rb:117:21:117:28 | call to taint : | call_sensitivity.rb:88:30:88:30 | x : |
| call_sensitivity.rb:117:21:117:28 | call to taint : | call_sensitivity.rb:88:30:88:30 | x : |
| call_sensitivity.rb:118:26:118:33 | call to taint : | call_sensitivity.rb:92:35:92:35 | x : |
| call_sensitivity.rb:118:26:118:33 | call to taint : | call_sensitivity.rb:92:35:92:35 | x : |
| call_sensitivity.rb:119:24:119:32 | call to taint : | call_sensitivity.rb:96:33:96:33 | y : |
| call_sensitivity.rb:119:24:119:32 | call to taint : | call_sensitivity.rb:96:33:96:33 | y : |
| call_sensitivity.rb:120:26:120:33 | call to taint : | call_sensitivity.rb:100:35:100:35 | x : |
| call_sensitivity.rb:120:26:120:33 | call to taint : | call_sensitivity.rb:100:35:100:35 | x : |
| call_sensitivity.rb:161:14:161:22 | call to taint : | call_sensitivity.rb:74:18:74:18 | y : |
| call_sensitivity.rb:161:14:161:22 | call to taint : | call_sensitivity.rb:74:18:74:18 | y : |
| call_sensitivity.rb:168:19:168:19 | x : | call_sensitivity.rb:169:12:169:12 | x : |
| call_sensitivity.rb:168:19:168:19 | x : | call_sensitivity.rb:169:12:169:12 | x : |
| call_sensitivity.rb:169:12:169:12 | x : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:169:12:169:12 | x : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:172:11:172:19 | call to taint : | call_sensitivity.rb:168:19:168:19 | x : |
| call_sensitivity.rb:172:11:172:19 | call to taint : | call_sensitivity.rb:168:19:168:19 | x : |
| call_sensitivity.rb:181:11:181:20 | ( ... ) : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:181:11:181:20 | ( ... ) : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:181:12:181:19 | call to taint : | call_sensitivity.rb:181:11:181:20 | ( ... ) : |
| call_sensitivity.rb:181:12:181:19 | call to taint : | call_sensitivity.rb:181:11:181:20 | ( ... ) : |
| call_sensitivity.rb:106:13:106:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:106:13:106:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:109:21:109:21 | x : | call_sensitivity.rb:110:9:110:9 | x : |
| call_sensitivity.rb:109:21:109:21 | x : | call_sensitivity.rb:110:9:110:9 | x : |
| call_sensitivity.rb:110:9:110:9 | x : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:110:9:110:9 | x : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:114:11:114:20 | ( ... ) : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:114:11:114:20 | ( ... ) : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:114:12:114:19 | call to taint : | call_sensitivity.rb:114:11:114:20 | ( ... ) : |
| call_sensitivity.rb:114:12:114:19 | call to taint : | call_sensitivity.rb:114:11:114:20 | ( ... ) : |
| call_sensitivity.rb:115:11:115:18 | call to taint : | call_sensitivity.rb:54:15:54:15 | x : |
| call_sensitivity.rb:115:11:115:18 | call to taint : | call_sensitivity.rb:54:15:54:15 | x : |
| call_sensitivity.rb:116:16:116:23 | call to taint : | call_sensitivity.rb:58:20:58:20 | x : |
| call_sensitivity.rb:116:16:116:23 | call to taint : | call_sensitivity.rb:58:20:58:20 | x : |
| call_sensitivity.rb:117:14:117:22 | call to taint : | call_sensitivity.rb:62:18:62:18 | y : |
| call_sensitivity.rb:117:14:117:22 | call to taint : | call_sensitivity.rb:62:18:62:18 | y : |
| call_sensitivity.rb:118:16:118:24 | call to taint : | call_sensitivity.rb:66:20:66:20 | x : |
| call_sensitivity.rb:118:16:118:24 | call to taint : | call_sensitivity.rb:66:20:66:20 | x : |
| call_sensitivity.rb:119:14:119:22 | call to taint : | call_sensitivity.rb:74:18:74:18 | y : |
| call_sensitivity.rb:119:14:119:22 | call to taint : | call_sensitivity.rb:74:18:74:18 | y : |
| call_sensitivity.rb:121:21:121:28 | call to taint : | call_sensitivity.rb:88:30:88:30 | x : |
| call_sensitivity.rb:121:21:121:28 | call to taint : | call_sensitivity.rb:88:30:88:30 | x : |
| call_sensitivity.rb:122:26:122:33 | call to taint : | call_sensitivity.rb:92:35:92:35 | x : |
| call_sensitivity.rb:122:26:122:33 | call to taint : | call_sensitivity.rb:92:35:92:35 | x : |
| call_sensitivity.rb:123:24:123:32 | call to taint : | call_sensitivity.rb:96:33:96:33 | y : |
| call_sensitivity.rb:123:24:123:32 | call to taint : | call_sensitivity.rb:96:33:96:33 | y : |
| call_sensitivity.rb:124:26:124:33 | call to taint : | call_sensitivity.rb:100:35:100:35 | x : |
| call_sensitivity.rb:124:26:124:33 | call to taint : | call_sensitivity.rb:100:35:100:35 | x : |
| call_sensitivity.rb:125:12:125:19 | call to taint : | call_sensitivity.rb:109:21:109:21 | x : |
| call_sensitivity.rb:125:12:125:19 | call to taint : | call_sensitivity.rb:109:21:109:21 | x : |
| call_sensitivity.rb:166:14:166:22 | call to taint : | call_sensitivity.rb:74:18:74:18 | y : |
| call_sensitivity.rb:166:14:166:22 | call to taint : | call_sensitivity.rb:74:18:74:18 | y : |
| call_sensitivity.rb:174:19:174:19 | x : | call_sensitivity.rb:175:12:175:12 | x : |
| call_sensitivity.rb:174:19:174:19 | x : | call_sensitivity.rb:175:12:175:12 | x : |
| call_sensitivity.rb:175:12:175:12 | x : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:175:12:175:12 | x : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:178:11:178:19 | call to taint : | call_sensitivity.rb:174:19:174:19 | x : |
| call_sensitivity.rb:178:11:178:19 | call to taint : | call_sensitivity.rb:174:19:174:19 | x : |
| call_sensitivity.rb:187:11:187:20 | ( ... ) : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:187:11:187:20 | ( ... ) : | call_sensitivity.rb:104:18:104:18 | x : |
| call_sensitivity.rb:187:12:187:19 | call to taint : | call_sensitivity.rb:187:11:187:20 | ( ... ) : |
| call_sensitivity.rb:187:12:187:19 | call to taint : | call_sensitivity.rb:187:11:187:20 | ( ... ) : |
nodes
| call_sensitivity.rb:9:6:9:14 | ( ... ) | semmle.label | ( ... ) |
| call_sensitivity.rb:9:6:9:14 | ( ... ) | semmle.label | ( ... ) |
@@ -269,46 +281,56 @@ nodes
| call_sensitivity.rb:104:18:104:18 | x : | semmle.label | x : |
| call_sensitivity.rb:104:18:104:18 | x : | semmle.label | x : |
| call_sensitivity.rb:104:18:104:18 | x : | semmle.label | x : |
| call_sensitivity.rb:104:18:104:18 | x : | semmle.label | x : |
| call_sensitivity.rb:104:18:104:18 | x : | semmle.label | x : |
| call_sensitivity.rb:105:10:105:10 | x | semmle.label | x |
| call_sensitivity.rb:105:10:105:10 | x | semmle.label | x |
| call_sensitivity.rb:106:13:106:13 | x : | semmle.label | x : |
| call_sensitivity.rb:106:13:106:13 | x : | semmle.label | x : |
| call_sensitivity.rb:106:13:106:13 | x : | semmle.label | x : |
| call_sensitivity.rb:106:13:106:13 | x : | semmle.label | x : |
| call_sensitivity.rb:110:11:110:20 | ( ... ) : | semmle.label | ( ... ) : |
| call_sensitivity.rb:110:11:110:20 | ( ... ) : | semmle.label | ( ... ) : |
| call_sensitivity.rb:110:12:110:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:110:12:110:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:111:11:111:18 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:111:11:111:18 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:112:16:112:23 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:112:16:112:23 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:113:14:113:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:113:14:113:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:114:16:114:24 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:114:16:114:24 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:115:14:115:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:115:14:115:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:117:21:117:28 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:117:21:117:28 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:118:26:118:33 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:118:26:118:33 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:119:24:119:32 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:119:24:119:32 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:120:26:120:33 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:120:26:120:33 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:161:14:161:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:161:14:161:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:168:19:168:19 | x : | semmle.label | x : |
| call_sensitivity.rb:168:19:168:19 | x : | semmle.label | x : |
| call_sensitivity.rb:169:12:169:12 | x : | semmle.label | x : |
| call_sensitivity.rb:169:12:169:12 | x : | semmle.label | x : |
| call_sensitivity.rb:172:11:172:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:172:11:172:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:181:11:181:20 | ( ... ) : | semmle.label | ( ... ) : |
| call_sensitivity.rb:181:11:181:20 | ( ... ) : | semmle.label | ( ... ) : |
| call_sensitivity.rb:181:12:181:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:181:12:181:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:106:13:106:13 | x : | semmle.label | x : |
| call_sensitivity.rb:106:13:106:13 | x : | semmle.label | x : |
| call_sensitivity.rb:109:21:109:21 | x : | semmle.label | x : |
| call_sensitivity.rb:109:21:109:21 | x : | semmle.label | x : |
| call_sensitivity.rb:110:9:110:9 | x : | semmle.label | x : |
| call_sensitivity.rb:110:9:110:9 | x : | semmle.label | x : |
| call_sensitivity.rb:114:11:114:20 | ( ... ) : | semmle.label | ( ... ) : |
| call_sensitivity.rb:114:11:114:20 | ( ... ) : | semmle.label | ( ... ) : |
| call_sensitivity.rb:114:12:114:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:114:12:114:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:115:11:115:18 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:115:11:115:18 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:116:16:116:23 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:116:16:116:23 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:117:14:117:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:117:14:117:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:118:16:118:24 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:118:16:118:24 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:119:14:119:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:119:14:119:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:121:21:121:28 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:121:21:121:28 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:122:26:122:33 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:122:26:122:33 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:123:24:123:32 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:123:24:123:32 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:124:26:124:33 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:124:26:124:33 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:125:12:125:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:125:12:125:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:166:14:166:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:166:14:166:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:174:19:174:19 | x : | semmle.label | x : |
| call_sensitivity.rb:174:19:174:19 | x : | semmle.label | x : |
| call_sensitivity.rb:175:12:175:12 | x : | semmle.label | x : |
| call_sensitivity.rb:175:12:175:12 | x : | semmle.label | x : |
| call_sensitivity.rb:178:11:178:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:178:11:178:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:187:11:187:20 | ( ... ) : | semmle.label | ( ... ) : |
| call_sensitivity.rb:187:11:187:20 | ( ... ) : | semmle.label | ( ... ) : |
| call_sensitivity.rb:187:12:187:19 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:187:12:187:19 | call to taint : | semmle.label | call to taint : |
subpaths
#select
| call_sensitivity.rb:9:6:9:14 | ( ... ) | call_sensitivity.rb:9:7:9:13 | call to taint : | call_sensitivity.rb:9:6:9:14 | ( ... ) | $@ | call_sensitivity.rb:9:7:9:13 | call to taint : | call to taint : |
@@ -317,21 +339,23 @@ subpaths
| call_sensitivity.rb:40:31:40:31 | x | call_sensitivity.rb:41:25:41:32 | call to taint : | call_sensitivity.rb:40:31:40:31 | x | $@ | call_sensitivity.rb:41:25:41:32 | call to taint : | call to taint : |
| call_sensitivity.rb:43:32:43:32 | x | call_sensitivity.rb:44:26:44:33 | call to taint : | call_sensitivity.rb:43:32:43:32 | x | $@ | call_sensitivity.rb:44:26:44:33 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:85:19:85:26 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:85:19:85:26 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:110:12:110:19 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:110:12:110:19 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:111:11:111:18 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:111:11:111:18 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:112:16:112:23 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:112:16:112:23 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:113:14:113:22 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:113:14:113:22 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:114:16:114:24 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:114:16:114:24 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:115:14:115:22 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:115:14:115:22 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:161:14:161:22 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:161:14:161:22 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:172:11:172:19 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:172:11:172:19 | call to taint : | call to taint : |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:117:21:117:28 | call to taint : | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:117:21:117:28 | call to taint : | call to taint : |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:118:26:118:33 | call to taint : | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:118:26:118:33 | call to taint : | call to taint : |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:119:24:119:32 | call to taint : | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:119:24:119:32 | call to taint : | call to taint : |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:120:26:120:33 | call to taint : | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:120:26:120:33 | call to taint : | call to taint : |
| call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:110:12:110:19 | call to taint : | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:110:12:110:19 | call to taint : | call to taint : |
| call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:172:11:172:19 | call to taint : | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:172:11:172:19 | call to taint : | call to taint : |
| call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:181:12:181:19 | call to taint : | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:181:12:181:19 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:114:12:114:19 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:114:12:114:19 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:115:11:115:18 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:115:11:115:18 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:116:16:116:23 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:116:16:116:23 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:117:14:117:22 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:117:14:117:22 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:118:16:118:24 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:118:16:118:24 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:119:14:119:22 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:119:14:119:22 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:125:12:125:19 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:125:12:125:19 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:166:14:166:22 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:166:14:166:22 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:178:11:178:19 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:178:11:178:19 | call to taint : | call to taint : |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:121:21:121:28 | call to taint : | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:121:21:121:28 | call to taint : | call to taint : |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:122:26:122:33 | call to taint : | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:122:26:122:33 | call to taint : | call to taint : |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:123:24:123:32 | call to taint : | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:123:24:123:32 | call to taint : | call to taint : |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:124:26:124:33 | call to taint : | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:124:26:124:33 | call to taint : | call to taint : |
| call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:114:12:114:19 | call to taint : | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:114:12:114:19 | call to taint : | call to taint : |
| call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:125:12:125:19 | call to taint : | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:125:12:125:19 | call to taint : | call to taint : |
| call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:178:11:178:19 | call to taint : | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:178:11:178:19 | call to taint : | call to taint : |
| call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:187:12:187:19 | call to taint : | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:187:12:187:19 | call to taint : | call to taint : |
mayBenefitFromCallContext
| call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:54:3:56:5 | method2 |
@@ -345,11 +369,12 @@ mayBenefitFromCallContext
| call_sensitivity.rb:101:5:101:35 | call to singleton_method3 | call_sensitivity.rb:100:3:102:5 | call_singleton_method3 |
| call_sensitivity.rb:105:5:105:10 | call to sink | call_sensitivity.rb:104:3:107:5 | initialize |
| call_sensitivity.rb:106:5:106:13 | call to method1 | call_sensitivity.rb:104:3:107:5 | initialize |
| call_sensitivity.rb:132:5:132:18 | call to method2 | call_sensitivity.rb:131:3:133:5 | call_method2 |
| call_sensitivity.rb:136:5:136:25 | call to method3 | call_sensitivity.rb:135:3:137:5 | call_method3 |
| call_sensitivity.rb:144:5:144:28 | call to singleton_method2 | call_sensitivity.rb:143:3:145:5 | call_singleton_method2 |
| call_sensitivity.rb:148:5:148:35 | call to singleton_method3 | call_sensitivity.rb:147:3:149:5 | call_singleton_method3 |
| call_sensitivity.rb:169:3:169:12 | call to new | call_sensitivity.rb:168:1:170:3 | create |
| call_sensitivity.rb:110:5:110:9 | call to new | call_sensitivity.rb:109:3:111:5 | call_new |
| call_sensitivity.rb:137:5:137:18 | call to method2 | call_sensitivity.rb:136:3:138:5 | call_method2 |
| call_sensitivity.rb:141:5:141:25 | call to method3 | call_sensitivity.rb:140:3:142:5 | call_method3 |
| call_sensitivity.rb:149:5:149:28 | call to singleton_method2 | call_sensitivity.rb:148:3:150:5 | call_singleton_method2 |
| call_sensitivity.rb:153:5:153:35 | call to singleton_method3 | call_sensitivity.rb:152:3:154:5 | call_singleton_method3 |
| call_sensitivity.rb:175:3:175:12 | call to new | call_sensitivity.rb:174:1:176:3 | create |
viableImplInCallContext
| call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:5:1:7:3 | sink |
| call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:5:1:7:3 | sink |
@@ -357,45 +382,51 @@ viableImplInCallContext
| call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:81:5:81:18 | call to method1 | call_sensitivity.rb:5:1:7:3 | sink |
| call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:106:5:106:13 | call to method1 | call_sensitivity.rb:5:1:7:3 | sink |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:59:5:59:18 | call to method2 | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:59:5:59:18 | call to method2 | call_sensitivity.rb:123:3:125:5 | method1 |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:59:5:59:18 | call to method2 | call_sensitivity.rb:176:3:178:5 | method1 |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:111:1:111:19 | call to method2 | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:132:5:132:18 | call to method2 | call_sensitivity.rb:123:3:125:5 | method1 |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:157:1:157:19 | call to method2 | call_sensitivity.rb:123:3:125:5 | method1 |
| call_sensitivity.rb:59:5:59:18 | call to method2 | call_sensitivity.rb:112:1:112:24 | call to call_method2 | call_sensitivity.rb:54:3:56:5 | method2 |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:59:5:59:18 | call to method2 | call_sensitivity.rb:128:3:130:5 | method1 |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:59:5:59:18 | call to method2 | call_sensitivity.rb:182:3:184:5 | method1 |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:115:1:115:19 | call to method2 | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:137:5:137:18 | call to method2 | call_sensitivity.rb:128:3:130:5 | method1 |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:162:1:162:19 | call to method2 | call_sensitivity.rb:128:3:130:5 | method1 |
| call_sensitivity.rb:59:5:59:18 | call to method2 | call_sensitivity.rb:116:1:116:24 | call to call_method2 | call_sensitivity.rb:54:3:56:5 | method2 |
| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:67:5:67:25 | call to method3 | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:67:5:67:25 | call to method3 | call_sensitivity.rb:123:3:125:5 | method1 |
| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:67:5:67:25 | call to method3 | call_sensitivity.rb:176:3:178:5 | method1 |
| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:113:1:113:23 | call to method3 | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:136:5:136:25 | call to method3 | call_sensitivity.rb:123:3:125:5 | method1 |
| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:159:1:159:23 | call to method3 | call_sensitivity.rb:123:3:125:5 | method1 |
| call_sensitivity.rb:67:5:67:25 | call to method3 | call_sensitivity.rb:114:1:114:25 | call to call_method3 | call_sensitivity.rb:62:3:64:5 | method3 |
| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:67:5:67:25 | call to method3 | call_sensitivity.rb:128:3:130:5 | method1 |
| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:67:5:67:25 | call to method3 | call_sensitivity.rb:182:3:184:5 | method1 |
| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:117:1:117:23 | call to method3 | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:141:5:141:25 | call to method3 | call_sensitivity.rb:128:3:130:5 | method1 |
| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:164:1:164:23 | call to method3 | call_sensitivity.rb:128:3:130:5 | method1 |
| call_sensitivity.rb:67:5:67:25 | call to method3 | call_sensitivity.rb:118:1:118:25 | call to call_method3 | call_sensitivity.rb:62:3:64:5 | method3 |
| call_sensitivity.rb:81:5:81:18 | call to method1 | call_sensitivity.rb:85:5:85:27 | call to method5 | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:81:5:81:18 | call to method1 | call_sensitivity.rb:85:5:85:27 | call to method5 | call_sensitivity.rb:123:3:125:5 | method1 |
| call_sensitivity.rb:81:5:81:18 | call to method1 | call_sensitivity.rb:85:5:85:27 | call to method5 | call_sensitivity.rb:176:3:178:5 | method1 |
| call_sensitivity.rb:81:5:81:18 | call to method1 | call_sensitivity.rb:140:5:140:27 | call to method5 | call_sensitivity.rb:123:3:125:5 | method1 |
| call_sensitivity.rb:81:5:81:18 | call to method1 | call_sensitivity.rb:85:5:85:27 | call to method5 | call_sensitivity.rb:128:3:130:5 | method1 |
| call_sensitivity.rb:81:5:81:18 | call to method1 | call_sensitivity.rb:85:5:85:27 | call to method5 | call_sensitivity.rb:182:3:184:5 | method1 |
| call_sensitivity.rb:81:5:81:18 | call to method1 | call_sensitivity.rb:145:5:145:27 | call to method5 | call_sensitivity.rb:128:3:130:5 | method1 |
| call_sensitivity.rb:89:5:89:23 | call to singleton_method1 | call_sensitivity.rb:93:5:93:28 | call to singleton_method2 | call_sensitivity.rb:70:3:72:5 | singleton_method1 |
| call_sensitivity.rb:89:5:89:23 | call to singleton_method1 | call_sensitivity.rb:93:5:93:28 | call to singleton_method2 | call_sensitivity.rb:127:3:129:5 | singleton_method1 |
| call_sensitivity.rb:89:5:89:23 | call to singleton_method1 | call_sensitivity.rb:117:1:117:29 | call to singleton_method2 | call_sensitivity.rb:70:3:72:5 | singleton_method1 |
| call_sensitivity.rb:89:5:89:23 | call to singleton_method1 | call_sensitivity.rb:144:5:144:28 | call to singleton_method2 | call_sensitivity.rb:127:3:129:5 | singleton_method1 |
| call_sensitivity.rb:89:5:89:23 | call to singleton_method1 | call_sensitivity.rb:163:1:163:29 | call to singleton_method2 | call_sensitivity.rb:127:3:129:5 | singleton_method1 |
| call_sensitivity.rb:93:5:93:28 | call to singleton_method2 | call_sensitivity.rb:118:1:118:34 | call to call_singleton_method2 | call_sensitivity.rb:88:3:90:5 | singleton_method2 |
| call_sensitivity.rb:89:5:89:23 | call to singleton_method1 | call_sensitivity.rb:93:5:93:28 | call to singleton_method2 | call_sensitivity.rb:132:3:134:5 | singleton_method1 |
| call_sensitivity.rb:89:5:89:23 | call to singleton_method1 | call_sensitivity.rb:121:1:121:29 | call to singleton_method2 | call_sensitivity.rb:70:3:72:5 | singleton_method1 |
| call_sensitivity.rb:89:5:89:23 | call to singleton_method1 | call_sensitivity.rb:149:5:149:28 | call to singleton_method2 | call_sensitivity.rb:132:3:134:5 | singleton_method1 |
| call_sensitivity.rb:89:5:89:23 | call to singleton_method1 | call_sensitivity.rb:168:1:168:29 | call to singleton_method2 | call_sensitivity.rb:132:3:134:5 | singleton_method1 |
| call_sensitivity.rb:93:5:93:28 | call to singleton_method2 | call_sensitivity.rb:122:1:122:34 | call to call_singleton_method2 | call_sensitivity.rb:88:3:90:5 | singleton_method2 |
| call_sensitivity.rb:97:5:97:26 | call to singleton_method1 | call_sensitivity.rb:101:5:101:35 | call to singleton_method3 | call_sensitivity.rb:70:3:72:5 | singleton_method1 |
| call_sensitivity.rb:97:5:97:26 | call to singleton_method1 | call_sensitivity.rb:101:5:101:35 | call to singleton_method3 | call_sensitivity.rb:127:3:129:5 | singleton_method1 |
| call_sensitivity.rb:97:5:97:26 | call to singleton_method1 | call_sensitivity.rb:119:1:119:33 | call to singleton_method3 | call_sensitivity.rb:70:3:72:5 | singleton_method1 |
| call_sensitivity.rb:97:5:97:26 | call to singleton_method1 | call_sensitivity.rb:148:5:148:35 | call to singleton_method3 | call_sensitivity.rb:127:3:129:5 | singleton_method1 |
| call_sensitivity.rb:97:5:97:26 | call to singleton_method1 | call_sensitivity.rb:165:1:165:33 | call to singleton_method3 | call_sensitivity.rb:127:3:129:5 | singleton_method1 |
| call_sensitivity.rb:101:5:101:35 | call to singleton_method3 | call_sensitivity.rb:120:1:120:34 | call to call_singleton_method3 | call_sensitivity.rb:96:3:98:5 | singleton_method3 |
| call_sensitivity.rb:105:5:105:10 | call to sink | call_sensitivity.rb:110:5:110:20 | call to new | call_sensitivity.rb:5:1:7:3 | sink |
| call_sensitivity.rb:105:5:105:10 | call to sink | call_sensitivity.rb:169:3:169:12 | call to new | call_sensitivity.rb:5:1:7:3 | sink |
| call_sensitivity.rb:105:5:105:10 | call to sink | call_sensitivity.rb:181:5:181:20 | call to new | call_sensitivity.rb:5:1:7:3 | sink |
| call_sensitivity.rb:106:5:106:13 | call to method1 | call_sensitivity.rb:110:5:110:20 | call to new | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:106:5:106:13 | call to method1 | call_sensitivity.rb:169:3:169:12 | call to new | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:106:5:106:13 | call to method1 | call_sensitivity.rb:169:3:169:12 | call to new | call_sensitivity.rb:123:3:125:5 | method1 |
| call_sensitivity.rb:106:5:106:13 | call to method1 | call_sensitivity.rb:181:5:181:20 | call to new | call_sensitivity.rb:176:3:178:5 | method1 |
| call_sensitivity.rb:132:5:132:18 | call to method2 | call_sensitivity.rb:158:1:158:24 | call to call_method2 | call_sensitivity.rb:54:3:56:5 | method2 |
| call_sensitivity.rb:136:5:136:25 | call to method3 | call_sensitivity.rb:160:1:160:25 | call to call_method3 | call_sensitivity.rb:62:3:64:5 | method3 |
| call_sensitivity.rb:144:5:144:28 | call to singleton_method2 | call_sensitivity.rb:164:1:164:34 | call to call_singleton_method2 | call_sensitivity.rb:88:3:90:5 | singleton_method2 |
| call_sensitivity.rb:148:5:148:35 | call to singleton_method3 | call_sensitivity.rb:166:1:166:34 | call to call_singleton_method3 | call_sensitivity.rb:96:3:98:5 | singleton_method3 |
| call_sensitivity.rb:169:3:169:12 | call to new | call_sensitivity.rb:172:1:172:20 | call to create | call_sensitivity.rb:104:3:107:5 | initialize |
| call_sensitivity.rb:169:3:169:12 | call to new | call_sensitivity.rb:173:1:173:20 | call to create | call_sensitivity.rb:151:3:153:5 | initialize |
| call_sensitivity.rb:97:5:97:26 | call to singleton_method1 | call_sensitivity.rb:101:5:101:35 | call to singleton_method3 | call_sensitivity.rb:132:3:134:5 | singleton_method1 |
| call_sensitivity.rb:97:5:97:26 | call to singleton_method1 | call_sensitivity.rb:123:1:123:33 | call to singleton_method3 | call_sensitivity.rb:70:3:72:5 | singleton_method1 |
| call_sensitivity.rb:97:5:97:26 | call to singleton_method1 | call_sensitivity.rb:153:5:153:35 | call to singleton_method3 | call_sensitivity.rb:132:3:134:5 | singleton_method1 |
| call_sensitivity.rb:97:5:97:26 | call to singleton_method1 | call_sensitivity.rb:170:1:170:33 | call to singleton_method3 | call_sensitivity.rb:132:3:134:5 | singleton_method1 |
| call_sensitivity.rb:101:5:101:35 | call to singleton_method3 | call_sensitivity.rb:124:1:124:34 | call to call_singleton_method3 | call_sensitivity.rb:96:3:98:5 | singleton_method3 |
| call_sensitivity.rb:105:5:105:10 | call to sink | call_sensitivity.rb:110:5:110:9 | call to new | call_sensitivity.rb:5:1:7:3 | sink |
| call_sensitivity.rb:105:5:105:10 | call to sink | call_sensitivity.rb:114:5:114:20 | call to new | call_sensitivity.rb:5:1:7:3 | sink |
| call_sensitivity.rb:105:5:105:10 | call to sink | call_sensitivity.rb:175:3:175:12 | call to new | call_sensitivity.rb:5:1:7:3 | sink |
| call_sensitivity.rb:105:5:105:10 | call to sink | call_sensitivity.rb:187:5:187:20 | call to new | call_sensitivity.rb:5:1:7:3 | sink |
| call_sensitivity.rb:106:5:106:13 | call to method1 | call_sensitivity.rb:110:5:110:9 | call to new | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:106:5:106:13 | call to method1 | call_sensitivity.rb:110:5:110:9 | call to new | call_sensitivity.rb:128:3:130:5 | method1 |
| call_sensitivity.rb:106:5:106:13 | call to method1 | call_sensitivity.rb:110:5:110:9 | call to new | call_sensitivity.rb:182:3:184:5 | method1 |
| call_sensitivity.rb:106:5:106:13 | call to method1 | call_sensitivity.rb:114:5:114:20 | call to new | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:106:5:106:13 | call to method1 | call_sensitivity.rb:175:3:175:12 | call to new | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:106:5:106:13 | call to method1 | call_sensitivity.rb:175:3:175:12 | call to new | call_sensitivity.rb:128:3:130:5 | method1 |
| call_sensitivity.rb:106:5:106:13 | call to method1 | call_sensitivity.rb:187:5:187:20 | call to new | call_sensitivity.rb:182:3:184:5 | method1 |
| call_sensitivity.rb:110:5:110:9 | call to new | call_sensitivity.rb:125:1:125:20 | call to call_new | call_sensitivity.rb:104:3:107:5 | initialize |
| call_sensitivity.rb:110:5:110:9 | call to new | call_sensitivity.rb:172:1:172:20 | call to call_new | call_sensitivity.rb:156:3:158:5 | initialize |
| call_sensitivity.rb:137:5:137:18 | call to method2 | call_sensitivity.rb:163:1:163:24 | call to call_method2 | call_sensitivity.rb:54:3:56:5 | method2 |
| call_sensitivity.rb:141:5:141:25 | call to method3 | call_sensitivity.rb:165:1:165:25 | call to call_method3 | call_sensitivity.rb:62:3:64:5 | method3 |
| call_sensitivity.rb:149:5:149:28 | call to singleton_method2 | call_sensitivity.rb:169:1:169:34 | call to call_singleton_method2 | call_sensitivity.rb:88:3:90:5 | singleton_method2 |
| call_sensitivity.rb:153:5:153:35 | call to singleton_method3 | call_sensitivity.rb:171:1:171:34 | call to call_singleton_method3 | call_sensitivity.rb:96:3:98:5 | singleton_method3 |
| call_sensitivity.rb:175:3:175:12 | call to new | call_sensitivity.rb:178:1:178:20 | call to create | call_sensitivity.rb:104:3:107:5 | initialize |
| call_sensitivity.rb:175:3:175:12 | call to new | call_sensitivity.rb:179:1:179:20 | call to create | call_sensitivity.rb:156:3:158:5 | initialize |

