hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-30 20:28:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.21

Browse Source
This commit is contained in:
Óscar San José
2026-03-06 16:20:36 +01:00
parent 13ce515aab 84bef5d4bc
commit 3b9eba2afc
846 changed files with 87321 additions and 58588 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ruby/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Inline expectations test comments, which are of the form `# $ tag` or `# $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol.

2
ruby/ql/lib/codeql/ruby/security/InsecureDownloadCustomizations.qll
View File

@@ -163,7 +163,7 @@ module InsecureDownload {
//
// ```rb
// f = File.open("foo.exe")
// f.write(Excon.get(...).body) # $BAD=
// f.write(Excon.get(...).body) # $ BAD=
// ```
//
// `f` is the `FileSystemAccess` and the call `f.write` is the `IO::FileWriter`.

4
ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb
View File

@@ -4,7 +4,7 @@ class UnicodeNormalizationHtMLSafeController < ActionController::Base
def unicodeNormalize
unicode_input = params[:unicode_input]
unicode_html_safe = ERB::Util.html_escape(unicode_input)
normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkc) # $result=BAD
normalized_nfc = unicode_html_safe.unicode_normalize(:nfc) # $result=BAD
normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkc) # $ result=BAD
normalized_nfc = unicode_html_safe.unicode_normalize(:nfc) # $ result=BAD
end
end

52
ruby/ql/test/library-tests/dataflow/api-graphs/callbacks.rb
View File

@@ -1,39 +1,39 @@
Something.foo.withCallback do |a, b| #$ source=Member[Something].Method[foo].ReturnValue
a.something #$ source=Member[Something].Method[foo].ReturnValue.Method[withCallback].Argument[block].Argument[0].Method[something].ReturnValue
b.somethingElse #$ source=Member[Something].Method[foo].ReturnValue.Method[withCallback].Argument[block].Argument[1].Method[somethingElse].ReturnValue
end #$ source=Member[Something].Method[foo].ReturnValue.Method[withCallback].ReturnValue
Something.foo.withCallback do |a, b| # $ source=Member[Something].Method[foo].ReturnValue
a.something # $ source=Member[Something].Method[foo].ReturnValue.Method[withCallback].Argument[block].Argument[0].Method[something].ReturnValue
b.somethingElse # $ source=Member[Something].Method[foo].ReturnValue.Method[withCallback].Argument[block].Argument[1].Method[somethingElse].ReturnValue
end # $ source=Member[Something].Method[foo].ReturnValue.Method[withCallback].ReturnValue
Something.withNamedArg do |a:, b: nil| #$ source=Member[Something]
a.something #$ source=Member[Something].Method[withNamedArg].Argument[block].Parameter[a:].Method[something].ReturnValue
b.somethingElse #$ source=Member[Something].Method[withNamedArg].Argument[block].Parameter[b:].Method[somethingElse].ReturnValue
end #$ source=Member[Something].Method[withNamedArg].ReturnValue
Something.withNamedArg do |a:, b: nil| # $ source=Member[Something]
a.something # $ source=Member[Something].Method[withNamedArg].Argument[block].Parameter[a:].Method[something].ReturnValue
b.somethingElse # $ source=Member[Something].Method[withNamedArg].Argument[block].Parameter[b:].Method[somethingElse].ReturnValue
end # $ source=Member[Something].Method[withNamedArg].ReturnValue
Something.withLambda ->(a, b) { #$ source=Member[Something]
a.something #$ source=Member[Something].Method[withLambda].Argument[0].Parameter[0].Method[something].ReturnValue
b.something #$ source=Member[Something].Method[withLambda].Argument[0].Parameter[1].Method[something].ReturnValue
} #$ source=Member[Something].Method[withLambda].ReturnValue
Something.withLambda ->(a, b) { # $ source=Member[Something]
a.something # $ source=Member[Something].Method[withLambda].Argument[0].Parameter[0].Method[something].ReturnValue
b.something # $ source=Member[Something].Method[withLambda].Argument[0].Parameter[1].Method[something].ReturnValue
} # $ source=Member[Something].Method[withLambda].ReturnValue
Something.namedCallback( #$ source=Member[Something]
Something.namedCallback( # $ source=Member[Something]
onEvent: ->(a, b) {
a.something #$ source=Member[Something].Method[namedCallback].Argument[onEvent:].Parameter[0].Method[something].ReturnValue
b.something #$ source=Member[Something].Method[namedCallback].Argument[onEvent:].Parameter[1].Method[something].ReturnValue
a.something # $ source=Member[Something].Method[namedCallback].Argument[onEvent:].Parameter[0].Method[something].ReturnValue
b.something # $ source=Member[Something].Method[namedCallback].Argument[onEvent:].Parameter[1].Method[something].ReturnValue
}
) #$ source=Member[Something].Method[namedCallback].ReturnValue
) # $ source=Member[Something].Method[namedCallback].ReturnValue
Something.nestedCall1 do |a| #$ source=Member[Something]
a.nestedCall2 do |b:| #$ reachableFromSource=Member[Something].Method[nestedCall1].Argument[block].Parameter[0]
b.something #$ source=Member[Something].Method[nestedCall1].Argument[block].Parameter[0].Method[nestedCall2].Argument[block].Parameter[b:].Method[something].ReturnValue
end #$ source=Member[Something].Method[nestedCall1].Argument[block].Parameter[0].Method[nestedCall2].ReturnValue
end #$ source=Member[Something].Method[nestedCall1].ReturnValue
Something.nestedCall1 do |a| # $ source=Member[Something]
a.nestedCall2 do |b:| # $ reachableFromSource=Member[Something].Method[nestedCall1].Argument[block].Parameter[0]
b.something # $ source=Member[Something].Method[nestedCall1].Argument[block].Parameter[0].Method[nestedCall2].Argument[block].Parameter[b:].Method[something].ReturnValue
end # $ source=Member[Something].Method[nestedCall1].Argument[block].Parameter[0].Method[nestedCall2].ReturnValue
end # $ source=Member[Something].Method[nestedCall1].ReturnValue
def getCallback()
->(x) {
x.something #$ source=Member[Something].Method[indirectCallback].Argument[0].Parameter[0].Method[something].ReturnValue
x.something # $ source=Member[Something].Method[indirectCallback].Argument[0].Parameter[0].Method[something].ReturnValue
}
end
Something.indirectCallback(getCallback()) #$ source=Member[Something].Method[indirectCallback].ReturnValue
Something.indirectCallback(getCallback()) # $ source=Member[Something].Method[indirectCallback].ReturnValue
Something.withMixed do |a, *args, b| #$ source=Member[Something]
a.something #$ source=Member[Something].Method[withMixed].Argument[block].Parameter[0].Method[something].ReturnValue
Something.withMixed do |a, *args, b| # $ source=Member[Something]
a.something # $ source=Member[Something].Method[withMixed].Argument[block].Parameter[0].Method[something].ReturnValue
# b.something # not currently handled correctly
end #$ source=Member[Something].Method[withMixed].ReturnValue
end # $ source=Member[Something].Method[withMixed].ReturnValue

