hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11166 from github/nickrolfe/active_support_flow_summaries

Browse Source 
Ruby: generalise summaries for ActiveSupport Hash extensions
This commit is contained in:
Nick Rolfe
2022-11-10 10:11:48 +00:00
committed by GitHub
parent a8ed6bad34 eb2a487433
commit 2f9f1f73b7
9 changed files with 564 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ruby/ql/lib/change-notes/2022-11-08-activesupport-hash-extensions.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Taint flow through the `ActiveSupport` extensions `Hash#reverse_merge` and `Hash:reverse_merge!`, and their aliases, is now modeled more generally, where previously it was only modeled in the context of `ActionController` parameters.

3
ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
View File

@@ -636,13 +636,14 @@ private module ParamsSummaries {
* Returns current ActionController::Parameters instance with current hash merged into other_hash.
* `#reverse_merge!`
* `#with_defaults!`
* `#reverse_update`
* Returns a new ActionController::Parameters with all keys from current hash merged into other_hash.
*/
private class MergeBangSummary extends SummarizedCallable {
MergeBangSummary() { this = "ActionController::Parameters#merge!" }
override MethodCall getACall() {
result.getMethodName() = ["merge!", "reverse_merge!", "with_defaults!"] and
result.getMethodName() = ["merge!", "reverse_merge!", "with_defaults!", "reverse_update"] and
paramsInstance().getALocalUse().asExpr().getExpr() =
[result.getReceiver(), result.getArgument(0)]
}

26
ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
View File

@@ -120,6 +120,32 @@ module ActiveSupport {
}
}
/**
* Flow summary for `reverse_merge`, and its alias `with_defaults`.
*/
private class ReverseMergeSummary extends SimpleSummarizedCallable {
ReverseMergeSummary() { this = ["reverse_merge", "with_defaults"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Argument[self,0].WithElement[any]" and
output = "ReturnValue" and
preservesValue = true
}
}
/**
* Flow summary for `reverse_merge!`, and its aliases `with_defaults!` and `reverse_update`.
*/
private class ReverseMergeBangSummary extends SimpleSummarizedCallable {
ReverseMergeBangSummary() { this = ["reverse_merge!", "with_defaults!", "reverse_update"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Argument[self,0].WithElement[any]" and
output = ["ReturnValue", "Argument[self]"] and
preservesValue = true
}
}
private class TransformSummary extends SimpleSummarizedCallable {
TransformSummary() {
this =

