From 367aa35d8c9cd334910a73dba3ea1b4767f3cc06 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Sun, 11 Dec 2022 20:34:58 +0100 Subject: [PATCH] Ruby: Avoid `SummarizedCallable::propagatesFlowExt` being recursive --- .../lib/codeql/ruby/frameworks/core/Array.qll | 21 +++++++++---------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll index 12b96e579e5..b2fbf7870ce 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll @@ -140,10 +140,9 @@ module Array { } } - private class SetDifferenceSummary extends SummarizedCallable { - SetDifferenceSummary() { this = "-" } - - override SubExpr getACallSimple() { any() } + abstract private class DifferenceSummaryShared extends SummarizedCallable { + bindingset[this] + DifferenceSummaryShared() { any() } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { input = "Argument[self].Element[any]" and @@ -152,6 +151,12 @@ module Array { } } + private class SetDifferenceSummary extends DifferenceSummaryShared { + SetDifferenceSummary() { this = "-" } + + override SubExpr getACallSimple() { any() } + } + /** Flow summary for `Array#<<`. For `Array#append`, see `PushSummary`. */ private class AppendOperatorSummary extends SummarizedCallable { AppendOperatorSummary() { this = "<<" } @@ -687,14 +692,8 @@ module Array { } } - private class DifferenceSummary extends SimpleSummarizedCallable { + private class DifferenceSummary extends DifferenceSummaryShared, SimpleSummarizedCallable { DifferenceSummary() { this = "difference" } - - override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - // `Array#difference` and `Array#-` do not behave exactly the same way, - // but we model their flow the same way. - any(SetDifferenceSummary s).propagatesFlowExt(input, output, preservesValue) - } } private string getDigArg(MethodCall dig, int i) {