72
ruby/ql/test/library-tests/dataflow/api-graphs/test1.rb
View File

@@ -1,34 +1,34 @@
MyModule #$ source=Member[MyModule]
print MyModule.foo #$ source=Member[MyModule].Method[foo].ReturnValue
Kernel.print(e) #$ source=Member[Kernel].Method[print].ReturnValue sink=Member[Kernel].Method[print].Argument[0]
Object::Kernel #$ source=Member[Kernel]
Object::Kernel.print(e) #$ source=Member[Kernel].Method[print].ReturnValue
MyModule # $ source=Member[MyModule]
print MyModule.foo # $ source=Member[MyModule].Method[foo].ReturnValue
Kernel.print(e) # $ source=Member[Kernel].Method[print].ReturnValue sink=Member[Kernel].Method[print].Argument[0]
Object::Kernel # $ source=Member[Kernel]
Object::Kernel.print(e) # $ source=Member[Kernel].Method[print].ReturnValue
begin
print MyModule.bar #$ source=Member[MyModule].Method[bar].ReturnValue
raise AttributeError #$ source=Member[AttributeError]
rescue AttributeError => e #$ source=Member[AttributeError]
Kernel.print(e) #$ source=Member[Kernel].Method[print].ReturnValue
print MyModule.bar # $ source=Member[MyModule].Method[bar].ReturnValue
raise AttributeError # $ source=Member[AttributeError]
rescue AttributeError => e # $ source=Member[AttributeError]
Kernel.print(e) # $ source=Member[Kernel].Method[print].ReturnValue
end
Unknown.new.run #$ source=Member[Unknown].Method[new].ReturnValue.Method[run].ReturnValue
Foo::Bar::Baz #$ source=Member[Foo].Member[Bar].Member[Baz]
Unknown.new.run # $ source=Member[Unknown].Method[new].ReturnValue.Method[run].ReturnValue
Foo::Bar::Baz # $ source=Member[Foo].Member[Bar].Member[Baz]
Const = [1, 2, 3] #$ source=Member[Array].MethodBracket.ReturnValue
Const.each do |c| #$ source=Member[Const]
puts c #$ reachableFromSource=Member[Const].Method[each].Argument[block].Parameter[0] reachableFromSource=Member[Const].Element[any]
end #$ source=Member[Const].Method[each].ReturnValue sink=Member[Const].Method[each].Argument[block]
Const = [1, 2, 3] # $ source=Member[Array].MethodBracket.ReturnValue
Const.each do |c| # $ source=Member[Const]
puts c # $ reachableFromSource=Member[Const].Method[each].Argument[block].Parameter[0] reachableFromSource=Member[Const].Element[any]
end # $ source=Member[Const].Method[each].ReturnValue sink=Member[Const].Method[each].Argument[block]
foo = Foo #$ source=Member[Foo]
foo::Bar::Baz #$ source=Member[Foo].Member[Bar].Member[Baz]
foo = Foo # $ source=Member[Foo]
foo::Bar::Baz # $ source=Member[Foo].Member[Bar].Member[Baz]
FooAlias = Foo #$ source=Member[Foo]
FooAlias::Bar::Baz #$ source=Member[Foo].Member[Bar].Member[Baz] source=Member[FooAlias].Member[Bar].Member[Baz]
FooAlias = Foo # $ source=Member[Foo]
FooAlias::Bar::Baz # $ source=Member[Foo].Member[Bar].Member[Baz] source=Member[FooAlias].Member[Bar].Member[Baz]
module Outer
module Inner
end
end
Outer::Inner.foo #$ source=Member[Outer].Member[Inner].Method[foo].ReturnValue
Outer::Inner.foo # $ source=Member[Outer].Member[Inner].Method[foo].ReturnValue
module M1
class C1
@@ -40,36 +40,36 @@ module M1
end
end
class C2 < M1::C1 #$ source=Member[M1].Member[C1]
class C2 < M1::C1 # $ source=Member[M1].Member[C1]
end
module M2
class C3 < M1::C1 #$ source=Member[M1].Member[C1]
class C3 < M1::C1 # $ source=Member[M1].Member[C1]
end
class C4 < C2 #$ source=Member[C2]
class C4 < C2 # $ source=Member[C2]
end
end
C2 #$ source=Member[C2] reachableFromSource=Member[M1].Member[C1]
M2::C3 #$ source=Member[M2].Member[C3] reachableFromSource=Member[M1].Member[C1]
M2::C4 #$ source=Member[M2].Member[C4] reachableFromSource=Member[C2] reachableFromSource=Member[M1].Member[C1]
C2 # $ source=Member[C2] reachableFromSource=Member[M1].Member[C1]
M2::C3 # $ source=Member[M2].Member[C3] reachableFromSource=Member[M1].Member[C1]
M2::C4 # $ source=Member[M2].Member[C4] reachableFromSource=Member[C2] reachableFromSource=Member[M1].Member[C1]
M1::C1.m #$ source=Member[M1].Member[C1].Method[m].ReturnValue
M2::C3.m #$ source=Member[M2].Member[C3].Method[m].ReturnValue source=Member[M1].Member[C1].Method[m].ReturnValue
M1::C1.m # $ source=Member[M1].Member[C1].Method[m].ReturnValue
M2::C3.m # $ source=Member[M2].Member[C3].Method[m].ReturnValue source=Member[M1].Member[C1].Method[m].ReturnValue
M1::C1.new.m #$ source=Member[M1].Member[C1].Method[new].ReturnValue.Method[m].ReturnValue
M2::C3.new.m #$ source=Member[M2].Member[C3].Method[new].ReturnValue.Method[m].ReturnValue
M1::C1.new.m # $ source=Member[M1].Member[C1].Method[new].ReturnValue.Method[m].ReturnValue
M2::C3.new.m # $ source=Member[M2].Member[C3].Method[new].ReturnValue.Method[m].ReturnValue
Foo.foo(a,b:c) #$ source=Member[Foo].Method[foo].ReturnValue sink=Member[Foo].Method[foo].Argument[0] sink=Member[Foo].Method[foo].Argument[b:]
Foo.foo(a,b:c) # $ source=Member[Foo].Method[foo].ReturnValue sink=Member[Foo].Method[foo].Argument[0] sink=Member[Foo].Method[foo].Argument[b:]
def userDefinedFunction(x, y)
x.noApiGraph(y)
x.customEntryPointCall(y) #$ call=EntryPoint[CustomEntryPointCall] source=EntryPoint[CustomEntryPointCall].ReturnValue sink=EntryPoint[CustomEntryPointCall].Parameter[0]
x.customEntryPointUse(y) #$ source=EntryPoint[CustomEntryPointUse]
x.customEntryPointCall(y) # $ call=EntryPoint[CustomEntryPointCall] source=EntryPoint[CustomEntryPointCall].ReturnValue sink=EntryPoint[CustomEntryPointCall].Parameter[0]
x.customEntryPointUse(y) # $ source=EntryPoint[CustomEntryPointUse]
end
array = [A::B::C] #$ source=Member[Array].MethodBracket.ReturnValue
array[0].m #$ source=Member[A].Member[B].Member[C].Method[m].ReturnValue source=Member[Array].MethodBracket.ReturnValue.Element[0].Method[m].ReturnValue
array = [A::B::C] # $ source=Member[Array].MethodBracket.ReturnValue
array[0].m # $ source=Member[A].Member[B].Member[C].Method[m].ReturnValue source=Member[Array].MethodBracket.ReturnValue.Element[0].Method[m].ReturnValue
A::B::C[0] #$ source=Member[A].Member[B].Member[C].Element[0]
A::B::C[0] # $ source=Member[A].Member[B].Member[C].Element[0]

