hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-19 05:54:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Initial merge from main

Browse Source
This commit is contained in:
Dave Bartolomeo
2024-09-15 08:55:31 -04:00
parent ae3f3d0c25 5108799224
commit 485fc04029
2602 changed files with 114048 additions and 76664 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ruby/Makefile
View File

@@ -24,7 +24,7 @@ FILES=codeql-extractor.yml\
ql/lib/ruby.dbscheme.stats\
ql/lib/ruby.dbscheme
BIN_FILES=target/release/codeql-extractor-ruby$(EXE)
BIN_FILES=../target/release/codeql-extractor-ruby$(EXE)
extractor-common:
rm -rf build
@@ -37,14 +37,14 @@ extractor-common:
tools: $(BIN_FILES)
rm -rf tools/bin
mkdir tools/bin
cp -r target/release/codeql-extractor-ruby$(EXE) tools/bin/extractor$(EXE)
cp -r ../target/release/codeql-extractor-ruby$(EXE) tools/bin/extractor$(EXE)
target/release/%$(EXE):
../target/release/%$(EXE):
cd extractor && cargo build --release
dbscheme:
cd extractor && cargo build --release
extractor/target/release/codeql-extractor-ruby generate --dbscheme ql/lib/ruby.dbscheme --library ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
../target/release/codeql-extractor-ruby generate --dbscheme ql/lib/ruby.dbscheme --library ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
codeql query format -i ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
.PHONY: extractor
@@ -62,7 +62,7 @@ extractor: $(FILES) $(BIN_FILES)
cp tools/autobuild.cmd extractor-pack/tools/autobuild.cmd
cp ql/lib/ruby.dbscheme.stats extractor-pack/ruby.dbscheme.stats
cp ql/lib/ruby.dbscheme extractor-pack/ruby.dbscheme
cp extractor/target/release/codeql-extractor-ruby$(EXE) extractor-pack/tools/$(CODEQL_PLATFORM)/extractor$(EXE)
cp ../target/release/codeql-extractor-ruby$(EXE) extractor-pack/tools/$(CODEQL_PLATFORM)/extractor$(EXE)
test: extractor dbscheme
codeql test run --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --search-path .. --consistency-queries ql/consistency-queries ql/test

2
ruby/actions/create-extractor-pack/action.yml
View File

@@ -18,7 +18,7 @@ runs:
path: |
~/.cargo/registry
~/.cargo/git
ruby/target
target
key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-ruby-qltest-cargo-${{ hashFiles('ruby/extractor/rust-toolchain.toml', 'ruby/scripts/create-extractor-pack.sh', 'ruby/extractor/**/Cargo.lock') }}
- name: Build Extractor
if: steps.cache-extractor.outputs.cache-hit != 'true'

1
ruby/extractor/.cargo/config.toml
View File

@@ -1 +0,0 @@
paths = ["../../shared/tree-sitter-extractor"]

2
ruby/extractor/BUILD.bazel
View File

@@ -1,4 +1,4 @@
load("@ruby_deps//:defs.bzl", "aliases", "all_crate_deps")
load("@tree_sitter_extractors_deps//:defs.bzl", "aliases", "all_crate_deps")
load("//misc/bazel:rust.bzl", "codeql_rust_binary")
codeql_rust_binary(

BIN
ruby/extractor/Cargo.lock generated
View File

Binary file not shown.

14
ruby/extractor/Cargo.toml
View File

@@ -1,4 +1,3 @@
[workspace]
[package]
name = "codeql-extractor-ruby"
description = "CodeQL Ruby extractor"
@@ -7,9 +6,9 @@ authors = ["GitHub"]
edition = "2021"
[dependencies]
tree-sitter = ">= 0.22.6"
tree-sitter-embedded-template = { git = "https://github.com/tree-sitter/tree-sitter-embedded-template.git", rev = "38d5004a797298dc42c85e7706c5ceac46a3f29f" }
tree-sitter-ruby = { git = "https://github.com/tree-sitter/tree-sitter-ruby.git", rev = "0ffe457fb6aabf064f173fd30ea356845cef2513" }
tree-sitter = ">= 0.23.0"
tree-sitter-embedded-template = { git = "https://github.com/tree-sitter/tree-sitter-embedded-template.git", rev = "62b0a6e45900a7dff7c37da95fec20a09968ba52" }
tree-sitter-ruby = { git = "https://github.com/tree-sitter/tree-sitter-ruby.git", rev = "a66579f70d6f50ffd81a16fc3d3358e2ac173c88" }
clap = { version = "4.2", features = ["derive"] }
tracing = "0.1"
tracing-subscriber = { version = "0.3.3", features = ["env-filter"] }
@@ -17,10 +16,5 @@ rayon = "1.5.0"
regex = "1.7.1"
encoding = "0.2"
lazy_static = "1.4.0"
# Ideally, we'd like to pull this in via a relative path.
# However, our bazel/rust tooling chokes on this, c.f. https://github.com/bazelbuild/rules_rust/issues/1525
# Therefore, we have a pretty bad hack in place instead, see README.md in the codeql-extractor-fake-crate directory.
codeql-extractor = { path = "codeql-extractor-fake-crate" }
[patch.crates-io]
tree-sitter = { git = "https://github.com/redsun82/tree-sitter.git", rev = "1f5c1112ceaa8fc6aff61d1852690407670d2a96" }
codeql-extractor = { path = "../../shared/tree-sitter-extractor" }

0
ruby/extractor/codeql-extractor-fake-crate/BUILD.bazel
View File

28
ruby/extractor/codeql-extractor-fake-crate/Cargo.toml
View File

@@ -1,28 +0,0 @@
[package]
name = "codeql-extractor"
version = "0.2.0"
edition = "2021"
authors = ["GitHub"]
[dependencies]
flate2 = "1.0"
globset = "0.4"
tree-sitter = ">= 0.22.6"
tracing = "0.1"
tracing-subscriber = { version = "0.3.3", features = ["env-filter"] }
rayon = "1.5.0"
regex = "1.7.1"
encoding = "0.2"
lazy_static = "1.4.0"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
chrono = { version = "0.4.19", features = ["serde"] }
num_cpus = "1.14.0"
[dev-dependencies]
tree-sitter-ql = { git = "https://github.com/tree-sitter/tree-sitter-ql" }
tree-sitter-json = {git = "https://github.com/tree-sitter/tree-sitter-json" }
rand = "0.8.5"
[patch.crates-io]
tree-sitter = {git = "https://github.com/redsun82/tree-sitter.git", rev = "1f5c1112ceaa8fc6aff61d1852690407670d2a96"}

7
ruby/extractor/codeql-extractor-fake-crate/README.md
View File

@@ -1,7 +0,0 @@
We're presenting a fake crate in this workspace that ensures that the correct crate dependencies from the shared tree sitter
extractor can be parsed by Bazel (which doesn't resolve path dependencies outside of the cargo workspace unfortunately).
The sync-identical-files script keeps this up-to-date.
For local development and IDEs, we override the path to `codeql-extractor` using the `.cargo/config.toml` mechanism.
Bazel doesn't actually do anything with path dependencies except to pull in their dependency tree, so we manually
specify the dependency from the ruby extractor to the shared extractor in `BUILD.bazel`.

1
ruby/extractor/codeql-extractor-fake-crate/src/lib.rs
View File

@@ -1 +0,0 @@

4
ruby/extractor/src/extractor.rs
View File

@@ -78,8 +78,8 @@ pub fn run(options: Options) -> std::io::Result<()> {
let file_list = fs::File::open(file_paths::path_from_string(&options.file_list))?;
let language = tree_sitter_ruby::language();
let erb = tree_sitter_embedded_template::language();
let language: Language = tree_sitter_ruby::LANGUAGE.into();
let erb: Language = tree_sitter_embedded_template::LANGUAGE.into();
// Look up tree-sitter kind ids now, to avoid string comparisons when scanning ERB files.
let erb_directive_id = erb.id_for_node_kind("directive", true);
let erb_output_directive_id = erb.id_for_node_kind("output_directive", true);

0
ruby/ql/integration-tests/all-platforms/diagnostics/syntax-error/bad.rb → ruby/ql/integration-tests/diagnostics/syntax-error/bad.rb
View File

0
ruby/ql/integration-tests/all-platforms/diagnostics/syntax-error/diagnostics.expected → ruby/ql/integration-tests/diagnostics/syntax-error/diagnostics.expected
View File

0
ruby/ql/integration-tests/all-platforms/diagnostics/syntax-error/test.py → ruby/ql/integration-tests/diagnostics/syntax-error/test.py
View File

0
ruby/ql/integration-tests/all-platforms/diagnostics/unknown-encoding/diagnostics.expected → ruby/ql/integration-tests/diagnostics/unknown-encoding/diagnostics.expected
View File

0
ruby/ql/integration-tests/all-platforms/diagnostics/unknown-encoding/encoding.rb → ruby/ql/integration-tests/diagnostics/unknown-encoding/encoding.rb
View File

0
ruby/ql/integration-tests/all-platforms/diagnostics/unknown-encoding/test.py → ruby/ql/integration-tests/diagnostics/unknown-encoding/test.py
View File

8
ruby/ql/lib/change-notes/2024-09-03-outdated-deprecations.md Normal file
View File

@@ -0,0 +1,8 @@
---
category: breaking
---
* Deleted the deprecated `getURL` predicate the `Http::Request` class, use `getAUrlPart` instead.
* Deleted the deprecated `getNode` predicate from the `CfgNode` class, use `getAstNode` instead.
* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration<explorationLimit>` instead.
* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`.
* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`.

8
ruby/ql/lib/codeql/ruby/Concepts.qll
View File

@@ -693,14 +693,6 @@ module Http {
class Request extends SC::Request instanceof Request::Range {
/** Gets a node which returns the body of the response */
DataFlow::Node getResponseBody() { result = super.getResponseBody() }
/**
* DEPRECATED: Use `getAUrlPart` instead.
*
* Gets a node that contributes to the URL of the request.
* Depending on the framework, a request may have multiple nodes which contribute to the URL.
*/
deprecated DataFlow::Node getURL() { result = Request::Range.super.getAUrlPart() }
}
/** Provides a class for modeling new HTTP requests. */

3
ruby/ql/lib/codeql/ruby/controlflow/ControlFlowGraph.qll
View File

@@ -40,9 +40,6 @@ class CfgNode extends CfgImpl::Node {
/** Gets the file of this control flow node. */
final File getFile() { result = this.getLocation().getFile() }
/** DEPRECATED: Use `getAstNode` instead. */
deprecated AstNode getNode() { result = this.getAstNode() }
/** Gets a successor node of a given type, if any. */
final CfgNode getASuccessor(SuccessorType t) { result = super.getASuccessor(t) }

62
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
View File

@@ -563,7 +563,11 @@ private module Cached {
THashSplatArgumentPosition() or
TSynthHashSplatArgumentPosition() or
TSplatArgumentPosition(int pos) { exists(Call c | c.getArgument(pos) instanceof SplatExpr) } or
TSynthSplatArgumentPosition() or
TSynthSplatArgumentPosition(int actualSplatPos) {
actualSplatPos = -1 // represents no actual splat
or
exists(Call c | c.getArgument(actualSplatPos) instanceof SplatExpr)
} or
TAnyArgumentPosition() or
TAnyKeywordArgumentPosition()
@@ -590,11 +594,15 @@ private module Cached {
THashSplatParameterPosition() or
TSynthHashSplatParameterPosition() or
TSplatParameterPosition(int pos) {
pos = 0
pos = 0 // needed for flow summaries
or
exists(Parameter p | p.getPosition() = pos and p instanceof SplatParameter)
} or
TSynthSplatParameterPosition() or
TSynthSplatParameterPosition(int actualSplatPos) {
actualSplatPos = -1 // represents no actual splat
or
exists(Callable c | c.getParameter(actualSplatPos) instanceof SplatParameter)
} or
TAnyParameterPosition() or
TAnyKeywordParameterPosition()
}
@@ -1383,8 +1391,14 @@ class ParameterPosition extends TParameterPosition {
/** Holds if this position represents a splat parameter at position `n`. */
predicate isSplat(int n) { this = TSplatParameterPosition(n) }
/** Holds if this position represents a synthetic splat parameter. */
predicate isSynthSplat() { this = TSynthSplatParameterPosition() }
/**
* Holds if this position represents a synthetic splat parameter.
*
* `actualSplatPos` indicates the position of the (unique) actual splat
* parameter belonging to the same method, with `-1` representing no actual
* splat parameter.
*/
predicate isSynthSplat(int actualSplatPos) { this = TSynthSplatParameterPosition(actualSplatPos) }
/**
* Holds if this position represents any parameter, except `self` parameters. This
@@ -1419,7 +1433,11 @@ class ParameterPosition extends TParameterPosition {
or
exists(int pos | this.isSplat(pos) and result = "* (position " + pos + ")")
or
this.isSynthSplat() and result = "synthetic *"
exists(int actualSplatPos, string suffix |
this.isSynthSplat(actualSplatPos) and
result = "synthetic *" + suffix and
if actualSplatPos = -1 then suffix = "" else suffix = " (actual at " + actualSplatPos + ")"
)
}
}
@@ -1458,8 +1476,14 @@ class ArgumentPosition extends TArgumentPosition {
/** Holds if this position represents a splat argument at position `n`. */
predicate isSplat(int n) { this = TSplatArgumentPosition(n) }
/** Holds if this position represents a synthetic splat argument. */
predicate isSynthSplat() { this = TSynthSplatArgumentPosition() }
/**
* Holds if this position represents a synthetic splat argument.
*
* `actualSplatPos` indicates the position of the (unique) actual splat
* argument belonging to the same call, with `-1` representing no actual
* splat argument.
*/
predicate isSynthSplat(int actualSplatPos) { this = TSynthSplatArgumentPosition(actualSplatPos) }
/** Gets a textual representation of this position. */
string toString() {
@@ -1483,7 +1507,11 @@ class ArgumentPosition extends TArgumentPosition {
or
exists(int pos | this.isSplat(pos) and result = "* (position " + pos + ")")
or
this.isSynthSplat() and result = "synthetic *"
exists(int actualSplatPos, string suffix |
this.isSynthSplat(actualSplatPos) and
result = "synthetic *" + suffix and
if actualSplatPos = -1 then suffix = "" else suffix = " (actual at " + actualSplatPos + ")"
)
}
}
@@ -1517,19 +1545,29 @@ predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos) {
exists(string name | ppos.isKeyword(name) and apos.isKeyword(name))
or
(ppos.isHashSplat() or ppos.isSynthHashSplat()) and
(apos.isHashSplat() or apos.isSynthHashSplat())
(apos.isHashSplat() or apos.isSynthHashSplat()) and
// prevent synthetic hash-splat parameters from matching synthetic hash-splat
// arguments when direct keyword matching is possible
not (ppos.isSynthHashSplat() and apos.isSynthHashSplat())
or
exists(int pos |
(
ppos.isSplat(pos)
or
ppos.isSynthSplat() and pos = 0
ppos.isSynthSplat(_) and
pos = 0
) and
(
apos.isSplat(pos)
or
apos.isSynthSplat() and pos = 0
apos.isSynthSplat(_) and pos = 0
)
) and
// prevent synthetic splat parameters from matching synthetic splat arguments
// when direct positional matching is possible
not exists(int actualSplatPos |
ppos.isSynthSplat(actualSplatPos) and
apos.isSynthSplat(actualSplatPos)
)
or
ppos.isAny() and argumentPositionIsNotSelf(apos)

8
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll
View File

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
*/
predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
/**
* DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
*
* Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
* measured in approximate number of interprocedural steps.
*/
deprecated int explorationLimit() { none() }
/**
* Holds if hidden nodes should be included in the data flow graph.
*

8
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll
View File

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
*/
predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
/**
* DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
*
* Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
* measured in approximate number of interprocedural steps.
*/
deprecated int explorationLimit() { none() }
/**
* Holds if hidden nodes should be included in the data flow graph.
*

