Merge branch 'github:main' into main

2026-05-03 04:39:29 +02:00 · 2023-02-23 10:50:15 +00:00
parent fe97d2a05d 748387a69f
commit 4ab6a7bdfd
395 changed files with 31400 additions and 2624 deletions
--- a/ruby/ql/test/query-tests/experimental/improper-memoization/improper_memoization.rb
+++ b/ruby/ql/test/query-tests/experimental/improper-memoization/improper_memoization.rb
@@ -47,54 +47,54 @@ def m6(arg1, arg2)
 end

 # Bad: method has parameter but only one result is memoized.
-def m7(arg) # $result=BAD
+def m7(arg)
  @m7 ||= begin
    arg += 3
  end
  @m7
-end
+end # $result=BAD

 # Bad: method has parameter but only one result is memoized.
-def m8(arg) # $result=BAD
+def m8(arg)
  @m8 ||= begin
    long_running_method(arg)
  end
  @m8
-end
+end # $result=BAD

 # Bad: method has parameter but only one result is memoized.
-def m9(arg) # $result=BAD
+def m9(arg)
  @m9 ||= long_running_method(arg)
-end
+end # $result=BAD

 # Bad: method has parameter but only one result is memoized.
-def m10(arg1, arg2) # $result=BAD
+def m10(arg1, arg2)
  @m10 ||= long_running_method(arg1, arg2)
-end
+end # $result=BAD

 # Bad: `arg2` not used in key.
-def m11(arg1, arg2) # $result=BAD
+def m11(arg1, arg2)
  @m11 ||= {}
  @m11[arg1] ||= long_running_method(arg1, arg2)
-end
+end # $result=BAD

 # Bad: `arg2` not used in key.
-def m12(arg1, arg2) # $result=BAD
+def m12(arg1, arg2)
  @m12 ||= Hash.new do |h1, arg1|
    h1[arg1] = result(arg1, arg2)
  end
  @m12[arg1]
-end
+end # $result=BAD

 # Bad: arg not used in key.
-def m13(id:) # $result=BAD
+def m13(id:)
  @m13 ||= Rails.cache.fetch("product_sku/#{id}", expires_in: 30.minutes) do
    ActiveRecord::Base.transaction do
      ProductSku.find_by(id: id)
    end
  end
  @m13
-end
+end # $result=BAD

 # Good (FP): arg is used in key via string interpolation.
 def m14(arg)
--- a/ruby/ql/test/query-tests/security/cwe-116/IncompleteMultiCharacterSanitization/incomplete_multi_character_sanitization.rb
+++ b/ruby/ql/test/query-tests/security/cwe-116/IncompleteMultiCharacterSanitization/incomplete_multi_character_sanitization.rb
@@ -80,9 +80,9 @@ def m9(x)
  x = x.gsub(/^(\.\.\/?)+/, "") # OK

  # NOT OK
-  x = x.gsub(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/) do |match| # $ hasResult=html
+  x = x.gsub(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/) do |match|
      if unknown then match else "" end
-  end
+  end # $ hasResult=html

  x = x.gsub(/<\/?([a-z][a-z0-9]*)\b[^>]*>/i, "") # NOT OK [INCONSISTENCY] $ hasResult=html

@@ -113,10 +113,10 @@ def m9(x)

  x = x.gsub(/<!\-\-DEVEL[\d\D]*?DEVEL\-\->/, "") # OK

-  x = x # $ hasResult=path
+  x = x
    .gsub(/^\.\//, "")
    .gsub(/\/\.\//, "/")
-    .gsub(/[^\/]*\/\.\.\//, "")
+    .gsub(/[^\/]*\/\.\.\//, "") # $ hasResult=path

  x
 end