60
ruby/ql/test/library-tests/dataflow/flow-summaries/semantics.rb
View File

@@ -45,8 +45,8 @@ end
def m8
sink(s8 { source "a" }) # $ hasValueFlow=a
sink(s8 do
source "a"
end) # $hasValueFlow=a
source "a"
end) # $ hasValueFlow=a
end
def m9
@@ -259,7 +259,7 @@ def m31(h, i)
h[:bar] = source("b")
h[1] = source("c")
h[i] = source("d")
sink s31(h) # $ hasValueFlow=a hasValueFlow=d
end
@@ -269,7 +269,7 @@ def m32(h, i)
h[:bar] = source("c")
h[1] = source("d")
h[i] = source("e")
sink s32(h) # $ hasValueFlow=b $ hasValueFlow=e $ SPURIOUS: hasValueFlow=a
end
@@ -282,7 +282,7 @@ def m33(h, i)
h[nil] = source("f")
h[true] = source("g")
h[false] = source("h")
sink s33(h) # $ hasValueFlow=e hasValueFlow=f hasValueFlow=g hasValueFlow=h
end
@@ -312,7 +312,7 @@ end
def m38(h, i)
h["foo"] = source("a")
h[i] = source("b")
sink s38(h) # $ hasValueFlow=a
end
@@ -364,7 +364,7 @@ def m44(i, h)
h[i] = source("c")
s44(h)
sink h[0]
sink h[1] # $ hasValueFlow=b
sink h[i] # $ hasValueFlow=b
@@ -380,7 +380,7 @@ def m45(i, h)
sink h[i] # $ hasValueFlow=a hasValueFlow=b hasValueFlow=c
s45(h)
sink h[0] # $ hasValueFlow=c
sink h[1] # $ hasValueFlow=b hasValueFlow=c
sink h[i] # $ hasValueFlow=b hasValueFlow=c
@@ -396,7 +396,7 @@ def m46(i, h)
sink h[i] # $ hasValueFlow=a hasValueFlow=b hasValueFlow=c
x = s46(h)
sink x[0]
sink x[1] # $ hasValueFlow=b
sink x[i] # $ hasValueFlow=b
@@ -406,12 +406,12 @@ def m47(i, h)
h[:foo] = source("a")
h[:bar] = source("b")
h[i] = source("c")
sink h[:foo] # $ hasValueFlow=a hasValueFlow=c
sink h[:bar] # $ hasValueFlow=b hasValueFlow=c
x = s47(h)
sink x[:foo]
sink x[:bar] # $ hasValueFlow=b
end
@@ -420,12 +420,12 @@ def m48(i, h)
h[:foo] = source("a")
h[:bar] = source("b")
h[i] = source("c")
sink h[:foo] # $ hasValueFlow=a hasValueFlow=c
sink h[:bar] # $ hasValueFlow=b hasValueFlow=c
x = s48(h)
sink x[:foo]
sink x[:bar] # $ hasValueFlow=b
end
@@ -434,12 +434,12 @@ def m49(i, h)
h[:foo] = source("a")
h[:bar] = source("b")
h[i] = source("c")
sink h[:foo] # $ hasValueFlow=a hasValueFlow=c
sink h[:bar] # $ hasValueFlow=b hasValueFlow=c
x = s49(h)
sink x[:foo] # $ hasValueFlow=c
sink x[:bar] # $ hasValueFlow=b hasValueFlow=c
end
@@ -448,12 +448,12 @@ def m50(i, h)
h[:foo] = source("a")
h[:bar] = source("b")
h[i] = source("c")
sink h[:foo] # $ hasValueFlow=a hasValueFlow=c
sink h[:bar] # $ hasValueFlow=b hasValueFlow=c
s50(h)
sink h[:foo]
sink h[:bar] # $ hasValueFlow=b
end
@@ -462,12 +462,12 @@ def m51(i, h)
h[:foo] = source("a")
h[:bar] = source("b")
h[i] = source("c")
sink h[:foo] # $ hasValueFlow=a hasValueFlow=c
sink h[:bar] # $ hasValueFlow=b hasValueFlow=c
s51(h)
sink h[:foo] # $ hasValueFlow=c
sink h[:bar] # $ hasValueFlow=b hasValueFlow=c
end
@@ -476,12 +476,12 @@ def m52(i, h)
h[:foo] = source("a")
h[:bar] = source("b")
h[i] = source("c")
sink h[:foo] # $ hasValueFlow=a hasValueFlow=c
sink h[:bar] # $ hasValueFlow=b hasValueFlow=c
h.s52
sink h[:foo]
sink h[:bar] # $ hasValueFlow=b
end
@@ -490,12 +490,12 @@ def m53(i, h)
h[:foo] = source("a")
h[:bar] = source("b")
h[i] = source("c")
sink h[:foo] # $ hasValueFlow=a hasValueFlow=c
sink h[:bar] # $ hasValueFlow=b hasValueFlow=c
x = h.s53()
sink x[:foo]
sink x[:bar] # $ hasValueFlow=b