172
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll
View File

@@ -195,7 +195,9 @@ private class Argument extends CfgNodes::ExprCfgNode {
not this.getExpr().(Pair).getKey().getConstantValue().isSymbol(_) and
not this.getExpr() instanceof HashSplatExpr and
not this.getExpr() instanceof SplatExpr and
arg.isPositional(i)
arg.isPositional(i) and
// There are no splat arguments before the positional argument
not splatArgumentAt(call, any(int j | j < i))
)
or
exists(CfgNodes::ExprNodes::PairCfgNode p |
@@ -217,7 +219,9 @@ private class Argument extends CfgNodes::ExprCfgNode {
exists(int pos |
this = call.getArgument(pos) and
this.getExpr() instanceof SplatExpr and
arg.isSplat(pos)
arg.isSplat(pos) and
// There are no earlier splat arguments
not splatArgumentAt(call, any(int j | j < pos))
)
or
this = call.getAnArgument() and
@@ -432,7 +436,7 @@ private predicate splatParameterAt(Callable c, int pos) {
}
private predicate splatArgumentAt(CfgNodes::ExprNodes::CallCfgNode c, int pos) {
exists(Argument arg, ArgumentPosition apos | arg.isArgumentOf(c, apos) and apos.isSplat(pos))
c.getArgument(pos).getExpr() instanceof SplatExpr
}
/** A collection of cached types and predicates to be evaluated in the same stage. */
@@ -661,8 +665,8 @@ private module Cached {
name = [input, output].regexpFind("(?<=(^|\\.)Field\\[)[^\\]]+(?=\\])", _, _).trim()
)
} or
TSplatContent(int i, Boolean shifted) { i in [0 .. 10] } or
THashSplatContent(ConstantValue::ConstantSymbolValue cv) or
deprecated TSplatContent(int i, Boolean shifted) { i in [0 .. 10] } or
deprecated THashSplatContent(ConstantValue::ConstantSymbolValue cv) or
TCapturedVariableContent(VariableCapture::CapturedVariable v) or
// Only used by type-tracking
TAttributeName(string name) { name = any(SetterMethodCall c).getTargetName() }
@@ -686,29 +690,16 @@ private module Cached {
TUnknownElementContentApprox() or
TKnownIntegerElementContentApprox() or
TKnownElementContentApprox(string approx) { approx = approxKnownElementIndex(_) } or
TSplatContentApprox(Boolean shifted) or
THashSplatContentApprox(string approx) { approx = approxKnownElementIndex(_) } or
TNonElementContentApprox(Content c) { not c instanceof Content::ElementContent } or
TCapturedVariableContentApprox(VariableCapture::CapturedVariable v)
cached
newtype TDataFlowType =
TLambdaDataFlowType(Callable c) { c = any(LambdaSelfReferenceNode n).getCallable() } or
// In order to reduce the set of cons-candidates, we annotate all implicit (hash) splat
// creations with the name of the method that they are passed into. This includes
// array/hash literals as well (where the name is simply `[]`), because of how they
// are modeled (see `Array.qll` and `Hash.qll`).
TSynthHashSplatArgumentType(string methodName) {
methodName = any(SynthHashSplatArgumentNode n).getMethodName()
} or
TSynthSplatArgumentType(string methodName) {
methodName = any(SynthSplatArgumentNode n).getMethodName()
} or
TUnknownDataFlowType()
}
class TElementContent =
TKnownElementContent or TUnknownElementContent or TSplatContent or THashSplatContent;
class TElementContent = TKnownElementContent or TUnknownElementContent;
import Cached
@@ -933,7 +924,12 @@ private module ParameterNodes {
override predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) {
exists(Callable callable | callable = c.asCfgScope() |
exists(int i | pos.isPositional(i) and callable.getParameter(i) = parameter |
exists(int i |
pos.isPositional(i) and
callable.getParameter(i) = parameter and
// There are no splat parameters before the positional parameter
not splatParameterAt(callable, any(int m | m < i))
|
parameter instanceof SimpleParameter
or
parameter instanceof OptionalParameter
@@ -952,7 +948,9 @@ private module ParameterNodes {
parameter = callable.getParameter(n).(SplatParameter) and
pos.isSplat(n) and
// There are no positional parameters after the splat
not exists(SimpleParameter p, int m | m > n | p = callable.getParameter(m))
not exists(SimpleParameter p, int m | m > n | p = callable.getParameter(m)) and
// There are no earlier splat parameters
not splatParameterAt(callable, any(int m | m < n))
)
or
parameter = callable.getAParameter().(BlockParameter) and
@@ -1123,18 +1121,6 @@ private module ParameterNodes {
*
* by adding read steps out of the synthesized parameter node to the relevant
* keyword parameters.
*
* In order to avoid redundancy (and improve performance) in cases like
*
* ```rb
* foo(p1: taint(1), p2: taint(2))
* ```
*
* where direct keyword matching is possible, we use a special `HashSplatContent`
* (instead of reusing `KnownElementContent`) when we construct a synthesized hash
* splat argument (`SynthHashSplatArgumentNode`) at the call site, and then only
* add read steps out of this node for actual hash-splat arguments (which will use
* a normal `KnownElementContent`).
*/
class SynthHashSplatParameterNode extends ParameterNodeImpl, TSynthHashSplatParameterNode {
private DataFlowCallable callable;
@@ -1188,18 +1174,6 @@ private module ParameterNodes {
* by adding read steps out of the synthesized parameter node to the relevant
* positional parameters.
*
* In order to avoid redundancy (and improve performance) in cases like
*
* ```rb
* foo(a, b, c)
* ```
*
* where direct positional matching is possible, we use a special `SplatContent`
* (instead of reusing `KnownElementContent`) when we construct a synthesized
* splat argument (`SynthSplatArgumentNode`) at the call site, and then only
* add read steps out of this node for actual splat arguments (which will use
* `KnownElementContent` or `TSplatContent(_, true)`).
*
* We don't yet correctly handle cases where a positional argument follows the
* splat argument, e.g. in
*
@@ -1217,12 +1191,8 @@ private module ParameterNodes {
/** Holds if a read-step should be added into parameter `p`. */
predicate readInto(ParameterNode p, ContentSet c) {
exists(int n |
isParameterNode(p, callable, any(ParameterPosition pos | pos.isPositional(n))) and
not exists(int i | splatParameterAt(callable.asCfgScope(), i) and i < n)
isParameterNode(p, callable, any(ParameterPosition pos | pos.isPositional(n)))
|
// Important: do not include `TSplatContent(_, false)` here, as normal parameter matching is possible
c = getSplatContent(n, true)
or
c = getArrayContent(n)
or
c.isSingleton(TUnknownElementContent())
@@ -1232,7 +1202,13 @@ private module ParameterNodes {
final override Parameter getParameter() { none() }
final override predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) {
c = callable and pos.isSynthSplat()
c = callable and
exists(int actualSplat | pos.isSynthSplat(actualSplat) |
exists(TSynthSplatParameterShiftNode(c, actualSplat, _))
or
not exists(TSynthSplatParameterShiftNode(c, _, _)) and
actualSplat = -1
)
}
final override CfgScope getCfgScope() { result = callable.asCfgScope() }
@@ -1271,11 +1247,7 @@ private module ParameterNodes {
*/
predicate readFrom(SynthSplatParameterNode synthSplat, ContentSet cs) {
synthSplat.isParameterOf(callable, _) and
(
cs = getSplatContent(pos + splatPos, _)
or
cs = getArrayContent(pos + splatPos)
)
cs = getArrayContent(pos + splatPos)
}
/**
@@ -1454,24 +1426,7 @@ module ArgumentNodes {
not cv.isSymbol(_)
)
|
if call instanceof CfgNodes::ExprNodes::HashLiteralCfgNode
then
/*
* Needed for cases like
*
* ```rb
* hash = { a: taint, b: safe }
*
* def foo(a:, b:)
* sink(a)
* end
*
* foo(**hash)
* ```
*/
c.isSingleton(Content::getElementContent(cv))
else c.isSingleton(THashSplatContent(cv))
c.isSingleton(Content::getElementContent(cv))
)
}
@@ -1506,31 +1461,10 @@ module ArgumentNodes {
* `call`, into a synthetic splat argument.
*/
predicate synthSplatStore(CfgNodes::ExprNodes::CallCfgNode call, Argument arg, ContentSet c) {
exists(int n |
exists(ArgumentPosition pos |
arg.isArgumentOf(call, pos) and
pos.isPositional(n) and
not exists(int i | splatArgumentAt(call, i) and i < n)
)
|
if call instanceof CfgNodes::ExprNodes::ArrayLiteralCfgNode
then
/*
* Needed for cases like
*
* ```rb
* arr = [taint, safe]
*
* def foo(a, b)
* sink(a)
* end
*
* foo(*arr)
* ```
*/
c = getArrayContent(n)
else c = getSplatContent(n, false)
exists(int n, ArgumentPosition pos |
arg.isArgumentOf(call, pos) and
pos.isPositional(n) and
c = getArrayContent(n)
)
}
@@ -1552,7 +1486,14 @@ module ArgumentNodes {
override predicate sourceArgumentOf(CfgNodes::ExprNodes::CallCfgNode call, ArgumentPosition pos) {
call = call_ and
pos.isSynthSplat()
exists(int actualSplat | pos.isSynthSplat(actualSplat) |
any(SynthSplatArgumentShiftNode shift |
shift = TSynthSplatArgumentShiftNode(_, actualSplat, _)
).storeInto(this, _)
or
not any(SynthSplatArgumentShiftNode shift).storeInto(this, _) and
actualSplat = -1
)
}
override string toStringImpl() { result = "synthetic splat argument" }
@@ -1583,8 +1524,6 @@ module ArgumentNodes {
predicate readFrom(Node splatArg, ContentSet cs) {
splatArg.asExpr().(Argument).isArgumentOf(c, any(ArgumentPosition p | p.isSplat(splatPos))) and
(
cs = getSplatContent(n - splatPos, _)
or
cs = getArrayContent(n - splatPos)
or
n = -1 and
@@ -1599,7 +1538,7 @@ module ArgumentNodes {
predicate storeInto(SynthSplatArgumentNode synthSplat, ContentSet cs) {
synthSplat = TSynthSplatArgumentNode(c) and
(
cs = getSplatContent(n, true)
cs = getArrayContent(n)
or
n = -1 and
cs.isSingleton(TUnknownElementContent())
@@ -1813,10 +1752,6 @@ private ContentSet getArrayContent(int n) {
)
}
private ContentSet getSplatContent(int n, boolean adjusted) {
result.isSingleton(TSplatContent(n, adjusted))
}
/**
* Subset of `storeStep` that should be shared with type-tracking.
*/
@@ -1977,13 +1912,8 @@ DataFlowType getNodeType(Node n) {
result = TLambdaDataFlowType(c)
)
or
result = TSynthHashSplatArgumentType(n.(SynthHashSplatArgumentNode).getMethodName())
or
result = TSynthSplatArgumentType(n.(SynthSplatArgumentNode).getMethodName())
or
not n instanceof LambdaSelfReferenceNode and
not mustHaveLambdaType(n, _) and
not n instanceof SynthHashSplatOrSplatArgumentNode and
result = TUnknownDataFlowType()
}
@@ -2209,17 +2139,6 @@ class ContentApprox extends TContentApprox {
result = "approximated element " + approx
)
or
exists(boolean shifted, string s |
this = TSplatContentApprox(shifted) and
(if shifted = true then s = " (shifted)" else s = "") and
result = "approximated splat position" + s
)
or
exists(string s |
this = THashSplatContentApprox(s) and
result = "approximated hash-splat position " + s
)
or
exists(Content c |
this = TNonElementContentApprox(c) and
result = c.toString()
@@ -2259,13 +2178,6 @@ ContentApprox getContentApprox(Content c) {
result =
TKnownElementContentApprox(approxKnownElementIndex(c.(Content::KnownElementContent).getIndex()))
or
exists(boolean shifted |
c = TSplatContent(_, shifted) and
result = TSplatContentApprox(shifted)
)
or
result = THashSplatContentApprox(approxKnownElementIndex(c.(Content::HashSplatContent).getKey()))
or
result = TNonElementContentApprox(c)
}

23
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll
View File

@@ -586,7 +586,7 @@ module Content {
*
* we have an implicit splat argument containing `[1, 2, 3]`.
*/
class SplatContent extends ElementContent, TSplatContent {
deprecated class SplatContent extends Content, TSplatContent {
private int i;
private boolean shifted;
@@ -629,7 +629,7 @@ module Content {
*
* we have an implicit hash-splat argument containing `{:a => 1, :b => 2, :c => 3}`.
*/
class HashSplatContent extends ElementContent, THashSplatContent {
deprecated class HashSplatContent extends Content, THashSplatContent {
private ConstantValue::ConstantSymbolValue cv;
HashSplatContent() { this = THashSplatContent(cv) }
@@ -797,20 +797,13 @@ class ContentSet extends TContentSet {
private Content getAnElementReadContent() {
exists(Content::KnownElementContent c | this.isKnownOrUnknownElement(c) |
result = c or
result = TSplatContent(c.getIndex().getInt(), _) or
result = THashSplatContent(c.getIndex()) or
result = TUnknownElementContent()
)
or
exists(int lower, boolean includeUnknown |
this = TElementLowerBoundContent(lower, includeUnknown)
|
exists(int i |
result.(Content::KnownElementContent).getIndex().isInt(i) or
result = TSplatContent(i, _)
|
i >= lower
)
exists(int i | result.(Content::KnownElementContent).getIndex().isInt(i) | i >= lower)
or
includeUnknown = true and
result = TUnknownElementContent()
@@ -821,11 +814,6 @@ class ContentSet extends TContentSet {
|
type = result.(Content::KnownElementContent).getIndex().getValueType()
or
type = "int" and
result instanceof Content::SplatContent
or
type = result.(Content::HashSplatContent).getKey().getValueType()
or
includeUnknown = true and
result = TUnknownElementContent()
)
@@ -1335,11 +1323,6 @@ class CallableNode extends StmtSequenceNode {
* Gets a data flow node whose value is about to be returned by this callable.
*/
Node getAReturnNode() { result = getAReturnNode(callable) }
/**
* DEPRECATED. Use `getAReturnNode` instead.
*/
deprecated Node getAReturningNode() { result = this.getAReturnNode() }
}
/**

3
ruby/ql/lib/codeql/ruby/frameworks/Rack.qll
View File

@@ -10,7 +10,4 @@ module Rack {
import rack.internal.Request
import rack.internal.Response::Public as Response
import rack.internal.Utils
/** DEPRECATED: Alias for App::AppCandidate */
deprecated class AppCandidate = App::AppCandidate;
}

25
ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll
View File

@@ -39,31 +39,6 @@ private RP::PotentialResponseNode trackRackResponse(PotentialRequestHandler call
* Provides modeling for Rack applications.
*/
module App {
/**
* DEPRECATED: Use `RequestHandler` instead.
* A class that may be a rack application.
* This is a class that has a `call` method that takes a single argument
* (traditionally called `env`) and returns a rack-compatible response.
*/
deprecated class AppCandidate extends DataFlow::ClassNode {
private RequestHandler call;
private RP::PotentialResponseNode resp;
AppCandidate() {
call = this.getInstanceMethod("call") and
call.getNumberOfParameters() = 1 and
resp = trackRackResponse(call)
}
/**
* Gets the environment of the request, which is the lone parameter to the `call` method.
*/
DataFlow::ParameterNode getEnv() { result = call.getParameter(0) }
/** Gets the response returned from a request to this application. */
RP::PotentialResponseNode getResponse() { result = resp }
}
/**
* A callable node that looks like it implements the rack specification.
*/

