hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: Reduce FPs for rb/incomplete-hostname-regexp

Browse Source 
Arguments in calls to `match[?]` should only be considered regular
expression interpretations if the `match` refers to the standard library
method, not a method in source code.
This commit is contained in:
Harry Maclean
2024-04-29 11:17:24 +01:00
parent 8ccedd658a
commit 51bc8e917e
3 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ruby/ql/lib/codeql/ruby/Regexp.qll
View File

@@ -122,7 +122,9 @@ class StdLibRegExpInterpretation extends RegExpInterpretation::Range {
mce.getMethodName() = ["match", "match?"] and
this = mce.getArgument(0) and
// exclude https://ruby-doc.org/core-2.4.0/Regexp.html#method-i-match
not mce.getReceiver() = RegExpTracking::trackRegexpType()
not mce.getReceiver() = RegExpTracking::trackRegexpType() and
// exclude non-stdlib methods
not exists(mce.getATarget())
)
}
}