Ruby: String.try_convert isn't value-preserving

`String.try_convert` can convert arbitrary objects to strings, which obviously isn't value-preserving.
2026-05-05 13:45:19 +02:00 · 2022-03-02 13:31:59 +13:00
parent fc351fbd64
commit 37dac186a8
3 changed files with 591 additions and 590 deletions
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/String.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/String.qll
@@ -47,7 +47,7 @@ module String {
    override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
      input = "Argument[0]" and
      output = "ReturnValue" and
-      preservesValue = true
+      preservesValue = false
    }
  }