10
ruby/ql/test/library-tests/dataflow/call-sensitivity/call_sensitivity.rb
View File

@@ -48,7 +48,7 @@ apply_lambda(MY_LAMBDA2, taint(9))
class A
def method1 x
sink x # $ hasValueFlow=10 $ hasValueFlow=11 $ hasValueFlow=12 $ hasValueFlow=13 $ hasValueFlow=26 $ hasValueFlow=28 $ hasValueFlow=30 $ hasValueFlow=33 $ SPURIOUS: hasValueFlow=27
sink x # $ hasValueFlow=10 $ hasValueFlow=11 $ hasValueFlow=12 $ hasValueFlow=13 $ hasValueFlow=26 $ hasValueFlow=28 $ hasValueFlow=30 $ hasValueFlow=33 $ hasValueFlow=35 $ SPURIOUS: hasValueFlow=27
end
def method2 x
@@ -102,9 +102,13 @@ class A
end
def initialize(x)
sink x # $ hasValueFlow=28 $ hasValueFlow=30 $ hasValueFlow=32
sink x # $ hasValueFlow=28 $ hasValueFlow=30 $ hasValueFlow=32 $ hasValueFlow=35
method1 x
end
def self.call_new x
new x
end
end
a = A.new (taint 30)
@@ -118,6 +122,7 @@ A.singleton_method2(taint 14)
A.call_singleton_method2(taint 15)
A.singleton_method3(A, taint(16))
A.call_singleton_method3(taint 17)
A.call_new(taint 35)
class B < A
def method1 x
@@ -164,6 +169,7 @@ B.singleton_method2(taint 22)
B.call_singleton_method2(taint 23)
B.singleton_method3(B, taint(24))
B.call_singleton_method3(taint 25)
B.call_new(taint 36)
def create (type, x)
type.new x