22
ruby/ql/lib/codeql/ruby/security/InsecureDownloadQuery.qll
View File

@@ -10,28 +10,6 @@ private import codeql.ruby.AST
private import codeql.ruby.DataFlow
import InsecureDownloadCustomizations::InsecureDownload
/**
* A taint tracking configuration for download of sensitive file through insecure connection.
*
* DEPRECATED: Use `InsecureDownloadFlow`.
*/
deprecated class Configuration extends DataFlow::Configuration {
Configuration() { this = "InsecureDownload" }
override predicate isSource(DataFlow::Node source, DataFlow::FlowState label) {
source.(Source).getALabel() = label
}
override predicate isSink(DataFlow::Node sink, DataFlow::FlowState label) {
sink.(Sink).getALabel() = label
}
override predicate isBarrier(DataFlow::Node node) {
super.isBarrier(node) or
node instanceof Sanitizer
}
}
private module InsecureDownloadConfig implements DataFlow::StateConfigSig {
class FlowState = Label::State;

23
ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll
View File

@@ -17,29 +17,6 @@ import codeql.ruby.TaintTracking
*/
deprecated module StoredXss {
import XSS::StoredXss
/**
* DEPRECATED.
*
* A taint-tracking configuration for reasoning about Stored XSS.
*/
deprecated class Configuration extends TaintTracking::Configuration {
Configuration() { this = "StoredXss" }
override predicate isSource(DataFlow::Node source) { source instanceof Source }
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
override predicate isSanitizer(DataFlow::Node node) {
super.isSanitizer(node) or
node instanceof Sanitizer
}
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
isAdditionalXssTaintStep(node1, node2)
}
}
import TaintTracking::Global<StoredXssConfig>
}

13
ruby/ql/lib/codeql/ruby/security/internal/CleartextSources.qll
View File

@@ -289,17 +289,4 @@ module CleartextSources {
override string describe() { result = "a call to " + name }
}
/** Holds if `nodeFrom` taints `nodeTo`. */
deprecated predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
exists(string name, ElementReference ref, LocalVariable hashVar |
// from `hsh[password] = "changeme"` to a `hsh[password]` read
nodeFrom.(HashKeyWriteSensitiveSource).getName() = name and
nodeTo.asExpr().getExpr() = ref and
ref.getArgument(0).getConstantValue().getStringlikeValue() = name and
nodeFrom.(HashKeyWriteSensitiveSource).getVariable() = hashVar and
ref.getReceiver().(VariableReadAccess).getVariable() = hashVar and
nodeFrom.asExpr().getASuccessor*() = nodeTo.asExpr()
)
}
}

2
ruby/ql/test/library-tests/dataflow/api-graphs/VerifyApiGraphExpectations.expected
View File

@@ -1,2 +1,2 @@
failures
testFailures
failures

24
ruby/ql/test/library-tests/dataflow/array-flow/array-flow.expected
View File

@@ -2356,6 +2356,16 @@ edges
| array_flow.rb:1686:14:1686:14 | w | array_flow.rb:1690:10:1690:10 | w | provenance | |
| array_flow.rb:1686:18:1686:18 | a [element 2] | array_flow.rb:1686:11:1686:11 | z | provenance | |
| array_flow.rb:1686:18:1686:18 | a [element 3] | array_flow.rb:1686:14:1686:14 | w | provenance | |
| array_flow.rb:1693:10:1693:14 | *args [element 1] | array_flow.rb:1694:17:1694:20 | args [element 1] | provenance | |
| array_flow.rb:1694:16:1694:20 | * ... [element 1] | array_flow.rb:1694:5:1694:21 | call to [] [element 1] | provenance | |
| array_flow.rb:1694:17:1694:20 | args [element 1] | array_flow.rb:1694:16:1694:20 | * ... [element 1] | provenance | |
| array_flow.rb:1697:13:1697:13 | y | array_flow.rb:1699:10:1699:10 | y | provenance | |
| array_flow.rb:1704:5:1704:5 | a [element 1] | array_flow.rb:1705:11:1705:11 | a [element 1] | provenance | |
| array_flow.rb:1704:9:1704:31 | call to m141 [element 1] | array_flow.rb:1704:5:1704:5 | a [element 1] | provenance | |
| array_flow.rb:1704:17:1704:27 | call to source | array_flow.rb:1693:10:1693:14 | *args [element 1] | provenance | |
| array_flow.rb:1704:17:1704:27 | call to source | array_flow.rb:1704:9:1704:31 | call to m141 [element 1] | provenance | |
| array_flow.rb:1705:10:1705:11 | * ... [element 1] | array_flow.rb:1697:13:1697:13 | y | provenance | |
| array_flow.rb:1705:11:1705:11 | a [element 1] | array_flow.rb:1705:10:1705:11 | * ... [element 1] | provenance | |
nodes
| array_flow.rb:2:5:2:5 | a [element 0] | semmle.label | a [element 0] |
| array_flow.rb:2:9:2:20 | * ... [element 0] | semmle.label | * ... [element 0] |
@@ -4849,11 +4859,23 @@ nodes
| array_flow.rb:1686:18:1686:18 | a [element 3] | semmle.label | a [element 3] |
| array_flow.rb:1689:10:1689:10 | z | semmle.label | z |
| array_flow.rb:1690:10:1690:10 | w | semmle.label | w |
| array_flow.rb:1693:10:1693:14 | *args [element 1] | semmle.label | *args [element 1] |
| array_flow.rb:1694:5:1694:21 | call to [] [element 1] | semmle.label | call to [] [element 1] |
| array_flow.rb:1694:16:1694:20 | * ... [element 1] | semmle.label | * ... [element 1] |
| array_flow.rb:1694:17:1694:20 | args [element 1] | semmle.label | args [element 1] |
| array_flow.rb:1697:13:1697:13 | y | semmle.label | y |
| array_flow.rb:1699:10:1699:10 | y | semmle.label | y |
| array_flow.rb:1704:5:1704:5 | a [element 1] | semmle.label | a [element 1] |
| array_flow.rb:1704:9:1704:31 | call to m141 [element 1] | semmle.label | call to m141 [element 1] |
| array_flow.rb:1704:17:1704:27 | call to source | semmle.label | call to source |
| array_flow.rb:1705:10:1705:11 | * ... [element 1] | semmle.label | * ... [element 1] |
| array_flow.rb:1705:11:1705:11 | a [element 1] | semmle.label | a [element 1] |
subpaths
| array_flow.rb:251:9:251:9 | a [element 2] | array_flow.rb:251:30:251:30 | x | array_flow.rb:253:9:253:25 | call to [] [element 0] | array_flow.rb:251:9:254:7 | call to collect_concat [element] |
| array_flow.rb:507:9:507:9 | a [element 3] | array_flow.rb:507:26:507:26 | x | array_flow.rb:509:9:509:9 | x | array_flow.rb:507:9:510:7 | call to filter_map [element] |
| array_flow.rb:571:9:571:9 | a [element 2] | array_flow.rb:571:24:571:24 | x | array_flow.rb:573:9:573:25 | call to [] [element 0] | array_flow.rb:571:9:574:7 | call to flat_map [element] |
| array_flow.rb:1678:9:1678:9 | a [element 2] | array_flow.rb:1678:19:1678:19 | x | array_flow.rb:1679:9:1679:9 | x | array_flow.rb:1678:9:1680:7 | call to map [element] |
| array_flow.rb:1704:17:1704:27 | call to source | array_flow.rb:1693:10:1693:14 | *args [element 1] | array_flow.rb:1694:5:1694:21 | call to [] [element 1] | array_flow.rb:1704:9:1704:31 | call to m141 [element 1] |
testFailures
arrayLiteral
| array_flow.rb:9:9:9:25 | call to [] |
@@ -5046,6 +5068,7 @@ arrayLiteral
| array_flow.rb:1668:14:1668:41 | ...[...] |
| array_flow.rb:1677:9:1677:29 | call to [] |
| array_flow.rb:1685:9:1685:44 | call to [] |
| array_flow.rb:1694:5:1694:21 | call to [] |
#select
| array_flow.rb:3:10:3:13 | ...[...] | array_flow.rb:2:10:2:20 | call to source | array_flow.rb:3:10:3:13 | ...[...] | $@ | array_flow.rb:2:10:2:20 | call to source | call to source |
| array_flow.rb:5:10:5:13 | ...[...] | array_flow.rb:2:10:2:20 | call to source | array_flow.rb:5:10:5:13 | ...[...] | $@ | array_flow.rb:2:10:2:20 | call to source | call to source |
@@ -5749,3 +5772,4 @@ arrayLiteral
| array_flow.rb:1681:10:1681:13 | ...[...] | array_flow.rb:1677:16:1677:28 | call to source | array_flow.rb:1681:10:1681:13 | ...[...] | $@ | array_flow.rb:1677:16:1677:28 | call to source | call to source |
| array_flow.rb:1689:10:1689:10 | z | array_flow.rb:1685:16:1685:28 | call to source | array_flow.rb:1689:10:1689:10 | z | $@ | array_flow.rb:1685:16:1685:28 | call to source | call to source |
| array_flow.rb:1690:10:1690:10 | w | array_flow.rb:1685:31:1685:43 | call to source | array_flow.rb:1690:10:1690:10 | w | $@ | array_flow.rb:1685:31:1685:43 | call to source | call to source |
| array_flow.rb:1699:10:1699:10 | y | array_flow.rb:1704:17:1704:27 | call to source | array_flow.rb:1699:10:1699:10 | y | $@ | array_flow.rb:1704:17:1704:27 | call to source | call to source |

15
ruby/ql/test/library-tests/dataflow/array-flow/array_flow.rb
View File

@@ -1689,3 +1689,18 @@ def m140
sink z # $ hasValueFlow=140.1
sink w # $ hasValueFlow=140.2
end
def m141(*args)
::Array.[](*args)
end
def m142(x, y, z)
sink(x)
sink(y) # $ hasValueFlow=143
sink(z)
end
def m143
a = m141(0, source(143), 1)
m142(*a)
end

1
ruby/ql/test/library-tests/dataflow/array-flow/type-tracking-array-flow.expected
View File

@@ -64,4 +64,5 @@ testFailures
| array_flow.rb:1626:19:1626:70 | # $ hasValueFlow=136.2 $ SPURIOUS hasValueFlow=136.1 | Missing result:hasValueFlow=136.1 |
| array_flow.rb:1626:19:1626:70 | # $ hasValueFlow=136.2 $ SPURIOUS hasValueFlow=136.1 | Missing result:hasValueFlow=136.2 |
| array_flow.rb:1627:19:1627:40 | # $ hasValueFlow=136.1 | Missing result:hasValueFlow=136.1 |
| array_flow.rb:1699:13:1699:32 | # $ hasValueFlow=143 | Missing result:hasValueFlow=143 |
failures

72
ruby/ql/test/library-tests/dataflow/flow-summaries/semantics.expected
View File