344
ruby/ql/test/library-tests/dataflow/hash-flow/hash-flow.expected
View File

@@ -612,6 +612,154 @@ edges
| hash_flow.rb:839:11:839:19 | ...[...] : | hash_flow.rb:839:10:839:20 | ( ... ) |
| hash_flow.rb:841:11:841:15 | hash1 [element :f] : | hash_flow.rb:841:11:841:19 | ...[...] : |
| hash_flow.rb:841:11:841:19 | ...[...] : | hash_flow.rb:841:10:841:20 | ( ... ) |
| hash_flow.rb:848:12:848:22 | call to taint : | hash_flow.rb:858:13:858:17 | hash1 [element :a] : |
| hash_flow.rb:848:12:848:22 | call to taint : | hash_flow.rb:867:13:867:17 | hash1 [element :a] : |
| hash_flow.rb:850:12:850:22 | call to taint : | hash_flow.rb:858:13:858:17 | hash1 [element :c] : |
| hash_flow.rb:850:12:850:22 | call to taint : | hash_flow.rb:867:13:867:17 | hash1 [element :c] : |
| hash_flow.rb:853:12:853:22 | call to taint : | hash_flow.rb:858:33:858:37 | hash2 [element :d] : |
| hash_flow.rb:853:12:853:22 | call to taint : | hash_flow.rb:867:33:867:37 | hash2 [element :d] : |
| hash_flow.rb:855:12:855:22 | call to taint : | hash_flow.rb:858:33:858:37 | hash2 [element :f] : |
| hash_flow.rb:855:12:855:22 | call to taint : | hash_flow.rb:867:33:867:37 | hash2 [element :f] : |
| hash_flow.rb:858:13:858:17 | hash1 [element :a] : | hash_flow.rb:858:13:858:38 | call to reverse_merge [element :a] : |
| hash_flow.rb:858:13:858:17 | hash1 [element :c] : | hash_flow.rb:858:13:858:38 | call to reverse_merge [element :c] : |
| hash_flow.rb:858:13:858:38 | call to reverse_merge [element :a] : | hash_flow.rb:859:11:859:15 | hash3 [element :a] : |
| hash_flow.rb:858:13:858:38 | call to reverse_merge [element :c] : | hash_flow.rb:861:11:861:15 | hash3 [element :c] : |
| hash_flow.rb:858:13:858:38 | call to reverse_merge [element :d] : | hash_flow.rb:862:11:862:15 | hash3 [element :d] : |
| hash_flow.rb:858:13:858:38 | call to reverse_merge [element :f] : | hash_flow.rb:864:11:864:15 | hash3 [element :f] : |
| hash_flow.rb:858:33:858:37 | hash2 [element :d] : | hash_flow.rb:858:13:858:38 | call to reverse_merge [element :d] : |
| hash_flow.rb:858:33:858:37 | hash2 [element :f] : | hash_flow.rb:858:13:858:38 | call to reverse_merge [element :f] : |
| hash_flow.rb:859:11:859:15 | hash3 [element :a] : | hash_flow.rb:859:11:859:19 | ...[...] : |
| hash_flow.rb:859:11:859:19 | ...[...] : | hash_flow.rb:859:10:859:20 | ( ... ) |
| hash_flow.rb:861:11:861:15 | hash3 [element :c] : | hash_flow.rb:861:11:861:19 | ...[...] : |
| hash_flow.rb:861:11:861:19 | ...[...] : | hash_flow.rb:861:10:861:20 | ( ... ) |
| hash_flow.rb:862:11:862:15 | hash3 [element :d] : | hash_flow.rb:862:11:862:19 | ...[...] : |
| hash_flow.rb:862:11:862:19 | ...[...] : | hash_flow.rb:862:10:862:20 | ( ... ) |
| hash_flow.rb:864:11:864:15 | hash3 [element :f] : | hash_flow.rb:864:11:864:19 | ...[...] : |
| hash_flow.rb:864:11:864:19 | ...[...] : | hash_flow.rb:864:10:864:20 | ( ... ) |
| hash_flow.rb:867:13:867:17 | hash1 [element :a] : | hash_flow.rb:867:13:867:38 | call to with_defaults [element :a] : |
| hash_flow.rb:867:13:867:17 | hash1 [element :c] : | hash_flow.rb:867:13:867:38 | call to with_defaults [element :c] : |
| hash_flow.rb:867:13:867:38 | call to with_defaults [element :a] : | hash_flow.rb:868:11:868:15 | hash4 [element :a] : |
| hash_flow.rb:867:13:867:38 | call to with_defaults [element :c] : | hash_flow.rb:870:11:870:15 | hash4 [element :c] : |
| hash_flow.rb:867:13:867:38 | call to with_defaults [element :d] : | hash_flow.rb:871:11:871:15 | hash4 [element :d] : |
| hash_flow.rb:867:13:867:38 | call to with_defaults [element :f] : | hash_flow.rb:873:11:873:15 | hash4 [element :f] : |
| hash_flow.rb:867:33:867:37 | hash2 [element :d] : | hash_flow.rb:867:13:867:38 | call to with_defaults [element :d] : |
| hash_flow.rb:867:33:867:37 | hash2 [element :f] : | hash_flow.rb:867:13:867:38 | call to with_defaults [element :f] : |
| hash_flow.rb:868:11:868:15 | hash4 [element :a] : | hash_flow.rb:868:11:868:19 | ...[...] : |
| hash_flow.rb:868:11:868:19 | ...[...] : | hash_flow.rb:868:10:868:20 | ( ... ) |
| hash_flow.rb:870:11:870:15 | hash4 [element :c] : | hash_flow.rb:870:11:870:19 | ...[...] : |
| hash_flow.rb:870:11:870:19 | ...[...] : | hash_flow.rb:870:10:870:20 | ( ... ) |
| hash_flow.rb:871:11:871:15 | hash4 [element :d] : | hash_flow.rb:871:11:871:19 | ...[...] : |
| hash_flow.rb:871:11:871:19 | ...[...] : | hash_flow.rb:871:10:871:20 | ( ... ) |
| hash_flow.rb:873:11:873:15 | hash4 [element :f] : | hash_flow.rb:873:11:873:19 | ...[...] : |
| hash_flow.rb:873:11:873:19 | ...[...] : | hash_flow.rb:873:10:873:20 | ( ... ) |
| hash_flow.rb:880:12:880:22 | call to taint : | hash_flow.rb:890:12:890:16 | hash1 [element :a] : |
| hash_flow.rb:882:12:882:22 | call to taint : | hash_flow.rb:890:12:890:16 | hash1 [element :c] : |
| hash_flow.rb:885:12:885:22 | call to taint : | hash_flow.rb:890:33:890:37 | hash2 [element :d] : |
| hash_flow.rb:887:12:887:22 | call to taint : | hash_flow.rb:890:33:890:37 | hash2 [element :f] : |
| hash_flow.rb:890:12:890:16 | [post] hash1 [element :a] : | hash_flow.rb:898:11:898:15 | hash1 [element :a] : |
| hash_flow.rb:890:12:890:16 | [post] hash1 [element :c] : | hash_flow.rb:900:11:900:15 | hash1 [element :c] : |
| hash_flow.rb:890:12:890:16 | [post] hash1 [element :d] : | hash_flow.rb:901:11:901:15 | hash1 [element :d] : |
| hash_flow.rb:890:12:890:16 | [post] hash1 [element :f] : | hash_flow.rb:903:11:903:15 | hash1 [element :f] : |
| hash_flow.rb:890:12:890:16 | hash1 [element :a] : | hash_flow.rb:890:12:890:16 | [post] hash1 [element :a] : |
| hash_flow.rb:890:12:890:16 | hash1 [element :a] : | hash_flow.rb:890:12:890:38 | call to reverse_merge! [element :a] : |
| hash_flow.rb:890:12:890:16 | hash1 [element :c] : | hash_flow.rb:890:12:890:16 | [post] hash1 [element :c] : |
| hash_flow.rb:890:12:890:16 | hash1 [element :c] : | hash_flow.rb:890:12:890:38 | call to reverse_merge! [element :c] : |
| hash_flow.rb:890:12:890:38 | call to reverse_merge! [element :a] : | hash_flow.rb:891:11:891:14 | hash [element :a] : |
| hash_flow.rb:890:12:890:38 | call to reverse_merge! [element :c] : | hash_flow.rb:893:11:893:14 | hash [element :c] : |
| hash_flow.rb:890:12:890:38 | call to reverse_merge! [element :d] : | hash_flow.rb:894:11:894:14 | hash [element :d] : |
| hash_flow.rb:890:12:890:38 | call to reverse_merge! [element :f] : | hash_flow.rb:896:11:896:14 | hash [element :f] : |
| hash_flow.rb:890:33:890:37 | hash2 [element :d] : | hash_flow.rb:890:12:890:16 | [post] hash1 [element :d] : |
| hash_flow.rb:890:33:890:37 | hash2 [element :d] : | hash_flow.rb:890:12:890:38 | call to reverse_merge! [element :d] : |
| hash_flow.rb:890:33:890:37 | hash2 [element :f] : | hash_flow.rb:890:12:890:16 | [post] hash1 [element :f] : |
| hash_flow.rb:890:33:890:37 | hash2 [element :f] : | hash_flow.rb:890:12:890:38 | call to reverse_merge! [element :f] : |
| hash_flow.rb:891:11:891:14 | hash [element :a] : | hash_flow.rb:891:11:891:18 | ...[...] : |
| hash_flow.rb:891:11:891:18 | ...[...] : | hash_flow.rb:891:10:891:19 | ( ... ) |
| hash_flow.rb:893:11:893:14 | hash [element :c] : | hash_flow.rb:893:11:893:18 | ...[...] : |
| hash_flow.rb:893:11:893:18 | ...[...] : | hash_flow.rb:893:10:893:19 | ( ... ) |
| hash_flow.rb:894:11:894:14 | hash [element :d] : | hash_flow.rb:894:11:894:18 | ...[...] : |
| hash_flow.rb:894:11:894:18 | ...[...] : | hash_flow.rb:894:10:894:19 | ( ... ) |