797
ruby/ql/test/library-tests/dataflow/global/Flow.expected
View File

@@ -38,169 +38,197 @@ edges
| instance_variables.rb:24:9:24:17 | call to taint : | instance_variables.rb:28:9:28:25 | call to initialize : |
| instance_variables.rb:27:25:27:29 | field : | instance_variables.rb:28:20:28:24 | field : |
| instance_variables.rb:27:25:27:29 | field : | instance_variables.rb:28:20:28:24 | field : |
| instance_variables.rb:28:9:28:25 | call to initialize : | instance_variables.rb:104:6:104:37 | call to call_initialize |
| instance_variables.rb:28:9:28:25 | call to initialize : | instance_variables.rb:104:6:104:37 | call to call_initialize |
| instance_variables.rb:28:9:28:25 | call to initialize : | instance_variables.rb:119:6:119:37 | call to call_initialize |
| instance_variables.rb:28:9:28:25 | call to initialize : | instance_variables.rb:119:6:119:37 | call to call_initialize |
| instance_variables.rb:28:20:28:24 | field : | instance_variables.rb:22:20:22:24 | field : |
| instance_variables.rb:28:20:28:24 | field : | instance_variables.rb:22:20:22:24 | field : |
| instance_variables.rb:28:20:28:24 | field : | instance_variables.rb:28:9:28:25 | [post] self [@field] : |
| instance_variables.rb:28:20:28:24 | field : | instance_variables.rb:28:9:28:25 | [post] self [@field] : |
| instance_variables.rb:34:9:34:17 | call to taint : | instance_variables.rb:106:7:106:24 | call to new : |
| instance_variables.rb:34:9:34:17 | call to taint : | instance_variables.rb:106:7:106:24 | call to new : |
| instance_variables.rb:39:1:39:3 | [post] foo [@field] : | instance_variables.rb:40:6:40:8 | foo [@field] : |
| instance_variables.rb:39:1:39:3 | [post] foo [@field] : | instance_variables.rb:40:6:40:8 | foo [@field] : |
| instance_variables.rb:39:15:39:23 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:39:15:39:23 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:39:15:39:23 | call to taint : | instance_variables.rb:39:1:39:3 | [post] foo [@field] : |
| instance_variables.rb:39:15:39:23 | call to taint : | instance_variables.rb:39:1:39:3 | [post] foo [@field] : |
| instance_variables.rb:40:6:40:8 | foo [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:40:6:40:8 | foo [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:40:6:40:8 | foo [@field] : | instance_variables.rb:40:6:40:18 | call to get_field |
| instance_variables.rb:40:6:40:8 | foo [@field] : | instance_variables.rb:40:6:40:18 | call to get_field |
| instance_variables.rb:43:1:43:3 | [post] bar [@field] : | instance_variables.rb:44:6:44:8 | bar [@field] : |
| instance_variables.rb:43:15:43:22 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:43:15:43:22 | call to taint : | instance_variables.rb:43:1:43:3 | [post] bar [@field] : |
| instance_variables.rb:44:6:44:8 | bar [@field] : | instance_variables.rb:16:5:18:7 | self in inc_field [@field] : |
| instance_variables.rb:44:6:44:8 | bar [@field] : | instance_variables.rb:44:6:44:18 | call to inc_field |
| instance_variables.rb:47:1:47:4 | [post] foo1 [@field] : | instance_variables.rb:48:6:48:9 | foo1 [@field] : |
| instance_variables.rb:47:1:47:4 | [post] foo1 [@field] : | instance_variables.rb:48:6:48:9 | foo1 [@field] : |
| instance_variables.rb:47:14:47:22 | call to taint : | instance_variables.rb:47:1:47:4 | [post] foo1 [@field] : |
| instance_variables.rb:47:14:47:22 | call to taint : | instance_variables.rb:47:1:47:4 | [post] foo1 [@field] : |
| instance_variables.rb:48:6:48:9 | foo1 [@field] : | instance_variables.rb:48:6:48:15 | call to field |
| instance_variables.rb:48:6:48:9 | foo1 [@field] : | instance_variables.rb:48:6:48:15 | call to field |
| instance_variables.rb:51:1:51:4 | [post] foo2 [@field] : | instance_variables.rb:52:6:52:9 | foo2 [@field] : |
| instance_variables.rb:51:1:51:4 | [post] foo2 [@field] : | instance_variables.rb:52:6:52:9 | foo2 [@field] : |
| instance_variables.rb:51:14:51:22 | call to taint : | instance_variables.rb:51:1:51:4 | [post] foo2 [@field] : |
| instance_variables.rb:51:14:51:22 | call to taint : | instance_variables.rb:51:1:51:4 | [post] foo2 [@field] : |
| instance_variables.rb:52:6:52:9 | foo2 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:52:6:52:9 | foo2 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:52:6:52:9 | foo2 [@field] : | instance_variables.rb:52:6:52:19 | call to get_field |
| instance_variables.rb:52:6:52:9 | foo2 [@field] : | instance_variables.rb:52:6:52:19 | call to get_field |
| instance_variables.rb:55:1:55:4 | [post] foo3 [@field] : | instance_variables.rb:56:6:56:9 | foo3 [@field] : |
| instance_variables.rb:55:1:55:4 | [post] foo3 [@field] : | instance_variables.rb:56:6:56:9 | foo3 [@field] : |
| instance_variables.rb:55:1:55:4 | [post] foo3 [@field] : | instance_variables.rb:68:6:68:9 | foo3 [@field] : |
| instance_variables.rb:55:1:55:4 | [post] foo3 [@field] : | instance_variables.rb:68:6:68:9 | foo3 [@field] : |
| instance_variables.rb:55:16:55:24 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:55:16:55:24 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:55:16:55:24 | call to taint : | instance_variables.rb:55:1:55:4 | [post] foo3 [@field] : |
| instance_variables.rb:55:16:55:24 | call to taint : | instance_variables.rb:55:1:55:4 | [post] foo3 [@field] : |
| instance_variables.rb:56:6:56:9 | foo3 [@field] : | instance_variables.rb:56:6:56:15 | call to field |
| instance_variables.rb:56:6:56:9 | foo3 [@field] : | instance_variables.rb:56:6:56:15 | call to field |
| instance_variables.rb:63:2:63:5 | [post] foo5 [@field] : | instance_variables.rb:64:6:64:9 | foo5 [@field] : |
| instance_variables.rb:63:2:63:5 | [post] foo5 [@field] : | instance_variables.rb:64:6:64:9 | foo5 [@field] : |
| instance_variables.rb:63:2:63:5 | [post] foo5 [@field] : | instance_variables.rb:69:6:69:9 | foo5 [@field] : |
| instance_variables.rb:63:2:63:5 | [post] foo5 [@field] : | instance_variables.rb:69:6:69:9 | foo5 [@field] : |
| instance_variables.rb:63:18:63:26 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:63:18:63:26 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:63:18:63:26 | call to taint : | instance_variables.rb:63:2:63:5 | [post] foo5 [@field] : |
| instance_variables.rb:63:18:63:26 | call to taint : | instance_variables.rb:63:2:63:5 | [post] foo5 [@field] : |
| instance_variables.rb:64:6:64:9 | foo5 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:64:6:64:9 | foo5 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:64:6:64:9 | foo5 [@field] : | instance_variables.rb:64:6:64:19 | call to get_field |
| instance_variables.rb:64:6:64:9 | foo5 [@field] : | instance_variables.rb:64:6:64:19 | call to get_field |
| instance_variables.rb:67:15:67:18 | [post] foo6 [@field] : | instance_variables.rb:70:6:70:9 | foo6 [@field] : |
| instance_variables.rb:67:15:67:18 | [post] foo6 [@field] : | instance_variables.rb:70:6:70:9 | foo6 [@field] : |
| instance_variables.rb:67:32:67:40 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:67:32:67:40 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:67:32:67:40 | call to taint : | instance_variables.rb:67:15:67:18 | [post] foo6 [@field] : |
| instance_variables.rb:67:32:67:40 | call to taint : | instance_variables.rb:67:15:67:18 | [post] foo6 [@field] : |
| instance_variables.rb:68:6:68:9 | foo3 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:68:6:68:9 | foo3 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:68:6:68:9 | foo3 [@field] : | instance_variables.rb:68:6:68:19 | call to get_field |
| instance_variables.rb:68:6:68:9 | foo3 [@field] : | instance_variables.rb:68:6:68:19 | call to get_field |
| instance_variables.rb:69:6:69:9 | foo5 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:69:6:69:9 | foo5 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:69:6:69:9 | foo5 [@field] : | instance_variables.rb:69:6:69:19 | call to get_field |
| instance_variables.rb:69:6:69:9 | foo5 [@field] : | instance_variables.rb:69:6:69:19 | call to get_field |
| instance_variables.rb:70:6:70:9 | foo6 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:70:6:70:9 | foo6 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:70:6:70:9 | foo6 [@field] : | instance_variables.rb:70:6:70:19 | call to get_field |
| instance_variables.rb:70:6:70:9 | foo6 [@field] : | instance_variables.rb:70:6:70:19 | call to get_field |
| instance_variables.rb:74:15:74:18 | [post] foo7 [@field] : | instance_variables.rb:75:6:75:9 | foo7 [@field] : |
| instance_variables.rb:74:15:74:18 | [post] foo7 [@field] : | instance_variables.rb:75:6:75:9 | foo7 [@field] : |
| instance_variables.rb:74:25:74:28 | [post] foo8 [@field] : | instance_variables.rb:76:6:76:9 | foo8 [@field] : |
| instance_variables.rb:74:25:74:28 | [post] foo8 [@field] : | instance_variables.rb:76:6:76:9 | foo8 [@field] : |
| instance_variables.rb:74:45:74:53 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:74:45:74:53 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:74:45:74:53 | call to taint : | instance_variables.rb:74:15:74:18 | [post] foo7 [@field] : |
| instance_variables.rb:74:45:74:53 | call to taint : | instance_variables.rb:74:15:74:18 | [post] foo7 [@field] : |
| instance_variables.rb:74:45:74:53 | call to taint : | instance_variables.rb:74:25:74:28 | [post] foo8 [@field] : |
| instance_variables.rb:74:45:74:53 | call to taint : | instance_variables.rb:74:25:74:28 | [post] foo8 [@field] : |
| instance_variables.rb:75:6:75:9 | foo7 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:75:6:75:9 | foo7 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:75:6:75:9 | foo7 [@field] : | instance_variables.rb:75:6:75:19 | call to get_field |
| instance_variables.rb:75:6:75:9 | foo7 [@field] : | instance_variables.rb:75:6:75:19 | call to get_field |
| instance_variables.rb:76:6:76:9 | foo8 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:76:6:76:9 | foo8 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:76:6:76:9 | foo8 [@field] : | instance_variables.rb:76:6:76:19 | call to get_field |
| instance_variables.rb:76:6:76:9 | foo8 [@field] : | instance_variables.rb:76:6:76:19 | call to get_field |
| instance_variables.rb:80:22:80:25 | [post] foo9 [@field] : | instance_variables.rb:81:6:81:9 | foo9 [@field] : |
| instance_variables.rb:80:22:80:25 | [post] foo9 [@field] : | instance_variables.rb:81:6:81:9 | foo9 [@field] : |
| instance_variables.rb:80:32:80:36 | [post] foo10 [@field] : | instance_variables.rb:82:6:82:10 | foo10 [@field] : |
| instance_variables.rb:80:32:80:36 | [post] foo10 [@field] : | instance_variables.rb:82:6:82:10 | foo10 [@field] : |
| instance_variables.rb:80:53:80:61 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:80:53:80:61 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:80:53:80:61 | call to taint : | instance_variables.rb:80:22:80:25 | [post] foo9 [@field] : |
| instance_variables.rb:80:53:80:61 | call to taint : | instance_variables.rb:80:22:80:25 | [post] foo9 [@field] : |
| instance_variables.rb:80:53:80:61 | call to taint : | instance_variables.rb:80:32:80:36 | [post] foo10 [@field] : |
| instance_variables.rb:80:53:80:61 | call to taint : | instance_variables.rb:80:32:80:36 | [post] foo10 [@field] : |
| instance_variables.rb:81:6:81:9 | foo9 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:81:6:81:9 | foo9 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:81:6:81:9 | foo9 [@field] : | instance_variables.rb:81:6:81:19 | call to get_field |
| instance_variables.rb:81:6:81:9 | foo9 [@field] : | instance_variables.rb:81:6:81:19 | call to get_field |
| instance_variables.rb:82:6:82:10 | foo10 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:82:6:82:10 | foo10 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:82:6:82:10 | foo10 [@field] : | instance_variables.rb:82:6:82:20 | call to get_field |
| instance_variables.rb:82:6:82:10 | foo10 [@field] : | instance_variables.rb:82:6:82:20 | call to get_field |
| instance_variables.rb:85:5:85:5 | [post] x [@field] : | instance_variables.rb:89:14:89:18 | [post] foo11 [@field] : |
| instance_variables.rb:85:5:85:5 | [post] x [@field] : | instance_variables.rb:89:14:89:18 | [post] foo11 [@field] : |
| instance_variables.rb:85:5:85:5 | [post] x [@field] : | instance_variables.rb:93:15:93:19 | [post] foo12 [@field] : |
| instance_variables.rb:85:5:85:5 | [post] x [@field] : | instance_variables.rb:93:15:93:19 | [post] foo12 [@field] : |
| instance_variables.rb:85:5:85:5 | [post] x [@field] : | instance_variables.rb:98:22:98:26 | [post] foo13 [@field] : |
| instance_variables.rb:85:5:85:5 | [post] x [@field] : | instance_variables.rb:98:22:98:26 | [post] foo13 [@field] : |
| instance_variables.rb:85:17:85:25 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:85:17:85:25 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:85:17:85:25 | call to taint : | instance_variables.rb:85:5:85:5 | [post] x [@field] : |
| instance_variables.rb:85:17:85:25 | call to taint : | instance_variables.rb:85:5:85:5 | [post] x [@field] : |
| instance_variables.rb:89:14:89:18 | [post] foo11 [@field] : | instance_variables.rb:90:6:90:10 | foo11 [@field] : |
| instance_variables.rb:89:14:89:18 | [post] foo11 [@field] : | instance_variables.rb:90:6:90:10 | foo11 [@field] : |
| instance_variables.rb:90:6:90:10 | foo11 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:90:6:90:10 | foo11 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:90:6:90:10 | foo11 [@field] : | instance_variables.rb:90:6:90:20 | call to get_field |
| instance_variables.rb:90:6:90:10 | foo11 [@field] : | instance_variables.rb:90:6:90:20 | call to get_field |
| instance_variables.rb:93:15:93:19 | [post] foo12 [@field] : | instance_variables.rb:94:6:94:10 | foo12 [@field] : |
| instance_variables.rb:93:15:93:19 | [post] foo12 [@field] : | instance_variables.rb:94:6:94:10 | foo12 [@field] : |
| instance_variables.rb:94:6:94:10 | foo12 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:94:6:94:10 | foo12 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:94:6:94:10 | foo12 [@field] : | instance_variables.rb:94:6:94:20 | call to get_field |
| instance_variables.rb:94:6:94:10 | foo12 [@field] : | instance_variables.rb:94:6:94:20 | call to get_field |
| instance_variables.rb:98:22:98:26 | [post] foo13 [@field] : | instance_variables.rb:99:6:99:10 | foo13 [@field] : |
| instance_variables.rb:98:22:98:26 | [post] foo13 [@field] : | instance_variables.rb:99:6:99:10 | foo13 [@field] : |
| instance_variables.rb:99:6:99:10 | foo13 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:99:6:99:10 | foo13 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:99:6:99:10 | foo13 [@field] : | instance_variables.rb:99:6:99:20 | call to get_field |
| instance_variables.rb:99:6:99:10 | foo13 [@field] : | instance_variables.rb:99:6:99:20 | call to get_field |
| instance_variables.rb:101:9:101:26 | call to new [@field] : | instance_variables.rb:102:6:102:10 | foo15 [@field] : |
| instance_variables.rb:101:9:101:26 | call to new [@field] : | instance_variables.rb:102:6:102:10 | foo15 [@field] : |
| instance_variables.rb:101:17:101:25 | call to taint : | instance_variables.rb:22:20:22:24 | field : |
| instance_variables.rb:101:17:101:25 | call to taint : | instance_variables.rb:22:20:22:24 | field : |
| instance_variables.rb:101:17:101:25 | call to taint : | instance_variables.rb:101:9:101:26 | call to new [@field] : |
| instance_variables.rb:101:17:101:25 | call to taint : | instance_variables.rb:101:9:101:26 | call to new [@field] : |
| instance_variables.rb:102:6:102:10 | foo15 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:102:6:102:10 | foo15 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:102:6:102:10 | foo15 [@field] : | instance_variables.rb:102:6:102:20 | call to get_field |
| instance_variables.rb:102:6:102:10 | foo15 [@field] : | instance_variables.rb:102:6:102:20 | call to get_field |
| instance_variables.rb:104:6:104:10 | [post] foo16 [@field] : | instance_variables.rb:105:6:105:10 | foo16 [@field] : |
| instance_variables.rb:104:6:104:10 | [post] foo16 [@field] : | instance_variables.rb:105:6:105:10 | foo16 [@field] : |
| instance_variables.rb:104:28:104:36 | call to taint : | instance_variables.rb:27:25:27:29 | field : |
| instance_variables.rb:104:28:104:36 | call to taint : | instance_variables.rb:27:25:27:29 | field : |
| instance_variables.rb:104:28:104:36 | call to taint : | instance_variables.rb:104:6:104:10 | [post] foo16 [@field] : |
| instance_variables.rb:104:28:104:36 | call to taint : | instance_variables.rb:104:6:104:10 | [post] foo16 [@field] : |
| instance_variables.rb:105:6:105:10 | foo16 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:105:6:105:10 | foo16 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:105:6:105:10 | foo16 [@field] : | instance_variables.rb:105:6:105:20 | call to get_field |
| instance_variables.rb:105:6:105:10 | foo16 [@field] : | instance_variables.rb:105:6:105:20 | call to get_field |
| instance_variables.rb:106:7:106:24 | call to new : | instance_variables.rb:107:6:107:8 | bar |
| instance_variables.rb:106:7:106:24 | call to new : | instance_variables.rb:107:6:107:8 | bar |
| instance_variables.rb:31:18:31:18 | x : | instance_variables.rb:33:13:33:13 | x : |
| instance_variables.rb:31:18:31:18 | x : | instance_variables.rb:33:13:33:13 | x : |
| instance_variables.rb:32:13:32:21 | call to taint : | instance_variables.rb:22:20:22:24 | field : |
| instance_variables.rb:32:13:32:21 | call to taint : | instance_variables.rb:22:20:22:24 | field : |
| instance_variables.rb:32:13:32:21 | call to taint : | instance_variables.rb:48:20:48:20 | x : |
| instance_variables.rb:32:13:32:21 | call to taint : | instance_variables.rb:48:20:48:20 | x : |
| instance_variables.rb:33:13:33:13 | x : | instance_variables.rb:22:20:22:24 | field : |
| instance_variables.rb:33:13:33:13 | x : | instance_variables.rb:22:20:22:24 | field : |
| instance_variables.rb:33:13:33:13 | x : | instance_variables.rb:33:9:33:14 | call to new [@field] : |
| instance_variables.rb:33:13:33:13 | x : | instance_variables.rb:33:9:33:14 | call to new [@field] : |
| instance_variables.rb:36:10:36:23 | call to new [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:36:10:36:23 | call to new [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:36:10:36:23 | call to new [@field] : | instance_variables.rb:36:10:36:33 | call to get_field |
| instance_variables.rb:36:10:36:23 | call to new [@field] : | instance_variables.rb:36:10:36:33 | call to get_field |
| instance_variables.rb:36:14:36:22 | call to taint : | instance_variables.rb:22:20:22:24 | field : |
| instance_variables.rb:36:14:36:22 | call to taint : | instance_variables.rb:22:20:22:24 | field : |
| instance_variables.rb:36:14:36:22 | call to taint : | instance_variables.rb:36:10:36:23 | call to new [@field] : |
| instance_variables.rb:36:14:36:22 | call to taint : | instance_variables.rb:36:10:36:23 | call to new [@field] : |
| instance_variables.rb:39:6:39:23 | call to bar [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:39:6:39:23 | call to bar [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:39:6:39:23 | call to bar [@field] : | instance_variables.rb:39:6:39:33 | call to get_field |
| instance_variables.rb:39:6:39:23 | call to bar [@field] : | instance_variables.rb:39:6:39:33 | call to get_field |
| instance_variables.rb:39:14:39:22 | call to taint : | instance_variables.rb:31:18:31:18 | x : |
| instance_variables.rb:39:14:39:22 | call to taint : | instance_variables.rb:31:18:31:18 | x : |
| instance_variables.rb:39:14:39:22 | call to taint : | instance_variables.rb:39:6:39:23 | call to bar [@field] : |
| instance_variables.rb:39:14:39:22 | call to taint : | instance_variables.rb:39:6:39:23 | call to bar [@field] : |
| instance_variables.rb:43:9:43:17 | call to taint : | instance_variables.rb:121:7:121:24 | call to new : |
| instance_variables.rb:43:9:43:17 | call to taint : | instance_variables.rb:121:7:121:24 | call to new : |
| instance_variables.rb:48:20:48:20 | x : | instance_variables.rb:49:14:49:14 | x |
| instance_variables.rb:48:20:48:20 | x : | instance_variables.rb:49:14:49:14 | x |
| instance_variables.rb:54:1:54:3 | [post] foo [@field] : | instance_variables.rb:55:6:55:8 | foo [@field] : |
| instance_variables.rb:54:1:54:3 | [post] foo [@field] : | instance_variables.rb:55:6:55:8 | foo [@field] : |
| instance_variables.rb:54:15:54:23 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:54:15:54:23 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:54:15:54:23 | call to taint : | instance_variables.rb:54:1:54:3 | [post] foo [@field] : |
| instance_variables.rb:54:15:54:23 | call to taint : | instance_variables.rb:54:1:54:3 | [post] foo [@field] : |
| instance_variables.rb:55:6:55:8 | foo [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:55:6:55:8 | foo [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:55:6:55:8 | foo [@field] : | instance_variables.rb:55:6:55:18 | call to get_field |
| instance_variables.rb:55:6:55:8 | foo [@field] : | instance_variables.rb:55:6:55:18 | call to get_field |
| instance_variables.rb:58:1:58:3 | [post] bar [@field] : | instance_variables.rb:59:6:59:8 | bar [@field] : |
| instance_variables.rb:58:15:58:22 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:58:15:58:22 | call to taint : | instance_variables.rb:58:1:58:3 | [post] bar [@field] : |
| instance_variables.rb:59:6:59:8 | bar [@field] : | instance_variables.rb:16:5:18:7 | self in inc_field [@field] : |
| instance_variables.rb:59:6:59:8 | bar [@field] : | instance_variables.rb:59:6:59:18 | call to inc_field |
| instance_variables.rb:62:1:62:4 | [post] foo1 [@field] : | instance_variables.rb:63:6:63:9 | foo1 [@field] : |
| instance_variables.rb:62:1:62:4 | [post] foo1 [@field] : | instance_variables.rb:63:6:63:9 | foo1 [@field] : |
| instance_variables.rb:62:14:62:22 | call to taint : | instance_variables.rb:62:1:62:4 | [post] foo1 [@field] : |
| instance_variables.rb:62:14:62:22 | call to taint : | instance_variables.rb:62:1:62:4 | [post] foo1 [@field] : |
| instance_variables.rb:63:6:63:9 | foo1 [@field] : | instance_variables.rb:63:6:63:15 | call to field |
| instance_variables.rb:63:6:63:9 | foo1 [@field] : | instance_variables.rb:63:6:63:15 | call to field |