106
ruby/ql/test/library-tests/frameworks/action_controller/params_flow.rb
View File

@@ -1,10 +1,10 @@
class MyController < ActionController::Base
def m1
sink params[:a] # $hasTaintFlow
sink params[:a] # $ hasTaintFlow
end
def m2
sink params.as_json # $hasTaintFlow
sink params.as_json # $ hasTaintFlow
end
def m2
@@ -12,186 +12,186 @@ class MyController < ActionController::Base
end
def m3
sink params.permit(:some_key) # $hasTaintFlow
sink params.permit(:some_key) # $ hasTaintFlow
end
def m4
sink params.require(:some_key) # $hasTaintFlow
sink params.require(:some_key) # $ hasTaintFlow
end
def m5
sink params.required(:some_key) # $hasTaintFlow
sink params.required(:some_key) # $ hasTaintFlow
end
def m6
sink params.deep_dup # $hasTaintFlow
sink params.deep_dup # $ hasTaintFlow
end
def m7
sink params.deep_transform_keys(&:upcase) # $hasTaintFlow
sink params.deep_transform_keys(&:upcase) # $ hasTaintFlow
end
def m8
sink params.deep_transform_keys!(&:upcase) # $hasTaintFlow
sink params.deep_transform_keys!(&:upcase) # $ hasTaintFlow
end
def m9
sink params.delete_if { |v| v.match? regex } # $hasTaintFlow
sink params.delete_if { |v| v.match? regex } # $ hasTaintFlow
end
def m10
sink params.extract!(:a, :b) # $hasTaintFlow
sink params.extract!(:a, :b) # $ hasTaintFlow
end
def m11
sink params.keep_if { |v| v.match? regex } # $hasTaintFlow
sink params.keep_if { |v| v.match? regex } # $ hasTaintFlow
end
def m12
sink params.select { |v| v.match? regex } # $hasTaintFlow
sink params.select { |v| v.match? regex } # $ hasTaintFlow
end
def m13
sink params.select! { |v| v.match? regex } # $hasTaintFlow
sink params.select! { |v| v.match? regex } # $ hasTaintFlow
end
def m14
sink params.reject { |v| v.match? regex } # $hasTaintFlow
sink params.reject { |v| v.match? regex } # $ hasTaintFlow
end
def m15
sink params.reject! { |v| v.match? regex } # $hasTaintFlow
sink params.reject! { |v| v.match? regex } # $ hasTaintFlow
end
def m16
sink params.to_h # $hasTaintFlow
sink params.to_h # $ hasTaintFlow
end
def m17
sink params.to_hash # $hasTaintFlow
sink params.to_hash # $ hasTaintFlow
end
def m18
sink params.to_query # $hasTaintFlow
sink params.to_query # $ hasTaintFlow
end
def m19
sink params.to_param # $hasTaintFlow
sink params.to_param # $ hasTaintFlow
end
def m20
sink params.to_unsafe_h # $hasTaintFlow
sink params.to_unsafe_h # $ hasTaintFlow
end
def m21
sink params.to_unsafe_hash # $hasTaintFlow
sink params.to_unsafe_hash # $ hasTaintFlow
end
def m22
sink params.transform_keys(&:upcase) # $hasTaintFlow
sink params.transform_keys(&:upcase) # $ hasTaintFlow
end
def m23
sink params.transform_keys!(&:upcase) # $hasTaintFlow
sink params.transform_keys!(&:upcase) # $ hasTaintFlow
end
def m24
sink params.transform_values(&:upcase) # $hasTaintFlow
sink params.transform_values(&:upcase) # $ hasTaintFlow
end
def m25
sink params.transform_values!(&:upcase) # $hasTaintFlow
sink params.transform_values!(&:upcase) # $ hasTaintFlow
end
def m26
sink params.values_at(:a, :b) # $hasTaintFlow
sink params.values_at(:a, :b) # $ hasTaintFlow
end
def m27
sink params.merge({a: 1}) # $hasTaintFlow
sink {a: 1}.merge(params) # $hasTaintFlow
sink params.merge({a: 1}) # $ hasTaintFlow
sink {a: 1}.merge(params) # $ hasTaintFlow
end
def m28
sink params.reverse_merge({a: 1}) # $hasTaintFlow
sink {a: 1}.reverse_merge(params) # $hasTaintFlow
sink params.reverse_merge({a: 1}) # $ hasTaintFlow
sink {a: 1}.reverse_merge(params) # $ hasTaintFlow
end
def m29
sink params.with_defaults({a: 1, b: 2}) # $hasTaintFlow
sink {a: 1}.with_defaults(params) # $hasTaintFlow
sink params.with_defaults({a: 1, b: 2}) # $ hasTaintFlow
sink {a: 1}.with_defaults(params) # $ hasTaintFlow
end
def m30
sink params.merge!({a: 1}) # $hasTaintFlow
sink {a: 1}.merge!(params) # $hasTaintFlow
sink params.merge!({a: 1}) # $ hasTaintFlow
sink {a: 1}.merge!(params) # $ hasTaintFlow
p = {a: 1}
p.merge!(params)
sink p # $hasTaintFlow
sink p # $ hasTaintFlow
end
def m31
sink params.reverse_merge!({a: 1}) # $hasTaintFlow
sink {a: 1}.reverse_merge!(params) # $hasTaintFlow
sink params.reverse_merge!({a: 1}) # $ hasTaintFlow
sink {a: 1}.reverse_merge!(params) # $ hasTaintFlow
p = {a: 1}
p.reverse_merge!(params)
sink p # $hasTaintFlow
sink p # $ hasTaintFlow
end
def m32
sink params.with_defaults!({a: 1, b: 2}) # $hasTaintFlow
sink {a: 1}.with_defaults!(params) # $hasTaintFlow
sink params.with_defaults!({a: 1, b: 2}) # $ hasTaintFlow
sink {a: 1}.with_defaults!(params) # $ hasTaintFlow
p = {a: 1}
p.with_defaults!(params)
sink p # $hasTaintFlow
sink p # $ hasTaintFlow
end
def m33
sink params.reverse_update({a: 1, b: 2}) # $hasTaintFlow
sink {a: 1}.reverse_update(params) # $hasTaintFlow
sink params.reverse_update({a: 1, b: 2}) # $ hasTaintFlow
sink {a: 1}.reverse_update(params) # $ hasTaintFlow
p = {a: 1}
p.reverse_update(params)
sink p # $hasTaintFlow
sink p # $ hasTaintFlow
end
include Mixin
end
module Mixin
def m34
sink params[:x] # $hasTaintFlow
sink params[:x] # $ hasTaintFlow
end
end
class Subclass < MyController
def m35
sink params[:x] # $hasTaintFlow
sink params[:x] # $ hasTaintFlow
end
rescue_from 'Foo::Bar' do |err|
sink params[:x] # $hasTaintFlow
sink params[:x] # $ hasTaintFlow
end
end
class UploadedFileTests < MyController
def m36
sink params[:file].original_filename # $hasTaintFlow
sink params[:file].original_filename # $ hasTaintFlow
end
def m37
sink params.require(:file).content_type # $hasTaintFlow
sink params.require(:file).content_type # $ hasTaintFlow
end
def m38
sink params.permit(:file)[:file].headers # $hasTaintFlow
sink params.permit(:file)[:file].headers # $ hasTaintFlow
end
def m39
sink params[:a].to_unsafe_h[:b][:file].read # $hasTaintFlow
sink params[:a].to_unsafe_h[:b][:file].read # $ hasTaintFlow
end
def m40(a)
@@ -204,4 +204,4 @@ class UploadedFileTests < MyController
params[:file].read(nil,a)
sink a # $ hasTaintFlow
end
end
end