| hash_flow.rb:896:11:896:14 | hash [element :f] : | hash_flow.rb:896:11:896:18 | ...[...] : |
| hash_flow.rb:896:11:896:18 | ...[...] : | hash_flow.rb:896:10:896:19 | ( ... ) |
| hash_flow.rb:898:11:898:15 | hash1 [element :a] : | hash_flow.rb:898:11:898:19 | ...[...] : |
| hash_flow.rb:898:11:898:19 | ...[...] : | hash_flow.rb:898:10:898:20 | ( ... ) |
| hash_flow.rb:900:11:900:15 | hash1 [element :c] : | hash_flow.rb:900:11:900:19 | ...[...] : |
| hash_flow.rb:900:11:900:19 | ...[...] : | hash_flow.rb:900:10:900:20 | ( ... ) |
| hash_flow.rb:901:11:901:15 | hash1 [element :d] : | hash_flow.rb:901:11:901:19 | ...[...] : |
| hash_flow.rb:901:11:901:19 | ...[...] : | hash_flow.rb:901:10:901:20 | ( ... ) |
| hash_flow.rb:903:11:903:15 | hash1 [element :f] : | hash_flow.rb:903:11:903:19 | ...[...] : |
| hash_flow.rb:903:11:903:19 | ...[...] : | hash_flow.rb:903:10:903:20 | ( ... ) |
| hash_flow.rb:910:12:910:22 | call to taint : | hash_flow.rb:920:12:920:16 | hash1 [element :a] : |
| hash_flow.rb:912:12:912:22 | call to taint : | hash_flow.rb:920:12:920:16 | hash1 [element :c] : |
| hash_flow.rb:915:12:915:22 | call to taint : | hash_flow.rb:920:33:920:37 | hash2 [element :d] : |
| hash_flow.rb:917:12:917:22 | call to taint : | hash_flow.rb:920:33:920:37 | hash2 [element :f] : |
| hash_flow.rb:920:12:920:16 | [post] hash1 [element :a] : | hash_flow.rb:928:11:928:15 | hash1 [element :a] : |
| hash_flow.rb:920:12:920:16 | [post] hash1 [element :c] : | hash_flow.rb:930:11:930:15 | hash1 [element :c] : |
| hash_flow.rb:920:12:920:16 | [post] hash1 [element :d] : | hash_flow.rb:931:11:931:15 | hash1 [element :d] : |
| hash_flow.rb:920:12:920:16 | [post] hash1 [element :f] : | hash_flow.rb:933:11:933:15 | hash1 [element :f] : |
| hash_flow.rb:920:12:920:16 | hash1 [element :a] : | hash_flow.rb:920:12:920:16 | [post] hash1 [element :a] : |
| hash_flow.rb:920:12:920:16 | hash1 [element :a] : | hash_flow.rb:920:12:920:38 | call to with_defaults! [element :a] : |
| hash_flow.rb:920:12:920:16 | hash1 [element :c] : | hash_flow.rb:920:12:920:16 | [post] hash1 [element :c] : |
| hash_flow.rb:920:12:920:16 | hash1 [element :c] : | hash_flow.rb:920:12:920:38 | call to with_defaults! [element :c] : |
| hash_flow.rb:920:12:920:38 | call to with_defaults! [element :a] : | hash_flow.rb:921:11:921:14 | hash [element :a] : |
| hash_flow.rb:920:12:920:38 | call to with_defaults! [element :c] : | hash_flow.rb:923:11:923:14 | hash [element :c] : |
| hash_flow.rb:920:12:920:38 | call to with_defaults! [element :d] : | hash_flow.rb:924:11:924:14 | hash [element :d] : |
| hash_flow.rb:920:12:920:38 | call to with_defaults! [element :f] : | hash_flow.rb:926:11:926:14 | hash [element :f] : |
| hash_flow.rb:920:33:920:37 | hash2 [element :d] : | hash_flow.rb:920:12:920:16 | [post] hash1 [element :d] : |
| hash_flow.rb:920:33:920:37 | hash2 [element :d] : | hash_flow.rb:920:12:920:38 | call to with_defaults! [element :d] : |
| hash_flow.rb:920:33:920:37 | hash2 [element :f] : | hash_flow.rb:920:12:920:16 | [post] hash1 [element :f] : |
| hash_flow.rb:920:33:920:37 | hash2 [element :f] : | hash_flow.rb:920:12:920:38 | call to with_defaults! [element :f] : |
| hash_flow.rb:921:11:921:14 | hash [element :a] : | hash_flow.rb:921:11:921:18 | ...[...] : |
| hash_flow.rb:921:11:921:18 | ...[...] : | hash_flow.rb:921:10:921:19 | ( ... ) |
| hash_flow.rb:923:11:923:14 | hash [element :c] : | hash_flow.rb:923:11:923:18 | ...[...] : |
| hash_flow.rb:923:11:923:18 | ...[...] : | hash_flow.rb:923:10:923:19 | ( ... ) |
| hash_flow.rb:924:11:924:14 | hash [element :d] : | hash_flow.rb:924:11:924:18 | ...[...] : |
| hash_flow.rb:924:11:924:18 | ...[...] : | hash_flow.rb:924:10:924:19 | ( ... ) |
| hash_flow.rb:926:11:926:14 | hash [element :f] : | hash_flow.rb:926:11:926:18 | ...[...] : |
| hash_flow.rb:926:11:926:18 | ...[...] : | hash_flow.rb:926:10:926:19 | ( ... ) |
| hash_flow.rb:928:11:928:15 | hash1 [element :a] : | hash_flow.rb:928:11:928:19 | ...[...] : |
| hash_flow.rb:928:11:928:19 | ...[...] : | hash_flow.rb:928:10:928:20 | ( ... ) |
| hash_flow.rb:930:11:930:15 | hash1 [element :c] : | hash_flow.rb:930:11:930:19 | ...[...] : |
| hash_flow.rb:930:11:930:19 | ...[...] : | hash_flow.rb:930:10:930:20 | ( ... ) |
| hash_flow.rb:931:11:931:15 | hash1 [element :d] : | hash_flow.rb:931:11:931:19 | ...[...] : |
| hash_flow.rb:931:11:931:19 | ...[...] : | hash_flow.rb:931:10:931:20 | ( ... ) |
| hash_flow.rb:933:11:933:15 | hash1 [element :f] : | hash_flow.rb:933:11:933:19 | ...[...] : |
| hash_flow.rb:933:11:933:19 | ...[...] : | hash_flow.rb:933:10:933:20 | ( ... ) |
| hash_flow.rb:940:12:940:22 | call to taint : | hash_flow.rb:950:12:950:16 | hash1 [element :a] : |
| hash_flow.rb:942:12:942:22 | call to taint : | hash_flow.rb:950:12:950:16 | hash1 [element :c] : |
| hash_flow.rb:945:12:945:22 | call to taint : | hash_flow.rb:950:33:950:37 | hash2 [element :d] : |
| hash_flow.rb:947:12:947:22 | call to taint : | hash_flow.rb:950:33:950:37 | hash2 [element :f] : |
| hash_flow.rb:950:12:950:16 | [post] hash1 [element :a] : | hash_flow.rb:958:11:958:15 | hash1 [element :a] : |
| hash_flow.rb:950:12:950:16 | [post] hash1 [element :c] : | hash_flow.rb:960:11:960:15 | hash1 [element :c] : |
| hash_flow.rb:950:12:950:16 | [post] hash1 [element :d] : | hash_flow.rb:961:11:961:15 | hash1 [element :d] : |
| hash_flow.rb:950:12:950:16 | [post] hash1 [element :f] : | hash_flow.rb:963:11:963:15 | hash1 [element :f] : |
| hash_flow.rb:950:12:950:16 | hash1 [element :a] : | hash_flow.rb:950:12:950:16 | [post] hash1 [element :a] : |
| hash_flow.rb:950:12:950:16 | hash1 [element :a] : | hash_flow.rb:950:12:950:38 | call to with_defaults! [element :a] : |
| hash_flow.rb:950:12:950:16 | hash1 [element :c] : | hash_flow.rb:950:12:950:16 | [post] hash1 [element :c] : |
| hash_flow.rb:950:12:950:16 | hash1 [element :c] : | hash_flow.rb:950:12:950:38 | call to with_defaults! [element :c] : |
| hash_flow.rb:950:12:950:38 | call to with_defaults! [element :a] : | hash_flow.rb:951:11:951:14 | hash [element :a] : |
| hash_flow.rb:950:12:950:38 | call to with_defaults! [element :c] : | hash_flow.rb:953:11:953:14 | hash [element :c] : |
| hash_flow.rb:950:12:950:38 | call to with_defaults! [element :d] : | hash_flow.rb:954:11:954:14 | hash [element :d] : |
| hash_flow.rb:950:12:950:38 | call to with_defaults! [element :f] : | hash_flow.rb:956:11:956:14 | hash [element :f] : |
| hash_flow.rb:950:33:950:37 | hash2 [element :d] : | hash_flow.rb:950:12:950:16 | [post] hash1 [element :d] : |
| hash_flow.rb:950:33:950:37 | hash2 [element :d] : | hash_flow.rb:950:12:950:38 | call to with_defaults! [element :d] : |
| hash_flow.rb:950:33:950:37 | hash2 [element :f] : | hash_flow.rb:950:12:950:16 | [post] hash1 [element :f] : |
| hash_flow.rb:950:33:950:37 | hash2 [element :f] : | hash_flow.rb:950:12:950:38 | call to with_defaults! [element :f] : |
| hash_flow.rb:951:11:951:14 | hash [element :a] : | hash_flow.rb:951:11:951:18 | ...[...] : |
| hash_flow.rb:951:11:951:18 | ...[...] : | hash_flow.rb:951:10:951:19 | ( ... ) |
| hash_flow.rb:953:11:953:14 | hash [element :c] : | hash_flow.rb:953:11:953:18 | ...[...] : |
| hash_flow.rb:953:11:953:18 | ...[...] : | hash_flow.rb:953:10:953:19 | ( ... ) |
| hash_flow.rb:954:11:954:14 | hash [element :d] : | hash_flow.rb:954:11:954:18 | ...[...] : |
| hash_flow.rb:954:11:954:18 | ...[...] : | hash_flow.rb:954:10:954:19 | ( ... ) |