| instance_variables.rb:66:1:66:4 | [post] foo2 [@field] : | instance_variables.rb:67:6:67:9 | foo2 [@field] : |
| instance_variables.rb:66:1:66:4 | [post] foo2 [@field] : | instance_variables.rb:67:6:67:9 | foo2 [@field] : |
| instance_variables.rb:66:14:66:22 | call to taint : | instance_variables.rb:66:1:66:4 | [post] foo2 [@field] : |
| instance_variables.rb:66:14:66:22 | call to taint : | instance_variables.rb:66:1:66:4 | [post] foo2 [@field] : |
| instance_variables.rb:67:6:67:9 | foo2 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:67:6:67:9 | foo2 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:67:6:67:9 | foo2 [@field] : | instance_variables.rb:67:6:67:19 | call to get_field |
| instance_variables.rb:67:6:67:9 | foo2 [@field] : | instance_variables.rb:67:6:67:19 | call to get_field |
| instance_variables.rb:70:1:70:4 | [post] foo3 [@field] : | instance_variables.rb:71:6:71:9 | foo3 [@field] : |
| instance_variables.rb:70:1:70:4 | [post] foo3 [@field] : | instance_variables.rb:71:6:71:9 | foo3 [@field] : |
| instance_variables.rb:70:1:70:4 | [post] foo3 [@field] : | instance_variables.rb:83:6:83:9 | foo3 [@field] : |
| instance_variables.rb:70:1:70:4 | [post] foo3 [@field] : | instance_variables.rb:83:6:83:9 | foo3 [@field] : |
| instance_variables.rb:70:16:70:24 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:70:16:70:24 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:70:16:70:24 | call to taint : | instance_variables.rb:70:1:70:4 | [post] foo3 [@field] : |
| instance_variables.rb:70:16:70:24 | call to taint : | instance_variables.rb:70:1:70:4 | [post] foo3 [@field] : |
| instance_variables.rb:71:6:71:9 | foo3 [@field] : | instance_variables.rb:71:6:71:15 | call to field |
| instance_variables.rb:71:6:71:9 | foo3 [@field] : | instance_variables.rb:71:6:71:15 | call to field |
| instance_variables.rb:78:2:78:5 | [post] foo5 [@field] : | instance_variables.rb:79:6:79:9 | foo5 [@field] : |
| instance_variables.rb:78:2:78:5 | [post] foo5 [@field] : | instance_variables.rb:79:6:79:9 | foo5 [@field] : |
| instance_variables.rb:78:2:78:5 | [post] foo5 [@field] : | instance_variables.rb:84:6:84:9 | foo5 [@field] : |
| instance_variables.rb:78:2:78:5 | [post] foo5 [@field] : | instance_variables.rb:84:6:84:9 | foo5 [@field] : |
| instance_variables.rb:78:18:78:26 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:78:18:78:26 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:78:18:78:26 | call to taint : | instance_variables.rb:78:2:78:5 | [post] foo5 [@field] : |
| instance_variables.rb:78:18:78:26 | call to taint : | instance_variables.rb:78:2:78:5 | [post] foo5 [@field] : |
| instance_variables.rb:79:6:79:9 | foo5 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:79:6:79:9 | foo5 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:79:6:79:9 | foo5 [@field] : | instance_variables.rb:79:6:79:19 | call to get_field |
| instance_variables.rb:79:6:79:9 | foo5 [@field] : | instance_variables.rb:79:6:79:19 | call to get_field |
| instance_variables.rb:82:15:82:18 | [post] foo6 [@field] : | instance_variables.rb:85:6:85:9 | foo6 [@field] : |
| instance_variables.rb:82:15:82:18 | [post] foo6 [@field] : | instance_variables.rb:85:6:85:9 | foo6 [@field] : |
| instance_variables.rb:82:32:82:40 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:82:32:82:40 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:82:32:82:40 | call to taint : | instance_variables.rb:82:15:82:18 | [post] foo6 [@field] : |
| instance_variables.rb:82:32:82:40 | call to taint : | instance_variables.rb:82:15:82:18 | [post] foo6 [@field] : |
| instance_variables.rb:83:6:83:9 | foo3 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:83:6:83:9 | foo3 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:83:6:83:9 | foo3 [@field] : | instance_variables.rb:83:6:83:19 | call to get_field |
| instance_variables.rb:83:6:83:9 | foo3 [@field] : | instance_variables.rb:83:6:83:19 | call to get_field |
| instance_variables.rb:84:6:84:9 | foo5 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:84:6:84:9 | foo5 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:84:6:84:9 | foo5 [@field] : | instance_variables.rb:84:6:84:19 | call to get_field |
| instance_variables.rb:84:6:84:9 | foo5 [@field] : | instance_variables.rb:84:6:84:19 | call to get_field |
| instance_variables.rb:85:6:85:9 | foo6 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:85:6:85:9 | foo6 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:85:6:85:9 | foo6 [@field] : | instance_variables.rb:85:6:85:19 | call to get_field |
| instance_variables.rb:85:6:85:9 | foo6 [@field] : | instance_variables.rb:85:6:85:19 | call to get_field |
| instance_variables.rb:89:15:89:18 | [post] foo7 [@field] : | instance_variables.rb:90:6:90:9 | foo7 [@field] : |
| instance_variables.rb:89:15:89:18 | [post] foo7 [@field] : | instance_variables.rb:90:6:90:9 | foo7 [@field] : |
| instance_variables.rb:89:25:89:28 | [post] foo8 [@field] : | instance_variables.rb:91:6:91:9 | foo8 [@field] : |
| instance_variables.rb:89:25:89:28 | [post] foo8 [@field] : | instance_variables.rb:91:6:91:9 | foo8 [@field] : |
| instance_variables.rb:89:45:89:53 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:89:45:89:53 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:89:45:89:53 | call to taint : | instance_variables.rb:89:15:89:18 | [post] foo7 [@field] : |
| instance_variables.rb:89:45:89:53 | call to taint : | instance_variables.rb:89:15:89:18 | [post] foo7 [@field] : |
| instance_variables.rb:89:45:89:53 | call to taint : | instance_variables.rb:89:25:89:28 | [post] foo8 [@field] : |
| instance_variables.rb:89:45:89:53 | call to taint : | instance_variables.rb:89:25:89:28 | [post] foo8 [@field] : |
| instance_variables.rb:90:6:90:9 | foo7 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:90:6:90:9 | foo7 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:90:6:90:9 | foo7 [@field] : | instance_variables.rb:90:6:90:19 | call to get_field |
| instance_variables.rb:90:6:90:9 | foo7 [@field] : | instance_variables.rb:90:6:90:19 | call to get_field |
| instance_variables.rb:91:6:91:9 | foo8 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:91:6:91:9 | foo8 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:91:6:91:9 | foo8 [@field] : | instance_variables.rb:91:6:91:19 | call to get_field |
| instance_variables.rb:91:6:91:9 | foo8 [@field] : | instance_variables.rb:91:6:91:19 | call to get_field |
| instance_variables.rb:95:22:95:25 | [post] foo9 [@field] : | instance_variables.rb:96:6:96:9 | foo9 [@field] : |
| instance_variables.rb:95:22:95:25 | [post] foo9 [@field] : | instance_variables.rb:96:6:96:9 | foo9 [@field] : |
| instance_variables.rb:95:32:95:36 | [post] foo10 [@field] : | instance_variables.rb:97:6:97:10 | foo10 [@field] : |
| instance_variables.rb:95:32:95:36 | [post] foo10 [@field] : | instance_variables.rb:97:6:97:10 | foo10 [@field] : |
| instance_variables.rb:95:53:95:61 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:95:53:95:61 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:95:53:95:61 | call to taint : | instance_variables.rb:95:22:95:25 | [post] foo9 [@field] : |
| instance_variables.rb:95:53:95:61 | call to taint : | instance_variables.rb:95:22:95:25 | [post] foo9 [@field] : |
| instance_variables.rb:95:53:95:61 | call to taint : | instance_variables.rb:95:32:95:36 | [post] foo10 [@field] : |
| instance_variables.rb:95:53:95:61 | call to taint : | instance_variables.rb:95:32:95:36 | [post] foo10 [@field] : |
| instance_variables.rb:96:6:96:9 | foo9 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:96:6:96:9 | foo9 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:96:6:96:9 | foo9 [@field] : | instance_variables.rb:96:6:96:19 | call to get_field |
| instance_variables.rb:96:6:96:9 | foo9 [@field] : | instance_variables.rb:96:6:96:19 | call to get_field |
| instance_variables.rb:97:6:97:10 | foo10 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:97:6:97:10 | foo10 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:97:6:97:10 | foo10 [@field] : | instance_variables.rb:97:6:97:20 | call to get_field |
| instance_variables.rb:97:6:97:10 | foo10 [@field] : | instance_variables.rb:97:6:97:20 | call to get_field |
| instance_variables.rb:100:5:100:5 | [post] x [@field] : | instance_variables.rb:104:14:104:18 | [post] foo11 [@field] : |
| instance_variables.rb:100:5:100:5 | [post] x [@field] : | instance_variables.rb:104:14:104:18 | [post] foo11 [@field] : |
| instance_variables.rb:100:5:100:5 | [post] x [@field] : | instance_variables.rb:108:15:108:19 | [post] foo12 [@field] : |
| instance_variables.rb:100:5:100:5 | [post] x [@field] : | instance_variables.rb:108:15:108:19 | [post] foo12 [@field] : |
| instance_variables.rb:100:5:100:5 | [post] x [@field] : | instance_variables.rb:113:22:113:26 | [post] foo13 [@field] : |
| instance_variables.rb:100:5:100:5 | [post] x [@field] : | instance_variables.rb:113:22:113:26 | [post] foo13 [@field] : |
| instance_variables.rb:100:17:100:25 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:100:17:100:25 | call to taint : | instance_variables.rb:10:19:10:19 | x : |
| instance_variables.rb:100:17:100:25 | call to taint : | instance_variables.rb:100:5:100:5 | [post] x [@field] : |
| instance_variables.rb:100:17:100:25 | call to taint : | instance_variables.rb:100:5:100:5 | [post] x [@field] : |
| instance_variables.rb:104:14:104:18 | [post] foo11 [@field] : | instance_variables.rb:105:6:105:10 | foo11 [@field] : |
| instance_variables.rb:104:14:104:18 | [post] foo11 [@field] : | instance_variables.rb:105:6:105:10 | foo11 [@field] : |
| instance_variables.rb:105:6:105:10 | foo11 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:105:6:105:10 | foo11 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:105:6:105:10 | foo11 [@field] : | instance_variables.rb:105:6:105:20 | call to get_field |
| instance_variables.rb:105:6:105:10 | foo11 [@field] : | instance_variables.rb:105:6:105:20 | call to get_field |
| instance_variables.rb:108:15:108:19 | [post] foo12 [@field] : | instance_variables.rb:109:6:109:10 | foo12 [@field] : |
| instance_variables.rb:108:15:108:19 | [post] foo12 [@field] : | instance_variables.rb:109:6:109:10 | foo12 [@field] : |
| instance_variables.rb:109:6:109:10 | foo12 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:109:6:109:10 | foo12 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:109:6:109:10 | foo12 [@field] : | instance_variables.rb:109:6:109:20 | call to get_field |
| instance_variables.rb:109:6:109:10 | foo12 [@field] : | instance_variables.rb:109:6:109:20 | call to get_field |
| instance_variables.rb:113:22:113:26 | [post] foo13 [@field] : | instance_variables.rb:114:6:114:10 | foo13 [@field] : |
| instance_variables.rb:113:22:113:26 | [post] foo13 [@field] : | instance_variables.rb:114:6:114:10 | foo13 [@field] : |
| instance_variables.rb:114:6:114:10 | foo13 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:114:6:114:10 | foo13 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:114:6:114:10 | foo13 [@field] : | instance_variables.rb:114:6:114:20 | call to get_field |
| instance_variables.rb:114:6:114:10 | foo13 [@field] : | instance_variables.rb:114:6:114:20 | call to get_field |
| instance_variables.rb:116:9:116:26 | call to new [@field] : | instance_variables.rb:117:6:117:10 | foo15 [@field] : |
| instance_variables.rb:116:9:116:26 | call to new [@field] : | instance_variables.rb:117:6:117:10 | foo15 [@field] : |
| instance_variables.rb:116:17:116:25 | call to taint : | instance_variables.rb:22:20:22:24 | field : |
| instance_variables.rb:116:17:116:25 | call to taint : | instance_variables.rb:22:20:22:24 | field : |
| instance_variables.rb:116:17:116:25 | call to taint : | instance_variables.rb:116:9:116:26 | call to new [@field] : |
| instance_variables.rb:116:17:116:25 | call to taint : | instance_variables.rb:116:9:116:26 | call to new [@field] : |
| instance_variables.rb:117:6:117:10 | foo15 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:117:6:117:10 | foo15 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:117:6:117:10 | foo15 [@field] : | instance_variables.rb:117:6:117:20 | call to get_field |
| instance_variables.rb:117:6:117:10 | foo15 [@field] : | instance_variables.rb:117:6:117:20 | call to get_field |
| instance_variables.rb:119:6:119:10 | [post] foo16 [@field] : | instance_variables.rb:120:6:120:10 | foo16 [@field] : |
| instance_variables.rb:119:6:119:10 | [post] foo16 [@field] : | instance_variables.rb:120:6:120:10 | foo16 [@field] : |
| instance_variables.rb:119:28:119:36 | call to taint : | instance_variables.rb:27:25:27:29 | field : |
| instance_variables.rb:119:28:119:36 | call to taint : | instance_variables.rb:27:25:27:29 | field : |
| instance_variables.rb:119:28:119:36 | call to taint : | instance_variables.rb:119:6:119:10 | [post] foo16 [@field] : |
| instance_variables.rb:119:28:119:36 | call to taint : | instance_variables.rb:119:6:119:10 | [post] foo16 [@field] : |
| instance_variables.rb:120:6:120:10 | foo16 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:120:6:120:10 | foo16 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : |
| instance_variables.rb:120:6:120:10 | foo16 [@field] : | instance_variables.rb:120:6:120:20 | call to get_field |
| instance_variables.rb:120:6:120:10 | foo16 [@field] : | instance_variables.rb:120:6:120:20 | call to get_field |
| instance_variables.rb:121:7:121:24 | call to new : | instance_variables.rb:122:6:122:8 | bar |
| instance_variables.rb:121:7:121:24 | call to new : | instance_variables.rb:122:6:122:8 | bar |
nodes
| captured_variables.rb:1:24:1:24 | x : | semmle.label | x : |
| captured_variables.rb:1:24:1:24 | x : | semmle.label | x : |
@@ -260,220 +288,257 @@ nodes
| instance_variables.rb:28:9:28:25 | call to initialize : | semmle.label | call to initialize : |
| instance_variables.rb:28:20:28:24 | field : | semmle.label | field : |
| instance_variables.rb:28:20:28:24 | field : | semmle.label | field : |
| instance_variables.rb:34:9:34:17 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:34:9:34:17 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:39:1:39:3 | [post] foo [@field] : | semmle.label | [post] foo [@field] : |
| instance_variables.rb:39:1:39:3 | [post] foo [@field] : | semmle.label | [post] foo [@field] : |
| instance_variables.rb:39:15:39:23 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:39:15:39:23 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:40:6:40:8 | foo [@field] : | semmle.label | foo [@field] : |
| instance_variables.rb:40:6:40:8 | foo [@field] : | semmle.label | foo [@field] : |
| instance_variables.rb:40:6:40:18 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:40:6:40:18 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:43:1:43:3 | [post] bar [@field] : | semmle.label | [post] bar [@field] : |
| instance_variables.rb:43:15:43:22 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:44:6:44:8 | bar [@field] : | semmle.label | bar [@field] : |
| instance_variables.rb:44:6:44:18 | call to inc_field | semmle.label | call to inc_field |
| instance_variables.rb:47:1:47:4 | [post] foo1 [@field] : | semmle.label | [post] foo1 [@field] : |
| instance_variables.rb:47:1:47:4 | [post] foo1 [@field] : | semmle.label | [post] foo1 [@field] : |
| instance_variables.rb:47:14:47:22 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:47:14:47:22 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:48:6:48:9 | foo1 [@field] : | semmle.label | foo1 [@field] : |
| instance_variables.rb:48:6:48:9 | foo1 [@field] : | semmle.label | foo1 [@field] : |
| instance_variables.rb:48:6:48:15 | call to field | semmle.label | call to field |
| instance_variables.rb:48:6:48:15 | call to field | semmle.label | call to field |
| instance_variables.rb:51:1:51:4 | [post] foo2 [@field] : | semmle.label | [post] foo2 [@field] : |
| instance_variables.rb:51:1:51:4 | [post] foo2 [@field] : | semmle.label | [post] foo2 [@field] : |
| instance_variables.rb:51:14:51:22 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:51:14:51:22 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:52:6:52:9 | foo2 [@field] : | semmle.label | foo2 [@field] : |
| instance_variables.rb:52:6:52:9 | foo2 [@field] : | semmle.label | foo2 [@field] : |
| instance_variables.rb:52:6:52:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:52:6:52:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:55:1:55:4 | [post] foo3 [@field] : | semmle.label | [post] foo3 [@field] : |
| instance_variables.rb:55:1:55:4 | [post] foo3 [@field] : | semmle.label | [post] foo3 [@field] : |
| instance_variables.rb:55:16:55:24 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:55:16:55:24 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:56:6:56:9 | foo3 [@field] : | semmle.label | foo3 [@field] : |
| instance_variables.rb:56:6:56:9 | foo3 [@field] : | semmle.label | foo3 [@field] : |
| instance_variables.rb:56:6:56:15 | call to field | semmle.label | call to field |
| instance_variables.rb:56:6:56:15 | call to field | semmle.label | call to field |
| instance_variables.rb:63:2:63:5 | [post] foo5 [@field] : | semmle.label | [post] foo5 [@field] : |
| instance_variables.rb:63:2:63:5 | [post] foo5 [@field] : | semmle.label | [post] foo5 [@field] : |
| instance_variables.rb:63:18:63:26 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:63:18:63:26 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:64:6:64:9 | foo5 [@field] : | semmle.label | foo5 [@field] : |
| instance_variables.rb:64:6:64:9 | foo5 [@field] : | semmle.label | foo5 [@field] : |
| instance_variables.rb:64:6:64:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:64:6:64:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:67:15:67:18 | [post] foo6 [@field] : | semmle.label | [post] foo6 [@field] : |
| instance_variables.rb:67:15:67:18 | [post] foo6 [@field] : | semmle.label | [post] foo6 [@field] : |
| instance_variables.rb:67:32:67:40 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:67:32:67:40 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:68:6:68:9 | foo3 [@field] : | semmle.label | foo3 [@field] : |
| instance_variables.rb:68:6:68:9 | foo3 [@field] : | semmle.label | foo3 [@field] : |
| instance_variables.rb:68:6:68:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:68:6:68:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:69:6:69:9 | foo5 [@field] : | semmle.label | foo5 [@field] : |
| instance_variables.rb:69:6:69:9 | foo5 [@field] : | semmle.label | foo5 [@field] : |
| instance_variables.rb:69:6:69:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:69:6:69:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:70:6:70:9 | foo6 [@field] : | semmle.label | foo6 [@field] : |
| instance_variables.rb:70:6:70:9 | foo6 [@field] : | semmle.label | foo6 [@field] : |
| instance_variables.rb:70:6:70:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:70:6:70:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:74:15:74:18 | [post] foo7 [@field] : | semmle.label | [post] foo7 [@field] : |
| instance_variables.rb:74:15:74:18 | [post] foo7 [@field] : | semmle.label | [post] foo7 [@field] : |
| instance_variables.rb:74:25:74:28 | [post] foo8 [@field] : | semmle.label | [post] foo8 [@field] : |
| instance_variables.rb:74:25:74:28 | [post] foo8 [@field] : | semmle.label | [post] foo8 [@field] : |
| instance_variables.rb:74:45:74:53 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:74:45:74:53 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:75:6:75:9 | foo7 [@field] : | semmle.label | foo7 [@field] : |
| instance_variables.rb:75:6:75:9 | foo7 [@field] : | semmle.label | foo7 [@field] : |
| instance_variables.rb:75:6:75:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:75:6:75:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:76:6:76:9 | foo8 [@field] : | semmle.label | foo8 [@field] : |
| instance_variables.rb:76:6:76:9 | foo8 [@field] : | semmle.label | foo8 [@field] : |
| instance_variables.rb:76:6:76:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:76:6:76:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:80:22:80:25 | [post] foo9 [@field] : | semmle.label | [post] foo9 [@field] : |
| instance_variables.rb:80:22:80:25 | [post] foo9 [@field] : | semmle.label | [post] foo9 [@field] : |
| instance_variables.rb:80:32:80:36 | [post] foo10 [@field] : | semmle.label | [post] foo10 [@field] : |
| instance_variables.rb:80:32:80:36 | [post] foo10 [@field] : | semmle.label | [post] foo10 [@field] : |
| instance_variables.rb:80:53:80:61 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:80:53:80:61 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:81:6:81:9 | foo9 [@field] : | semmle.label | foo9 [@field] : |
| instance_variables.rb:81:6:81:9 | foo9 [@field] : | semmle.label | foo9 [@field] : |
| instance_variables.rb:81:6:81:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:81:6:81:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:82:6:82:10 | foo10 [@field] : | semmle.label | foo10 [@field] : |
| instance_variables.rb:82:6:82:10 | foo10 [@field] : | semmle.label | foo10 [@field] : |
| instance_variables.rb:82:6:82:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:82:6:82:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:85:5:85:5 | [post] x [@field] : | semmle.label | [post] x [@field] : |
| instance_variables.rb:85:5:85:5 | [post] x [@field] : | semmle.label | [post] x [@field] : |
| instance_variables.rb:85:17:85:25 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:85:17:85:25 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:89:14:89:18 | [post] foo11 [@field] : | semmle.label | [post] foo11 [@field] : |
| instance_variables.rb:89:14:89:18 | [post] foo11 [@field] : | semmle.label | [post] foo11 [@field] : |
| instance_variables.rb:90:6:90:10 | foo11 [@field] : | semmle.label | foo11 [@field] : |
| instance_variables.rb:90:6:90:10 | foo11 [@field] : | semmle.label | foo11 [@field] : |
| instance_variables.rb:90:6:90:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:90:6:90:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:93:15:93:19 | [post] foo12 [@field] : | semmle.label | [post] foo12 [@field] : |
| instance_variables.rb:93:15:93:19 | [post] foo12 [@field] : | semmle.label | [post] foo12 [@field] : |
