Ruby: Update new-style barrier-guard

2026-04-28 10:15:14 +02:00 · 2022-07-13 12:39:47 +12:00
parent 5f17d8370c
commit 4cfaa86d5d
1 changed files with 7 additions and 4 deletions
--- a/ruby/ql/lib/codeql/ruby/dataflow/BarrierGuards.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/BarrierGuards.qll
@@ -84,13 +84,16 @@ deprecated class StringConstCompare extends DataFlow::BarrierGuard,
 }

 private predicate stringConstArrayInclusionCall(CfgNodes::ExprCfgNode g, CfgNode e, boolean branch) {
-  exists(CfgNodes::ExprNodes::MethodCallCfgNode mc, ArrayLiteral aLit |
+  exists(CfgNodes::ExprNodes::MethodCallCfgNode mc |
    mc = g and
    mc.getExpr().getMethodName() = "include?" and
-    [mc.getExpr().getReceiver(), mc.getExpr().getReceiver().(ConstantReadAccess).getValue()] = aLit
-  |
-    forall(Expr elem | elem = aLit.getAnElement() | elem instanceof StringLiteral) and
    mc.getArgument(0) = e
+  |
+    exists(ExprNodes::ArrayLiteralCfgNode arr | isArrayConstant(mc.getReceiver(), arr) |
+      forall(ExprCfgNode elem | elem = arr.getAnArgument() |
+        elem instanceof ExprNodes::StringLiteralCfgNode
+      )
+    )
  ) and
  branch = true
 }