| hash_flow.rb:956:11:956:14 | hash [element :f] : | hash_flow.rb:956:11:956:18 | ...[...] : |
| hash_flow.rb:956:11:956:18 | ...[...] : | hash_flow.rb:956:10:956:19 | ( ... ) |
| hash_flow.rb:958:11:958:15 | hash1 [element :a] : | hash_flow.rb:958:11:958:19 | ...[...] : |
| hash_flow.rb:958:11:958:19 | ...[...] : | hash_flow.rb:958:10:958:20 | ( ... ) |
| hash_flow.rb:960:11:960:15 | hash1 [element :c] : | hash_flow.rb:960:11:960:19 | ...[...] : |
| hash_flow.rb:960:11:960:19 | ...[...] : | hash_flow.rb:960:10:960:20 | ( ... ) |
| hash_flow.rb:961:11:961:15 | hash1 [element :d] : | hash_flow.rb:961:11:961:19 | ...[...] : |
| hash_flow.rb:961:11:961:19 | ...[...] : | hash_flow.rb:961:10:961:20 | ( ... ) |
| hash_flow.rb:963:11:963:15 | hash1 [element :f] : | hash_flow.rb:963:11:963:19 | ...[...] : |
| hash_flow.rb:963:11:963:19 | ...[...] : | hash_flow.rb:963:10:963:20 | ( ... ) |
nodes
| hash_flow.rb:11:15:11:24 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:13:12:13:21 | call to taint : | semmle.label | call to taint : |
@@ -1282,6 +1430,170 @@ nodes
| hash_flow.rb:841:10:841:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:841:11:841:15 | hash1 [element :f] : | semmle.label | hash1 [element :f] : |
| hash_flow.rb:841:11:841:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:848:12:848:22 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:850:12:850:22 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:853:12:853:22 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:855:12:855:22 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:858:13:858:17 | hash1 [element :a] : | semmle.label | hash1 [element :a] : |
| hash_flow.rb:858:13:858:17 | hash1 [element :c] : | semmle.label | hash1 [element :c] : |
| hash_flow.rb:858:13:858:38 | call to reverse_merge [element :a] : | semmle.label | call to reverse_merge [element :a] : |
| hash_flow.rb:858:13:858:38 | call to reverse_merge [element :c] : | semmle.label | call to reverse_merge [element :c] : |
| hash_flow.rb:858:13:858:38 | call to reverse_merge [element :d] : | semmle.label | call to reverse_merge [element :d] : |
| hash_flow.rb:858:13:858:38 | call to reverse_merge [element :f] : | semmle.label | call to reverse_merge [element :f] : |
| hash_flow.rb:858:33:858:37 | hash2 [element :d] : | semmle.label | hash2 [element :d] : |
| hash_flow.rb:858:33:858:37 | hash2 [element :f] : | semmle.label | hash2 [element :f] : |
| hash_flow.rb:859:10:859:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:859:11:859:15 | hash3 [element :a] : | semmle.label | hash3 [element :a] : |
| hash_flow.rb:859:11:859:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:861:10:861:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:861:11:861:15 | hash3 [element :c] : | semmle.label | hash3 [element :c] : |
| hash_flow.rb:861:11:861:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:862:10:862:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:862:11:862:15 | hash3 [element :d] : | semmle.label | hash3 [element :d] : |
| hash_flow.rb:862:11:862:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:864:10:864:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:864:11:864:15 | hash3 [element :f] : | semmle.label | hash3 [element :f] : |
| hash_flow.rb:864:11:864:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:867:13:867:17 | hash1 [element :a] : | semmle.label | hash1 [element :a] : |
| hash_flow.rb:867:13:867:17 | hash1 [element :c] : | semmle.label | hash1 [element :c] : |
| hash_flow.rb:867:13:867:38 | call to with_defaults [element :a] : | semmle.label | call to with_defaults [element :a] : |
| hash_flow.rb:867:13:867:38 | call to with_defaults [element :c] : | semmle.label | call to with_defaults [element :c] : |
| hash_flow.rb:867:13:867:38 | call to with_defaults [element :d] : | semmle.label | call to with_defaults [element :d] : |
| hash_flow.rb:867:13:867:38 | call to with_defaults [element :f] : | semmle.label | call to with_defaults [element :f] : |
| hash_flow.rb:867:33:867:37 | hash2 [element :d] : | semmle.label | hash2 [element :d] : |
| hash_flow.rb:867:33:867:37 | hash2 [element :f] : | semmle.label | hash2 [element :f] : |
| hash_flow.rb:868:10:868:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:868:11:868:15 | hash4 [element :a] : | semmle.label | hash4 [element :a] : |
| hash_flow.rb:868:11:868:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:870:10:870:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:870:11:870:15 | hash4 [element :c] : | semmle.label | hash4 [element :c] : |
| hash_flow.rb:870:11:870:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:871:10:871:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:871:11:871:15 | hash4 [element :d] : | semmle.label | hash4 [element :d] : |
| hash_flow.rb:871:11:871:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:873:10:873:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:873:11:873:15 | hash4 [element :f] : | semmle.label | hash4 [element :f] : |
| hash_flow.rb:873:11:873:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:880:12:880:22 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:882:12:882:22 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:885:12:885:22 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:887:12:887:22 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:890:12:890:16 | [post] hash1 [element :a] : | semmle.label | [post] hash1 [element :a] : |
| hash_flow.rb:890:12:890:16 | [post] hash1 [element :c] : | semmle.label | [post] hash1 [element :c] : |
| hash_flow.rb:890:12:890:16 | [post] hash1 [element :d] : | semmle.label | [post] hash1 [element :d] : |
| hash_flow.rb:890:12:890:16 | [post] hash1 [element :f] : | semmle.label | [post] hash1 [element :f] : |
| hash_flow.rb:890:12:890:16 | hash1 [element :a] : | semmle.label | hash1 [element :a] : |
| hash_flow.rb:890:12:890:16 | hash1 [element :c] : | semmle.label | hash1 [element :c] : |
| hash_flow.rb:890:12:890:38 | call to reverse_merge! [element :a] : | semmle.label | call to reverse_merge! [element :a] : |
| hash_flow.rb:890:12:890:38 | call to reverse_merge! [element :c] : | semmle.label | call to reverse_merge! [element :c] : |
| hash_flow.rb:890:12:890:38 | call to reverse_merge! [element :d] : | semmle.label | call to reverse_merge! [element :d] : |
| hash_flow.rb:890:12:890:38 | call to reverse_merge! [element :f] : | semmle.label | call to reverse_merge! [element :f] : |
| hash_flow.rb:890:33:890:37 | hash2 [element :d] : | semmle.label | hash2 [element :d] : |
| hash_flow.rb:890:33:890:37 | hash2 [element :f] : | semmle.label | hash2 [element :f] : |
| hash_flow.rb:891:10:891:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:891:11:891:14 | hash [element :a] : | semmle.label | hash [element :a] : |
| hash_flow.rb:891:11:891:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:893:10:893:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:893:11:893:14 | hash [element :c] : | semmle.label | hash [element :c] : |
| hash_flow.rb:893:11:893:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:894:10:894:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:894:11:894:14 | hash [element :d] : | semmle.label | hash [element :d] : |
| hash_flow.rb:894:11:894:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:896:10:896:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:896:11:896:14 | hash [element :f] : | semmle.label | hash [element :f] : |