| instance_variables.rb:94:6:94:10 | foo12 [@field] : | semmle.label | foo12 [@field] : |
| instance_variables.rb:94:6:94:10 | foo12 [@field] : | semmle.label | foo12 [@field] : |
| instance_variables.rb:94:6:94:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:94:6:94:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:98:22:98:26 | [post] foo13 [@field] : | semmle.label | [post] foo13 [@field] : |
| instance_variables.rb:98:22:98:26 | [post] foo13 [@field] : | semmle.label | [post] foo13 [@field] : |
| instance_variables.rb:99:6:99:10 | foo13 [@field] : | semmle.label | foo13 [@field] : |
| instance_variables.rb:99:6:99:10 | foo13 [@field] : | semmle.label | foo13 [@field] : |
| instance_variables.rb:99:6:99:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:99:6:99:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:101:9:101:26 | call to new [@field] : | semmle.label | call to new [@field] : |
| instance_variables.rb:101:9:101:26 | call to new [@field] : | semmle.label | call to new [@field] : |
| instance_variables.rb:101:17:101:25 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:101:17:101:25 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:102:6:102:10 | foo15 [@field] : | semmle.label | foo15 [@field] : |
| instance_variables.rb:102:6:102:10 | foo15 [@field] : | semmle.label | foo15 [@field] : |
| instance_variables.rb:102:6:102:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:102:6:102:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:104:6:104:10 | [post] foo16 [@field] : | semmle.label | [post] foo16 [@field] : |
| instance_variables.rb:104:6:104:10 | [post] foo16 [@field] : | semmle.label | [post] foo16 [@field] : |
| instance_variables.rb:104:6:104:37 | call to call_initialize | semmle.label | call to call_initialize |
| instance_variables.rb:104:6:104:37 | call to call_initialize | semmle.label | call to call_initialize |
| instance_variables.rb:104:28:104:36 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:104:28:104:36 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:105:6:105:10 | foo16 [@field] : | semmle.label | foo16 [@field] : |
| instance_variables.rb:105:6:105:10 | foo16 [@field] : | semmle.label | foo16 [@field] : |
| instance_variables.rb:31:18:31:18 | x : | semmle.label | x : |
| instance_variables.rb:31:18:31:18 | x : | semmle.label | x : |
| instance_variables.rb:32:13:32:21 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:32:13:32:21 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:33:9:33:14 | call to new [@field] : | semmle.label | call to new [@field] : |
| instance_variables.rb:33:9:33:14 | call to new [@field] : | semmle.label | call to new [@field] : |
| instance_variables.rb:33:13:33:13 | x : | semmle.label | x : |
| instance_variables.rb:33:13:33:13 | x : | semmle.label | x : |
| instance_variables.rb:36:10:36:23 | call to new [@field] : | semmle.label | call to new [@field] : |
| instance_variables.rb:36:10:36:23 | call to new [@field] : | semmle.label | call to new [@field] : |
| instance_variables.rb:36:10:36:33 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:36:10:36:33 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:36:14:36:22 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:36:14:36:22 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:39:6:39:23 | call to bar [@field] : | semmle.label | call to bar [@field] : |
| instance_variables.rb:39:6:39:23 | call to bar [@field] : | semmle.label | call to bar [@field] : |
| instance_variables.rb:39:6:39:33 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:39:6:39:33 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:39:14:39:22 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:39:14:39:22 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:43:9:43:17 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:43:9:43:17 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:48:20:48:20 | x : | semmle.label | x : |
| instance_variables.rb:48:20:48:20 | x : | semmle.label | x : |
| instance_variables.rb:49:14:49:14 | x | semmle.label | x |
| instance_variables.rb:49:14:49:14 | x | semmle.label | x |
| instance_variables.rb:54:1:54:3 | [post] foo [@field] : | semmle.label | [post] foo [@field] : |
| instance_variables.rb:54:1:54:3 | [post] foo [@field] : | semmle.label | [post] foo [@field] : |
| instance_variables.rb:54:15:54:23 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:54:15:54:23 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:55:6:55:8 | foo [@field] : | semmle.label | foo [@field] : |
| instance_variables.rb:55:6:55:8 | foo [@field] : | semmle.label | foo [@field] : |
| instance_variables.rb:55:6:55:18 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:55:6:55:18 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:58:1:58:3 | [post] bar [@field] : | semmle.label | [post] bar [@field] : |
| instance_variables.rb:58:15:58:22 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:59:6:59:8 | bar [@field] : | semmle.label | bar [@field] : |
| instance_variables.rb:59:6:59:18 | call to inc_field | semmle.label | call to inc_field |
| instance_variables.rb:62:1:62:4 | [post] foo1 [@field] : | semmle.label | [post] foo1 [@field] : |
| instance_variables.rb:62:1:62:4 | [post] foo1 [@field] : | semmle.label | [post] foo1 [@field] : |
| instance_variables.rb:62:14:62:22 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:62:14:62:22 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:63:6:63:9 | foo1 [@field] : | semmle.label | foo1 [@field] : |
| instance_variables.rb:63:6:63:9 | foo1 [@field] : | semmle.label | foo1 [@field] : |
| instance_variables.rb:63:6:63:15 | call to field | semmle.label | call to field |
| instance_variables.rb:63:6:63:15 | call to field | semmle.label | call to field |
| instance_variables.rb:66:1:66:4 | [post] foo2 [@field] : | semmle.label | [post] foo2 [@field] : |
| instance_variables.rb:66:1:66:4 | [post] foo2 [@field] : | semmle.label | [post] foo2 [@field] : |
| instance_variables.rb:66:14:66:22 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:66:14:66:22 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:67:6:67:9 | foo2 [@field] : | semmle.label | foo2 [@field] : |
| instance_variables.rb:67:6:67:9 | foo2 [@field] : | semmle.label | foo2 [@field] : |
| instance_variables.rb:67:6:67:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:67:6:67:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:70:1:70:4 | [post] foo3 [@field] : | semmle.label | [post] foo3 [@field] : |
| instance_variables.rb:70:1:70:4 | [post] foo3 [@field] : | semmle.label | [post] foo3 [@field] : |
| instance_variables.rb:70:16:70:24 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:70:16:70:24 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:71:6:71:9 | foo3 [@field] : | semmle.label | foo3 [@field] : |
| instance_variables.rb:71:6:71:9 | foo3 [@field] : | semmle.label | foo3 [@field] : |
| instance_variables.rb:71:6:71:15 | call to field | semmle.label | call to field |
| instance_variables.rb:71:6:71:15 | call to field | semmle.label | call to field |
| instance_variables.rb:78:2:78:5 | [post] foo5 [@field] : | semmle.label | [post] foo5 [@field] : |
| instance_variables.rb:78:2:78:5 | [post] foo5 [@field] : | semmle.label | [post] foo5 [@field] : |
| instance_variables.rb:78:18:78:26 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:78:18:78:26 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:79:6:79:9 | foo5 [@field] : | semmle.label | foo5 [@field] : |
| instance_variables.rb:79:6:79:9 | foo5 [@field] : | semmle.label | foo5 [@field] : |
| instance_variables.rb:79:6:79:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:79:6:79:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:82:15:82:18 | [post] foo6 [@field] : | semmle.label | [post] foo6 [@field] : |
| instance_variables.rb:82:15:82:18 | [post] foo6 [@field] : | semmle.label | [post] foo6 [@field] : |
| instance_variables.rb:82:32:82:40 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:82:32:82:40 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:83:6:83:9 | foo3 [@field] : | semmle.label | foo3 [@field] : |
| instance_variables.rb:83:6:83:9 | foo3 [@field] : | semmle.label | foo3 [@field] : |
| instance_variables.rb:83:6:83:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:83:6:83:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:84:6:84:9 | foo5 [@field] : | semmle.label | foo5 [@field] : |
| instance_variables.rb:84:6:84:9 | foo5 [@field] : | semmle.label | foo5 [@field] : |
| instance_variables.rb:84:6:84:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:84:6:84:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:85:6:85:9 | foo6 [@field] : | semmle.label | foo6 [@field] : |
| instance_variables.rb:85:6:85:9 | foo6 [@field] : | semmle.label | foo6 [@field] : |
| instance_variables.rb:85:6:85:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:85:6:85:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:89:15:89:18 | [post] foo7 [@field] : | semmle.label | [post] foo7 [@field] : |
| instance_variables.rb:89:15:89:18 | [post] foo7 [@field] : | semmle.label | [post] foo7 [@field] : |
| instance_variables.rb:89:25:89:28 | [post] foo8 [@field] : | semmle.label | [post] foo8 [@field] : |
| instance_variables.rb:89:25:89:28 | [post] foo8 [@field] : | semmle.label | [post] foo8 [@field] : |
| instance_variables.rb:89:45:89:53 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:89:45:89:53 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:90:6:90:9 | foo7 [@field] : | semmle.label | foo7 [@field] : |
| instance_variables.rb:90:6:90:9 | foo7 [@field] : | semmle.label | foo7 [@field] : |
| instance_variables.rb:90:6:90:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:90:6:90:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:91:6:91:9 | foo8 [@field] : | semmle.label | foo8 [@field] : |
| instance_variables.rb:91:6:91:9 | foo8 [@field] : | semmle.label | foo8 [@field] : |
| instance_variables.rb:91:6:91:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:91:6:91:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:95:22:95:25 | [post] foo9 [@field] : | semmle.label | [post] foo9 [@field] : |
| instance_variables.rb:95:22:95:25 | [post] foo9 [@field] : | semmle.label | [post] foo9 [@field] : |
| instance_variables.rb:95:32:95:36 | [post] foo10 [@field] : | semmle.label | [post] foo10 [@field] : |
| instance_variables.rb:95:32:95:36 | [post] foo10 [@field] : | semmle.label | [post] foo10 [@field] : |
| instance_variables.rb:95:53:95:61 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:95:53:95:61 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:96:6:96:9 | foo9 [@field] : | semmle.label | foo9 [@field] : |
| instance_variables.rb:96:6:96:9 | foo9 [@field] : | semmle.label | foo9 [@field] : |
| instance_variables.rb:96:6:96:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:96:6:96:19 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:97:6:97:10 | foo10 [@field] : | semmle.label | foo10 [@field] : |
| instance_variables.rb:97:6:97:10 | foo10 [@field] : | semmle.label | foo10 [@field] : |
| instance_variables.rb:97:6:97:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:97:6:97:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:100:5:100:5 | [post] x [@field] : | semmle.label | [post] x [@field] : |
| instance_variables.rb:100:5:100:5 | [post] x [@field] : | semmle.label | [post] x [@field] : |
| instance_variables.rb:100:17:100:25 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:100:17:100:25 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:104:14:104:18 | [post] foo11 [@field] : | semmle.label | [post] foo11 [@field] : |
| instance_variables.rb:104:14:104:18 | [post] foo11 [@field] : | semmle.label | [post] foo11 [@field] : |
| instance_variables.rb:105:6:105:10 | foo11 [@field] : | semmle.label | foo11 [@field] : |
| instance_variables.rb:105:6:105:10 | foo11 [@field] : | semmle.label | foo11 [@field] : |
| instance_variables.rb:105:6:105:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:105:6:105:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:106:7:106:24 | call to new : | semmle.label | call to new : |
| instance_variables.rb:106:7:106:24 | call to new : | semmle.label | call to new : |
| instance_variables.rb:107:6:107:8 | bar | semmle.label | bar |
| instance_variables.rb:107:6:107:8 | bar | semmle.label | bar |
| instance_variables.rb:108:15:108:19 | [post] foo12 [@field] : | semmle.label | [post] foo12 [@field] : |
| instance_variables.rb:108:15:108:19 | [post] foo12 [@field] : | semmle.label | [post] foo12 [@field] : |
| instance_variables.rb:109:6:109:10 | foo12 [@field] : | semmle.label | foo12 [@field] : |
| instance_variables.rb:109:6:109:10 | foo12 [@field] : | semmle.label | foo12 [@field] : |
| instance_variables.rb:109:6:109:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:109:6:109:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:113:22:113:26 | [post] foo13 [@field] : | semmle.label | [post] foo13 [@field] : |
| instance_variables.rb:113:22:113:26 | [post] foo13 [@field] : | semmle.label | [post] foo13 [@field] : |
| instance_variables.rb:114:6:114:10 | foo13 [@field] : | semmle.label | foo13 [@field] : |
| instance_variables.rb:114:6:114:10 | foo13 [@field] : | semmle.label | foo13 [@field] : |
| instance_variables.rb:114:6:114:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:114:6:114:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:116:9:116:26 | call to new [@field] : | semmle.label | call to new [@field] : |
| instance_variables.rb:116:9:116:26 | call to new [@field] : | semmle.label | call to new [@field] : |
| instance_variables.rb:116:17:116:25 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:116:17:116:25 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:117:6:117:10 | foo15 [@field] : | semmle.label | foo15 [@field] : |
| instance_variables.rb:117:6:117:10 | foo15 [@field] : | semmle.label | foo15 [@field] : |
| instance_variables.rb:117:6:117:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:117:6:117:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:119:6:119:10 | [post] foo16 [@field] : | semmle.label | [post] foo16 [@field] : |
| instance_variables.rb:119:6:119:10 | [post] foo16 [@field] : | semmle.label | [post] foo16 [@field] : |
| instance_variables.rb:119:6:119:37 | call to call_initialize | semmle.label | call to call_initialize |
| instance_variables.rb:119:6:119:37 | call to call_initialize | semmle.label | call to call_initialize |
| instance_variables.rb:119:28:119:36 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:119:28:119:36 | call to taint : | semmle.label | call to taint : |
| instance_variables.rb:120:6:120:10 | foo16 [@field] : | semmle.label | foo16 [@field] : |
| instance_variables.rb:120:6:120:10 | foo16 [@field] : | semmle.label | foo16 [@field] : |
| instance_variables.rb:120:6:120:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:120:6:120:20 | call to get_field | semmle.label | call to get_field |
| instance_variables.rb:121:7:121:24 | call to new : | semmle.label | call to new : |
| instance_variables.rb:121:7:121:24 | call to new : | semmle.label | call to new : |
| instance_variables.rb:122:6:122:8 | bar | semmle.label | bar |
| instance_variables.rb:122:6:122:8 | bar | semmle.label | bar |
subpaths
| instance_variables.rb:28:20:28:24 | field : | instance_variables.rb:22:20:22:24 | field : | instance_variables.rb:23:9:23:14 | [post] self [@field] : | instance_variables.rb:28:9:28:25 | [post] self [@field] : |
| instance_variables.rb:28:20:28:24 | field : | instance_variables.rb:22:20:22:24 | field : | instance_variables.rb:23:9:23:14 | [post] self [@field] : | instance_variables.rb:28:9:28:25 | [post] self [@field] : |
| instance_variables.rb:39:15:39:23 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:39:1:39:3 | [post] foo [@field] : |
| instance_variables.rb:39:15:39:23 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:39:1:39:3 | [post] foo [@field] : |
| instance_variables.rb:40:6:40:8 | foo [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:40:6:40:18 | call to get_field |
| instance_variables.rb:40:6:40:8 | foo [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:40:6:40:18 | call to get_field |
| instance_variables.rb:43:15:43:22 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:43:1:43:3 | [post] bar [@field] : |
| instance_variables.rb:44:6:44:8 | bar [@field] : | instance_variables.rb:16:5:18:7 | self in inc_field [@field] : | instance_variables.rb:16:5:18:7 | self in inc_field [@field] : | instance_variables.rb:44:6:44:18 | call to inc_field |
| instance_variables.rb:44:6:44:8 | bar [@field] : | instance_variables.rb:16:5:18:7 | self in inc_field [@field] : | instance_variables.rb:17:9:17:14 | [post] self [@field] : | instance_variables.rb:44:6:44:18 | call to inc_field |
| instance_variables.rb:52:6:52:9 | foo2 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:52:6:52:19 | call to get_field |
| instance_variables.rb:52:6:52:9 | foo2 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:52:6:52:19 | call to get_field |
| instance_variables.rb:55:16:55:24 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:55:1:55:4 | [post] foo3 [@field] : |
| instance_variables.rb:55:16:55:24 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:55:1:55:4 | [post] foo3 [@field] : |
| instance_variables.rb:63:18:63:26 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:63:2:63:5 | [post] foo5 [@field] : |
| instance_variables.rb:63:18:63:26 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:63:2:63:5 | [post] foo5 [@field] : |
| instance_variables.rb:64:6:64:9 | foo5 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:64:6:64:19 | call to get_field |
| instance_variables.rb:64:6:64:9 | foo5 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:64:6:64:19 | call to get_field |
| instance_variables.rb:67:32:67:40 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:67:15:67:18 | [post] foo6 [@field] : |
| instance_variables.rb:67:32:67:40 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:67:15:67:18 | [post] foo6 [@field] : |
| instance_variables.rb:68:6:68:9 | foo3 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:68:6:68:19 | call to get_field |
| instance_variables.rb:68:6:68:9 | foo3 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:68:6:68:19 | call to get_field |
| instance_variables.rb:69:6:69:9 | foo5 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:69:6:69:19 | call to get_field |
| instance_variables.rb:69:6:69:9 | foo5 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:69:6:69:19 | call to get_field |
| instance_variables.rb:70:6:70:9 | foo6 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:70:6:70:19 | call to get_field |
| instance_variables.rb:70:6:70:9 | foo6 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:70:6:70:19 | call to get_field |
| instance_variables.rb:74:45:74:53 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:74:15:74:18 | [post] foo7 [@field] : |
| instance_variables.rb:74:45:74:53 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:74:15:74:18 | [post] foo7 [@field] : |
| instance_variables.rb:74:45:74:53 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:74:25:74:28 | [post] foo8 [@field] : |
| instance_variables.rb:74:45:74:53 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:74:25:74:28 | [post] foo8 [@field] : |
| instance_variables.rb:75:6:75:9 | foo7 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:75:6:75:19 | call to get_field |
| instance_variables.rb:75:6:75:9 | foo7 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:75:6:75:19 | call to get_field |
| instance_variables.rb:76:6:76:9 | foo8 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:76:6:76:19 | call to get_field |
| instance_variables.rb:76:6:76:9 | foo8 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:76:6:76:19 | call to get_field |
| instance_variables.rb:80:53:80:61 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:80:22:80:25 | [post] foo9 [@field] : |
| instance_variables.rb:80:53:80:61 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:80:22:80:25 | [post] foo9 [@field] : |
| instance_variables.rb:80:53:80:61 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:80:32:80:36 | [post] foo10 [@field] : |
| instance_variables.rb:80:53:80:61 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:80:32:80:36 | [post] foo10 [@field] : |
| instance_variables.rb:81:6:81:9 | foo9 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:81:6:81:19 | call to get_field |
| instance_variables.rb:81:6:81:9 | foo9 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:81:6:81:19 | call to get_field |
| instance_variables.rb:82:6:82:10 | foo10 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:82:6:82:20 | call to get_field |
| instance_variables.rb:82:6:82:10 | foo10 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:82:6:82:20 | call to get_field |
| instance_variables.rb:85:17:85:25 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:85:5:85:5 | [post] x [@field] : |
| instance_variables.rb:85:17:85:25 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:85:5:85:5 | [post] x [@field] : |
| instance_variables.rb:90:6:90:10 | foo11 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:90:6:90:20 | call to get_field |
| instance_variables.rb:90:6:90:10 | foo11 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:90:6:90:20 | call to get_field |
| instance_variables.rb:94:6:94:10 | foo12 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:94:6:94:20 | call to get_field |
| instance_variables.rb:94:6:94:10 | foo12 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:94:6:94:20 | call to get_field |
| instance_variables.rb:99:6:99:10 | foo13 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:99:6:99:20 | call to get_field |
| instance_variables.rb:99:6:99:10 | foo13 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:99:6:99:20 | call to get_field |
| instance_variables.rb:101:17:101:25 | call to taint : | instance_variables.rb:22:20:22:24 | field : | instance_variables.rb:23:9:23:14 | [post] self [@field] : | instance_variables.rb:101:9:101:26 | call to new [@field] : |
