hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10060 from hvitved/ruby/pos-args-missing-flow-tests

Browse Source 
Ruby: Add tests that demonstrate missing flow through positional arguments
This commit is contained in:
Tom Hvitved
2022-08-17 10:45:25 +02:00
committed by GitHub
parent 979706903a aa93986d1a
commit 44e1ecdf94
2 changed files with 33 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ruby/ql/test/library-tests/dataflow/params/params-flow.expected
View File

@@ -36,6 +36,10 @@ edges
| params_flow.rb:41:13:41:21 | call to taint : | params_flow.rb:16:18:16:19 | p2 : |
| params_flow.rb:41:24:41:29 | ** ... [element :p1] : | params_flow.rb:16:13:16:14 | p1 : |
| params_flow.rb:41:26:41:29 | args [element :p1] : | params_flow.rb:41:24:41:29 | ** ... [element :p1] : |
| params_flow.rb:44:12:44:20 | call to taint : | params_flow.rb:9:16:9:17 | p1 : |
| params_flow.rb:49:13:49:14 | p1 : | params_flow.rb:50:10:50:11 | p1 |
| params_flow.rb:54:9:54:17 | call to taint : | params_flow.rb:49:13:49:14 | p1 : |
| params_flow.rb:57:9:57:17 | call to taint : | params_flow.rb:49:13:49:14 | p1 : |
nodes
| params_flow.rb:9:16:9:17 | p1 : | semmle.label | p1 : |
| params_flow.rb:9:20:9:21 | p2 : | semmle.label | p2 : |
@@ -80,9 +84,15 @@ nodes
| params_flow.rb:41:13:41:21 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:41:24:41:29 | ** ... [element :p1] : | semmle.label | ** ... [element :p1] : |
| params_flow.rb:41:26:41:29 | args [element :p1] : | semmle.label | args [element :p1] : |
| params_flow.rb:44:12:44:20 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:49:13:49:14 | p1 : | semmle.label | p1 : |
| params_flow.rb:50:10:50:11 | p1 | semmle.label | p1 |
| params_flow.rb:54:9:54:17 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:57:9:57:17 | call to taint : | semmle.label | call to taint : |
subpaths
#select
| params_flow.rb:10:10:10:11 | p1 | params_flow.rb:14:12:14:19 | call to taint : | params_flow.rb:10:10:10:11 | p1 | $@ | params_flow.rb:14:12:14:19 | call to taint : | call to taint : |
| params_flow.rb:10:10:10:11 | p1 | params_flow.rb:44:12:44:20 | call to taint : | params_flow.rb:10:10:10:11 | p1 | $@ | params_flow.rb:44:12:44:20 | call to taint : | call to taint : |
| params_flow.rb:11:10:11:11 | p2 | params_flow.rb:14:22:14:29 | call to taint : | params_flow.rb:11:10:11:11 | p2 | $@ | params_flow.rb:14:22:14:29 | call to taint : | call to taint : |
| params_flow.rb:17:10:17:11 | p1 | params_flow.rb:21:13:21:20 | call to taint : | params_flow.rb:17:10:17:11 | p1 | $@ | params_flow.rb:21:13:21:20 | call to taint : | call to taint : |
| params_flow.rb:17:10:17:11 | p1 | params_flow.rb:22:27:22:34 | call to taint : | params_flow.rb:17:10:17:11 | p1 | $@ | params_flow.rb:22:27:22:34 | call to taint : | call to taint : |
@@ -99,3 +109,5 @@ subpaths
| params_flow.rb:28:10:28:22 | ( ... ) | params_flow.rb:37:34:37:42 | call to taint : | params_flow.rb:28:10:28:22 | ( ... ) | $@ | params_flow.rb:37:34:37:42 | call to taint : | call to taint : |
| params_flow.rb:29:10:29:22 | ( ... ) | params_flow.rb:33:41:33:49 | call to taint : | params_flow.rb:29:10:29:22 | ( ... ) | $@ | params_flow.rb:33:41:33:49 | call to taint : | call to taint : |
| params_flow.rb:29:10:29:22 | ( ... ) | params_flow.rb:34:14:34:22 | call to taint : | params_flow.rb:29:10:29:22 | ( ... ) | $@ | params_flow.rb:34:14:34:22 | call to taint : | call to taint : |
| params_flow.rb:50:10:50:11 | p1 | params_flow.rb:54:9:54:17 | call to taint : | params_flow.rb:50:10:50:11 | p1 | $@ | params_flow.rb:54:9:54:17 | call to taint : | call to taint : |
| params_flow.rb:50:10:50:11 | p1 | params_flow.rb:57:9:57:17 | call to taint : | params_flow.rb:50:10:50:11 | p1 | $@ | params_flow.rb:57:9:57:17 | call to taint : | call to taint : |

23
ruby/ql/test/library-tests/dataflow/params/params_flow.rb
View File

@@ -7,8 +7,8 @@ def sink x
end
def positional(p1, p2)
sink p1 # $ hasValueFlow=1
sink p2 # $ hasValueFlow=2
sink p1 # $ hasValueFlow=1 $ hasValueFlow=16 $ MISSING: hasValueFlow=18
sink p2 # $ hasValueFlow=2 $ MISSING: hasValueFlow=17 $ MISSING: hasValueFlow=19
end
positional(taint(1), taint(2))
@@ -39,3 +39,22 @@ kwargs(**args)
args = {:p1 => taint(16) }
keyword(p2: taint(17), **args)
args = [taint(17)]
positional(taint(16), *args)
args = [taint(18), taint(19)]
positional(*args)
def posargs(p1, *posargs)
sink p1 # $ hasValueFlow=20 $ hasValueFlow=23 $ MISSING: hasValueFlow=24
sink (posargs[0]) # $ MISSING: hasValueFlow=21 $ MISSING: hasValueFlow=22 $ MISSING: hasValueFlow=25
end
posargs(taint(20), taint(21))
args = [taint(22)]
posargs(taint(23), *args)
args = [taint(24), taint(25)]
posargs(*args)