| hash_flow.rb:896:11:896:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:898:10:898:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:898:11:898:15 | hash1 [element :a] : | semmle.label | hash1 [element :a] : |
| hash_flow.rb:898:11:898:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:900:10:900:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:900:11:900:15 | hash1 [element :c] : | semmle.label | hash1 [element :c] : |
| hash_flow.rb:900:11:900:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:901:10:901:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:901:11:901:15 | hash1 [element :d] : | semmle.label | hash1 [element :d] : |
| hash_flow.rb:901:11:901:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:903:10:903:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:903:11:903:15 | hash1 [element :f] : | semmle.label | hash1 [element :f] : |
| hash_flow.rb:903:11:903:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:910:12:910:22 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:912:12:912:22 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:915:12:915:22 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:917:12:917:22 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:920:12:920:16 | [post] hash1 [element :a] : | semmle.label | [post] hash1 [element :a] : |
| hash_flow.rb:920:12:920:16 | [post] hash1 [element :c] : | semmle.label | [post] hash1 [element :c] : |
| hash_flow.rb:920:12:920:16 | [post] hash1 [element :d] : | semmle.label | [post] hash1 [element :d] : |
| hash_flow.rb:920:12:920:16 | [post] hash1 [element :f] : | semmle.label | [post] hash1 [element :f] : |
| hash_flow.rb:920:12:920:16 | hash1 [element :a] : | semmle.label | hash1 [element :a] : |
| hash_flow.rb:920:12:920:16 | hash1 [element :c] : | semmle.label | hash1 [element :c] : |
| hash_flow.rb:920:12:920:38 | call to with_defaults! [element :a] : | semmle.label | call to with_defaults! [element :a] : |
| hash_flow.rb:920:12:920:38 | call to with_defaults! [element :c] : | semmle.label | call to with_defaults! [element :c] : |
| hash_flow.rb:920:12:920:38 | call to with_defaults! [element :d] : | semmle.label | call to with_defaults! [element :d] : |
| hash_flow.rb:920:12:920:38 | call to with_defaults! [element :f] : | semmle.label | call to with_defaults! [element :f] : |
| hash_flow.rb:920:33:920:37 | hash2 [element :d] : | semmle.label | hash2 [element :d] : |
| hash_flow.rb:920:33:920:37 | hash2 [element :f] : | semmle.label | hash2 [element :f] : |
| hash_flow.rb:921:10:921:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:921:11:921:14 | hash [element :a] : | semmle.label | hash [element :a] : |
| hash_flow.rb:921:11:921:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:923:10:923:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:923:11:923:14 | hash [element :c] : | semmle.label | hash [element :c] : |
| hash_flow.rb:923:11:923:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:924:10:924:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:924:11:924:14 | hash [element :d] : | semmle.label | hash [element :d] : |
| hash_flow.rb:924:11:924:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:926:10:926:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:926:11:926:14 | hash [element :f] : | semmle.label | hash [element :f] : |
| hash_flow.rb:926:11:926:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:928:10:928:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:928:11:928:15 | hash1 [element :a] : | semmle.label | hash1 [element :a] : |
| hash_flow.rb:928:11:928:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:930:10:930:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:930:11:930:15 | hash1 [element :c] : | semmle.label | hash1 [element :c] : |
| hash_flow.rb:930:11:930:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:931:10:931:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:931:11:931:15 | hash1 [element :d] : | semmle.label | hash1 [element :d] : |
| hash_flow.rb:931:11:931:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:933:10:933:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:933:11:933:15 | hash1 [element :f] : | semmle.label | hash1 [element :f] : |
| hash_flow.rb:933:11:933:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:940:12:940:22 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:942:12:942:22 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:945:12:945:22 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:947:12:947:22 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:950:12:950:16 | [post] hash1 [element :a] : | semmle.label | [post] hash1 [element :a] : |
| hash_flow.rb:950:12:950:16 | [post] hash1 [element :c] : | semmle.label | [post] hash1 [element :c] : |
| hash_flow.rb:950:12:950:16 | [post] hash1 [element :d] : | semmle.label | [post] hash1 [element :d] : |
| hash_flow.rb:950:12:950:16 | [post] hash1 [element :f] : | semmle.label | [post] hash1 [element :f] : |
| hash_flow.rb:950:12:950:16 | hash1 [element :a] : | semmle.label | hash1 [element :a] : |
| hash_flow.rb:950:12:950:16 | hash1 [element :c] : | semmle.label | hash1 [element :c] : |
| hash_flow.rb:950:12:950:38 | call to with_defaults! [element :a] : | semmle.label | call to with_defaults! [element :a] : |
| hash_flow.rb:950:12:950:38 | call to with_defaults! [element :c] : | semmle.label | call to with_defaults! [element :c] : |
| hash_flow.rb:950:12:950:38 | call to with_defaults! [element :d] : | semmle.label | call to with_defaults! [element :d] : |
| hash_flow.rb:950:12:950:38 | call to with_defaults! [element :f] : | semmle.label | call to with_defaults! [element :f] : |
| hash_flow.rb:950:33:950:37 | hash2 [element :d] : | semmle.label | hash2 [element :d] : |
| hash_flow.rb:950:33:950:37 | hash2 [element :f] : | semmle.label | hash2 [element :f] : |
| hash_flow.rb:951:10:951:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:951:11:951:14 | hash [element :a] : | semmle.label | hash [element :a] : |
| hash_flow.rb:951:11:951:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:953:10:953:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:953:11:953:14 | hash [element :c] : | semmle.label | hash [element :c] : |
| hash_flow.rb:953:11:953:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:954:10:954:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:954:11:954:14 | hash [element :d] : | semmle.label | hash [element :d] : |
| hash_flow.rb:954:11:954:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:956:10:956:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:956:11:956:14 | hash [element :f] : | semmle.label | hash [element :f] : |
| hash_flow.rb:956:11:956:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:958:10:958:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:958:11:958:15 | hash1 [element :a] : | semmle.label | hash1 [element :a] : |
| hash_flow.rb:958:11:958:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:960:10:960:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:960:11:960:15 | hash1 [element :c] : | semmle.label | hash1 [element :c] : |
| hash_flow.rb:960:11:960:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:961:10:961:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:961:11:961:15 | hash1 [element :d] : | semmle.label | hash1 [element :d] : |