| instance_variables.rb:101:17:101:25 | call to taint : | instance_variables.rb:22:20:22:24 | field : | instance_variables.rb:23:9:23:14 | [post] self [@field] : | instance_variables.rb:101:9:101:26 | call to new [@field] : |
| instance_variables.rb:102:6:102:10 | foo15 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:102:6:102:20 | call to get_field |
| instance_variables.rb:102:6:102:10 | foo15 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:102:6:102:20 | call to get_field |
| instance_variables.rb:104:28:104:36 | call to taint : | instance_variables.rb:27:25:27:29 | field : | instance_variables.rb:28:9:28:25 | [post] self [@field] : | instance_variables.rb:104:6:104:10 | [post] foo16 [@field] : |
| instance_variables.rb:104:28:104:36 | call to taint : | instance_variables.rb:27:25:27:29 | field : | instance_variables.rb:28:9:28:25 | [post] self [@field] : | instance_variables.rb:104:6:104:10 | [post] foo16 [@field] : |
| instance_variables.rb:105:6:105:10 | foo16 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:105:6:105:20 | call to get_field |
| instance_variables.rb:105:6:105:10 | foo16 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:105:6:105:20 | call to get_field |
| instance_variables.rb:33:13:33:13 | x : | instance_variables.rb:22:20:22:24 | field : | instance_variables.rb:23:9:23:14 | [post] self [@field] : | instance_variables.rb:33:9:33:14 | call to new [@field] : |
| instance_variables.rb:33:13:33:13 | x : | instance_variables.rb:22:20:22:24 | field : | instance_variables.rb:23:9:23:14 | [post] self [@field] : | instance_variables.rb:33:9:33:14 | call to new [@field] : |
| instance_variables.rb:36:10:36:23 | call to new [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:36:10:36:33 | call to get_field |
| instance_variables.rb:36:10:36:23 | call to new [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:36:10:36:33 | call to get_field |
| instance_variables.rb:36:14:36:22 | call to taint : | instance_variables.rb:22:20:22:24 | field : | instance_variables.rb:23:9:23:14 | [post] self [@field] : | instance_variables.rb:36:10:36:23 | call to new [@field] : |
| instance_variables.rb:36:14:36:22 | call to taint : | instance_variables.rb:22:20:22:24 | field : | instance_variables.rb:23:9:23:14 | [post] self [@field] : | instance_variables.rb:36:10:36:23 | call to new [@field] : |
| instance_variables.rb:39:6:39:23 | call to bar [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:39:6:39:33 | call to get_field |
| instance_variables.rb:39:6:39:23 | call to bar [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:39:6:39:33 | call to get_field |
| instance_variables.rb:39:14:39:22 | call to taint : | instance_variables.rb:31:18:31:18 | x : | instance_variables.rb:33:9:33:14 | call to new [@field] : | instance_variables.rb:39:6:39:23 | call to bar [@field] : |
| instance_variables.rb:39:14:39:22 | call to taint : | instance_variables.rb:31:18:31:18 | x : | instance_variables.rb:33:9:33:14 | call to new [@field] : | instance_variables.rb:39:6:39:23 | call to bar [@field] : |
| instance_variables.rb:54:15:54:23 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:54:1:54:3 | [post] foo [@field] : |
| instance_variables.rb:54:15:54:23 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:54:1:54:3 | [post] foo [@field] : |
| instance_variables.rb:55:6:55:8 | foo [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:55:6:55:18 | call to get_field |
| instance_variables.rb:55:6:55:8 | foo [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:55:6:55:18 | call to get_field |
| instance_variables.rb:58:15:58:22 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:58:1:58:3 | [post] bar [@field] : |
| instance_variables.rb:59:6:59:8 | bar [@field] : | instance_variables.rb:16:5:18:7 | self in inc_field [@field] : | instance_variables.rb:16:5:18:7 | self in inc_field [@field] : | instance_variables.rb:59:6:59:18 | call to inc_field |
| instance_variables.rb:59:6:59:8 | bar [@field] : | instance_variables.rb:16:5:18:7 | self in inc_field [@field] : | instance_variables.rb:17:9:17:14 | [post] self [@field] : | instance_variables.rb:59:6:59:18 | call to inc_field |
| instance_variables.rb:67:6:67:9 | foo2 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:67:6:67:19 | call to get_field |
| instance_variables.rb:67:6:67:9 | foo2 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:67:6:67:19 | call to get_field |
| instance_variables.rb:70:16:70:24 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:70:1:70:4 | [post] foo3 [@field] : |
| instance_variables.rb:70:16:70:24 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:70:1:70:4 | [post] foo3 [@field] : |
| instance_variables.rb:78:18:78:26 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:78:2:78:5 | [post] foo5 [@field] : |
| instance_variables.rb:78:18:78:26 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:78:2:78:5 | [post] foo5 [@field] : |
| instance_variables.rb:79:6:79:9 | foo5 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:79:6:79:19 | call to get_field |
| instance_variables.rb:79:6:79:9 | foo5 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:79:6:79:19 | call to get_field |
| instance_variables.rb:82:32:82:40 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:82:15:82:18 | [post] foo6 [@field] : |
| instance_variables.rb:82:32:82:40 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:82:15:82:18 | [post] foo6 [@field] : |
| instance_variables.rb:83:6:83:9 | foo3 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:83:6:83:19 | call to get_field |
| instance_variables.rb:83:6:83:9 | foo3 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:83:6:83:19 | call to get_field |
| instance_variables.rb:84:6:84:9 | foo5 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:84:6:84:19 | call to get_field |
| instance_variables.rb:84:6:84:9 | foo5 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:84:6:84:19 | call to get_field |
| instance_variables.rb:85:6:85:9 | foo6 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:85:6:85:19 | call to get_field |
| instance_variables.rb:85:6:85:9 | foo6 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:85:6:85:19 | call to get_field |
| instance_variables.rb:89:45:89:53 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:89:15:89:18 | [post] foo7 [@field] : |
| instance_variables.rb:89:45:89:53 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:89:15:89:18 | [post] foo7 [@field] : |
| instance_variables.rb:89:45:89:53 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:89:25:89:28 | [post] foo8 [@field] : |
| instance_variables.rb:89:45:89:53 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:89:25:89:28 | [post] foo8 [@field] : |
| instance_variables.rb:90:6:90:9 | foo7 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:90:6:90:19 | call to get_field |
| instance_variables.rb:90:6:90:9 | foo7 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:90:6:90:19 | call to get_field |
| instance_variables.rb:91:6:91:9 | foo8 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:91:6:91:19 | call to get_field |
| instance_variables.rb:91:6:91:9 | foo8 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:91:6:91:19 | call to get_field |
| instance_variables.rb:95:53:95:61 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:95:22:95:25 | [post] foo9 [@field] : |
| instance_variables.rb:95:53:95:61 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:95:22:95:25 | [post] foo9 [@field] : |
| instance_variables.rb:95:53:95:61 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:95:32:95:36 | [post] foo10 [@field] : |
| instance_variables.rb:95:53:95:61 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:95:32:95:36 | [post] foo10 [@field] : |
| instance_variables.rb:96:6:96:9 | foo9 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:96:6:96:19 | call to get_field |
| instance_variables.rb:96:6:96:9 | foo9 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:96:6:96:19 | call to get_field |
| instance_variables.rb:97:6:97:10 | foo10 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:97:6:97:20 | call to get_field |
| instance_variables.rb:97:6:97:10 | foo10 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:97:6:97:20 | call to get_field |
| instance_variables.rb:100:17:100:25 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:100:5:100:5 | [post] x [@field] : |
| instance_variables.rb:100:17:100:25 | call to taint : | instance_variables.rb:10:19:10:19 | x : | instance_variables.rb:11:9:11:14 | [post] self [@field] : | instance_variables.rb:100:5:100:5 | [post] x [@field] : |
| instance_variables.rb:105:6:105:10 | foo11 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:105:6:105:20 | call to get_field |
| instance_variables.rb:105:6:105:10 | foo11 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:105:6:105:20 | call to get_field |
| instance_variables.rb:109:6:109:10 | foo12 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:109:6:109:20 | call to get_field |
| instance_variables.rb:109:6:109:10 | foo12 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:109:6:109:20 | call to get_field |
| instance_variables.rb:114:6:114:10 | foo13 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:114:6:114:20 | call to get_field |
| instance_variables.rb:114:6:114:10 | foo13 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:114:6:114:20 | call to get_field |
| instance_variables.rb:116:17:116:25 | call to taint : | instance_variables.rb:22:20:22:24 | field : | instance_variables.rb:23:9:23:14 | [post] self [@field] : | instance_variables.rb:116:9:116:26 | call to new [@field] : |
| instance_variables.rb:116:17:116:25 | call to taint : | instance_variables.rb:22:20:22:24 | field : | instance_variables.rb:23:9:23:14 | [post] self [@field] : | instance_variables.rb:116:9:116:26 | call to new [@field] : |
| instance_variables.rb:117:6:117:10 | foo15 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:117:6:117:20 | call to get_field |
| instance_variables.rb:117:6:117:10 | foo15 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:117:6:117:20 | call to get_field |
| instance_variables.rb:119:28:119:36 | call to taint : | instance_variables.rb:27:25:27:29 | field : | instance_variables.rb:28:9:28:25 | [post] self [@field] : | instance_variables.rb:119:6:119:10 | [post] foo16 [@field] : |
| instance_variables.rb:119:28:119:36 | call to taint : | instance_variables.rb:27:25:27:29 | field : | instance_variables.rb:28:9:28:25 | [post] self [@field] : | instance_variables.rb:119:6:119:10 | [post] foo16 [@field] : |
| instance_variables.rb:120:6:120:10 | foo16 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:120:6:120:20 | call to get_field |
| instance_variables.rb:120:6:120:10 | foo16 [@field] : | instance_variables.rb:13:5:15:7 | self in get_field [@field] : | instance_variables.rb:14:9:14:21 | return : | instance_variables.rb:120:6:120:20 | call to get_field |
#select
| captured_variables.rb:2:20:2:20 | x | captured_variables.rb:5:20:5:30 | call to source : | captured_variables.rb:2:20:2:20 | x | $@ | captured_variables.rb:5:20:5:30 | call to source : | call to source : |
| captured_variables.rb:23:14:23:14 | x | captured_variables.rb:27:29:27:39 | call to source : | captured_variables.rb:23:14:23:14 | x | $@ | captured_variables.rb:27:29:27:39 | call to source : | call to source : |
| captured_variables.rb:34:14:34:14 | x | captured_variables.rb:38:27:38:37 | call to source : | captured_variables.rb:34:14:34:14 | x | $@ | captured_variables.rb:38:27:38:37 | call to source : | call to source : |
| instance_variables.rb:20:10:20:13 | @foo | instance_variables.rb:19:12:19:21 | call to taint : | instance_variables.rb:20:10:20:13 | @foo | $@ | instance_variables.rb:19:12:19:21 | call to taint : | call to taint : |
| instance_variables.rb:40:6:40:18 | call to get_field | instance_variables.rb:39:15:39:23 | call to taint : | instance_variables.rb:40:6:40:18 | call to get_field | $@ | instance_variables.rb:39:15:39:23 | call to taint : | call to taint : |
| instance_variables.rb:44:6:44:18 | call to inc_field | instance_variables.rb:43:15:43:22 | call to taint : | instance_variables.rb:44:6:44:18 | call to inc_field | $@ | instance_variables.rb:43:15:43:22 | call to taint : | call to taint : |
| instance_variables.rb:48:6:48:15 | call to field | instance_variables.rb:47:14:47:22 | call to taint : | instance_variables.rb:48:6:48:15 | call to field | $@ | instance_variables.rb:47:14:47:22 | call to taint : | call to taint : |
| instance_variables.rb:52:6:52:19 | call to get_field | instance_variables.rb:51:14:51:22 | call to taint : | instance_variables.rb:52:6:52:19 | call to get_field | $@ | instance_variables.rb:51:14:51:22 | call to taint : | call to taint : |
| instance_variables.rb:56:6:56:15 | call to field | instance_variables.rb:55:16:55:24 | call to taint : | instance_variables.rb:56:6:56:15 | call to field | $@ | instance_variables.rb:55:16:55:24 | call to taint : | call to taint : |
| instance_variables.rb:64:6:64:19 | call to get_field | instance_variables.rb:63:18:63:26 | call to taint : | instance_variables.rb:64:6:64:19 | call to get_field | $@ | instance_variables.rb:63:18:63:26 | call to taint : | call to taint : |
| instance_variables.rb:68:6:68:19 | call to get_field | instance_variables.rb:55:16:55:24 | call to taint : | instance_variables.rb:68:6:68:19 | call to get_field | $@ | instance_variables.rb:55:16:55:24 | call to taint : | call to taint : |
| instance_variables.rb:69:6:69:19 | call to get_field | instance_variables.rb:63:18:63:26 | call to taint : | instance_variables.rb:69:6:69:19 | call to get_field | $@ | instance_variables.rb:63:18:63:26 | call to taint : | call to taint : |
| instance_variables.rb:70:6:70:19 | call to get_field | instance_variables.rb:67:32:67:40 | call to taint : | instance_variables.rb:70:6:70:19 | call to get_field | $@ | instance_variables.rb:67:32:67:40 | call to taint : | call to taint : |
| instance_variables.rb:75:6:75:19 | call to get_field | instance_variables.rb:74:45:74:53 | call to taint : | instance_variables.rb:75:6:75:19 | call to get_field | $@ | instance_variables.rb:74:45:74:53 | call to taint : | call to taint : |
| instance_variables.rb:76:6:76:19 | call to get_field | instance_variables.rb:74:45:74:53 | call to taint : | instance_variables.rb:76:6:76:19 | call to get_field | $@ | instance_variables.rb:74:45:74:53 | call to taint : | call to taint : |
| instance_variables.rb:81:6:81:19 | call to get_field | instance_variables.rb:80:53:80:61 | call to taint : | instance_variables.rb:81:6:81:19 | call to get_field | $@ | instance_variables.rb:80:53:80:61 | call to taint : | call to taint : |
| instance_variables.rb:82:6:82:20 | call to get_field | instance_variables.rb:80:53:80:61 | call to taint : | instance_variables.rb:82:6:82:20 | call to get_field | $@ | instance_variables.rb:80:53:80:61 | call to taint : | call to taint : |
| instance_variables.rb:90:6:90:20 | call to get_field | instance_variables.rb:85:17:85:25 | call to taint : | instance_variables.rb:90:6:90:20 | call to get_field | $@ | instance_variables.rb:85:17:85:25 | call to taint : | call to taint : |
| instance_variables.rb:94:6:94:20 | call to get_field | instance_variables.rb:85:17:85:25 | call to taint : | instance_variables.rb:94:6:94:20 | call to get_field | $@ | instance_variables.rb:85:17:85:25 | call to taint : | call to taint : |
| instance_variables.rb:99:6:99:20 | call to get_field | instance_variables.rb:85:17:85:25 | call to taint : | instance_variables.rb:99:6:99:20 | call to get_field | $@ | instance_variables.rb:85:17:85:25 | call to taint : | call to taint : |
| instance_variables.rb:102:6:102:20 | call to get_field | instance_variables.rb:101:17:101:25 | call to taint : | instance_variables.rb:102:6:102:20 | call to get_field | $@ | instance_variables.rb:101:17:101:25 | call to taint : | call to taint : |
| instance_variables.rb:104:6:104:37 | call to call_initialize | instance_variables.rb:24:9:24:17 | call to taint : | instance_variables.rb:104:6:104:37 | call to call_initialize | $@ | instance_variables.rb:24:9:24:17 | call to taint : | call to taint : |
| instance_variables.rb:105:6:105:20 | call to get_field | instance_variables.rb:104:28:104:36 | call to taint : | instance_variables.rb:105:6:105:20 | call to get_field | $@ | instance_variables.rb:104:28:104:36 | call to taint : | call to taint : |
| instance_variables.rb:107:6:107:8 | bar | instance_variables.rb:34:9:34:17 | call to taint : | instance_variables.rb:107:6:107:8 | bar | $@ | instance_variables.rb:34:9:34:17 | call to taint : | call to taint : |
| instance_variables.rb:36:10:36:33 | call to get_field | instance_variables.rb:36:14:36:22 | call to taint : | instance_variables.rb:36:10:36:33 | call to get_field | $@ | instance_variables.rb:36:14:36:22 | call to taint : | call to taint : |
| instance_variables.rb:39:6:39:33 | call to get_field | instance_variables.rb:39:14:39:22 | call to taint : | instance_variables.rb:39:6:39:33 | call to get_field | $@ | instance_variables.rb:39:14:39:22 | call to taint : | call to taint : |
| instance_variables.rb:49:14:49:14 | x | instance_variables.rb:32:13:32:21 | call to taint : | instance_variables.rb:49:14:49:14 | x | $@ | instance_variables.rb:32:13:32:21 | call to taint : | call to taint : |
| instance_variables.rb:55:6:55:18 | call to get_field | instance_variables.rb:54:15:54:23 | call to taint : | instance_variables.rb:55:6:55:18 | call to get_field | $@ | instance_variables.rb:54:15:54:23 | call to taint : | call to taint : |
| instance_variables.rb:59:6:59:18 | call to inc_field | instance_variables.rb:58:15:58:22 | call to taint : | instance_variables.rb:59:6:59:18 | call to inc_field | $@ | instance_variables.rb:58:15:58:22 | call to taint : | call to taint : |
| instance_variables.rb:63:6:63:15 | call to field | instance_variables.rb:62:14:62:22 | call to taint : | instance_variables.rb:63:6:63:15 | call to field | $@ | instance_variables.rb:62:14:62:22 | call to taint : | call to taint : |
| instance_variables.rb:67:6:67:19 | call to get_field | instance_variables.rb:66:14:66:22 | call to taint : | instance_variables.rb:67:6:67:19 | call to get_field | $@ | instance_variables.rb:66:14:66:22 | call to taint : | call to taint : |
| instance_variables.rb:71:6:71:15 | call to field | instance_variables.rb:70:16:70:24 | call to taint : | instance_variables.rb:71:6:71:15 | call to field | $@ | instance_variables.rb:70:16:70:24 | call to taint : | call to taint : |
| instance_variables.rb:79:6:79:19 | call to get_field | instance_variables.rb:78:18:78:26 | call to taint : | instance_variables.rb:79:6:79:19 | call to get_field | $@ | instance_variables.rb:78:18:78:26 | call to taint : | call to taint : |
| instance_variables.rb:83:6:83:19 | call to get_field | instance_variables.rb:70:16:70:24 | call to taint : | instance_variables.rb:83:6:83:19 | call to get_field | $@ | instance_variables.rb:70:16:70:24 | call to taint : | call to taint : |
| instance_variables.rb:84:6:84:19 | call to get_field | instance_variables.rb:78:18:78:26 | call to taint : | instance_variables.rb:84:6:84:19 | call to get_field | $@ | instance_variables.rb:78:18:78:26 | call to taint : | call to taint : |
| instance_variables.rb:85:6:85:19 | call to get_field | instance_variables.rb:82:32:82:40 | call to taint : | instance_variables.rb:85:6:85:19 | call to get_field | $@ | instance_variables.rb:82:32:82:40 | call to taint : | call to taint : |
| instance_variables.rb:90:6:90:19 | call to get_field | instance_variables.rb:89:45:89:53 | call to taint : | instance_variables.rb:90:6:90:19 | call to get_field | $@ | instance_variables.rb:89:45:89:53 | call to taint : | call to taint : |
| instance_variables.rb:91:6:91:19 | call to get_field | instance_variables.rb:89:45:89:53 | call to taint : | instance_variables.rb:91:6:91:19 | call to get_field | $@ | instance_variables.rb:89:45:89:53 | call to taint : | call to taint : |
| instance_variables.rb:96:6:96:19 | call to get_field | instance_variables.rb:95:53:95:61 | call to taint : | instance_variables.rb:96:6:96:19 | call to get_field | $@ | instance_variables.rb:95:53:95:61 | call to taint : | call to taint : |
| instance_variables.rb:97:6:97:20 | call to get_field | instance_variables.rb:95:53:95:61 | call to taint : | instance_variables.rb:97:6:97:20 | call to get_field | $@ | instance_variables.rb:95:53:95:61 | call to taint : | call to taint : |
| instance_variables.rb:105:6:105:20 | call to get_field | instance_variables.rb:100:17:100:25 | call to taint : | instance_variables.rb:105:6:105:20 | call to get_field | $@ | instance_variables.rb:100:17:100:25 | call to taint : | call to taint : |
| instance_variables.rb:109:6:109:20 | call to get_field | instance_variables.rb:100:17:100:25 | call to taint : | instance_variables.rb:109:6:109:20 | call to get_field | $@ | instance_variables.rb:100:17:100:25 | call to taint : | call to taint : |
| instance_variables.rb:114:6:114:20 | call to get_field | instance_variables.rb:100:17:100:25 | call to taint : | instance_variables.rb:114:6:114:20 | call to get_field | $@ | instance_variables.rb:100:17:100:25 | call to taint : | call to taint : |
| instance_variables.rb:117:6:117:20 | call to get_field | instance_variables.rb:116:17:116:25 | call to taint : | instance_variables.rb:117:6:117:20 | call to get_field | $@ | instance_variables.rb:116:17:116:25 | call to taint : | call to taint : |
| instance_variables.rb:119:6:119:37 | call to call_initialize | instance_variables.rb:24:9:24:17 | call to taint : | instance_variables.rb:119:6:119:37 | call to call_initialize | $@ | instance_variables.rb:24:9:24:17 | call to taint : | call to taint : |
| instance_variables.rb:120:6:120:20 | call to get_field | instance_variables.rb:119:28:119:36 | call to taint : | instance_variables.rb:120:6:120:20 | call to get_field | $@ | instance_variables.rb:119:28:119:36 | call to taint : | call to taint : |
| instance_variables.rb:122:6:122:8 | bar | instance_variables.rb:43:9:43:17 | call to taint : | instance_variables.rb:122:6:122:8 | bar | $@ | instance_variables.rb:43:9:43:17 | call to taint : | call to taint : |