2
ruby/ql/test/library-tests/frameworks/action_mailer/mailer.rb
View File

@@ -1,5 +1,5 @@
class MyMailer < ActionMailer::Base
def foo
sink params[:foo] # $hasTaintFlow
sink params[:foo] # $ hasTaintFlow
end
end

116
ruby/ql/test/library-tests/frameworks/active_support/active_support.rb
View File

@@ -8,196 +8,196 @@ ActiveSupport::TaggedLogging.new(STDOUT)
def m_at
x = source "a"
sink x.at(1..3) # $hasTaintFlow=a
sink x.at(1..3) # $ hasTaintFlow=a
end
def m_camelize
x = source "a"
sink x.camelize # $hasTaintFlow=a
sink x.camelize # $ hasTaintFlow=a
end
def m_camelcase
x = source "a"
sink x.camelcase # $hasTaintFlow=a
sink x.camelcase # $ hasTaintFlow=a
end
def m_classify
x = source "a"
sink x.classify # $hasTaintFlow=a
sink x.classify # $ hasTaintFlow=a
end
def m_dasherize
x = source "a"
sink x.dasherize # $hasTaintFlow=a
sink x.dasherize # $ hasTaintFlow=a
end
def m_deconstantize
x = source "a"
sink x.deconstantize # $hasTaintFlow=a
sink x.deconstantize # $ hasTaintFlow=a
end
def m_demodulize
x = source "a"
sink x.demodulize # $hasTaintFlow=a
sink x.demodulize # $ hasTaintFlow=a
end
def first
x = source "a"
sink x.first(3) # $hasTaintFlow=a
sink x.first(3) # $ hasTaintFlow=a
end
def m_foreign_key
x = source "a"
sink x.foreign_key # $hasTaintFlow=a
sink x.foreign_key # $ hasTaintFlow=a
end
def m_from
x = source "a"
sink x.from(3) # $hasTaintFlow=a
sink x.from(3) # $ hasTaintFlow=a
end
def m_html_safe
x = source "a"
sink x.html_safe # $hasTaintFlow=a
sink x.html_safe # $ hasTaintFlow=a
end
def m_humanize
x = source "a"
sink x.humanize # $hasTaintFlow=a
sink x.humanize # $ hasTaintFlow=a
end
def m_indent
x = source "a"
sink x.indent(1) # $hasTaintFlow=a
sink x.indent(1) # $ hasTaintFlow=a
end
def m_indent!
x = source "a"
sink x.indent!(1) # $hasTaintFlow=a
sink x.indent!(1) # $ hasTaintFlow=a
end
def m_inquiry
x = source "a"
sink x.inquiry # $hasTaintFlow=a
sink x.inquiry # $ hasTaintFlow=a
end
def m_last
x = source "a"
sink x.last(1) # $hasTaintFlow=a
sink x.last(1) # $ hasTaintFlow=a
end
def m_mb_chars
x = source "a"
sink x.mb_chars # $hasTaintFlow=a
sink x.mb_chars # $ hasTaintFlow=a
end
def m_parameterize
x = source "a"
sink x.parameterize # $hasTaintFlow=a
sink x.parameterize # $ hasTaintFlow=a
end
def m_pluralize
x = source "a"
sink x.pluralize # $hasTaintFlow=a
sink x.pluralize # $ hasTaintFlow=a
end
def m_remove
x = source "a"
sink x.remove("foo") # $hasTaintFlow=a
sink x.remove("foo") # $ hasTaintFlow=a
end
def m_remove!
x = source "a"
sink x.remove!("foo") # $hasTaintFlow=a
sink x.remove!("foo") # $ hasTaintFlow=a
end
def m_singularize
x = source "a"
sink x.singularize # $hasTaintFlow=a
sink x.singularize # $ hasTaintFlow=a
end
def m_squish
x = source "a"
sink x.squish # $hasTaintFlow=a
sink x.squish # $ hasTaintFlow=a
end
def m_squish!
x = source "a"
sink x.squish! # $hasTaintFlow=a
sink x.squish! # $ hasTaintFlow=a
end
def m_strip_heredoc
x = source "a"
sink x.strip_heredoc # $hasTaintFlow=a
sink x.strip_heredoc # $ hasTaintFlow=a
end
def m_tableize
x = source "a"
sink x.tableize # $hasTaintFlow=a
sink x.tableize # $ hasTaintFlow=a
end
def m_titlecase
x = source "a"
sink x.titlecase # $hasTaintFlow=a
sink x.titlecase # $ hasTaintFlow=a
end
def m_titleize
x = source "a"
sink x.titleize # $hasTaintFlow=a
sink x.titleize # $ hasTaintFlow=a
end
def m_to
x = source "a"
sink x.to(3) # $hasTaintFlow=a
sink x.to(3) # $ hasTaintFlow=a
end
def m_truncate
x = source "a"
sink x.truncate(3) # $hasTaintFlow=a
sink x.truncate(3) # $ hasTaintFlow=a
end
def m_truncate_bytes
x = source "a"
sink x.truncate_bytes(3) # $hasTaintFlow=a
sink x.truncate_bytes(3) # $ hasTaintFlow=a
end
def m_truncate_words