| hash_flow.rb:961:11:961:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:963:10:963:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:963:11:963:15 | hash1 [element :f] : | semmle.label | hash1 [element :f] : |
| hash_flow.rb:963:11:963:19 | ...[...] : | semmle.label | ...[...] : |
subpaths
#select
| hash_flow.rb:22:10:22:17 | ...[...] | hash_flow.rb:11:15:11:24 | call to taint : | hash_flow.rb:22:10:22:17 | ...[...] | $@ | hash_flow.rb:11:15:11:24 | call to taint : | call to taint : |
@@ -1489,3 +1801,35 @@ subpaths
| hash_flow.rb:838:10:838:20 | ( ... ) | hash_flow.rb:817:15:817:25 | call to taint : | hash_flow.rb:838:10:838:20 | ( ... ) | $@ | hash_flow.rb:817:15:817:25 | call to taint : | call to taint : |
| hash_flow.rb:839:10:839:20 | ( ... ) | hash_flow.rb:820:15:820:25 | call to taint : | hash_flow.rb:839:10:839:20 | ( ... ) | $@ | hash_flow.rb:820:15:820:25 | call to taint : | call to taint : |
| hash_flow.rb:841:10:841:20 | ( ... ) | hash_flow.rb:822:15:822:25 | call to taint : | hash_flow.rb:841:10:841:20 | ( ... ) | $@ | hash_flow.rb:822:15:822:25 | call to taint : | call to taint : |
| hash_flow.rb:859:10:859:20 | ( ... ) | hash_flow.rb:848:12:848:22 | call to taint : | hash_flow.rb:859:10:859:20 | ( ... ) | $@ | hash_flow.rb:848:12:848:22 | call to taint : | call to taint : |
| hash_flow.rb:861:10:861:20 | ( ... ) | hash_flow.rb:850:12:850:22 | call to taint : | hash_flow.rb:861:10:861:20 | ( ... ) | $@ | hash_flow.rb:850:12:850:22 | call to taint : | call to taint : |
| hash_flow.rb:862:10:862:20 | ( ... ) | hash_flow.rb:853:12:853:22 | call to taint : | hash_flow.rb:862:10:862:20 | ( ... ) | $@ | hash_flow.rb:853:12:853:22 | call to taint : | call to taint : |
| hash_flow.rb:864:10:864:20 | ( ... ) | hash_flow.rb:855:12:855:22 | call to taint : | hash_flow.rb:864:10:864:20 | ( ... ) | $@ | hash_flow.rb:855:12:855:22 | call to taint : | call to taint : |
| hash_flow.rb:868:10:868:20 | ( ... ) | hash_flow.rb:848:12:848:22 | call to taint : | hash_flow.rb:868:10:868:20 | ( ... ) | $@ | hash_flow.rb:848:12:848:22 | call to taint : | call to taint : |
| hash_flow.rb:870:10:870:20 | ( ... ) | hash_flow.rb:850:12:850:22 | call to taint : | hash_flow.rb:870:10:870:20 | ( ... ) | $@ | hash_flow.rb:850:12:850:22 | call to taint : | call to taint : |
| hash_flow.rb:871:10:871:20 | ( ... ) | hash_flow.rb:853:12:853:22 | call to taint : | hash_flow.rb:871:10:871:20 | ( ... ) | $@ | hash_flow.rb:853:12:853:22 | call to taint : | call to taint : |
| hash_flow.rb:873:10:873:20 | ( ... ) | hash_flow.rb:855:12:855:22 | call to taint : | hash_flow.rb:873:10:873:20 | ( ... ) | $@ | hash_flow.rb:855:12:855:22 | call to taint : | call to taint : |
| hash_flow.rb:891:10:891:19 | ( ... ) | hash_flow.rb:880:12:880:22 | call to taint : | hash_flow.rb:891:10:891:19 | ( ... ) | $@ | hash_flow.rb:880:12:880:22 | call to taint : | call to taint : |
| hash_flow.rb:893:10:893:19 | ( ... ) | hash_flow.rb:882:12:882:22 | call to taint : | hash_flow.rb:893:10:893:19 | ( ... ) | $@ | hash_flow.rb:882:12:882:22 | call to taint : | call to taint : |
| hash_flow.rb:894:10:894:19 | ( ... ) | hash_flow.rb:885:12:885:22 | call to taint : | hash_flow.rb:894:10:894:19 | ( ... ) | $@ | hash_flow.rb:885:12:885:22 | call to taint : | call to taint : |
| hash_flow.rb:896:10:896:19 | ( ... ) | hash_flow.rb:887:12:887:22 | call to taint : | hash_flow.rb:896:10:896:19 | ( ... ) | $@ | hash_flow.rb:887:12:887:22 | call to taint : | call to taint : |
| hash_flow.rb:898:10:898:20 | ( ... ) | hash_flow.rb:880:12:880:22 | call to taint : | hash_flow.rb:898:10:898:20 | ( ... ) | $@ | hash_flow.rb:880:12:880:22 | call to taint : | call to taint : |
| hash_flow.rb:900:10:900:20 | ( ... ) | hash_flow.rb:882:12:882:22 | call to taint : | hash_flow.rb:900:10:900:20 | ( ... ) | $@ | hash_flow.rb:882:12:882:22 | call to taint : | call to taint : |
| hash_flow.rb:901:10:901:20 | ( ... ) | hash_flow.rb:885:12:885:22 | call to taint : | hash_flow.rb:901:10:901:20 | ( ... ) | $@ | hash_flow.rb:885:12:885:22 | call to taint : | call to taint : |
| hash_flow.rb:903:10:903:20 | ( ... ) | hash_flow.rb:887:12:887:22 | call to taint : | hash_flow.rb:903:10:903:20 | ( ... ) | $@ | hash_flow.rb:887:12:887:22 | call to taint : | call to taint : |
| hash_flow.rb:921:10:921:19 | ( ... ) | hash_flow.rb:910:12:910:22 | call to taint : | hash_flow.rb:921:10:921:19 | ( ... ) | $@ | hash_flow.rb:910:12:910:22 | call to taint : | call to taint : |
| hash_flow.rb:923:10:923:19 | ( ... ) | hash_flow.rb:912:12:912:22 | call to taint : | hash_flow.rb:923:10:923:19 | ( ... ) | $@ | hash_flow.rb:912:12:912:22 | call to taint : | call to taint : |
| hash_flow.rb:924:10:924:19 | ( ... ) | hash_flow.rb:915:12:915:22 | call to taint : | hash_flow.rb:924:10:924:19 | ( ... ) | $@ | hash_flow.rb:915:12:915:22 | call to taint : | call to taint : |
| hash_flow.rb:926:10:926:19 | ( ... ) | hash_flow.rb:917:12:917:22 | call to taint : | hash_flow.rb:926:10:926:19 | ( ... ) | $@ | hash_flow.rb:917:12:917:22 | call to taint : | call to taint : |
| hash_flow.rb:928:10:928:20 | ( ... ) | hash_flow.rb:910:12:910:22 | call to taint : | hash_flow.rb:928:10:928:20 | ( ... ) | $@ | hash_flow.rb:910:12:910:22 | call to taint : | call to taint : |
| hash_flow.rb:930:10:930:20 | ( ... ) | hash_flow.rb:912:12:912:22 | call to taint : | hash_flow.rb:930:10:930:20 | ( ... ) | $@ | hash_flow.rb:912:12:912:22 | call to taint : | call to taint : |
| hash_flow.rb:931:10:931:20 | ( ... ) | hash_flow.rb:915:12:915:22 | call to taint : | hash_flow.rb:931:10:931:20 | ( ... ) | $@ | hash_flow.rb:915:12:915:22 | call to taint : | call to taint : |
| hash_flow.rb:933:10:933:20 | ( ... ) | hash_flow.rb:917:12:917:22 | call to taint : | hash_flow.rb:933:10:933:20 | ( ... ) | $@ | hash_flow.rb:917:12:917:22 | call to taint : | call to taint : |
| hash_flow.rb:951:10:951:19 | ( ... ) | hash_flow.rb:940:12:940:22 | call to taint : | hash_flow.rb:951:10:951:19 | ( ... ) | $@ | hash_flow.rb:940:12:940:22 | call to taint : | call to taint : |
| hash_flow.rb:953:10:953:19 | ( ... ) | hash_flow.rb:942:12:942:22 | call to taint : | hash_flow.rb:953:10:953:19 | ( ... ) | $@ | hash_flow.rb:942:12:942:22 | call to taint : | call to taint : |
| hash_flow.rb:954:10:954:19 | ( ... ) | hash_flow.rb:945:12:945:22 | call to taint : | hash_flow.rb:954:10:954:19 | ( ... ) | $@ | hash_flow.rb:945:12:945:22 | call to taint : | call to taint : |
| hash_flow.rb:956:10:956:19 | ( ... ) | hash_flow.rb:947:12:947:22 | call to taint : | hash_flow.rb:956:10:956:19 | ( ... ) | $@ | hash_flow.rb:947:12:947:22 | call to taint : | call to taint : |
| hash_flow.rb:958:10:958:20 | ( ... ) | hash_flow.rb:940:12:940:22 | call to taint : | hash_flow.rb:958:10:958:20 | ( ... ) | $@ | hash_flow.rb:940:12:940:22 | call to taint : | call to taint : |
| hash_flow.rb:960:10:960:20 | ( ... ) | hash_flow.rb:942:12:942:22 | call to taint : | hash_flow.rb:960:10:960:20 | ( ... ) | $@ | hash_flow.rb:942:12:942:22 | call to taint : | call to taint : |
| hash_flow.rb:961:10:961:20 | ( ... ) | hash_flow.rb:945:12:945:22 | call to taint : | hash_flow.rb:961:10:961:20 | ( ... ) | $@ | hash_flow.rb:945:12:945:22 | call to taint : | call to taint : |
| hash_flow.rb:963:10:963:20 | ( ... ) | hash_flow.rb:947:12:947:22 | call to taint : | hash_flow.rb:963:10:963:20 | ( ... ) | $@ | hash_flow.rb:947:12:947:22 | call to taint : | call to taint : |