@@ -78,14 +78,14 @@ edges
| semantics.rb:60:5:60:5 | a | semantics.rb:66:14:66:15 | &... | provenance | |
| semantics.rb:60:9:60:18 | call to source | semantics.rb:60:5:60:5 | a | provenance | |
| semantics.rb:60:9:60:18 | call to source | semantics.rb:60:5:60:5 | a | provenance | |
| semantics.rb:61:10:61:15 | call to s10 [splat position 0] | semantics.rb:61:10:61:15 | call to s10 | provenance | |
| semantics.rb:61:10:61:15 | call to s10 [element 0] | semantics.rb:61:10:61:15 | call to s10 | provenance | |
| semantics.rb:61:14:61:14 | a | semantics.rb:61:10:61:15 | call to s10 | provenance | |
| semantics.rb:61:14:61:14 | a | semantics.rb:61:10:61:15 | call to s10 | provenance | |
| semantics.rb:61:14:61:14 | a | semantics.rb:61:10:61:15 | call to s10 [splat position 0] | provenance | |
| semantics.rb:62:10:62:18 | call to s10 [splat position 1] | semantics.rb:62:10:62:18 | call to s10 | provenance | |
| semantics.rb:61:14:61:14 | a | semantics.rb:61:10:61:15 | call to s10 [element 0] | provenance | |
| semantics.rb:62:10:62:18 | call to s10 [element 1] | semantics.rb:62:10:62:18 | call to s10 | provenance | |
| semantics.rb:62:17:62:17 | a | semantics.rb:62:10:62:18 | call to s10 | provenance | |
| semantics.rb:62:17:62:17 | a | semantics.rb:62:10:62:18 | call to s10 | provenance | |
| semantics.rb:62:17:62:17 | a | semantics.rb:62:10:62:18 | call to s10 [splat position 1] | provenance | |
| semantics.rb:62:17:62:17 | a | semantics.rb:62:10:62:18 | call to s10 [element 1] | provenance | |
| semantics.rb:63:19:63:19 | a | semantics.rb:63:10:63:20 | call to s10 | provenance | |
| semantics.rb:63:19:63:19 | a | semantics.rb:63:10:63:20 | call to s10 | provenance | |
| semantics.rb:64:27:64:27 | a | semantics.rb:64:10:64:28 | call to s10 | provenance | |
@@ -144,14 +144,14 @@ edges
| semantics.rb:108:5:108:5 | b | semantics.rb:110:27:110:27 | b | provenance | |
| semantics.rb:108:9:108:18 | call to source | semantics.rb:108:5:108:5 | b | provenance | |
| semantics.rb:108:9:108:18 | call to source | semantics.rb:108:5:108:5 | b | provenance | |
| semantics.rb:109:10:109:28 | call to s15 [hash-splat position :foo] | semantics.rb:109:10:109:34 | ...[...] | provenance | |
| semantics.rb:109:10:109:28 | call to s15 [hash-splat position :foo] | semantics.rb:109:10:109:34 | ...[...] | provenance | |
| semantics.rb:109:19:109:19 | a | semantics.rb:109:10:109:28 | call to s15 [hash-splat position :foo] | provenance | |
| semantics.rb:109:19:109:19 | a | semantics.rb:109:10:109:28 | call to s15 [hash-splat position :foo] | provenance | |
| semantics.rb:110:10:110:28 | call to s15 [hash-splat position :bar] | semantics.rb:110:10:110:34 | ...[...] | provenance | |
| semantics.rb:110:10:110:28 | call to s15 [hash-splat position :bar] | semantics.rb:110:10:110:34 | ...[...] | provenance | |
| semantics.rb:110:27:110:27 | b | semantics.rb:110:10:110:28 | call to s15 [hash-splat position :bar] | provenance | |
| semantics.rb:110:27:110:27 | b | semantics.rb:110:10:110:28 | call to s15 [hash-splat position :bar] | provenance | |
| semantics.rb:109:10:109:28 | call to s15 [element :foo] | semantics.rb:109:10:109:34 | ...[...] | provenance | |
| semantics.rb:109:10:109:28 | call to s15 [element :foo] | semantics.rb:109:10:109:34 | ...[...] | provenance | |
| semantics.rb:109:19:109:19 | a | semantics.rb:109:10:109:28 | call to s15 [element :foo] | provenance | |
| semantics.rb:109:19:109:19 | a | semantics.rb:109:10:109:28 | call to s15 [element :foo] | provenance | |
| semantics.rb:110:10:110:28 | call to s15 [element :bar] | semantics.rb:110:10:110:34 | ...[...] | provenance | |
| semantics.rb:110:10:110:28 | call to s15 [element :bar] | semantics.rb:110:10:110:34 | ...[...] | provenance | |
| semantics.rb:110:27:110:27 | b | semantics.rb:110:10:110:28 | call to s15 [element :bar] | provenance | |
| semantics.rb:110:27:110:27 | b | semantics.rb:110:10:110:28 | call to s15 [element :bar] | provenance | |
| semantics.rb:114:5:114:5 | a | semantics.rb:116:14:116:14 | a | provenance | |
| semantics.rb:114:5:114:5 | a | semantics.rb:116:14:116:14 | a | provenance | |
| semantics.rb:114:5:114:5 | a | semantics.rb:119:17:119:17 | a | provenance | |
@@ -192,18 +192,18 @@ edges
| semantics.rb:126:5:126:5 | b | semantics.rb:129:17:129:17 | b | provenance | |
| semantics.rb:126:9:126:18 | call to source | semantics.rb:126:5:126:5 | b | provenance | |
| semantics.rb:126:9:126:18 | call to source | semantics.rb:126:5:126:5 | b | provenance | |
| semantics.rb:127:10:127:18 | call to s17 [splat position 0] | semantics.rb:127:10:127:18 | call to s17 | provenance | |
| semantics.rb:127:10:127:18 | call to s17 [splat position 1] | semantics.rb:127:10:127:18 | call to s17 | provenance | |
| semantics.rb:127:14:127:14 | a | semantics.rb:127:10:127:18 | call to s17 [splat position 0] | provenance | |
| semantics.rb:127:17:127:17 | b | semantics.rb:127:10:127:18 | call to s17 [splat position 1] | provenance | |
| semantics.rb:128:10:128:18 | call to s17 [splat position 0] | semantics.rb:128:10:128:21 | ...[...] | provenance | |
| semantics.rb:128:10:128:18 | call to s17 [splat position 0] | semantics.rb:128:10:128:21 | ...[...] | provenance | |
| semantics.rb:128:14:128:14 | a | semantics.rb:128:10:128:18 | call to s17 [splat position 0] | provenance | |
| semantics.rb:128:14:128:14 | a | semantics.rb:128:10:128:18 | call to s17 [splat position 0] | provenance | |
| semantics.rb:129:10:129:18 | call to s17 [splat position 1] | semantics.rb:129:10:129:21 | ...[...] | provenance | |
| semantics.rb:129:10:129:18 | call to s17 [splat position 1] | semantics.rb:129:10:129:21 | ...[...] | provenance | |
| semantics.rb:129:17:129:17 | b | semantics.rb:129:10:129:18 | call to s17 [splat position 1] | provenance | |
| semantics.rb:129:17:129:17 | b | semantics.rb:129:10:129:18 | call to s17 [splat position 1] | provenance | |
| semantics.rb:127:10:127:18 | call to s17 [element 0] | semantics.rb:127:10:127:18 | call to s17 | provenance | |
| semantics.rb:127:10:127:18 | call to s17 [element 1] | semantics.rb:127:10:127:18 | call to s17 | provenance | |
| semantics.rb:127:14:127:14 | a | semantics.rb:127:10:127:18 | call to s17 [element 0] | provenance | |
| semantics.rb:127:17:127:17 | b | semantics.rb:127:10:127:18 | call to s17 [element 1] | provenance | |
| semantics.rb:128:10:128:18 | call to s17 [element 0] | semantics.rb:128:10:128:21 | ...[...] | provenance | |
| semantics.rb:128:10:128:18 | call to s17 [element 0] | semantics.rb:128:10:128:21 | ...[...] | provenance | |
| semantics.rb:128:14:128:14 | a | semantics.rb:128:10:128:18 | call to s17 [element 0] | provenance | |
| semantics.rb:128:14:128:14 | a | semantics.rb:128:10:128:18 | call to s17 [element 0] | provenance | |
| semantics.rb:129:10:129:18 | call to s17 [element 1] | semantics.rb:129:10:129:21 | ...[...] | provenance | |
| semantics.rb:129:10:129:18 | call to s17 [element 1] | semantics.rb:129:10:129:21 | ...[...] | provenance | |
| semantics.rb:129:17:129:17 | b | semantics.rb:129:10:129:18 | call to s17 [element 1] | provenance | |
| semantics.rb:129:17:129:17 | b | semantics.rb:129:10:129:18 | call to s17 [element 1] | provenance | |
| semantics.rb:133:5:133:5 | a | semantics.rb:135:12:135:12 | a | provenance | |
| semantics.rb:133:5:133:5 | a | semantics.rb:135:12:135:12 | a | provenance | |
| semantics.rb:133:5:133:5 | a | semantics.rb:137:14:137:14 | a | provenance | |
@@ -1191,12 +1191,12 @@ nodes
| semantics.rb:60:9:60:18 | call to source | semmle.label | call to source |
| semantics.rb:61:10:61:15 | call to s10 | semmle.label | call to s10 |
| semantics.rb:61:10:61:15 | call to s10 | semmle.label | call to s10 |
| semantics.rb:61:10:61:15 | call to s10 [splat position 0] | semmle.label | call to s10 [splat position 0] |
| semantics.rb:61:10:61:15 | call to s10 [element 0] | semmle.label | call to s10 [element 0] |
| semantics.rb:61:14:61:14 | a | semmle.label | a |
| semantics.rb:61:14:61:14 | a | semmle.label | a |
| semantics.rb:62:10:62:18 | call to s10 | semmle.label | call to s10 |
| semantics.rb:62:10:62:18 | call to s10 | semmle.label | call to s10 |
| semantics.rb:62:10:62:18 | call to s10 [splat position 1] | semmle.label | call to s10 [splat position 1] |
| semantics.rb:62:10:62:18 | call to s10 [element 1] | semmle.label | call to s10 [element 1] |
| semantics.rb:62:17:62:17 | a | semmle.label | a |
| semantics.rb:62:17:62:17 | a | semmle.label | a |
| semantics.rb:63:10:63:20 | call to s10 | semmle.label | call to s10 |
@@ -1269,14 +1269,14 @@ nodes
| semantics.rb:108:5:108:5 | b | semmle.label | b |
| semantics.rb:108:9:108:18 | call to source | semmle.label | call to source |
| semantics.rb:108:9:108:18 | call to source | semmle.label | call to source |
| semantics.rb:109:10:109:28 | call to s15 [hash-splat position :foo] | semmle.label | call to s15 [hash-splat position :foo] |
| semantics.rb:109:10:109:28 | call to s15 [hash-splat position :foo] | semmle.label | call to s15 [hash-splat position :foo] |
| semantics.rb:109:10:109:28 | call to s15 [element :foo] | semmle.label | call to s15 [element :foo] |
| semantics.rb:109:10:109:28 | call to s15 [element :foo] | semmle.label | call to s15 [element :foo] |
| semantics.rb:109:10:109:34 | ...[...] | semmle.label | ...[...] |
| semantics.rb:109:10:109:34 | ...[...] | semmle.label | ...[...] |
| semantics.rb:109:19:109:19 | a | semmle.label | a |
| semantics.rb:109:19:109:19 | a | semmle.label | a |
| semantics.rb:110:10:110:28 | call to s15 [hash-splat position :bar] | semmle.label | call to s15 [hash-splat position :bar] |
| semantics.rb:110:10:110:28 | call to s15 [hash-splat position :bar] | semmle.label | call to s15 [hash-splat position :bar] |
| semantics.rb:110:10:110:28 | call to s15 [element :bar] | semmle.label | call to s15 [element :bar] |
| semantics.rb:110:10:110:28 | call to s15 [element :bar] | semmle.label | call to s15 [element :bar] |
| semantics.rb:110:10:110:34 | ...[...] | semmle.label | ...[...] |
| semantics.rb:110:10:110:34 | ...[...] | semmle.label | ...[...] |
| semantics.rb:110:27:110:27 | b | semmle.label | b |
@@ -1322,18 +1322,18 @@ nodes
| semantics.rb:126:9:126:18 | call to source | semmle.label | call to source |
| semantics.rb:126:9:126:18 | call to source | semmle.label | call to source |
| semantics.rb:127:10:127:18 | call to s17 | semmle.label | call to s17 |
| semantics.rb:127:10:127:18 | call to s17 [splat position 0] | semmle.label | call to s17 [splat position 0] |
| semantics.rb:127:10:127:18 | call to s17 [splat position 1] | semmle.label | call to s17 [splat position 1] |
| semantics.rb:127:10:127:18 | call to s17 [element 0] | semmle.label | call to s17 [element 0] |
| semantics.rb:127:10:127:18 | call to s17 [element 1] | semmle.label | call to s17 [element 1] |
| semantics.rb:127:14:127:14 | a | semmle.label | a |
| semantics.rb:127:17:127:17 | b | semmle.label | b |
| semantics.rb:128:10:128:18 | call to s17 [splat position 0] | semmle.label | call to s17 [splat position 0] |
| semantics.rb:128:10:128:18 | call to s17 [splat position 0] | semmle.label | call to s17 [splat position 0] |
| semantics.rb:128:10:128:18 | call to s17 [element 0] | semmle.label | call to s17 [element 0] |
| semantics.rb:128:10:128:18 | call to s17 [element 0] | semmle.label | call to s17 [element 0] |
| semantics.rb:128:10:128:21 | ...[...] | semmle.label | ...[...] |
| semantics.rb:128:10:128:21 | ...[...] | semmle.label | ...[...] |
| semantics.rb:128:14:128:14 | a | semmle.label | a |
| semantics.rb:128:14:128:14 | a | semmle.label | a |
| semantics.rb:129:10:129:18 | call to s17 [splat position 1] | semmle.label | call to s17 [splat position 1] |
| semantics.rb:129:10:129:18 | call to s17 [splat position 1] | semmle.label | call to s17 [splat position 1] |
| semantics.rb:129:10:129:18 | call to s17 [element 1] | semmle.label | call to s17 [element 1] |
| semantics.rb:129:10:129:18 | call to s17 [element 1] | semmle.label | call to s17 [element 1] |
| semantics.rb:129:10:129:21 | ...[...] | semmle.label | ...[...] |
| semantics.rb:129:10:129:21 | ...[...] | semmle.label | ...[...] |
| semantics.rb:129:17:129:17 | b | semmle.label | b |