x = source "a"
sink x.truncate_words(3) # $hasTaintFlow=a
sink x.truncate_words(3) # $ hasTaintFlow=a
end
def m_underscore
x = source "a"
sink x.underscore # $hasTaintFlow=a
sink x.underscore # $ hasTaintFlow=a
end
def m_upcase_first
x = source "a"
sink x.upcase_first # $hasTaintFlow=a
sink x.upcase_first # $ hasTaintFlow=a
end
def m_compact_blank
x = [source 1]
y = x.compact_blank
sink y[0] # $hasValueFlow=1
sink y[0] # $ hasValueFlow=1
end
def m_excluding
x = [source(1), 2]
y = x.excluding 2
sink y[0] # $hasValueFlow=1
sink y[0] # $ hasValueFlow=1
end
def m_without
x = [source(1), 2]
y = x.without 2
sink y[0] # $hasValueFlow=1
sink y[0] # $ hasValueFlow=1
end
def m_in_order_of
x = [source(1), 2]
y = x.in_order_of(:itself, [2,1])
sink y[0] # $hasValueFlow=1
sink y[0] # $ hasValueFlow=1
end
def m_including
@@ -214,21 +214,21 @@ end
def m_safe_buffer_new
x = source "a"
y = ActionView::SafeBuffer.new(x)
sink y # $hasTaintFlow=a
sink y # $ hasTaintFlow=a
end
def m_safe_buffer_safe_concat_retval
x = ActionView::SafeBuffer.new("a")
b = source "b"
y = x.safe_concat(b)
sink y # $hasTaintFlow=b
sink y # $ hasTaintFlow=b
end
def m_safe_buffer_safe_concat_self
x = ActionView::SafeBuffer.new("a")
b = source "b"
x.safe_concat(b)
sink x # $hasTaintFlow=b
sink x # $ hasTaintFlow=b
end
def m_safe_buffer_concat
@@ -236,7 +236,7 @@ def m_safe_buffer_concat
b = source "b"
x = ActionView::SafeBuffer.new(a)
y = x.concat(b)
sink y # $hasTaintFlow=a
sink y # $ hasTaintFlow=a
end
def m_safe_buffer_insert
@@ -244,7 +244,7 @@ def m_safe_buffer_insert
b = source "b"
x = ActionView::SafeBuffer.new(a)
y = x.insert(i, b)
sink y # $hasTaintFlow=a $hasTaintFlow=b
sink y # $ hasTaintFlow=a $hasTaintFlow=b
end
def m_safe_buffer_prepend
@@ -252,43 +252,43 @@ def m_safe_buffer_prepend
b = source "b"
x = ActionView::SafeBuffer.new(a)
y = x.prepend(b)
sink y # $hasTaintFlow=a
sink y # $ hasTaintFlow=a
end
def m_safe_buffer_to_s
a = source "a"
x = ActionView::SafeBuffer.new(a)
y = x.to_s
sink y # $hasTaintFlow=a
sink y # $ hasTaintFlow=a
end
def m_safe_buffer_to_param
a = source "a"
x = ActionView::SafeBuffer.new(a)
y = x.to_param
sink y # $hasTaintFlow=a
sink y # $ hasTaintFlow=a
end
def m_pathname_existence
a = source "a"
x = Pathname.new(a)
y = x.existence
sink y # $hasTaintFlow=a
sink y # $ hasTaintFlow=a
z = y.existence
sink z # $hasTaintFlow=a
sink z # $ hasTaintFlow=a
end
def m_presence
x = source "a"
sink x.presence # $hasValueFlow=a
sink x.presence # $ hasValueFlow=a
y = source 123
sink y.presence # $hasValueFlow=123
sink y.presence # $ hasValueFlow=123
end
def m_deep_dup
x = source "a"
sink x.deep_dup # $hasValueFlow=a
sink x.deep_dup # $ hasValueFlow=a
end
def m_try(method)
@@ -302,32 +302,32 @@ end
def m_json_escape
a = source "a"
b = json_escape a
sink b # $hasTaintFlow=a
sink b # $ hasTaintFlow=a
end
def m_json_encode
x = source "a"
sink ActiveSupport::JSON.encode(x) # $hasTaintFlow=a
sink ActiveSupport::JSON.encode(x) # $ hasTaintFlow=a
end
def m_json_decode
x = source "a"
sink ActiveSupport::JSON.decode(x) # $hasTaintFlow=a
sink ActiveSupport::JSON.decode(x) # $ hasTaintFlow=a
end
def m_json_dump
x = source "a"
sink ActiveSupport::JSON.dump(x) # $hasTaintFlow=a
sink ActiveSupport::JSON.dump(x) # $ hasTaintFlow=a
end
def m_json_load
x = source "a"
sink ActiveSupport::JSON.load(x) # $hasTaintFlow=a
sink ActiveSupport::JSON.load(x) # $ hasTaintFlow=a
end
def m_to_json
x = source "a"
y = [x]
sink x.to_json # $hasTaintFlow=a
sink y.to_json # $hasTaintFlow=a
sink x.to_json # $ hasTaintFlow=a
sink y.to_json # $ hasTaintFlow=a
end

12
ruby/ql/test/library-tests/frameworks/active_support/hash_extensions.rb
View File