122
ruby/ql/test/library-tests/dataflow/hash-flow/hash_flow.rb
View File

@@ -842,3 +842,125 @@ def m48()
end
m48()
def m49()
hash1 = {
a: taint(49.1),
b: 1,
c: taint(49.2)
}
hash2 = {
d: taint(49.3),
e: 1,
f: taint(49.4)
}
hash3 = hash1.reverse_merge(hash2)
sink (hash3[:a]) # $ hasValueFlow=49.1
sink (hash3[:b])
sink (hash3[:c]) # $ hasValueFlow=49.2
sink (hash3[:d]) # $ hasValueFlow=49.3
sink (hash3[:e])
sink (hash3[:f]) # $ hasValueFlow=49.4
# alias for reverse_merge
hash4 = hash1.with_defaults(hash2)
sink (hash4[:a]) # $ hasValueFlow=49.1
sink (hash4[:b])
sink (hash4[:c]) # $ hasValueFlow=49.2
sink (hash4[:d]) # $ hasValueFlow=49.3
sink (hash4[:e])
sink (hash4[:f]) # $ hasValueFlow=49.4
end
m49()
def m50()
hash1 = {
a: taint(50.1),
b: 1,
c: taint(50.2)
}
hash2 = {
d: taint(50.3),
e: 1,
f: taint(50.4)
}
hash = hash1.reverse_merge!(hash2)
sink (hash[:a]) # $ hasValueFlow=50.1
sink (hash[:b])
sink (hash[:c]) # $ hasValueFlow=50.2
sink (hash[:d]) # $ hasValueFlow=50.3
sink (hash[:e])
sink (hash[:f]) # $ hasValueFlow=50.4
sink (hash1[:a]) # $ hasValueFlow=50.1
sink (hash1[:b])
sink (hash1[:c]) # $ hasValueFlow=50.2
sink (hash1[:d]) # $ hasValueFlow=50.3
sink (hash1[:e])
sink (hash1[:f]) # $ hasValueFlow=50.4
end
m50()
def m51()
hash1 = {
a: taint(51.1),
b: 1,
c: taint(51.2)
}
hash2 = {
d: taint(51.3),
e: 1,
f: taint(51.4)
}
hash = hash1.with_defaults!(hash2)
sink (hash[:a]) # $ hasValueFlow=51.1
sink (hash[:b])
sink (hash[:c]) # $ hasValueFlow=51.2
sink (hash[:d]) # $ hasValueFlow=51.3
sink (hash[:e])
sink (hash[:f]) # $ hasValueFlow=51.4
sink (hash1[:a]) # $ hasValueFlow=51.1
sink (hash1[:b])
sink (hash1[:c]) # $ hasValueFlow=51.2
sink (hash1[:d]) # $ hasValueFlow=51.3
sink (hash1[:e])
sink (hash1[:f]) # $ hasValueFlow=51.4
end
m51()
def m52()
hash1 = {
a: taint(52.1),
b: 1,
c: taint(52.2)
}
hash2 = {
d: taint(52.3),
e: 1,
f: taint(52.4)
}
hash = hash1.with_defaults!(hash2)
sink (hash[:a]) # $ hasValueFlow=52.1
sink (hash[:b])
sink (hash[:c]) # $ hasValueFlow=52.2
sink (hash[:d]) # $ hasValueFlow=52.3
sink (hash[:e])
sink (hash[:f]) # $ hasValueFlow=52.4
sink (hash1[:a]) # $ hasValueFlow=52.1
sink (hash1[:b])
sink (hash1[:c]) # $ hasValueFlow=52.2
sink (hash1[:d]) # $ hasValueFlow=52.3
sink (hash1[:e])
sink (hash1[:f]) # $ hasValueFlow=52.4
end
m52()

6
ruby/ql/test/library-tests/dataflow/hash-flow/type-tracking-hash-flow.expected
View File

@@ -31,3 +31,9 @@
| hash_flow.rb:782:10:782:17 | ...[...] | Unexpected result: hasValueFlow=46.3 |
| hash_flow.rb:839:22:839:42 | # $ hasValueFlow=48.3 | Missing result:hasValueFlow=48.3 |
| hash_flow.rb:841:22:841:42 | # $ hasValueFlow=48.4 | Missing result:hasValueFlow=48.4 |
| hash_flow.rb:901:22:901:42 | # $ hasValueFlow=50.3 | Missing result:hasValueFlow=50.3 |
| hash_flow.rb:903:22:903:42 | # $ hasValueFlow=50.4 | Missing result:hasValueFlow=50.4 |
| hash_flow.rb:931:22:931:42 | # $ hasValueFlow=51.3 | Missing result:hasValueFlow=51.3 |
| hash_flow.rb:933:22:933:42 | # $ hasValueFlow=51.4 | Missing result:hasValueFlow=51.4 |
| hash_flow.rb:961:22:961:42 | # $ hasValueFlow=52.3 | Missing result:hasValueFlow=52.3 |
| hash_flow.rb:963:22:963:42 | # $ hasValueFlow=52.4 | Missing result:hasValueFlow=52.4 |

36
ruby/ql/test/library-tests/frameworks/ActionController.expected
View File

@@ -1,7 +1,7 @@
actionControllerControllerClasses
| action_controller/input_access.rb:1:1:50:3 | UsersController |
| action_controller/params_flow.rb:1:1:153:3 | MyController |
| action_controller/params_flow.rb:161:1:169:3 | Subclass |
| action_controller/params_flow.rb:1:1:162:3 | MyController |
| action_controller/params_flow.rb:170:1:178:3 | Subclass |
| active_record/ActiveRecord.rb:23:1:39:3 | FooController |
| active_record/ActiveRecord.rb:41:1:64:3 | BarController |
| active_record/ActiveRecord.rb:66:1:98:3 | BazController |
@@ -48,8 +48,9 @@ actionControllerActionMethods
| action_controller/params_flow.rb:125:3:132:5 | m30 |
| action_controller/params_flow.rb:134:3:141:5 | m31 |
| action_controller/params_flow.rb:143:3:150:5 | m32 |
| action_controller/params_flow.rb:156:3:158:5 | m33 |
| action_controller/params_flow.rb:162:3:164:5 | m34 |
| action_controller/params_flow.rb:152:3:159:5 | m33 |
| action_controller/params_flow.rb:165:3:167:5 | m34 |
| action_controller/params_flow.rb:171:3:173:5 | m35 |
| active_record/ActiveRecord.rb:27:3:38:5 | some_request_handler |
| active_record/ActiveRecord.rb:42:3:47:5 | some_other_request_handler |
| active_record/ActiveRecord.rb:49:3:63:5 | safe_paths |
@@ -120,9 +121,12 @@ paramsCalls
| action_controller/params_flow.rb:144:10:144:15 | call to params |
| action_controller/params_flow.rb:145:32:145:37 | call to params |
| action_controller/params_flow.rb:148:22:148:27 | call to params |
| action_controller/params_flow.rb:157:10:157:15 | call to params |
| action_controller/params_flow.rb:163:10:163:15 | call to params |
| action_controller/params_flow.rb:167:10:167:15 | call to params |
| action_controller/params_flow.rb:153:10:153:15 | call to params |
| action_controller/params_flow.rb:154:32:154:37 | call to params |
| action_controller/params_flow.rb:157:22:157:27 | call to params |
| action_controller/params_flow.rb:166:10:166:15 | call to params |
| action_controller/params_flow.rb:172:10:172:15 | call to params |
| action_controller/params_flow.rb:176:10:176:15 | call to params |
| action_mailer/mailer.rb:3:10:3:15 | call to params |
| active_record/ActiveRecord.rb:28:30:28:35 | call to params |
| active_record/ActiveRecord.rb:29:29:29:34 | call to params |
@@ -198,9 +202,12 @@ paramsSources
| action_controller/params_flow.rb:144:10:144:15 | call to params |
| action_controller/params_flow.rb:145:32:145:37 | call to params |
| action_controller/params_flow.rb:148:22:148:27 | call to params |
| action_controller/params_flow.rb:157:10:157:15 | call to params |
| action_controller/params_flow.rb:163:10:163:15 | call to params |
| action_controller/params_flow.rb:167:10:167:15 | call to params |
| action_controller/params_flow.rb:153:10:153:15 | call to params |
| action_controller/params_flow.rb:154:32:154:37 | call to params |
| action_controller/params_flow.rb:157:22:157:27 | call to params |
| action_controller/params_flow.rb:166:10:166:15 | call to params |
| action_controller/params_flow.rb:172:10:172:15 | call to params |
| action_controller/params_flow.rb:176:10:176:15 | call to params |
| action_mailer/mailer.rb:3:10:3:15 | call to params |
| active_record/ActiveRecord.rb:28:30:28:35 | call to params |
| active_record/ActiveRecord.rb:29:29:29:34 | call to params |
@@ -315,9 +322,12 @@ httpInputAccesses
| action_controller/params_flow.rb:144:10:144:15 | call to params | ActionController::Metal#params |
| action_controller/params_flow.rb:145:32:145:37 | call to params | ActionController::Metal#params |
| action_controller/params_flow.rb:148:22:148:27 | call to params | ActionController::Metal#params |
| action_controller/params_flow.rb:157:10:157:15 | call to params | ActionController::Metal#params |
| action_controller/params_flow.rb:163:10:163:15 | call to params | ActionController::Metal#params |
| action_controller/params_flow.rb:167:10:167:15 | call to params | ActionController::Metal#params |
| action_controller/params_flow.rb:153:10:153:15 | call to params | ActionController::Metal#params |
| action_controller/params_flow.rb:154:32:154:37 | call to params | ActionController::Metal#params |
| action_controller/params_flow.rb:157:22:157:27 | call to params | ActionController::Metal#params |
| action_controller/params_flow.rb:166:10:166:15 | call to params | ActionController::Metal#params |
| action_controller/params_flow.rb:172:10:172:15 | call to params | ActionController::Metal#params |
| action_controller/params_flow.rb:176:10:176:15 | call to params | ActionController::Metal#params |
| action_mailer/mailer.rb:3:10:3:15 | call to params | ActionController::Metal#params |
| active_record/ActiveRecord.rb:28:30:28:35 | call to params | ActionController::Metal#params |
| active_record/ActiveRecord.rb:29:29:29:34 | call to params | ActionController::Metal#params |