36
ruby/ql/test/library-tests/dataflow/global/TypeTrackingInlineTest.expected
View File

@@ -1,19 +1,23 @@
| captured_variables.rb:9:14:9:14 | x | Fixed missing result:hasValueFlow=1.2 |
| captured_variables.rb:16:14:16:14 | x | Fixed missing result:hasValueFlow=1.3 |
| instance_variables.rb:20:16:20:33 | # $ hasValueFlow=7 | Missing result:hasValueFlow=7 |
| instance_variables.rb:40:21:40:39 | # $ hasValueFlow=42 | Missing result:hasValueFlow=42 |
| instance_variables.rb:52:22:52:40 | # $ hasValueFlow=21 | Missing result:hasValueFlow=21 |
| instance_variables.rb:56:18:56:36 | # $ hasValueFlow=22 | Missing result:hasValueFlow=22 |
| instance_variables.rb:64:22:64:40 | # $ hasValueFlow=24 | Missing result:hasValueFlow=24 |
| instance_variables.rb:68:22:68:40 | # $ hasValueFlow=22 | Missing result:hasValueFlow=22 |
| instance_variables.rb:69:22:69:40 | # $ hasValueFlow=24 | Missing result:hasValueFlow=24 |
| instance_variables.rb:70:22:70:40 | # $ hasValueFlow=25 | Missing result:hasValueFlow=25 |
| instance_variables.rb:75:22:75:40 | # $ hasValueFlow=26 | Missing result:hasValueFlow=26 |
| instance_variables.rb:76:22:76:40 | # $ hasValueFlow=26 | Missing result:hasValueFlow=26 |
| instance_variables.rb:81:22:81:40 | # $ hasValueFlow=27 | Missing result:hasValueFlow=27 |
| instance_variables.rb:82:23:82:41 | # $ hasValueFlow=27 | Missing result:hasValueFlow=27 |
| instance_variables.rb:90:23:90:41 | # $ hasValueFlow=28 | Missing result:hasValueFlow=28 |
| instance_variables.rb:94:23:94:41 | # $ hasValueFlow=28 | Missing result:hasValueFlow=28 |
| instance_variables.rb:99:23:99:41 | # $ hasValueFlow=28 | Missing result:hasValueFlow=28 |
| instance_variables.rb:102:23:102:41 | # $ hasValueFlow=29 | Missing result:hasValueFlow=29 |
| instance_variables.rb:105:23:105:41 | # $ hasValueFlow=30 | Missing result:hasValueFlow=30 |
| instance_variables.rb:36:36:36:54 | # $ hasValueFlow=34 | Missing result:hasValueFlow=34 |
| instance_variables.rb:39:36:39:54 | # $ hasValueFlow=35 | Missing result:hasValueFlow=35 |
| instance_variables.rb:49:14:49:14 | x | Unexpected result: hasValueFlow=30 |
| instance_variables.rb:49:14:49:14 | x | Unexpected result: hasValueFlow=35 |
| instance_variables.rb:55:21:55:39 | # $ hasValueFlow=42 | Missing result:hasValueFlow=42 |
| instance_variables.rb:67:22:67:40 | # $ hasValueFlow=21 | Missing result:hasValueFlow=21 |
| instance_variables.rb:71:18:71:36 | # $ hasValueFlow=22 | Missing result:hasValueFlow=22 |
| instance_variables.rb:79:22:79:40 | # $ hasValueFlow=24 | Missing result:hasValueFlow=24 |
| instance_variables.rb:83:22:83:40 | # $ hasValueFlow=22 | Missing result:hasValueFlow=22 |
| instance_variables.rb:84:22:84:40 | # $ hasValueFlow=24 | Missing result:hasValueFlow=24 |
| instance_variables.rb:85:22:85:40 | # $ hasValueFlow=25 | Missing result:hasValueFlow=25 |
| instance_variables.rb:90:22:90:40 | # $ hasValueFlow=26 | Missing result:hasValueFlow=26 |
| instance_variables.rb:91:22:91:40 | # $ hasValueFlow=26 | Missing result:hasValueFlow=26 |
| instance_variables.rb:96:22:96:40 | # $ hasValueFlow=27 | Missing result:hasValueFlow=27 |
| instance_variables.rb:97:23:97:41 | # $ hasValueFlow=27 | Missing result:hasValueFlow=27 |
| instance_variables.rb:105:23:105:41 | # $ hasValueFlow=28 | Missing result:hasValueFlow=28 |
| instance_variables.rb:109:23:109:41 | # $ hasValueFlow=28 | Missing result:hasValueFlow=28 |
| instance_variables.rb:114:23:114:41 | # $ hasValueFlow=28 | Missing result:hasValueFlow=28 |
| instance_variables.rb:117:23:117:41 | # $ hasValueFlow=29 | Missing result:hasValueFlow=29 |
| instance_variables.rb:120:23:120:41 | # $ hasValueFlow=30 | Missing result:hasValueFlow=30 |