@@ -1,7 +1,7 @@
def m_stringify_keys
h = { a: source("a") }
x = h.stringify_keys
sink x["a"] # $hasValueFlow=a
sink x["a"] # $ hasValueFlow=a
end
m_stringify_keys()
@@ -9,7 +9,7 @@ m_stringify_keys()
def m_to_options
h = { "a" => source("a") }
x = h.to_options
sink x[:a] # $hasValueFlow=a
sink x[:a] # $ hasValueFlow=a
end
m_to_options()
@@ -17,7 +17,7 @@ m_to_options()
def m_symbolize_keys
h = { "a" => source("a") }
x = h.symbolize_keys
sink x[:a] # $hasValueFlow=a
sink x[:a] # $ hasValueFlow=a
end
m_symbolize_keys()
@@ -25,7 +25,7 @@ m_symbolize_keys()
def m_deep_stringify_keys
h = { a: source("a") }
x = h.deep_stringify_keys
sink x["a"] # $hasValueFlow=a
sink x["a"] # $ hasValueFlow=a
end
m_deep_stringify_keys()
@@ -33,7 +33,7 @@ m_deep_stringify_keys()
def m_deep_symbolize_keys
h = { "a" => source("a") }
x = h.deep_symbolize_keys
sink x[:a] # $hasValueFlow=a
sink x[:a] # $ hasValueFlow=a
end
m_deep_symbolize_keys()
@@ -41,7 +41,7 @@ m_deep_symbolize_keys()
def m_with_indifferent_access
h = { a: source("a") }
x = h.with_indifferent_access
sink x["a"] # $hasValueFlow=a
sink x["a"] # $ hasValueFlow=a
end
m_with_indifferent_access()

2
ruby/ql/test/library-tests/frameworks/arel/arel.rb
View File

@@ -1,6 +1,6 @@
def m1
x = source 1
sink(Arel.sql(x)) # $hasTaintFlow=1
sink(Arel.sql(x)) # $ hasTaintFlow=1
end
def m2

20
ruby/ql/test/library-tests/frameworks/json/json.rb
View File

@@ -1,11 +1,11 @@
sink JSON.parse(source "a") # $hasTaintFlow=a
sink JSON.parse!(source "a") # $hasTaintFlow=a
sink JSON.load(source "a") # $hasTaintFlow=a
sink JSON.restore(source "a") # $hasTaintFlow=a
sink JSON.parse(source "a") # $ hasTaintFlow=a
sink JSON.parse!(source "a") # $ hasTaintFlow=a
sink JSON.load(source "a") # $ hasTaintFlow=a
sink JSON.restore(source "a") # $ hasTaintFlow=a
sink JSON.generate(source "a") # $hasTaintFlow=a
sink JSON.fast_generate(source "a") # $hasTaintFlow=a
sink JSON.pretty_generate(source "a") # $hasTaintFlow=a
sink JSON.dump(source "a") # $hasTaintFlow=a
sink JSON.unparse(source "a") # $hasTaintFlow=a
sink JSON.fast_unparse(source "a") # $hasTaintFlow=a
sink JSON.generate(source "a") # $ hasTaintFlow=a
sink JSON.fast_generate(source "a") # $ hasTaintFlow=a
sink JSON.pretty_generate(source "a") # $ hasTaintFlow=a
sink JSON.dump(source "a") # $ hasTaintFlow=a
sink JSON.unparse(source "a") # $ hasTaintFlow=a
sink JSON.fast_unparse(source "a") # $ hasTaintFlow=a

16
ruby/ql/test/query-tests/experimental/cwe-176/unicode_normalization.rb
View File

@@ -5,8 +5,8 @@ require 'cgi'
class UnicodeNormalizationOKController < ActionController::Base
def unicodeNormalize
unicode_input = params[:unicode_input]
normalized_nfkc = unicode_input.unicode_normalize(:nfkc) # $MISSING:result=OK
normalized_nfc = unicode_input.unicode_normalize(:nfc) # $MISSING:result=OK
normalized_nfkc = unicode_input.unicode_normalize(:nfkc) # $ MISSING:result=OK
normalized_nfc = unicode_input.unicode_normalize(:nfc) # $ MISSING:result=OK
end
end
@@ -14,8 +14,8 @@ class UnicodeNormalizationStrManipulationController < ActionController::Base
def unicodeNormalize
unicode_input = params[:unicode_input]
unicode_input_manip = unicode_input.sub(/[aeiou]/, "*")
normalized_nfkc = unicode_input_manip.unicode_normalize(:nfkc) # $result=BAD
normalized_nfc = unicode_input_manip.unicode_normalize(:nfc) # $result=BAD
normalized_nfkc = unicode_input_manip.unicode_normalize(:nfkc) # $ result=BAD
normalized_nfc = unicode_input_manip.unicode_normalize(:nfc) # $ result=BAD
end
end
@@ -23,8 +23,8 @@ class UnicodeNormalizationHtMLEscapeController < ActionController::Base
def unicodeNormalize
unicode_input = params[:unicode_input]
unicode_html_safe = html_escape(unicode_input)
normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkc) # $result=BAD
normalized_nfc = unicode_html_safe.unicode_normalize(:nfc) # $result=BAD
normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkc) # $ result=BAD
normalized_nfc = unicode_html_safe.unicode_normalize(:nfc) # $ result=BAD
end
end
@@ -32,7 +32,7 @@ class UnicodeNormalizationCGIHtMLEscapeController < ActionController::Base
def unicodeNormalize
unicode_input = params[:unicode_input]
unicode_html_safe = CGI.escapeHTML(unicode_input).html_safe
normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkd) # $result=BAD
normalized_nfc = unicode_html_safe.unicode_normalize(:nfd) # $result=BAD
normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkd) # $ result=BAD
normalized_nfc = unicode_html_safe.unicode_normalize(:nfd) # $ result=BAD
end
end

16
ruby/ql/test/query-tests/experimental/improper-memoization/improper_memoization.rb
View File

@@ -52,7 +52,7 @@ def m7(arg)
arg += 3
end
@m7
end # $result=BAD
end # $ result=BAD
# Bad: method has parameter but only one result is memoized.
def m8(arg)
@@ -60,23 +60,23 @@ def m8(arg)
long_running_method(arg)
end
@m8
end # $result=BAD
end # $ result=BAD
# Bad: method has parameter but only one result is memoized.
def m9(arg)
@m9 ||= long_running_method(arg)
end # $result=BAD
end # $ result=BAD
# Bad: method has parameter but only one result is memoized.
def m10(arg1, arg2)
@m10 ||= long_running_method(arg1, arg2)
end # $result=BAD
end # $ result=BAD
# Bad: `arg2` not used in key.
def m11(arg1, arg2)
@m11 ||= {}
@m11[arg1] ||= long_running_method(arg1, arg2)
end # $result=BAD
end # $ result=BAD
# Bad: `arg2` not used in key.
def m12(arg1, arg2)
@@ -84,7 +84,7 @@ def m12(arg1, arg2)
h1[arg1] = result(arg1, arg2)
end
@m12[arg1]
end # $result=BAD
end # $ result=BAD
# Bad: arg not used in key.
def m13(id:)
@@ -94,11 +94,11 @@ def m13(id:)
end
end
@m13
end # $result=BAD
end # $ result=BAD
# Good (FP): arg is used in key via string interpolation.
def m14(arg)
@m14 ||= {}
key = "foo/#{arg}"
@m14[key] ||= long_running_method(arg)
end
end