38
ruby/ql/test/library-tests/frameworks/action_controller/params-flow.expected
View File

@@ -44,9 +44,13 @@ edges
| params_flow.rb:145:32:145:37 | call to params : | params_flow.rb:145:10:145:38 | call to with_defaults! |
| params_flow.rb:148:5:148:5 | [post] p : | params_flow.rb:149:10:149:10 | p |
| params_flow.rb:148:22:148:27 | call to params : | params_flow.rb:148:5:148:5 | [post] p : |
| params_flow.rb:157:10:157:15 | call to params : | params_flow.rb:157:10:157:19 | ...[...] |
| params_flow.rb:163:10:163:15 | call to params : | params_flow.rb:163:10:163:19 | ...[...] |
| params_flow.rb:167:10:167:15 | call to params : | params_flow.rb:167:10:167:19 | ...[...] |
| params_flow.rb:153:10:153:15 | call to params : | params_flow.rb:153:10:153:44 | call to reverse_update |
| params_flow.rb:154:32:154:37 | call to params : | params_flow.rb:154:10:154:38 | call to reverse_update |
| params_flow.rb:157:5:157:5 | [post] p : | params_flow.rb:158:10:158:10 | p |
| params_flow.rb:157:22:157:27 | call to params : | params_flow.rb:157:5:157:5 | [post] p : |
| params_flow.rb:166:10:166:15 | call to params : | params_flow.rb:166:10:166:19 | ...[...] |
| params_flow.rb:172:10:172:15 | call to params : | params_flow.rb:172:10:172:19 | ...[...] |
| params_flow.rb:176:10:176:15 | call to params : | params_flow.rb:176:10:176:19 | ...[...] |
nodes
| params_flow.rb:3:10:3:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:3:10:3:19 | ...[...] | semmle.label | ...[...] |
@@ -133,12 +137,19 @@ nodes
| params_flow.rb:148:5:148:5 | [post] p : | semmle.label | [post] p : |
| params_flow.rb:148:22:148:27 | call to params : | semmle.label | call to params : |
| params_flow.rb:149:10:149:10 | p | semmle.label | p |
| params_flow.rb:157:10:157:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:157:10:157:19 | ...[...] | semmle.label | ...[...] |
| params_flow.rb:163:10:163:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:163:10:163:19 | ...[...] | semmle.label | ...[...] |
| params_flow.rb:167:10:167:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:167:10:167:19 | ...[...] | semmle.label | ...[...] |
| params_flow.rb:153:10:153:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:153:10:153:44 | call to reverse_update | semmle.label | call to reverse_update |
| params_flow.rb:154:10:154:38 | call to reverse_update | semmle.label | call to reverse_update |
| params_flow.rb:154:32:154:37 | call to params : | semmle.label | call to params : |
| params_flow.rb:157:5:157:5 | [post] p : | semmle.label | [post] p : |
| params_flow.rb:157:22:157:27 | call to params : | semmle.label | call to params : |
| params_flow.rb:158:10:158:10 | p | semmle.label | p |
| params_flow.rb:166:10:166:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:166:10:166:19 | ...[...] | semmle.label | ...[...] |
| params_flow.rb:172:10:172:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:172:10:172:19 | ...[...] | semmle.label | ...[...] |
| params_flow.rb:176:10:176:15 | call to params : | semmle.label | call to params : |
| params_flow.rb:176:10:176:19 | ...[...] | semmle.label | ...[...] |
subpaths
#select
| params_flow.rb:3:10:3:19 | ...[...] | params_flow.rb:3:10:3:15 | call to params : | params_flow.rb:3:10:3:19 | ...[...] | $@ | params_flow.rb:3:10:3:15 | call to params : | call to params : |
@@ -182,6 +193,9 @@ subpaths
| params_flow.rb:144:10:144:44 | call to with_defaults! | params_flow.rb:144:10:144:15 | call to params : | params_flow.rb:144:10:144:44 | call to with_defaults! | $@ | params_flow.rb:144:10:144:15 | call to params : | call to params : |
| params_flow.rb:145:10:145:38 | call to with_defaults! | params_flow.rb:145:32:145:37 | call to params : | params_flow.rb:145:10:145:38 | call to with_defaults! | $@ | params_flow.rb:145:32:145:37 | call to params : | call to params : |
| params_flow.rb:149:10:149:10 | p | params_flow.rb:148:22:148:27 | call to params : | params_flow.rb:149:10:149:10 | p | $@ | params_flow.rb:148:22:148:27 | call to params : | call to params : |
| params_flow.rb:157:10:157:19 | ...[...] | params_flow.rb:157:10:157:15 | call to params : | params_flow.rb:157:10:157:19 | ...[...] | $@ | params_flow.rb:157:10:157:15 | call to params : | call to params : |
| params_flow.rb:163:10:163:19 | ...[...] | params_flow.rb:163:10:163:15 | call to params : | params_flow.rb:163:10:163:19 | ...[...] | $@ | params_flow.rb:163:10:163:15 | call to params : | call to params : |
| params_flow.rb:167:10:167:19 | ...[...] | params_flow.rb:167:10:167:15 | call to params : | params_flow.rb:167:10:167:19 | ...[...] | $@ | params_flow.rb:167:10:167:15 | call to params : | call to params : |
| params_flow.rb:153:10:153:44 | call to reverse_update | params_flow.rb:153:10:153:15 | call to params : | params_flow.rb:153:10:153:44 | call to reverse_update | $@ | params_flow.rb:153:10:153:15 | call to params : | call to params : |
| params_flow.rb:154:10:154:38 | call to reverse_update | params_flow.rb:154:32:154:37 | call to params : | params_flow.rb:154:10:154:38 | call to reverse_update | $@ | params_flow.rb:154:32:154:37 | call to params : | call to params : |
| params_flow.rb:158:10:158:10 | p | params_flow.rb:157:22:157:27 | call to params : | params_flow.rb:158:10:158:10 | p | $@ | params_flow.rb:157:22:157:27 | call to params : | call to params : |
| params_flow.rb:166:10:166:19 | ...[...] | params_flow.rb:166:10:166:15 | call to params : | params_flow.rb:166:10:166:19 | ...[...] | $@ | params_flow.rb:166:10:166:15 | call to params : | call to params : |
| params_flow.rb:172:10:172:19 | ...[...] | params_flow.rb:172:10:172:15 | call to params : | params_flow.rb:172:10:172:19 | ...[...] | $@ | params_flow.rb:172:10:172:15 | call to params : | call to params : |
| params_flow.rb:176:10:176:19 | ...[...] | params_flow.rb:176:10:176:15 | call to params : | params_flow.rb:176:10:176:19 | ...[...] | $@ | params_flow.rb:176:10:176:15 | call to params : | call to params : |

13
ruby/ql/test/library-tests/frameworks/action_controller/params_flow.rb
View File

@@ -149,17 +149,26 @@ class MyController < ActionController::Base
sink p # $hasTaintFlow
end
def m33
sink params.reverse_update({a: 1, b: 2}) # $hasTaintFlow
sink {a: 1}.reverse_update(params) # $hasTaintFlow
p = {a: 1}
p.reverse_update(params)
sink p # $hasTaintFlow
end
include Mixin
end
module Mixin
def m33
def m34
sink params[:x] # $hasTaintFlow
end
end
class Subclass < MyController
def m34
def m35
sink params[:x] # $hasTaintFlow
end