15
ruby/ql/test/library-tests/dataflow/global/instance_variables.rb
View File

@@ -27,14 +27,29 @@ class Foo
def call_initialize(field)
initialize(field)
end
def self.bar x
new(taint(36))
new(x)
end
sink(new(taint(34)).get_field) # $ hasValueFlow=34
end
sink(Foo.bar(taint(35)).get_field) # $ hasValueFlow=35
class Bar < Foo
def self.new arg
taint(32)
end
end
class Baz < Foo
def initialize x
sink x # $ hasValueFlow=36
end
end
foo = Foo.new
foo.set_field(taint(42))
sink(foo.get_field) # $ hasValueFlow=42

27
ruby/ql/test/query-tests/security/cwe-089/ActiveRecordInjection.rb
View File

@@ -90,6 +90,10 @@ class FooController < ActionController::Base
# BAD: executes `UPDATE "users" SET #{params[:fields]}`
# where `params[:fields]` is unsanitized
User.update_all(params[:fields])
User.reorder(params[:direction])
User.count_by_sql(params[:custom_sql_query])
end
end
@@ -151,3 +155,26 @@ class AnnotatedController < ActionController::Base
users = User.annotate("this is an unsafe annotation:#{params[:comment]}").find_by(user_name: name)
end
end
# A regression test
class Regression < ActiveRecord::Base
end
class RegressionController < ActionController::Base
def index
my_params = permitted_params
query = "SELECT * FROM users WHERE id = #{my_params[:user_id]}"
result = Regression.find_by_sql(query)
end
def permitted_params
params.require(:my_key).permit(:id, :user_id, :my_type)
end
def show
ActiveRecord::Base.connection.execute("SELECT * FROM users WHERE id = #{permitted_params[:user_id]}")
Regression.connection.execute("SELECT * FROM users WHERE id = #{permitted_params[:user_id]}")
end
end

74
ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected
View File

@@ -26,13 +26,27 @@ edges
| ActiveRecordInjection.rb:84:19:84:24 | call to params : | ActiveRecordInjection.rb:84:19:84:33 | ...[...] |
| ActiveRecordInjection.rb:88:18:88:23 | call to params : | ActiveRecordInjection.rb:88:18:88:35 | ...[...] |
| ActiveRecordInjection.rb:92:21:92:26 | call to params : | ActiveRecordInjection.rb:92:21:92:35 | ...[...] |
| ActiveRecordInjection.rb:98:10:98:15 | call to params : | ActiveRecordInjection.rb:99:11:99:12 | ps : |
| ActiveRecordInjection.rb:99:11:99:12 | ps : | ActiveRecordInjection.rb:99:11:99:17 | ...[...] : |
| ActiveRecordInjection.rb:99:11:99:17 | ...[...] : | ActiveRecordInjection.rb:104:20:104:32 | ... + ... |
| ActiveRecordInjection.rb:137:21:137:26 | call to params : | ActiveRecordInjection.rb:137:21:137:44 | ...[...] : |
| ActiveRecordInjection.rb:137:21:137:44 | ...[...] : | ActiveRecordInjection.rb:20:22:20:30 | condition : |
| ActiveRecordInjection.rb:151:59:151:64 | call to params : | ActiveRecordInjection.rb:151:59:151:74 | ...[...] : |
| ActiveRecordInjection.rb:151:59:151:74 | ...[...] : | ActiveRecordInjection.rb:151:27:151:76 | "this is an unsafe annotation:..." |
| ActiveRecordInjection.rb:94:18:94:23 | call to params : | ActiveRecordInjection.rb:94:18:94:35 | ...[...] |
| ActiveRecordInjection.rb:96:23:96:28 | call to params : | ActiveRecordInjection.rb:96:23:96:47 | ...[...] |
| ActiveRecordInjection.rb:102:10:102:15 | call to params : | ActiveRecordInjection.rb:103:11:103:12 | ps : |
| ActiveRecordInjection.rb:103:11:103:12 | ps : | ActiveRecordInjection.rb:103:11:103:17 | ...[...] : |
| ActiveRecordInjection.rb:103:11:103:17 | ...[...] : | ActiveRecordInjection.rb:108:20:108:32 | ... + ... |
| ActiveRecordInjection.rb:141:21:141:26 | call to params : | ActiveRecordInjection.rb:141:21:141:44 | ...[...] : |
| ActiveRecordInjection.rb:141:21:141:44 | ...[...] : | ActiveRecordInjection.rb:20:22:20:30 | condition : |
| ActiveRecordInjection.rb:155:59:155:64 | call to params : | ActiveRecordInjection.rb:155:59:155:74 | ...[...] : |
| ActiveRecordInjection.rb:155:59:155:74 | ...[...] : | ActiveRecordInjection.rb:155:27:155:76 | "this is an unsafe annotation:..." |
| ActiveRecordInjection.rb:166:17:166:32 | call to permitted_params : | ActiveRecordInjection.rb:167:47:167:55 | my_params : |
| ActiveRecordInjection.rb:167:47:167:55 | my_params : | ActiveRecordInjection.rb:167:47:167:65 | ...[...] : |
| ActiveRecordInjection.rb:167:47:167:65 | ...[...] : | ActiveRecordInjection.rb:168:37:168:41 | query |
| ActiveRecordInjection.rb:173:5:173:10 | call to params : | ActiveRecordInjection.rb:173:5:173:27 | call to require : |
| ActiveRecordInjection.rb:173:5:173:27 | call to require : | ActiveRecordInjection.rb:173:5:173:59 | call to permit : |
| ActiveRecordInjection.rb:173:5:173:59 | call to permit : | ActiveRecordInjection.rb:166:17:166:32 | call to permitted_params : |
| ActiveRecordInjection.rb:173:5:173:59 | call to permit : | ActiveRecordInjection.rb:177:77:177:92 | call to permitted_params : |
| ActiveRecordInjection.rb:173:5:173:59 | call to permit : | ActiveRecordInjection.rb:178:69:178:84 | call to permitted_params : |
| ActiveRecordInjection.rb:177:77:177:92 | call to permitted_params : | ActiveRecordInjection.rb:177:77:177:102 | ...[...] : |
| ActiveRecordInjection.rb:177:77:177:102 | ...[...] : | ActiveRecordInjection.rb:177:43:177:104 | "SELECT * FROM users WHERE id ..." |
| ActiveRecordInjection.rb:178:69:178:84 | call to permitted_params : | ActiveRecordInjection.rb:178:69:178:94 | ...[...] : |
| ActiveRecordInjection.rb:178:69:178:94 | ...[...] : | ActiveRecordInjection.rb:178:35:178:96 | "SELECT * FROM users WHERE id ..." |
| ArelInjection.rb:4:12:4:17 | call to params : | ArelInjection.rb:4:12:4:29 | ...[...] : |
| ArelInjection.rb:4:12:4:29 | ...[...] : | ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." |
nodes
@@ -78,15 +92,32 @@ nodes
| ActiveRecordInjection.rb:88:18:88:35 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:92:21:92:26 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:92:21:92:35 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:98:10:98:15 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:99:11:99:12 | ps : | semmle.label | ps : |
| ActiveRecordInjection.rb:99:11:99:17 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:104:20:104:32 | ... + ... | semmle.label | ... + ... |
| ActiveRecordInjection.rb:137:21:137:26 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:137:21:137:44 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:151:27:151:76 | "this is an unsafe annotation:..." | semmle.label | "this is an unsafe annotation:..." |
| ActiveRecordInjection.rb:151:59:151:64 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:151:59:151:74 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:94:18:94:23 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:94:18:94:35 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:96:23:96:28 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:96:23:96:47 | ...[...] | semmle.label | ...[...] |
| ActiveRecordInjection.rb:102:10:102:15 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:103:11:103:12 | ps : | semmle.label | ps : |
| ActiveRecordInjection.rb:103:11:103:17 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:108:20:108:32 | ... + ... | semmle.label | ... + ... |
| ActiveRecordInjection.rb:141:21:141:26 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:141:21:141:44 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:155:27:155:76 | "this is an unsafe annotation:..." | semmle.label | "this is an unsafe annotation:..." |
| ActiveRecordInjection.rb:155:59:155:64 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:155:59:155:74 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:166:17:166:32 | call to permitted_params : | semmle.label | call to permitted_params : |
| ActiveRecordInjection.rb:167:47:167:55 | my_params : | semmle.label | my_params : |
| ActiveRecordInjection.rb:167:47:167:65 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:168:37:168:41 | query | semmle.label | query |
| ActiveRecordInjection.rb:173:5:173:10 | call to params : | semmle.label | call to params : |
| ActiveRecordInjection.rb:173:5:173:27 | call to require : | semmle.label | call to require : |
| ActiveRecordInjection.rb:173:5:173:59 | call to permit : | semmle.label | call to permit : |
| ActiveRecordInjection.rb:177:43:177:104 | "SELECT * FROM users WHERE id ..." | semmle.label | "SELECT * FROM users WHERE id ..." |
| ActiveRecordInjection.rb:177:77:177:92 | call to permitted_params : | semmle.label | call to permitted_params : |
| ActiveRecordInjection.rb:177:77:177:102 | ...[...] : | semmle.label | ...[...] : |
| ActiveRecordInjection.rb:178:35:178:96 | "SELECT * FROM users WHERE id ..." | semmle.label | "SELECT * FROM users WHERE id ..." |
| ActiveRecordInjection.rb:178:69:178:84 | call to permitted_params : | semmle.label | call to permitted_params : |
| ActiveRecordInjection.rb:178:69:178:94 | ...[...] : | semmle.label | ...[...] : |
| ArelInjection.rb:4:12:4:17 | call to params : | semmle.label | call to params : |
| ArelInjection.rb:4:12:4:29 | ...[...] : | semmle.label | ...[...] : |
| ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | semmle.label | "SELECT * FROM users WHERE nam..." |
@@ -94,7 +125,7 @@ subpaths
#select
| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:70:23:70:28 | call to params : | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:70:23:70:28 | call to params | user-provided value |
| ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:70:38:70:43 | call to params : | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:70:38:70:43 | call to params | user-provided value |
| ActiveRecordInjection.rb:23:16:23:24 | condition | ActiveRecordInjection.rb:137:21:137:26 | call to params : | ActiveRecordInjection.rb:23:16:23:24 | condition | This SQL query depends on a $@. | ActiveRecordInjection.rb:137:21:137:26 | call to params | user-provided value |
| ActiveRecordInjection.rb:23:16:23:24 | condition | ActiveRecordInjection.rb:141:21:141:26 | call to params : | ActiveRecordInjection.rb:23:16:23:24 | condition | This SQL query depends on a $@. | ActiveRecordInjection.rb:141:21:141:26 | call to params | user-provided value |
| ActiveRecordInjection.rb:35:30:35:44 | ...[...] | ActiveRecordInjection.rb:35:30:35:35 | call to params : | ActiveRecordInjection.rb:35:30:35:44 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:35:30:35:35 | call to params | user-provided value |
| ActiveRecordInjection.rb:39:18:39:32 | ...[...] | ActiveRecordInjection.rb:39:18:39:23 | call to params : | ActiveRecordInjection.rb:39:18:39:32 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:39:18:39:23 | call to params | user-provided value |
| ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" | ActiveRecordInjection.rb:43:29:43:34 | call to params : | ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:43:29:43:34 | call to params | user-provided value |
@@ -108,6 +139,11 @@ subpaths
| ActiveRecordInjection.rb:84:19:84:33 | ...[...] | ActiveRecordInjection.rb:84:19:84:24 | call to params : | ActiveRecordInjection.rb:84:19:84:33 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:84:19:84:24 | call to params | user-provided value |
| ActiveRecordInjection.rb:88:18:88:35 | ...[...] | ActiveRecordInjection.rb:88:18:88:23 | call to params : | ActiveRecordInjection.rb:88:18:88:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:88:18:88:23 | call to params | user-provided value |
| ActiveRecordInjection.rb:92:21:92:35 | ...[...] | ActiveRecordInjection.rb:92:21:92:26 | call to params : | ActiveRecordInjection.rb:92:21:92:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:92:21:92:26 | call to params | user-provided value |
| ActiveRecordInjection.rb:104:20:104:32 | ... + ... | ActiveRecordInjection.rb:98:10:98:15 | call to params : | ActiveRecordInjection.rb:104:20:104:32 | ... + ... | This SQL query depends on a $@. | ActiveRecordInjection.rb:98:10:98:15 | call to params | user-provided value |
| ActiveRecordInjection.rb:151:27:151:76 | "this is an unsafe annotation:..." | ActiveRecordInjection.rb:151:59:151:64 | call to params : | ActiveRecordInjection.rb:151:27:151:76 | "this is an unsafe annotation:..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:151:59:151:64 | call to params | user-provided value |
| ActiveRecordInjection.rb:94:18:94:35 | ...[...] | ActiveRecordInjection.rb:94:18:94:23 | call to params : | ActiveRecordInjection.rb:94:18:94:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:94:18:94:23 | call to params | user-provided value |
| ActiveRecordInjection.rb:96:23:96:47 | ...[...] | ActiveRecordInjection.rb:96:23:96:28 | call to params : | ActiveRecordInjection.rb:96:23:96:47 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:96:23:96:28 | call to params | user-provided value |
| ActiveRecordInjection.rb:108:20:108:32 | ... + ... | ActiveRecordInjection.rb:102:10:102:15 | call to params : | ActiveRecordInjection.rb:108:20:108:32 | ... + ... | This SQL query depends on a $@. | ActiveRecordInjection.rb:102:10:102:15 | call to params | user-provided value |
| ActiveRecordInjection.rb:155:27:155:76 | "this is an unsafe annotation:..." | ActiveRecordInjection.rb:155:59:155:64 | call to params : | ActiveRecordInjection.rb:155:27:155:76 | "this is an unsafe annotation:..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:155:59:155:64 | call to params | user-provided value |
| ActiveRecordInjection.rb:168:37:168:41 | query | ActiveRecordInjection.rb:173:5:173:10 | call to params : | ActiveRecordInjection.rb:168:37:168:41 | query | This SQL query depends on a $@. | ActiveRecordInjection.rb:173:5:173:10 | call to params | user-provided value |
| ActiveRecordInjection.rb:177:43:177:104 | "SELECT * FROM users WHERE id ..." | ActiveRecordInjection.rb:173:5:173:10 | call to params : | ActiveRecordInjection.rb:177:43:177:104 | "SELECT * FROM users WHERE id ..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:173:5:173:10 | call to params | user-provided value |
| ActiveRecordInjection.rb:178:35:178:96 | "SELECT * FROM users WHERE id ..." | ActiveRecordInjection.rb:173:5:173:10 | call to params : | ActiveRecordInjection.rb:178:35:178:96 | "SELECT * FROM users WHERE id ..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:173:5:173:10 | call to params | user-provided value |
| ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | ArelInjection.rb:4:12:4:17 | call to params : | ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | This SQL query depends on a $@. | ArelInjection.rb:4:12:4:17 | call to params | user-provided value |

9
ruby/scripts/create-extractor-pack.ps1
View File

@@ -1,6 +1,9 @@
cd extractor
cargo build --release
cd ..
extractor\target\release\generator --dbscheme ql/lib/ruby.dbscheme --library ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
cargo run --release -p ruby-generator -- --dbscheme ql/lib/ruby.dbscheme --library ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
codeql query format -i ql\lib\codeql/ruby\ast\internal\TreeSitter.qll
rm -Recurse -Force extractor-pack
@@ -9,5 +12,5 @@ cp codeql-extractor.yml, ql\lib\ruby.dbscheme, ql\lib\ruby.dbscheme.stats extrac
cp -Recurse tools extractor-pack
cp -Recurse downgrades extractor-pack
mkdir extractor-pack\tools\win64 | Out-Null
cp target\release\ruby-extractor.exe extractor-pack\tools\win64\extractor.exe
cp target\release\ruby-autobuilder.exe extractor-pack\tools\win64\autobuilder.exe
cp extractor\target\release\extractor.exe extractor-pack\tools\win64\extractor.exe
cp extractor\target\release\autobuilder.exe extractor-pack\tools\win64\autobuilder.exe

8
ruby/scripts/create-extractor-pack.sh
View File

@@ -13,14 +13,14 @@ else
exit 1
fi
"$CARGO" build --release
(cd extractor && "$CARGO" build --release)
extractor/target/release/generator --dbscheme ql/lib/ruby.dbscheme --library ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
"$CARGO" run --release -p ruby-generator -- --dbscheme ql/lib/ruby.dbscheme --library ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
codeql query format -i ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
rm -rf extractor-pack
mkdir -p extractor-pack
cp -r codeql-extractor.yml downgrades tools ql/lib/ruby.dbscheme ql/lib/ruby.dbscheme.stats extractor-pack/
mkdir -p extractor-pack/tools/${platform}
cp target/release/ruby-extractor extractor-pack/tools/${platform}/extractor
cp target/release/ruby-autobuilder extractor-pack/tools/${platform}/autobuilder
cp extractor/target/release/extractor extractor-pack/tools/${platform}/extractor
cp extractor/target/release/autobuilder extractor-pack/tools/${platform}/autobuilder