30
ruby/ql/test/query-tests/security/cwe-300/Gemfile
View File

@@ -1,18 +1,18 @@
source "https://rubygems.org" # GOOD
source "http://rubygems.org" # $result=BAD
source "ftp://rubygems.org" # $result=BAD
source "http://rubygems.org" # $ result=BAD
source "ftp://rubygems.org" # $ result=BAD
source "ftps://rubygems.org" # GOOD
source "unknown://rubygems.org" # GOOD
git_source(:a) { "https://github.com" } # GOOD
git_source(:b) { "http://github.com" } # $result=BAD
git_source(:c) { "ftp://github.com" } # $result=BAD
git_source(:b) { "http://github.com" } # $ result=BAD
git_source(:c) { "ftp://github.com" } # $ result=BAD
git_source(:d) { "ftps://github.com" } # GOOD
git_source(:e) { "unknown://github.com" } # GOOD
git_source(:f) { |name| "https://github.com/#{name}" } # GOOD
git_source(:g) { |name| "http://github.com/#{name}" } # $result=BAD
git_source(:h) { |name| "ftp://github.com/#{name}" } # $result=BAD
git_source(:g) { |name| "http://github.com/#{name}" } # $ result=BAD
git_source(:h) { |name| "ftp://github.com/#{name}" } # $ result=BAD
git_source(:i) { |name| "ftps://github.com/#{name}" } # GOOD
git_source(:j) { |name| "unknown://github.com/#{name}" } # GOOD
@@ -22,11 +22,11 @@ git_source(:k) do |name|
end
git_source(:l) do |name|
foo
"http://github.com/#{name}" # $result=BAD
"http://github.com/#{name}" # $ result=BAD
end
git_source(:m) do |name|
foo
"ftp://github.com/#{name}" # $result=BAD
"ftp://github.com/#{name}" # $ result=BAD
end
git_source(:n) do |name|
foo
@@ -38,19 +38,19 @@ git_source(:o) do |name|
end
gem "jwt", "1.2.3", git: "https://github.com/jwt/ruby-jwt" # GOOD
gem "jwt", "1.2.3", git: "http://github.com/jwt/ruby-jwt" # $result=BAD
gem "jwt", "1.2.3", git: "ftp://github.com/jwt/ruby-jwt" # $result=BAD
gem "jwt", "1.2.3", git: "http://github.com/jwt/ruby-jwt" # $ result=BAD
gem "jwt", "1.2.3", git: "ftp://github.com/jwt/ruby-jwt" # $ result=BAD
gem "jwt", "1.2.3", git: "ftps://github.com/jwt/ruby-jwt" # GOOD
gem "jwt", "1.2.3", git: "unknown://github.com/jwt/ruby-jwt" # GOOD
gem "jwt", "1.2.3", :git => "https://github.com/jwt/ruby-jwt" # GOOD
gem "jwt", "1.2.3", :git => "http://github.com/jwt/ruby-jwt" # $result=BAD
gem "jwt", "1.2.3", :git => "ftp://github.com/jwt/ruby-jwt" # $result=BAD
gem "jwt", "1.2.3", :git => "http://github.com/jwt/ruby-jwt" # $ result=BAD
gem "jwt", "1.2.3", :git => "ftp://github.com/jwt/ruby-jwt" # $ result=BAD
gem "jwt", "1.2.3", :git => "ftps://github.com/jwt/ruby-jwt" # GOOD
gem "jwt", "1.2.3", :git => "unknown://github.com/jwt/ruby-jwt" # GOOD
gem "jwt", "1.2.3", source: "https://rubygems.org" # GOOD
gem "jwt", "1.2.3", source: "http://rubygems.org" # $result=BAD
gem "jwt", "1.2.3", source: "ftp://rubygems.org" # $result=BAD
gem "jwt", "1.2.3", source: "http://rubygems.org" # $ result=BAD
gem "jwt", "1.2.3", source: "ftp://rubygems.org" # $ result=BAD
gem "jwt", "1.2.3", source: "ftps://rubygems.org" # GOOD
gem "jwt", "1.2.3", source: "unknown://rubygems.org" # GOOD
gem "jwt", "1.2.3", source: "unknown://rubygems.org" # GOOD

10
ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.rb
View File

@@ -1,5 +1,5 @@
def test_basic(x)
y = x #$ Alert
y = x # $ Alert
y = x + 2
return y
end
@@ -27,7 +27,7 @@ class Sup
print(x + 1)
end
end
class Sub < Sup
def m(y)
y = 3 # OK - the call to `super` sees the value of `y``
@@ -39,7 +39,7 @@ def do_twice
yield
yield
end
def get_done_twice x
do_twice do
print x
@@ -52,7 +52,7 @@ def retry_once
rescue
yield
end
def get_retried x
retry_once do
print x
@@ -63,4 +63,4 @@ def get_retried x
end
end
end
end
end

10
ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb
View File

@@ -9,7 +9,7 @@ def foo
m # reads local variable m
else
end
m.strip #$ Alert
m.strip # $ Alert
m2 # undefined local variable or method 'm2' for main (NameError)
end
@@ -31,7 +31,7 @@ def test_guards
b&.strip # OK - safe navigation
b.strip if b # OK
b.close if b && !b.closed # OK
b.blowup if b || !b.blownup #$ Alert
b.blowup if b || !b.blownup # $ Alert
if false
c = "0"
@@ -64,7 +64,7 @@ def test_loop
a = 0
else
set_a
end
end
end until a # OK
a.strip # OK - given previous until
end
@@ -73,5 +73,5 @@ def test_for
for i in ["foo", "bar"] # OK - since 0..10 cannot raise
puts i.strip
end
i.strip #$ SPURIOUS: Alert
end
i.strip # $ SPURIOUS: Alert
end