2489
ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected
View File

File diff suppressed because it is too large Load Diff

47
ruby/ql/test/library-tests/dataflow/params/params-flow.expected
View File

@@ -15,17 +15,13 @@ edges
| params_flow.rb:25:12:25:13 | p1 | params_flow.rb:26:10:26:11 | p1 | provenance | |
| params_flow.rb:25:17:25:24 | **kwargs [element :p2] | params_flow.rb:28:11:28:16 | kwargs [element :p2] | provenance | |
| params_flow.rb:25:17:25:24 | **kwargs [element :p3] | params_flow.rb:29:11:29:16 | kwargs [element :p3] | provenance | |
| params_flow.rb:25:17:25:24 | **kwargs [hash-splat position :p2] | params_flow.rb:28:11:28:16 | kwargs [hash-splat position :p2] | provenance | |
| params_flow.rb:25:17:25:24 | **kwargs [hash-splat position :p3] | params_flow.rb:29:11:29:16 | kwargs [hash-splat position :p3] | provenance | |
| params_flow.rb:28:11:28:16 | kwargs [element :p2] | params_flow.rb:28:11:28:21 | ...[...] | provenance | |
| params_flow.rb:28:11:28:16 | kwargs [hash-splat position :p2] | params_flow.rb:28:11:28:21 | ...[...] | provenance | |
| params_flow.rb:28:11:28:21 | ...[...] | params_flow.rb:28:10:28:22 | ( ... ) | provenance | |
| params_flow.rb:29:11:29:16 | kwargs [element :p3] | params_flow.rb:29:11:29:21 | ...[...] | provenance | |
| params_flow.rb:29:11:29:16 | kwargs [hash-splat position :p3] | params_flow.rb:29:11:29:21 | ...[...] | provenance | |
| params_flow.rb:29:11:29:21 | ...[...] | params_flow.rb:29:10:29:22 | ( ... ) | provenance | |
| params_flow.rb:33:12:33:19 | call to taint | params_flow.rb:25:12:25:13 | p1 | provenance | |
| params_flow.rb:33:26:33:34 | call to taint | params_flow.rb:25:17:25:24 | **kwargs [hash-splat position :p2] | provenance | |
| params_flow.rb:33:41:33:49 | call to taint | params_flow.rb:25:17:25:24 | **kwargs [hash-splat position :p3] | provenance | |
| params_flow.rb:33:26:33:34 | call to taint | params_flow.rb:25:17:25:24 | **kwargs [element :p2] | provenance | |
| params_flow.rb:33:41:33:49 | call to taint | params_flow.rb:25:17:25:24 | **kwargs [element :p3] | provenance | |
| params_flow.rb:34:1:34:4 | args [element :p3] | params_flow.rb:35:25:35:28 | args [element :p3] | provenance | |
| params_flow.rb:34:8:34:32 | call to [] [element :p3] | params_flow.rb:34:1:34:4 | args [element :p3] | provenance | |
| params_flow.rb:34:14:34:22 | call to taint | params_flow.rb:34:8:34:32 | call to [] [element :p3] | provenance | |
@@ -66,8 +62,6 @@ edges
| params_flow.rb:47:13:47:16 | args [element 1] | params_flow.rb:47:12:47:16 | * ... [element 1] | provenance | |
| params_flow.rb:49:13:49:14 | p1 | params_flow.rb:50:10:50:11 | p1 | provenance | |
| params_flow.rb:49:17:49:24 | *posargs [element 0] | params_flow.rb:51:11:51:17 | posargs [element 0] | provenance | |
| params_flow.rb:49:17:49:24 | *posargs [element 0] | params_flow.rb:51:11:51:17 | posargs [element 0] | provenance | |
| params_flow.rb:51:11:51:17 | posargs [element 0] | params_flow.rb:51:11:51:20 | ...[...] | provenance | |
| params_flow.rb:51:11:51:17 | posargs [element 0] | params_flow.rb:51:11:51:20 | ...[...] | provenance | |
| params_flow.rb:51:11:51:20 | ...[...] | params_flow.rb:51:10:51:21 | ( ... ) | provenance | |
| params_flow.rb:55:9:55:17 | call to taint | params_flow.rb:49:13:49:14 | p1 | provenance | |
@@ -77,7 +71,6 @@ edges
| params_flow.rb:57:9:57:17 | call to taint | params_flow.rb:57:8:57:18 | call to [] [element 0] | provenance | |
| params_flow.rb:58:9:58:17 | call to taint | params_flow.rb:49:13:49:14 | p1 | provenance | |
| params_flow.rb:58:20:58:24 | * ... [element 0] | params_flow.rb:49:17:49:24 | *posargs [element 0] | provenance | |
| params_flow.rb:58:20:58:24 | * ... [element 0] | params_flow.rb:49:17:49:24 | *posargs [element 0] | provenance | |
| params_flow.rb:58:21:58:24 | args [element 0] | params_flow.rb:58:20:58:24 | * ... [element 0] | provenance | |
| params_flow.rb:60:1:60:4 | args [element 0] | params_flow.rb:61:10:61:13 | args [element 0] | provenance | |
| params_flow.rb:60:1:60:4 | args [element 1] | params_flow.rb:61:10:61:13 | args [element 1] | provenance | |
@@ -97,12 +90,8 @@ edges
| params_flow.rb:67:13:67:16 | args | params_flow.rb:67:12:67:16 | * ... [element 0] | provenance | |
| params_flow.rb:69:14:69:14 | x | params_flow.rb:70:10:70:10 | x | provenance | |
| params_flow.rb:69:17:69:17 | y | params_flow.rb:71:10:71:10 | y | provenance | |
| params_flow.rb:69:24:69:24 | w | params_flow.rb:74:10:74:10 | w | provenance | |
| params_flow.rb:69:27:69:27 | r | params_flow.rb:75:10:75:10 | r | provenance | |
| params_flow.rb:78:10:78:18 | call to taint | params_flow.rb:69:14:69:14 | x | provenance | |
| params_flow.rb:78:21:78:29 | call to taint | params_flow.rb:69:17:69:17 | y | provenance | |
| params_flow.rb:78:43:78:51 | call to taint | params_flow.rb:69:24:69:24 | w | provenance | |
| params_flow.rb:78:54:78:62 | call to taint | params_flow.rb:69:27:69:27 | r | provenance | |
| params_flow.rb:80:1:80:4 | args [element 0] | params_flow.rb:81:22:81:25 | args [element 0] | provenance | |
| params_flow.rb:80:8:80:51 | call to [] [element 0] | params_flow.rb:80:1:80:4 | args [element 0] | provenance | |
| params_flow.rb:80:9:80:17 | call to taint | params_flow.rb:80:8:80:51 | call to [] [element 0] | provenance | |
@@ -137,16 +126,11 @@ edges
| params_flow.rb:94:33:94:36 | args [element 1] | params_flow.rb:94:32:94:36 | * ... [element 1] | provenance | |
| params_flow.rb:94:33:94:36 | args [element 2] | params_flow.rb:94:32:94:36 | * ... [element 2] | provenance | |
| params_flow.rb:94:33:94:36 | args [element 3] | params_flow.rb:94:32:94:36 | * ... [element 3] | provenance | |
| params_flow.rb:94:39:94:47 | call to taint | params_flow.rb:83:23:83:23 | w | provenance | |
| params_flow.rb:96:10:96:18 | call to taint | params_flow.rb:69:14:69:14 | x | provenance | |
| params_flow.rb:96:21:96:29 | call to taint | params_flow.rb:69:17:69:17 | y | provenance | |
| params_flow.rb:96:68:96:76 | call to taint | params_flow.rb:69:24:69:24 | w | provenance | |
| params_flow.rb:96:79:96:87 | call to taint | params_flow.rb:69:27:69:27 | r | provenance | |
| params_flow.rb:98:19:98:19 | a | params_flow.rb:99:10:99:10 | a | provenance | |
| params_flow.rb:98:31:98:31 | b | params_flow.rb:102:10:102:10 | b | provenance | |
| params_flow.rb:105:15:105:23 | call to taint | params_flow.rb:98:19:98:19 | a | provenance | |
| params_flow.rb:106:15:106:23 | call to taint | params_flow.rb:98:19:98:19 | a | provenance | |
| params_flow.rb:106:37:106:45 | call to taint | params_flow.rb:98:31:98:31 | b | provenance | |
| params_flow.rb:108:37:108:37 | a | params_flow.rb:109:10:109:10 | a | provenance | |
| params_flow.rb:108:40:108:41 | *b [element 0] | params_flow.rb:110:10:110:10 | b [element 0] | provenance | |
| params_flow.rb:108:44:108:44 | c | params_flow.rb:111:10:111:10 | c | provenance | |
@@ -169,7 +153,6 @@ edges
| params_flow.rb:131:10:131:14 | * ... [element 1] | params_flow.rb:83:17:83:17 | u | provenance | |
| params_flow.rb:131:11:131:14 | args [element 0] | params_flow.rb:131:10:131:14 | * ... [element 0] | provenance | |
| params_flow.rb:131:11:131:14 | args [element 1] | params_flow.rb:131:10:131:14 | * ... [element 1] | provenance | |
| params_flow.rb:131:17:131:25 | call to taint | params_flow.rb:83:17:83:17 | u | provenance | |
| params_flow.rb:133:14:133:18 | *args [element 1] | params_flow.rb:134:10:134:13 | args [element 1] | provenance | |
| params_flow.rb:134:10:134:13 | args [element 1] | params_flow.rb:134:10:134:16 | ...[...] | provenance | |
| params_flow.rb:137:10:137:43 | * ... [element 1] | params_flow.rb:133:14:133:18 | *args [element 1] | provenance | |
@@ -209,16 +192,12 @@ nodes
| params_flow.rb:25:12:25:13 | p1 | semmle.label | p1 |
| params_flow.rb:25:17:25:24 | **kwargs [element :p2] | semmle.label | **kwargs [element :p2] |
| params_flow.rb:25:17:25:24 | **kwargs [element :p3] | semmle.label | **kwargs [element :p3] |
| params_flow.rb:25:17:25:24 | **kwargs [hash-splat position :p2] | semmle.label | **kwargs [hash-splat position :p2] |
| params_flow.rb:25:17:25:24 | **kwargs [hash-splat position :p3] | semmle.label | **kwargs [hash-splat position :p3] |
| params_flow.rb:26:10:26:11 | p1 | semmle.label | p1 |
| params_flow.rb:28:10:28:22 | ( ... ) | semmle.label | ( ... ) |
| params_flow.rb:28:11:28:16 | kwargs [element :p2] | semmle.label | kwargs [element :p2] |
| params_flow.rb:28:11:28:16 | kwargs [hash-splat position :p2] | semmle.label | kwargs [hash-splat position :p2] |
| params_flow.rb:28:11:28:21 | ...[...] | semmle.label | ...[...] |
| params_flow.rb:29:10:29:22 | ( ... ) | semmle.label | ( ... ) |
| params_flow.rb:29:11:29:16 | kwargs [element :p3] | semmle.label | kwargs [element :p3] |
| params_flow.rb:29:11:29:16 | kwargs [hash-splat position :p3] | semmle.label | kwargs [hash-splat position :p3] |
| params_flow.rb:29:11:29:21 | ...[...] | semmle.label | ...[...] |
| params_flow.rb:33:12:33:19 | call to taint | semmle.label | call to taint |
| params_flow.rb:33:26:33:34 | call to taint | semmle.label | call to taint |
@@ -263,11 +242,9 @@ nodes
| params_flow.rb:47:13:47:16 | args [element 1] | semmle.label | args [element 1] |
| params_flow.rb:49:13:49:14 | p1 | semmle.label | p1 |
| params_flow.rb:49:17:49:24 | *posargs [element 0] | semmle.label | *posargs [element 0] |
| params_flow.rb:49:17:49:24 | *posargs [element 0] | semmle.label | *posargs [element 0] |
| params_flow.rb:50:10:50:11 | p1 | semmle.label | p1 |
| params_flow.rb:51:10:51:21 | ( ... ) | semmle.label | ( ... ) |
| params_flow.rb:51:11:51:17 | posargs [element 0] | semmle.label | posargs [element 0] |
| params_flow.rb:51:11:51:17 | posargs [element 0] | semmle.label | posargs [element 0] |
| params_flow.rb:51:11:51:20 | ...[...] | semmle.label | ...[...] |
| params_flow.rb:55:9:55:17 | call to taint | semmle.label | call to taint |
| params_flow.rb:55:20:55:28 | call to taint | semmle.label | call to taint |
@@ -296,16 +273,10 @@ nodes
| params_flow.rb:67:13:67:16 | args | semmle.label | args |
| params_flow.rb:69:14:69:14 | x | semmle.label | x |
| params_flow.rb:69:17:69:17 | y | semmle.label | y |
| params_flow.rb:69:24:69:24 | w | semmle.label | w |
| params_flow.rb:69:27:69:27 | r | semmle.label | r |
| params_flow.rb:70:10:70:10 | x | semmle.label | x |
| params_flow.rb:71:10:71:10 | y | semmle.label | y |
| params_flow.rb:74:10:74:10 | w | semmle.label | w |
| params_flow.rb:75:10:75:10 | r | semmle.label | r |
| params_flow.rb:78:10:78:18 | call to taint | semmle.label | call to taint |
| params_flow.rb:78:21:78:29 | call to taint | semmle.label | call to taint |
| params_flow.rb:78:43:78:51 | call to taint | semmle.label | call to taint |
| params_flow.rb:78:54:78:62 | call to taint | semmle.label | call to taint |
| params_flow.rb:80:1:80:4 | args [element 0] | semmle.label | args [element 0] |
| params_flow.rb:80:8:80:51 | call to [] [element 0] | semmle.label | call to [] [element 0] |
| params_flow.rb:80:9:80:17 | call to taint | semmle.label | call to taint |
@@ -346,18 +317,12 @@ nodes
| params_flow.rb:94:33:94:36 | args [element 1] | semmle.label | args [element 1] |
| params_flow.rb:94:33:94:36 | args [element 2] | semmle.label | args [element 2] |
| params_flow.rb:94:33:94:36 | args [element 3] | semmle.label | args [element 3] |
| params_flow.rb:94:39:94:47 | call to taint | semmle.label | call to taint |
| params_flow.rb:96:10:96:18 | call to taint | semmle.label | call to taint |
| params_flow.rb:96:21:96:29 | call to taint | semmle.label | call to taint |
| params_flow.rb:96:68:96:76 | call to taint | semmle.label | call to taint |
| params_flow.rb:96:79:96:87 | call to taint | semmle.label | call to taint |
| params_flow.rb:98:19:98:19 | a | semmle.label | a |
| params_flow.rb:98:31:98:31 | b | semmle.label | b |
| params_flow.rb:99:10:99:10 | a | semmle.label | a |
| params_flow.rb:102:10:102:10 | b | semmle.label | b |
| params_flow.rb:105:15:105:23 | call to taint | semmle.label | call to taint |
| params_flow.rb:106:15:106:23 | call to taint | semmle.label | call to taint |
| params_flow.rb:106:37:106:45 | call to taint | semmle.label | call to taint |
| params_flow.rb:108:37:108:37 | a | semmle.label | a |
| params_flow.rb:108:40:108:41 | *b [element 0] | semmle.label | *b [element 0] |
| params_flow.rb:108:44:108:44 | c | semmle.label | c |
@@ -382,7 +347,6 @@ nodes
| params_flow.rb:131:10:131:14 | * ... [element 1] | semmle.label | * ... [element 1] |
| params_flow.rb:131:11:131:14 | args [element 0] | semmle.label | args [element 0] |
| params_flow.rb:131:11:131:14 | args [element 1] | semmle.label | args [element 1] |
| params_flow.rb:131:17:131:25 | call to taint | semmle.label | call to taint |
| params_flow.rb:133:14:133:18 | *args [element 1] | semmle.label | *args [element 1] |
| params_flow.rb:134:10:134:13 | args [element 1] | semmle.label | args [element 1] |
| params_flow.rb:134:10:134:16 | ...[...] | semmle.label | ...[...] |
@@ -446,23 +410,16 @@ testFailures
| params_flow.rb:71:10:71:10 | y | params_flow.rb:78:21:78:29 | call to taint | params_flow.rb:71:10:71:10 | y | $@ | params_flow.rb:78:21:78:29 | call to taint | call to taint |
| params_flow.rb:71:10:71:10 | y | params_flow.rb:80:9:80:17 | call to taint | params_flow.rb:71:10:71:10 | y | $@ | params_flow.rb:80:9:80:17 | call to taint | call to taint |
| params_flow.rb:71:10:71:10 | y | params_flow.rb:96:21:96:29 | call to taint | params_flow.rb:71:10:71:10 | y | $@ | params_flow.rb:96:21:96:29 | call to taint | call to taint |
| params_flow.rb:74:10:74:10 | w | params_flow.rb:78:43:78:51 | call to taint | params_flow.rb:74:10:74:10 | w | $@ | params_flow.rb:78:43:78:51 | call to taint | call to taint |
| params_flow.rb:74:10:74:10 | w | params_flow.rb:96:68:96:76 | call to taint | params_flow.rb:74:10:74:10 | w | $@ | params_flow.rb:96:68:96:76 | call to taint | call to taint |
| params_flow.rb:75:10:75:10 | r | params_flow.rb:78:54:78:62 | call to taint | params_flow.rb:75:10:75:10 | r | $@ | params_flow.rb:78:54:78:62 | call to taint | call to taint |
| params_flow.rb:75:10:75:10 | r | params_flow.rb:96:79:96:87 | call to taint | params_flow.rb:75:10:75:10 | r | $@ | params_flow.rb:96:79:96:87 | call to taint | call to taint |
| params_flow.rb:84:10:84:10 | t | params_flow.rb:94:10:94:18 | call to taint | params_flow.rb:84:10:84:10 | t | $@ | params_flow.rb:94:10:94:18 | call to taint | call to taint |
| params_flow.rb:84:10:84:10 | t | params_flow.rb:130:9:130:17 | call to taint | params_flow.rb:84:10:84:10 | t | $@ | params_flow.rb:130:9:130:17 | call to taint | call to taint |
| params_flow.rb:85:10:85:10 | u | params_flow.rb:94:21:94:29 | call to taint | params_flow.rb:85:10:85:10 | u | $@ | params_flow.rb:94:21:94:29 | call to taint | call to taint |
| params_flow.rb:85:10:85:10 | u | params_flow.rb:130:20:130:28 | call to taint | params_flow.rb:85:10:85:10 | u | $@ | params_flow.rb:130:20:130:28 | call to taint | call to taint |
| params_flow.rb:85:10:85:10 | u | params_flow.rb:131:17:131:25 | call to taint | params_flow.rb:85:10:85:10 | u | $@ | params_flow.rb:131:17:131:25 | call to taint | call to taint |
| params_flow.rb:86:10:86:10 | v | params_flow.rb:93:9:93:17 | call to taint | params_flow.rb:86:10:86:10 | v | $@ | params_flow.rb:93:9:93:17 | call to taint | call to taint |
| params_flow.rb:87:10:87:10 | w | params_flow.rb:93:20:93:28 | call to taint | params_flow.rb:87:10:87:10 | w | $@ | params_flow.rb:93:20:93:28 | call to taint | call to taint |
| params_flow.rb:87:10:87:10 | w | params_flow.rb:94:39:94:47 | call to taint | params_flow.rb:87:10:87:10 | w | $@ | params_flow.rb:94:39:94:47 | call to taint | call to taint |
| params_flow.rb:88:10:88:10 | x | params_flow.rb:93:31:93:39 | call to taint | params_flow.rb:88:10:88:10 | x | $@ | params_flow.rb:93:31:93:39 | call to taint | call to taint |
| params_flow.rb:89:10:89:10 | y | params_flow.rb:93:42:93:50 | call to taint | params_flow.rb:89:10:89:10 | y | $@ | params_flow.rb:93:42:93:50 | call to taint | call to taint |
| params_flow.rb:99:10:99:10 | a | params_flow.rb:105:15:105:23 | call to taint | params_flow.rb:99:10:99:10 | a | $@ | params_flow.rb:105:15:105:23 | call to taint | call to taint |
| params_flow.rb:99:10:99:10 | a | params_flow.rb:106:15:106:23 | call to taint | params_flow.rb:99:10:99:10 | a | $@ | params_flow.rb:106:15:106:23 | call to taint | call to taint |
| params_flow.rb:102:10:102:10 | b | params_flow.rb:106:37:106:45 | call to taint | params_flow.rb:102:10:102:10 | b | $@ | params_flow.rb:106:37:106:45 | call to taint | call to taint |
| params_flow.rb:109:10:109:10 | a | params_flow.rb:114:33:114:41 | call to taint | params_flow.rb:109:10:109:10 | a | $@ | params_flow.rb:114:33:114:41 | call to taint | call to taint |
| params_flow.rb:110:10:110:13 | ...[...] | params_flow.rb:114:44:114:52 | call to taint | params_flow.rb:110:10:110:13 | ...[...] | $@ | params_flow.rb:114:44:114:52 | call to taint | call to taint |
| params_flow.rb:111:10:111:10 | c | params_flow.rb:114:58:114:66 | call to taint | params_flow.rb:111:10:111:10 | c | $@ | params_flow.rb:114:58:114:66 | call to taint | call to taint |

12
ruby/ql/test/library-tests/dataflow/params/params_flow.rb
View File

@@ -69,10 +69,10 @@ splatstuff(*args)
def splatmid(x, y, *z, w, r)
sink x # $ hasValueFlow=27 $ hasValueFlow=32 $ hasValueFlow=45
sink y # $ hasValueFlow=28 $ hasValueFlow=46 $ hasValueFlow=33
sink z[0] # MISSING: $ hasValueFlow=47 $ hasValueFlow=29 $ hasValueFlow=34
sink z[0] # $ MISSING: hasValueFlow=47 $ hasValueFlow=29 $ hasValueFlow=34
sink z[1] # $ MISSING: hasValueFlow=48 $ hasValueFlow=35
sink w # $ hasValueFlow=30 $ hasValueFlow=50 $ MISSING: hasValueFlow=36
sink r # $ hasValueFlow=31 $ hasValueFlow=51 $ MISSING: hasValueFlow=37
sink w # $ MISSING: hasValueFlow=30 $ hasValueFlow=50 $ hasValueFlow=36
sink r # $ MISSING: hasValueFlow=31 $ hasValueFlow=51 $ hasValueFlow=37
end
splatmid(taint(27), taint(28), taint(29), taint(30), taint(31))
@@ -82,9 +82,9 @@ splatmid(taint(32), *args, taint(37))
def pos_many(t, u, v, w, x, y, z)
sink t # $ hasValueFlow=38 $ hasValueFlow=66
sink u # $ hasValueFlow=39 $ hasValueFlow=67 $ SPURIOUS: hasValueFlow=68
sink u # $ hasValueFlow=39 $ hasValueFlow=67
sink v # $ hasValueFlow=40
sink w # $ hasValueFlow=41 $ SPURIOUS: hasValueFlow=44
sink w # $ hasValueFlow=41
sink x # $ hasValueFlow=42
sink y # $ hasValueFlow=43
sink z # $ MISSING: hasValueFlow=44
@@ -99,7 +99,7 @@ def splatmidsmall(a, *splats, b)
sink a # $ hasValueFlow=52 $ hasValueFlow=55
sink splats[0] # $ MISSING: hasValueFlow=53
sink splats[1]
sink b # $ hasValueFlow=57 $ MISSING: hasValueFlow=54
sink b # $ MISSING: hasValueFlow=57 $ hasValueFlow=54
end
splatmidsmall(taint(52), *[taint(53), taint(54)])

101
ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected
View File

@@ -14,12 +14,12 @@ track
| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:8:9:8:14 | @field |
| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:14:5:14:13 | call to field= |
| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:15:10:15:18 | call to field |
| type_tracker.rb:2:16:2:18 | val | type tracker without call steps with content splat position 0 | type_tracker.rb:3:9:3:23 | synthetic splat argument |
| type_tracker.rb:2:16:2:18 | val | type tracker without call steps with content splat position 0 | type_tracker.rb:15:5:15:18 | synthetic splat argument |
| type_tracker.rb:2:16:2:18 | val | type tracker without call steps with content element 0 | type_tracker.rb:3:9:3:23 | synthetic splat argument |
| type_tracker.rb:2:16:2:18 | val | type tracker without call steps with content element 0 | type_tracker.rb:15:5:15:18 | synthetic splat argument |
| type_tracker.rb:3:9:3:23 | call to puts | type tracker without call steps | type_tracker.rb:3:9:3:23 | call to puts |
| type_tracker.rb:3:9:3:23 | synthetic splat argument | type tracker without call steps | type_tracker.rb:3:9:3:23 | synthetic splat argument |
| type_tracker.rb:3:14:3:23 | call to field | type tracker without call steps | type_tracker.rb:3:14:3:23 | call to field |
| type_tracker.rb:3:14:3:23 | call to field | type tracker without call steps with content splat position 0 | type_tracker.rb:3:9:3:23 | synthetic splat argument |
| type_tracker.rb:3:14:3:23 | call to field | type tracker without call steps with content element 0 | type_tracker.rb:3:9:3:23 | synthetic splat argument |
| type_tracker.rb:4:9:4:14 | @field | type tracker without call steps | type_tracker.rb:4:9:4:14 | @field |
| type_tracker.rb:7:5:9:7 | &block | type tracker without call steps | type_tracker.rb:7:5:9:7 | &block |
| type_tracker.rb:7:5:9:7 | field | type tracker without call steps | type_tracker.rb:7:5:9:7 | field |
@@ -27,8 +27,8 @@ track
| type_tracker.rb:8:9:8:14 | @field | type tracker without call steps | type_tracker.rb:3:14:3:23 | call to field |
| type_tracker.rb:8:9:8:14 | @field | type tracker without call steps | type_tracker.rb:8:9:8:14 | @field |
| type_tracker.rb:8:9:8:14 | @field | type tracker without call steps | type_tracker.rb:15:10:15:18 | call to field |
| type_tracker.rb:8:9:8:14 | @field | type tracker without call steps with content splat position 0 | type_tracker.rb:3:9:3:23 | synthetic splat argument |
| type_tracker.rb:8:9:8:14 | @field | type tracker without call steps with content splat position 0 | type_tracker.rb:15:5:15:18 | synthetic splat argument |
| type_tracker.rb:8:9:8:14 | @field | type tracker without call steps with content element 0 | type_tracker.rb:3:9:3:23 | synthetic splat argument |
| type_tracker.rb:8:9:8:14 | @field | type tracker without call steps with content element 0 | type_tracker.rb:15:5:15:18 | synthetic splat argument |
| type_tracker.rb:12:1:16:3 | &block | type tracker without call steps | type_tracker.rb:12:1:16:3 | &block |
| type_tracker.rb:12:1:16:3 | m | type tracker without call steps | type_tracker.rb:12:1:16:3 | m |
| type_tracker.rb:12:1:16:3 | self in m | type tracker without call steps | type_tracker.rb:12:1:16:3 | self in m |
@@ -40,61 +40,56 @@ track
| type_tracker.rb:14:5:14:7 | [post] var | type tracker with call steps | type_tracker.rb:7:5:9:7 | self in field |
| type_tracker.rb:14:5:14:7 | [post] var | type tracker without call steps | type_tracker.rb:14:5:14:7 | [post] var |
| type_tracker.rb:14:5:14:13 | call to field= | type tracker without call steps | type_tracker.rb:14:5:14:13 | call to field= |
| type_tracker.rb:14:5:14:13 | synthetic splat argument | type tracker with call steps | type_tracker.rb:2:5:5:7 | synthetic splat parameter |
| type_tracker.rb:14:5:14:13 | synthetic splat argument | type tracker without call steps | type_tracker.rb:14:5:14:13 | synthetic splat argument |
| type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps | type_tracker.rb:2:16:2:18 | val |
| type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps | type_tracker.rb:8:9:8:14 | @field |
| type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps with content attribute field | type_tracker.rb:7:5:9:7 | self in field |
| type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps with content splat position 0 | type_tracker.rb:2:5:5:7 | synthetic splat parameter |
| type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps | type_tracker.rb:14:5:14:13 | call to field= |
| type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps | type_tracker.rb:14:17:14:23 | "hello" |
| type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps | type_tracker.rb:15:10:15:18 | call to field |
| type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps with content attribute field | type_tracker.rb:14:5:14:7 | [post] var |
| type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps with content splat position 0 | type_tracker.rb:14:5:14:13 | synthetic splat argument |
| type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps with content splat position 0 | type_tracker.rb:15:5:15:18 | synthetic splat argument |
| type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps with content element 0 | type_tracker.rb:14:5:14:13 | synthetic splat argument |
| type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps with content element 0 | type_tracker.rb:15:5:15:18 | synthetic splat argument |
| type_tracker.rb:14:17:14:23 | __synth__0 | type tracker without call steps | type_tracker.rb:14:17:14:23 | __synth__0 |
| type_tracker.rb:15:5:15:18 | call to puts | type tracker without call steps | type_tracker.rb:15:5:15:18 | call to puts |
| type_tracker.rb:15:5:15:18 | synthetic splat argument | type tracker without call steps | type_tracker.rb:15:5:15:18 | synthetic splat argument |
| type_tracker.rb:15:10:15:18 | call to field | type tracker without call steps | type_tracker.rb:15:10:15:18 | call to field |
| type_tracker.rb:15:10:15:18 | call to field | type tracker without call steps with content splat position 0 | type_tracker.rb:15:5:15:18 | synthetic splat argument |
| type_tracker.rb:15:10:15:18 | call to field | type tracker without call steps with content element 0 | type_tracker.rb:15:5:15:18 | synthetic splat argument |
| type_tracker.rb:18:1:21:3 | &block | type tracker without call steps | type_tracker.rb:18:1:21:3 | &block |
| type_tracker.rb:18:1:21:3 | positional | type tracker without call steps | type_tracker.rb:18:1:21:3 | positional |
| type_tracker.rb:18:1:21:3 | self in positional | type tracker without call steps | type_tracker.rb:18:1:21:3 | self in positional |
| type_tracker.rb:18:1:21:3 | synthetic splat parameter | type tracker without call steps | type_tracker.rb:18:1:21:3 | synthetic splat parameter |
| type_tracker.rb:18:16:18:17 | p1 | type tracker without call steps | type_tracker.rb:18:16:18:17 | p1 |
| type_tracker.rb:18:16:18:17 | p1 | type tracker without call steps | type_tracker.rb:18:16:18:17 | p1 |
| type_tracker.rb:18:16:18:17 | p1 | type tracker without call steps with content splat position 0 | type_tracker.rb:19:5:19:11 | synthetic splat argument |
| type_tracker.rb:18:16:18:17 | p1 | type tracker without call steps with content element 0 | type_tracker.rb:19:5:19:11 | synthetic splat argument |
| type_tracker.rb:18:20:18:21 | p2 | type tracker without call steps | type_tracker.rb:18:20:18:21 | p2 |
| type_tracker.rb:18:20:18:21 | p2 | type tracker without call steps | type_tracker.rb:18:20:18:21 | p2 |
| type_tracker.rb:18:20:18:21 | p2 | type tracker without call steps with content splat position 0 | type_tracker.rb:20:5:20:11 | synthetic splat argument |
| type_tracker.rb:18:20:18:21 | p2 | type tracker without call steps with content element 0 | type_tracker.rb:20:5:20:11 | synthetic splat argument |
| type_tracker.rb:19:5:19:11 | call to puts | type tracker without call steps | type_tracker.rb:19:5:19:11 | call to puts |
| type_tracker.rb:19:5:19:11 | synthetic splat argument | type tracker without call steps | type_tracker.rb:19:5:19:11 | synthetic splat argument |
| type_tracker.rb:20:5:20:11 | call to puts | type tracker without call steps | type_tracker.rb:20:5:20:11 | call to puts |
| type_tracker.rb:20:5:20:11 | call to puts | type tracker without call steps | type_tracker.rb:23:1:23:16 | call to positional |
| type_tracker.rb:20:5:20:11 | synthetic splat argument | type tracker without call steps | type_tracker.rb:20:5:20:11 | synthetic splat argument |
| type_tracker.rb:23:1:23:16 | call to positional | type tracker without call steps | type_tracker.rb:23:1:23:16 | call to positional |
| type_tracker.rb:23:1:23:16 | synthetic splat argument | type tracker with call steps | type_tracker.rb:18:1:21:3 | synthetic splat parameter |
| type_tracker.rb:23:1:23:16 | synthetic splat argument | type tracker without call steps | type_tracker.rb:23:1:23:16 | synthetic splat argument |
| type_tracker.rb:23:12:23:12 | 1 | type tracker with call steps | type_tracker.rb:18:16:18:17 | p1 |
| type_tracker.rb:23:12:23:12 | 1 | type tracker with call steps with content splat position 0 | type_tracker.rb:18:1:21:3 | synthetic splat parameter |
| type_tracker.rb:23:12:23:12 | 1 | type tracker with call steps with content splat position 0 | type_tracker.rb:19:5:19:11 | synthetic splat argument |
| type_tracker.rb:23:12:23:12 | 1 | type tracker with call steps with content element 0 | type_tracker.rb:19:5:19:11 | synthetic splat argument |
| type_tracker.rb:23:12:23:12 | 1 | type tracker without call steps | type_tracker.rb:23:12:23:12 | 1 |
| type_tracker.rb:23:12:23:12 | 1 | type tracker without call steps with content splat position 0 | type_tracker.rb:23:1:23:16 | synthetic splat argument |
| type_tracker.rb:23:12:23:12 | 1 | type tracker without call steps with content element 0 | type_tracker.rb:23:1:23:16 | synthetic splat argument |
| type_tracker.rb:23:15:23:15 | 2 | type tracker with call steps | type_tracker.rb:18:20:18:21 | p2 |
| type_tracker.rb:23:15:23:15 | 2 | type tracker with call steps with content splat position 0 | type_tracker.rb:20:5:20:11 | synthetic splat argument |
| type_tracker.rb:23:15:23:15 | 2 | type tracker with call steps with content splat position 1 | type_tracker.rb:18:1:21:3 | synthetic splat parameter |
| type_tracker.rb:23:15:23:15 | 2 | type tracker with call steps with content element 0 | type_tracker.rb:20:5:20:11 | synthetic splat argument |
| type_tracker.rb:23:15:23:15 | 2 | type tracker without call steps | type_tracker.rb:23:15:23:15 | 2 |
| type_tracker.rb:23:15:23:15 | 2 | type tracker without call steps with content splat position 1 | type_tracker.rb:23:1:23:16 | synthetic splat argument |
| type_tracker.rb:23:15:23:15 | 2 | type tracker without call steps with content element 1 | type_tracker.rb:23:1:23:16 | synthetic splat argument |
| type_tracker.rb:25:1:28:3 | &block | type tracker without call steps | type_tracker.rb:25:1:28:3 | &block |
| type_tracker.rb:25:1:28:3 | keyword | type tracker without call steps | type_tracker.rb:25:1:28:3 | keyword |
| type_tracker.rb:25:1:28:3 | self in keyword | type tracker without call steps | type_tracker.rb:25:1:28:3 | self in keyword |
| type_tracker.rb:25:1:28:3 | synthetic hash-splat parameter | type tracker without call steps | type_tracker.rb:25:1:28:3 | synthetic hash-splat parameter |
| type_tracker.rb:25:13:25:14 | p1 | type tracker without call steps | type_tracker.rb:25:13:25:14 | p1 |
| type_tracker.rb:25:13:25:14 | p1 | type tracker without call steps | type_tracker.rb:25:13:25:14 | p1 |
| type_tracker.rb:25:13:25:14 | p1 | type tracker without call steps with content splat position 0 | type_tracker.rb:26:5:26:11 | synthetic splat argument |
| type_tracker.rb:25:13:25:14 | p1 | type tracker without call steps with content element 0 | type_tracker.rb:26:5:26:11 | synthetic splat argument |
| type_tracker.rb:25:18:25:19 | p2 | type tracker without call steps | type_tracker.rb:25:18:25:19 | p2 |
| type_tracker.rb:25:18:25:19 | p2 | type tracker without call steps | type_tracker.rb:25:18:25:19 | p2 |
| type_tracker.rb:25:18:25:19 | p2 | type tracker without call steps with content splat position 0 | type_tracker.rb:27:5:27:11 | synthetic splat argument |
| type_tracker.rb:25:18:25:19 | p2 | type tracker without call steps with content element 0 | type_tracker.rb:27:5:27:11 | synthetic splat argument |
| type_tracker.rb:26:5:26:11 | call to puts | type tracker without call steps | type_tracker.rb:26:5:26:11 | call to puts |
| type_tracker.rb:26:5:26:11 | synthetic splat argument | type tracker without call steps | type_tracker.rb:26:5:26:11 | synthetic splat argument |
| type_tracker.rb:27:5:27:11 | call to puts | type tracker without call steps | type_tracker.rb:27:5:27:11 | call to puts |
@@ -103,56 +98,47 @@ track
| type_tracker.rb:27:5:27:11 | call to puts | type tracker without call steps | type_tracker.rb:32:1:32:27 | call to keyword |
| type_tracker.rb:27:5:27:11 | synthetic splat argument | type tracker without call steps | type_tracker.rb:27:5:27:11 | synthetic splat argument |
| type_tracker.rb:30:1:30:21 | call to keyword | type tracker without call steps | type_tracker.rb:30:1:30:21 | call to keyword |
| type_tracker.rb:30:1:30:21 | synthetic hash-splat argument | type tracker with call steps | type_tracker.rb:25:1:28:3 | synthetic hash-splat parameter |
| type_tracker.rb:30:1:30:21 | synthetic hash-splat argument | type tracker without call steps | type_tracker.rb:30:1:30:21 | synthetic hash-splat argument |
| type_tracker.rb:30:9:30:10 | :p1 | type tracker without call steps | type_tracker.rb:30:9:30:10 | :p1 |
| type_tracker.rb:30:9:30:13 | Pair | type tracker without call steps | type_tracker.rb:30:9:30:13 | Pair |
| type_tracker.rb:30:13:30:13 | 3 | type tracker with call steps | type_tracker.rb:25:13:25:14 | p1 |
| type_tracker.rb:30:13:30:13 | 3 | type tracker with call steps with content hash-splat position :p1 | type_tracker.rb:25:1:28:3 | synthetic hash-splat parameter |
| type_tracker.rb:30:13:30:13 | 3 | type tracker with call steps with content splat position 0 | type_tracker.rb:26:5:26:11 | synthetic splat argument |
| type_tracker.rb:30:13:30:13 | 3 | type tracker with call steps with content element 0 | type_tracker.rb:26:5:26:11 | synthetic splat argument |
| type_tracker.rb:30:13:30:13 | 3 | type tracker without call steps | type_tracker.rb:30:13:30:13 | 3 |
| type_tracker.rb:30:13:30:13 | 3 | type tracker without call steps with content hash-splat position :p1 | type_tracker.rb:30:1:30:21 | synthetic hash-splat argument |
| type_tracker.rb:30:13:30:13 | 3 | type tracker without call steps with content element :p1 | type_tracker.rb:30:1:30:21 | synthetic hash-splat argument |
| type_tracker.rb:30:16:30:17 | :p2 | type tracker without call steps | type_tracker.rb:30:16:30:17 | :p2 |
| type_tracker.rb:30:16:30:20 | Pair | type tracker without call steps | type_tracker.rb:30:16:30:20 | Pair |
| type_tracker.rb:30:20:30:20 | 4 | type tracker with call steps | type_tracker.rb:25:18:25:19 | p2 |
| type_tracker.rb:30:20:30:20 | 4 | type tracker with call steps with content hash-splat position :p2 | type_tracker.rb:25:1:28:3 | synthetic hash-splat parameter |
| type_tracker.rb:30:20:30:20 | 4 | type tracker with call steps with content splat position 0 | type_tracker.rb:27:5:27:11 | synthetic splat argument |
| type_tracker.rb:30:20:30:20 | 4 | type tracker with call steps with content element 0 | type_tracker.rb:27:5:27:11 | synthetic splat argument |
| type_tracker.rb:30:20:30:20 | 4 | type tracker without call steps | type_tracker.rb:30:20:30:20 | 4 |
| type_tracker.rb:30:20:30:20 | 4 | type tracker without call steps with content hash-splat position :p2 | type_tracker.rb:30:1:30:21 | synthetic hash-splat argument |
| type_tracker.rb:30:20:30:20 | 4 | type tracker without call steps with content element :p2 | type_tracker.rb:30:1:30:21 | synthetic hash-splat argument |
| type_tracker.rb:31:1:31:21 | call to keyword | type tracker without call steps | type_tracker.rb:31:1:31:21 | call to keyword |
| type_tracker.rb:31:1:31:21 | synthetic hash-splat argument | type tracker with call steps | type_tracker.rb:25:1:28:3 | synthetic hash-splat parameter |
| type_tracker.rb:31:1:31:21 | synthetic hash-splat argument | type tracker without call steps | type_tracker.rb:31:1:31:21 | synthetic hash-splat argument |
| type_tracker.rb:31:9:31:10 | :p2 | type tracker without call steps | type_tracker.rb:31:9:31:10 | :p2 |
| type_tracker.rb:31:9:31:13 | Pair | type tracker without call steps | type_tracker.rb:31:9:31:13 | Pair |
| type_tracker.rb:31:13:31:13 | 5 | type tracker with call steps | type_tracker.rb:25:18:25:19 | p2 |
| type_tracker.rb:31:13:31:13 | 5 | type tracker with call steps with content hash-splat position :p2 | type_tracker.rb:25:1:28:3 | synthetic hash-splat parameter |
| type_tracker.rb:31:13:31:13 | 5 | type tracker with call steps with content splat position 0 | type_tracker.rb:27:5:27:11 | synthetic splat argument |
| type_tracker.rb:31:13:31:13 | 5 | type tracker with call steps with content element 0 | type_tracker.rb:27:5:27:11 | synthetic splat argument |
| type_tracker.rb:31:13:31:13 | 5 | type tracker without call steps | type_tracker.rb:31:13:31:13 | 5 |
| type_tracker.rb:31:13:31:13 | 5 | type tracker without call steps with content hash-splat position :p2 | type_tracker.rb:31:1:31:21 | synthetic hash-splat argument |
| type_tracker.rb:31:13:31:13 | 5 | type tracker without call steps with content element :p2 | type_tracker.rb:31:1:31:21 | synthetic hash-splat argument |
| type_tracker.rb:31:16:31:17 | :p1 | type tracker without call steps | type_tracker.rb:31:16:31:17 | :p1 |
| type_tracker.rb:31:16:31:20 | Pair | type tracker without call steps | type_tracker.rb:31:16:31:20 | Pair |
| type_tracker.rb:31:20:31:20 | 6 | type tracker with call steps | type_tracker.rb:25:13:25:14 | p1 |
| type_tracker.rb:31:20:31:20 | 6 | type tracker with call steps with content hash-splat position :p1 | type_tracker.rb:25:1:28:3 | synthetic hash-splat parameter |
| type_tracker.rb:31:20:31:20 | 6 | type tracker with call steps with content splat position 0 | type_tracker.rb:26:5:26:11 | synthetic splat argument |
| type_tracker.rb:31:20:31:20 | 6 | type tracker with call steps with content element 0 | type_tracker.rb:26:5:26:11 | synthetic splat argument |
| type_tracker.rb:31:20:31:20 | 6 | type tracker without call steps | type_tracker.rb:31:20:31:20 | 6 |
| type_tracker.rb:31:20:31:20 | 6 | type tracker without call steps with content hash-splat position :p1 | type_tracker.rb:31:1:31:21 | synthetic hash-splat argument |
| type_tracker.rb:31:20:31:20 | 6 | type tracker without call steps with content element :p1 | type_tracker.rb:31:1:31:21 | synthetic hash-splat argument |
| type_tracker.rb:32:1:32:27 | call to keyword | type tracker without call steps | type_tracker.rb:32:1:32:27 | call to keyword |
| type_tracker.rb:32:1:32:27 | synthetic hash-splat argument | type tracker with call steps | type_tracker.rb:25:1:28:3 | synthetic hash-splat parameter |
| type_tracker.rb:32:1:32:27 | synthetic hash-splat argument | type tracker without call steps | type_tracker.rb:32:1:32:27 | synthetic hash-splat argument |
| type_tracker.rb:32:9:32:11 | :p2 | type tracker without call steps | type_tracker.rb:32:9:32:11 | :p2 |
| type_tracker.rb:32:9:32:16 | Pair | type tracker without call steps | type_tracker.rb:32:9:32:16 | Pair |
| type_tracker.rb:32:16:32:16 | 7 | type tracker with call steps | type_tracker.rb:25:18:25:19 | p2 |
| type_tracker.rb:32:16:32:16 | 7 | type tracker with call steps with content hash-splat position :p2 | type_tracker.rb:25:1:28:3 | synthetic hash-splat parameter |
| type_tracker.rb:32:16:32:16 | 7 | type tracker with call steps with content splat position 0 | type_tracker.rb:27:5:27:11 | synthetic splat argument |
| type_tracker.rb:32:16:32:16 | 7 | type tracker with call steps with content element 0 | type_tracker.rb:27:5:27:11 | synthetic splat argument |
| type_tracker.rb:32:16:32:16 | 7 | type tracker without call steps | type_tracker.rb:32:16:32:16 | 7 |
| type_tracker.rb:32:16:32:16 | 7 | type tracker without call steps with content hash-splat position :p2 | type_tracker.rb:32:1:32:27 | synthetic hash-splat argument |
| type_tracker.rb:32:16:32:16 | 7 | type tracker without call steps with content element :p2 | type_tracker.rb:32:1:32:27 | synthetic hash-splat argument |
| type_tracker.rb:32:19:32:21 | :p1 | type tracker without call steps | type_tracker.rb:32:19:32:21 | :p1 |
| type_tracker.rb:32:19:32:26 | Pair | type tracker without call steps | type_tracker.rb:32:19:32:26 | Pair |
| type_tracker.rb:32:26:32:26 | 8 | type tracker with call steps | type_tracker.rb:25:13:25:14 | p1 |
| type_tracker.rb:32:26:32:26 | 8 | type tracker with call steps with content hash-splat position :p1 | type_tracker.rb:25:1:28:3 | synthetic hash-splat parameter |
| type_tracker.rb:32:26:32:26 | 8 | type tracker with call steps with content splat position 0 | type_tracker.rb:26:5:26:11 | synthetic splat argument |
| type_tracker.rb:32:26:32:26 | 8 | type tracker with call steps with content element 0 | type_tracker.rb:26:5:26:11 | synthetic splat argument |
| type_tracker.rb:32:26:32:26 | 8 | type tracker without call steps | type_tracker.rb:32:26:32:26 | 8 |
| type_tracker.rb:32:26:32:26 | 8 | type tracker without call steps with content hash-splat position :p1 | type_tracker.rb:32:1:32:27 | synthetic hash-splat argument |
| type_tracker.rb:32:26:32:26 | 8 | type tracker without call steps with content element :p1 | type_tracker.rb:32:1:32:27 | synthetic hash-splat argument |
| type_tracker.rb:34:1:53:3 | &block | type tracker without call steps | type_tracker.rb:34:1:53:3 | &block |
| type_tracker.rb:34:1:53:3 | self in throughArray | type tracker without call steps | type_tracker.rb:34:1:53:3 | self in throughArray |
| type_tracker.rb:34:1:53:3 | synthetic splat parameter | type tracker without call steps | type_tracker.rb:34:1:53:3 | synthetic splat parameter |
@@ -169,18 +155,18 @@ track
| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element 0 | type_tracker.rb:35:11:35:15 | synthetic splat argument |
| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element 0 or unknown | type_tracker.rb:43:5:43:10 | [post] array2 |
| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element 0 or unknown | type_tracker.rb:47:5:47:10 | [post] array3 |
| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content splat position 1 | type_tracker.rb:39:5:39:12 | synthetic splat argument |
| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content splat position 1 | type_tracker.rb:43:5:43:13 | synthetic splat argument |
| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content splat position 1 | type_tracker.rb:47:5:47:13 | synthetic splat argument |
| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content splat position 1 | type_tracker.rb:51:5:51:13 | synthetic splat argument |
| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element 1 | type_tracker.rb:39:5:39:12 | synthetic splat argument |
| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element 1 | type_tracker.rb:43:5:43:13 | synthetic splat argument |
| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element 1 | type_tracker.rb:47:5:47:13 | synthetic splat argument |
| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element 1 | type_tracker.rb:51:5:51:13 | synthetic splat argument |
| type_tracker.rb:34:23:34:23 | y | type tracker without call steps | type_tracker.rb:34:23:34:23 | y |
| type_tracker.rb:34:23:34:23 | y | type tracker without call steps | type_tracker.rb:34:23:34:23 | y |
| type_tracker.rb:34:23:34:23 | y | type tracker without call steps with content splat position 0 | type_tracker.rb:39:5:39:12 | synthetic splat argument |
| type_tracker.rb:34:23:34:23 | y | type tracker without call steps with content splat position 0 | type_tracker.rb:44:5:44:13 | synthetic splat argument |
| type_tracker.rb:34:23:34:23 | y | type tracker without call steps with content splat position 0 | type_tracker.rb:51:5:51:13 | synthetic splat argument |
| type_tracker.rb:34:23:34:23 | y | type tracker without call steps with content element 0 | type_tracker.rb:39:5:39:12 | synthetic splat argument |
| type_tracker.rb:34:23:34:23 | y | type tracker without call steps with content element 0 | type_tracker.rb:44:5:44:13 | synthetic splat argument |
| type_tracker.rb:34:23:34:23 | y | type tracker without call steps with content element 0 | type_tracker.rb:51:5:51:13 | synthetic splat argument |
| type_tracker.rb:34:26:34:26 | z | type tracker without call steps | type_tracker.rb:34:26:34:26 | z |
| type_tracker.rb:34:26:34:26 | z | type tracker without call steps | type_tracker.rb:34:26:34:26 | z |
| type_tracker.rb:34:26:34:26 | z | type tracker without call steps with content splat position 0 | type_tracker.rb:52:5:52:13 | synthetic splat argument |
| type_tracker.rb:34:26:34:26 | z | type tracker without call steps with content element 0 | type_tracker.rb:52:5:52:13 | synthetic splat argument |
| type_tracker.rb:35:5:35:7 | tmp | type tracker without call steps | type_tracker.rb:35:5:35:7 | tmp |
| type_tracker.rb:35:11:35:15 | Array | type tracker without call steps | type_tracker.rb:35:11:35:15 | Array |
| type_tracker.rb:35:11:35:15 | call to [] | type tracker without call steps | type_tracker.rb:35:11:35:15 | call to [] |
@@ -189,7 +175,7 @@ track
| type_tracker.rb:36:5:36:10 | ...[...] | type tracker without call steps | type_tracker.rb:36:5:36:10 | ...[...] |
| type_tracker.rb:36:5:36:10 | synthetic splat argument | type tracker without call steps | type_tracker.rb:36:5:36:10 | synthetic splat argument |
| type_tracker.rb:36:9:36:9 | 0 | type tracker without call steps | type_tracker.rb:36:9:36:9 | 0 |
| type_tracker.rb:36:9:36:9 | 0 | type tracker without call steps with content splat position 0 | type_tracker.rb:36:5:36:10 | synthetic splat argument |
| type_tracker.rb:36:9:36:9 | 0 | type tracker without call steps with content element 0 | type_tracker.rb:36:5:36:10 | synthetic splat argument |
| type_tracker.rb:38:5:38:9 | array | type tracker without call steps | type_tracker.rb:38:5:38:9 | array |
| type_tracker.rb:38:13:38:25 | Array | type tracker without call steps | type_tracker.rb:38:13:38:25 | Array |
| type_tracker.rb:38:13:38:25 | call to [] | type tracker without call steps | type_tracker.rb:38:13:38:25 | call to [] |
@@ -221,7 +207,7 @@ track
| type_tracker.rb:40:5:40:12 | ...[...] | type tracker without call steps | type_tracker.rb:40:5:40:12 | ...[...] |
| type_tracker.rb:40:5:40:12 | synthetic splat argument | type tracker without call steps | type_tracker.rb:40:5:40:12 | synthetic splat argument |
| type_tracker.rb:40:11:40:11 | 0 | type tracker without call steps | type_tracker.rb:40:11:40:11 | 0 |
| type_tracker.rb:40:11:40:11 | 0 | type tracker without call steps with content splat position 0 | type_tracker.rb:40:5:40:12 | synthetic splat argument |
| type_tracker.rb:40:11:40:11 | 0 | type tracker without call steps with content element 0 | type_tracker.rb:40:5:40:12 | synthetic splat argument |
| type_tracker.rb:42:5:42:10 | array2 | type tracker without call steps | type_tracker.rb:42:5:42:10 | array2 |
| type_tracker.rb:42:14:42:26 | Array | type tracker without call steps | type_tracker.rb:42:14:42:26 | Array |
| type_tracker.rb:42:14:42:26 | call to [] | type tracker without call steps | type_tracker.rb:42:14:42:26 | call to [] |
@@ -263,7 +249,7 @@ track
| type_tracker.rb:43:5:43:13 | call to []= | type tracker without call steps | type_tracker.rb:43:5:43:13 | call to []= |
| type_tracker.rb:43:5:43:13 | synthetic splat argument | type tracker without call steps | type_tracker.rb:43:5:43:13 | synthetic splat argument |
| type_tracker.rb:43:12:43:12 | 0 | type tracker without call steps | type_tracker.rb:43:12:43:12 | 0 |
| type_tracker.rb:43:12:43:12 | 0 | type tracker without call steps with content splat position 0 | type_tracker.rb:43:5:43:13 | synthetic splat argument |
| type_tracker.rb:43:12:43:12 | 0 | type tracker without call steps with content element 0 | type_tracker.rb:43:5:43:13 | synthetic splat argument |
| type_tracker.rb:43:17:43:19 | __synth__0 | type tracker without call steps | type_tracker.rb:43:17:43:19 | __synth__0 |
| type_tracker.rb:44:5:44:13 | ...[...] | type tracker without call steps | type_tracker.rb:44:5:44:13 | ...[...] |
| type_tracker.rb:44:5:44:13 | synthetic splat argument | type tracker without call steps | type_tracker.rb:44:5:44:13 | synthetic splat argument |
@@ -303,12 +289,12 @@ track
| type_tracker.rb:47:5:47:13 | call to []= | type tracker without call steps | type_tracker.rb:47:5:47:13 | call to []= |
| type_tracker.rb:47:5:47:13 | synthetic splat argument | type tracker without call steps | type_tracker.rb:47:5:47:13 | synthetic splat argument |
| type_tracker.rb:47:12:47:12 | 0 | type tracker without call steps | type_tracker.rb:47:12:47:12 | 0 |
| type_tracker.rb:47:12:47:12 | 0 | type tracker without call steps with content splat position 0 | type_tracker.rb:47:5:47:13 | synthetic splat argument |
| type_tracker.rb:47:12:47:12 | 0 | type tracker without call steps with content element 0 | type_tracker.rb:47:5:47:13 | synthetic splat argument |
| type_tracker.rb:47:17:47:19 | __synth__0 | type tracker without call steps | type_tracker.rb:47:17:47:19 | __synth__0 |
| type_tracker.rb:48:5:48:13 | ...[...] | type tracker without call steps | type_tracker.rb:48:5:48:13 | ...[...] |
| type_tracker.rb:48:5:48:13 | synthetic splat argument | type tracker without call steps | type_tracker.rb:48:5:48:13 | synthetic splat argument |
| type_tracker.rb:48:12:48:12 | 1 | type tracker without call steps | type_tracker.rb:48:12:48:12 | 1 |
| type_tracker.rb:48:12:48:12 | 1 | type tracker without call steps with content splat position 0 | type_tracker.rb:48:5:48:13 | synthetic splat argument |
| type_tracker.rb:48:12:48:12 | 1 | type tracker without call steps with content element 0 | type_tracker.rb:48:5:48:13 | synthetic splat argument |
| type_tracker.rb:50:5:50:10 | array4 | type tracker without call steps | type_tracker.rb:50:5:50:10 | array4 |
| type_tracker.rb:50:14:50:26 | Array | type tracker without call steps | type_tracker.rb:50:14:50:26 | Array |
| type_tracker.rb:50:14:50:26 | call to [] | type tracker without call steps | type_tracker.rb:50:14:50:26 | call to [] |
@@ -419,7 +405,6 @@ trackEnd
| type_tracker.rb:14:5:14:7 | [post] var | type_tracker.rb:14:5:14:7 | [post] var |
| type_tracker.rb:14:5:14:7 | [post] var | type_tracker.rb:15:10:15:12 | var |
| type_tracker.rb:14:5:14:13 | call to field= | type_tracker.rb:14:5:14:13 | call to field= |
| type_tracker.rb:14:5:14:13 | synthetic splat argument | type_tracker.rb:2:5:5:7 | synthetic splat parameter |
| type_tracker.rb:14:5:14:13 | synthetic splat argument | type_tracker.rb:14:5:14:13 | synthetic splat argument |
| type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:2:16:2:18 | val |
| type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:2:16:2:18 | val |
@@ -458,7 +443,6 @@ trackEnd
| type_tracker.rb:20:5:20:11 | call to puts | type_tracker.rb:23:1:23:16 | call to positional |
| type_tracker.rb:20:5:20:11 | synthetic splat argument | type_tracker.rb:20:5:20:11 | synthetic splat argument |
| type_tracker.rb:23:1:23:16 | call to positional | type_tracker.rb:23:1:23:16 | call to positional |
| type_tracker.rb:23:1:23:16 | synthetic splat argument | type_tracker.rb:18:1:21:3 | synthetic splat parameter |
| type_tracker.rb:23:1:23:16 | synthetic splat argument | type_tracker.rb:23:1:23:16 | synthetic splat argument |
| type_tracker.rb:23:12:23:12 | 1 | type_tracker.rb:18:16:18:17 | p1 |
| type_tracker.rb:23:12:23:12 | 1 | type_tracker.rb:18:16:18:17 | p1 |
@@ -491,7 +475,6 @@ trackEnd
| type_tracker.rb:27:5:27:11 | call to puts | type_tracker.rb:32:1:32:27 | call to keyword |
| type_tracker.rb:27:5:27:11 | synthetic splat argument | type_tracker.rb:27:5:27:11 | synthetic splat argument |
| type_tracker.rb:30:1:30:21 | call to keyword | type_tracker.rb:30:1:30:21 | call to keyword |
| type_tracker.rb:30:1:30:21 | synthetic hash-splat argument | type_tracker.rb:25:1:28:3 | synthetic hash-splat parameter |
| type_tracker.rb:30:1:30:21 | synthetic hash-splat argument | type_tracker.rb:30:1:30:21 | synthetic hash-splat argument |
| type_tracker.rb:30:9:30:10 | :p1 | type_tracker.rb:30:9:30:10 | :p1 |
| type_tracker.rb:30:9:30:13 | Pair | type_tracker.rb:30:9:30:13 | Pair |
@@ -506,7 +489,6 @@ trackEnd
| type_tracker.rb:30:20:30:20 | 4 | type_tracker.rb:27:10:27:11 | p2 |
| type_tracker.rb:30:20:30:20 | 4 | type_tracker.rb:30:20:30:20 | 4 |
| type_tracker.rb:31:1:31:21 | call to keyword | type_tracker.rb:31:1:31:21 | call to keyword |
| type_tracker.rb:31:1:31:21 | synthetic hash-splat argument | type_tracker.rb:25:1:28:3 | synthetic hash-splat parameter |
| type_tracker.rb:31:1:31:21 | synthetic hash-splat argument | type_tracker.rb:31:1:31:21 | synthetic hash-splat argument |
| type_tracker.rb:31:9:31:10 | :p2 | type_tracker.rb:31:9:31:10 | :p2 |
| type_tracker.rb:31:9:31:13 | Pair | type_tracker.rb:31:9:31:13 | Pair |
@@ -521,7 +503,6 @@ trackEnd
| type_tracker.rb:31:20:31:20 | 6 | type_tracker.rb:26:10:26:11 | p1 |
| type_tracker.rb:31:20:31:20 | 6 | type_tracker.rb:31:20:31:20 | 6 |
| type_tracker.rb:32:1:32:27 | call to keyword | type_tracker.rb:32:1:32:27 | call to keyword |
| type_tracker.rb:32:1:32:27 | synthetic hash-splat argument | type_tracker.rb:25:1:28:3 | synthetic hash-splat parameter |
| type_tracker.rb:32:1:32:27 | synthetic hash-splat argument | type_tracker.rb:32:1:32:27 | synthetic hash-splat argument |
| type_tracker.rb:32:9:32:11 | :p2 | type_tracker.rb:32:9:32:11 | :p2 |
| type_tracker.rb:32:9:32:16 | Pair | type_tracker.rb:32:9:32:16 | Pair |

18
ruby/ql/test/library-tests/frameworks/action_controller/params-flow.expected
View File

@@ -67,21 +67,21 @@ edges
| params_flow.rb:107:10:107:33 | call to values_at [element 0] | params_flow.rb:107:10:107:33 | call to values_at | provenance | |
| params_flow.rb:107:10:107:33 | call to values_at [element 1] | params_flow.rb:107:10:107:33 | call to values_at | provenance | |
| params_flow.rb:111:10:111:15 | call to params | params_flow.rb:111:10:111:29 | call to merge | provenance | |
| params_flow.rb:112:10:112:29 | call to merge [splat position 0] | params_flow.rb:112:10:112:29 | call to merge | provenance | |
| params_flow.rb:112:10:112:29 | call to merge [element 0] | params_flow.rb:112:10:112:29 | call to merge | provenance | |
| params_flow.rb:112:23:112:28 | call to params | params_flow.rb:112:10:112:29 | call to merge | provenance | |
| params_flow.rb:112:23:112:28 | call to params | params_flow.rb:112:10:112:29 | call to merge [splat position 0] | provenance | |
| params_flow.rb:112:23:112:28 | call to params | params_flow.rb:112:10:112:29 | call to merge [element 0] | provenance | |
| params_flow.rb:116:10:116:15 | call to params | params_flow.rb:116:10:116:37 | call to reverse_merge | provenance | |
| params_flow.rb:117:31:117:36 | call to params | params_flow.rb:117:10:117:37 | call to reverse_merge | provenance | |
| params_flow.rb:121:10:121:15 | call to params | params_flow.rb:121:10:121:43 | call to with_defaults | provenance | |
| params_flow.rb:122:31:122:36 | call to params | params_flow.rb:122:10:122:37 | call to with_defaults | provenance | |
| params_flow.rb:126:10:126:15 | call to params | params_flow.rb:126:10:126:30 | call to merge! | provenance | |
| params_flow.rb:127:10:127:30 | call to merge! [splat position 0] | params_flow.rb:127:10:127:30 | call to merge! | provenance | |
| params_flow.rb:127:10:127:30 | call to merge! [element 0] | params_flow.rb:127:10:127:30 | call to merge! | provenance | |
| params_flow.rb:127:24:127:29 | call to params | params_flow.rb:127:10:127:30 | call to merge! | provenance | |
| params_flow.rb:127:24:127:29 | call to params | params_flow.rb:127:10:127:30 | call to merge! [splat position 0] | provenance | |
| params_flow.rb:127:24:127:29 | call to params | params_flow.rb:127:10:127:30 | call to merge! [element 0] | provenance | |
| params_flow.rb:130:5:130:5 | [post] p | params_flow.rb:131:10:131:10 | p | provenance | |
| params_flow.rb:130:5:130:5 | [post] p [splat position 0] | params_flow.rb:131:10:131:10 | p | provenance | |
| params_flow.rb:130:5:130:5 | [post] p [element 0] | params_flow.rb:131:10:131:10 | p | provenance | |
| params_flow.rb:130:14:130:19 | call to params | params_flow.rb:130:5:130:5 | [post] p | provenance | |
| params_flow.rb:130:14:130:19 | call to params | params_flow.rb:130:5:130:5 | [post] p [splat position 0] | provenance | |
| params_flow.rb:130:14:130:19 | call to params | params_flow.rb:130:5:130:5 | [post] p [element 0] | provenance | |
| params_flow.rb:135:10:135:15 | call to params | params_flow.rb:135:10:135:38 | call to reverse_merge! | provenance | |
| params_flow.rb:136:32:136:37 | call to params | params_flow.rb:136:10:136:38 | call to reverse_merge! | provenance | |
| params_flow.rb:139:5:139:5 | [post] p | params_flow.rb:140:10:140:10 | p | provenance | |
@@ -213,7 +213,7 @@ nodes
| params_flow.rb:111:10:111:15 | call to params | semmle.label | call to params |
| params_flow.rb:111:10:111:29 | call to merge | semmle.label | call to merge |
| params_flow.rb:112:10:112:29 | call to merge | semmle.label | call to merge |
| params_flow.rb:112:10:112:29 | call to merge [splat position 0] | semmle.label | call to merge [splat position 0] |
| params_flow.rb:112:10:112:29 | call to merge [element 0] | semmle.label | call to merge [element 0] |
| params_flow.rb:112:23:112:28 | call to params | semmle.label | call to params |
| params_flow.rb:116:10:116:15 | call to params | semmle.label | call to params |
| params_flow.rb:116:10:116:37 | call to reverse_merge | semmle.label | call to reverse_merge |
@@ -226,10 +226,10 @@ nodes
| params_flow.rb:126:10:126:15 | call to params | semmle.label | call to params |
| params_flow.rb:126:10:126:30 | call to merge! | semmle.label | call to merge! |
| params_flow.rb:127:10:127:30 | call to merge! | semmle.label | call to merge! |
| params_flow.rb:127:10:127:30 | call to merge! [splat position 0] | semmle.label | call to merge! [splat position 0] |
| params_flow.rb:127:10:127:30 | call to merge! [element 0] | semmle.label | call to merge! [element 0] |
| params_flow.rb:127:24:127:29 | call to params | semmle.label | call to params |
| params_flow.rb:130:5:130:5 | [post] p | semmle.label | [post] p |
| params_flow.rb:130:5:130:5 | [post] p [splat position 0] | semmle.label | [post] p [splat position 0] |
| params_flow.rb:130:5:130:5 | [post] p [element 0] | semmle.label | [post] p [element 0] |
| params_flow.rb:130:14:130:19 | call to params | semmle.label | call to params |
| params_flow.rb:131:10:131:10 | p | semmle.label | p |
| params_flow.rb:135:10:135:15 | call to params | semmle.label | call to params |

3
ruby/ql/test/query-tests/security/cwe-094/CodeInjection/CodeInjection.expected
View File

@@ -17,7 +17,6 @@ edges
| CodeInjection.rb:38:24:38:27 | code | CodeInjection.rb:38:10:38:28 | call to escape | provenance | MaD:21 |
| CodeInjection.rb:38:24:38:27 | code | CodeInjection.rb:38:10:38:28 | call to escape | provenance | MaD:21 |
| CodeInjection.rb:78:5:78:8 | code | CodeInjection.rb:80:16:80:19 | code | provenance | |
| CodeInjection.rb:78:5:78:8 | code | CodeInjection.rb:86:10:86:25 | ... + ... | provenance | |
| CodeInjection.rb:78:5:78:8 | code | CodeInjection.rb:86:10:86:37 | ... + ... | provenance | |
| CodeInjection.rb:78:5:78:8 | code | CodeInjection.rb:86:22:86:25 | code | provenance | |
| CodeInjection.rb:78:5:78:8 | code | CodeInjection.rb:88:10:88:32 | "prefix_#{...}_suffix" | provenance | AdditionalTaintStep |
@@ -27,7 +26,6 @@ edges
| CodeInjection.rb:78:12:78:17 | call to params | CodeInjection.rb:78:12:78:24 | ...[...] | provenance | |
| CodeInjection.rb:78:12:78:24 | ...[...] | CodeInjection.rb:78:5:78:8 | code | provenance | |
| CodeInjection.rb:78:12:78:24 | ...[...] | CodeInjection.rb:78:5:78:8 | code | provenance | |
| CodeInjection.rb:86:10:86:25 | ... + ... | CodeInjection.rb:86:10:86:37 | ... + ... | provenance | |
| CodeInjection.rb:86:10:86:25 | ... + ... [element] | CodeInjection.rb:86:10:86:37 | ... + ... [element] | provenance | |
| CodeInjection.rb:86:10:86:37 | ... + ... [element] | CodeInjection.rb:86:10:86:37 | ... + ... | provenance | |
| CodeInjection.rb:86:22:86:25 | code | CodeInjection.rb:86:10:86:25 | ... + ... [element] | provenance | |
@@ -74,7 +72,6 @@ nodes
| CodeInjection.rb:78:12:78:24 | ...[...] | semmle.label | ...[...] |
| CodeInjection.rb:78:12:78:24 | ...[...] | semmle.label | ...[...] |
| CodeInjection.rb:80:16:80:19 | code | semmle.label | code |
| CodeInjection.rb:86:10:86:25 | ... + ... | semmle.label | ... + ... |
| CodeInjection.rb:86:10:86:25 | ... + ... [element] | semmle.label | ... + ... [element] |
| CodeInjection.rb:86:10:86:37 | ... + ... | semmle.label | ... + ... |
| CodeInjection.rb:86:10:86:37 | ... + ... [element] | semmle.label | ... + ... [element] |

4
ruby/scripts/create-extractor-pack.sh
View File

@@ -8,10 +8,12 @@ else
echo "Unknown OS"
exit 1
fi
cd "$(dirname "$0")/.."
(cd extractor && cargo build --release)
BIN_DIR=extractor/target/release
# we are in a cargo workspace rooted at the git checkout
BIN_DIR=../target/release
"$BIN_DIR/codeql-extractor-ruby" generate --dbscheme ql/lib/ruby.dbscheme --library ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
codeql query format -i ql/lib/codeql/ruby/ast/internal/TreeSitter.qll