From 5703f63afaa13e13b536c4ad82f8ef687a9b1b8b Mon Sep 17 00:00:00 2001 From: Asger Feldthaus Date: Fri, 25 Mar 2022 11:17:28 +0100 Subject: [PATCH] Ruby: use InlineFlowTest in Summaries.ql test --- .../dataflow/summaries/Summaries.expected | 132 +++--------------- .../dataflow/summaries/Summaries.ql | 25 ++-- .../dataflow/summaries/summaries.rb | 10 +- 3 files changed, 37 insertions(+), 130 deletions(-) diff --git a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected index b5040c60a3b..35d5e3540e7 100644 --- a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected +++ b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected @@ -1,115 +1,27 @@ -edges -| summaries.rb:1:11:1:26 | call to identity : | summaries.rb:2:6:2:12 | tainted | -| summaries.rb:1:11:1:26 | call to identity : | summaries.rb:4:24:4:30 | tainted : | -| summaries.rb:1:11:1:26 | call to identity : | summaries.rb:16:36:16:42 | tainted : | -| summaries.rb:1:11:1:26 | call to identity : | summaries.rb:20:25:20:31 | tainted : | -| summaries.rb:1:11:1:26 | call to identity : | summaries.rb:26:31:26:37 | tainted : | -| summaries.rb:1:11:1:26 | call to identity : | summaries.rb:30:24:30:30 | tainted : | -| summaries.rb:1:11:1:26 | call to identity : | summaries.rb:31:27:31:33 | tainted : | -| summaries.rb:1:11:1:26 | call to identity : | summaries.rb:34:16:34:22 | tainted | -| summaries.rb:1:11:1:26 | call to identity : | summaries.rb:35:16:35:22 | tainted | -| summaries.rb:1:11:1:26 | call to identity : | summaries.rb:36:21:36:27 | tainted | -| summaries.rb:1:11:1:26 | call to identity : | summaries.rb:37:36:37:42 | tainted | -| summaries.rb:1:11:1:26 | call to identity : | summaries.rb:51:24:51:30 | tainted : | -| summaries.rb:1:11:1:26 | call to identity : | summaries.rb:54:23:54:29 | tainted : | -| summaries.rb:1:20:1:26 | "taint" : | summaries.rb:1:11:1:26 | call to identity : | -| summaries.rb:4:12:7:3 | call to apply_block : | summaries.rb:9:6:9:13 | tainted2 | -| summaries.rb:4:24:4:30 | tainted : | summaries.rb:4:12:7:3 | call to apply_block : | -| summaries.rb:4:24:4:30 | tainted : | summaries.rb:4:36:4:36 | x : | -| summaries.rb:4:36:4:36 | x : | summaries.rb:5:8:5:8 | x | -| summaries.rb:11:17:11:17 | x : | summaries.rb:12:8:12:8 | x | -| summaries.rb:16:12:16:43 | call to apply_lambda : | summaries.rb:18:6:18:13 | tainted3 | -| summaries.rb:16:36:16:42 | tainted : | summaries.rb:11:17:11:17 | x : | -| summaries.rb:16:36:16:42 | tainted : | summaries.rb:16:12:16:43 | call to apply_lambda : | -| summaries.rb:20:12:20:32 | call to firstArg : | summaries.rb:21:6:21:13 | tainted4 | -| summaries.rb:20:25:20:31 | tainted : | summaries.rb:20:12:20:32 | call to firstArg : | -| summaries.rb:26:12:26:38 | call to secondArg : | summaries.rb:27:6:27:13 | tainted5 | -| summaries.rb:26:31:26:37 | tainted : | summaries.rb:26:12:26:38 | call to secondArg : | -| summaries.rb:30:24:30:30 | tainted : | summaries.rb:30:6:30:42 | call to onlyWithBlock | -| summaries.rb:31:27:31:33 | tainted : | summaries.rb:31:6:31:34 | call to onlyWithoutBlock | -| summaries.rb:40:7:40:13 | "taint" : | summaries.rb:41:24:41:24 | t : | -| summaries.rb:40:7:40:13 | "taint" : | summaries.rb:42:24:42:24 | t : | -| summaries.rb:40:7:40:13 | "taint" : | summaries.rb:44:8:44:8 | t : | -| summaries.rb:41:24:41:24 | t : | summaries.rb:41:8:41:25 | call to matchedByName | -| summaries.rb:42:24:42:24 | t : | summaries.rb:42:8:42:25 | call to matchedByName | -| summaries.rb:44:8:44:8 | t : | summaries.rb:44:8:44:27 | call to matchedByNameRcv | -| summaries.rb:48:24:48:30 | "taint" : | summaries.rb:48:8:48:31 | call to preserveTaint | -| summaries.rb:51:24:51:30 | tainted : | summaries.rb:51:6:51:31 | call to namedArg | -| summaries.rb:54:23:54:29 | tainted : | summaries.rb:54:40:54:40 | x : | -| summaries.rb:54:40:54:40 | x : | summaries.rb:55:8:55:8 | x | -| summaries.rb:62:24:62:30 | "taint" : | summaries.rb:62:8:62:31 | call to preserveTaint | -| summaries.rb:65:26:65:32 | "taint" : | summaries.rb:65:8:65:33 | call to preserveTaint | -nodes -| summaries.rb:1:11:1:26 | call to identity : | semmle.label | call to identity : | -| summaries.rb:1:20:1:26 | "taint" : | semmle.label | "taint" : | -| summaries.rb:2:6:2:12 | tainted | semmle.label | tainted | -| summaries.rb:4:12:7:3 | call to apply_block : | semmle.label | call to apply_block : | -| summaries.rb:4:24:4:30 | tainted : | semmle.label | tainted : | -| summaries.rb:4:36:4:36 | x : | semmle.label | x : | -| summaries.rb:5:8:5:8 | x | semmle.label | x | -| summaries.rb:9:6:9:13 | tainted2 | semmle.label | tainted2 | -| summaries.rb:11:17:11:17 | x : | semmle.label | x : | -| summaries.rb:12:8:12:8 | x | semmle.label | x | -| summaries.rb:16:12:16:43 | call to apply_lambda : | semmle.label | call to apply_lambda : | -| summaries.rb:16:36:16:42 | tainted : | semmle.label | tainted : | -| summaries.rb:18:6:18:13 | tainted3 | semmle.label | tainted3 | -| summaries.rb:20:12:20:32 | call to firstArg : | semmle.label | call to firstArg : | -| summaries.rb:20:25:20:31 | tainted : | semmle.label | tainted : | -| summaries.rb:21:6:21:13 | tainted4 | semmle.label | tainted4 | -| summaries.rb:26:12:26:38 | call to secondArg : | semmle.label | call to secondArg : | -| summaries.rb:26:31:26:37 | tainted : | semmle.label | tainted : | -| summaries.rb:27:6:27:13 | tainted5 | semmle.label | tainted5 | -| summaries.rb:30:6:30:42 | call to onlyWithBlock | semmle.label | call to onlyWithBlock | -| summaries.rb:30:24:30:30 | tainted : | semmle.label | tainted : | -| summaries.rb:31:6:31:34 | call to onlyWithoutBlock | semmle.label | call to onlyWithoutBlock | -| summaries.rb:31:27:31:33 | tainted : | semmle.label | tainted : | -| summaries.rb:34:16:34:22 | tainted | semmle.label | tainted | -| summaries.rb:35:16:35:22 | tainted | semmle.label | tainted | -| summaries.rb:36:21:36:27 | tainted | semmle.label | tainted | -| summaries.rb:37:36:37:42 | tainted | semmle.label | tainted | -| summaries.rb:40:7:40:13 | "taint" : | semmle.label | "taint" : | -| summaries.rb:41:8:41:25 | call to matchedByName | semmle.label | call to matchedByName | -| summaries.rb:41:24:41:24 | t : | semmle.label | t : | -| summaries.rb:42:8:42:25 | call to matchedByName | semmle.label | call to matchedByName | -| summaries.rb:42:24:42:24 | t : | semmle.label | t : | -| summaries.rb:44:8:44:8 | t : | semmle.label | t : | -| summaries.rb:44:8:44:27 | call to matchedByNameRcv | semmle.label | call to matchedByNameRcv | -| summaries.rb:48:8:48:31 | call to preserveTaint | semmle.label | call to preserveTaint | -| summaries.rb:48:24:48:30 | "taint" : | semmle.label | "taint" : | -| summaries.rb:51:6:51:31 | call to namedArg | semmle.label | call to namedArg | -| summaries.rb:51:24:51:30 | tainted : | semmle.label | tainted : | -| summaries.rb:54:23:54:29 | tainted : | semmle.label | tainted : | -| summaries.rb:54:40:54:40 | x : | semmle.label | x : | -| summaries.rb:55:8:55:8 | x | semmle.label | x | -| summaries.rb:62:8:62:31 | call to preserveTaint | semmle.label | call to preserveTaint | -| summaries.rb:62:24:62:30 | "taint" : | semmle.label | "taint" : | -| summaries.rb:65:8:65:33 | call to preserveTaint | semmle.label | call to preserveTaint | -| summaries.rb:65:26:65:32 | "taint" : | semmle.label | "taint" : | -subpaths +failures +| summaries.rb:2:6:2:12 | tainted | Unexpected result: hasValueFlow=tainted | +| summaries.rb:5:8:5:8 | x | Unexpected result: hasValueFlow=tainted | +| summaries.rb:9:6:9:13 | tainted2 | Unexpected result: hasValueFlow=tainted | +| summaries.rb:12:8:12:8 | x | Unexpected result: hasValueFlow=tainted | +| summaries.rb:18:6:18:13 | tainted3 | Unexpected result: hasValueFlow=tainted | +| summaries.rb:21:6:21:13 | tainted4 | Unexpected result: hasTaintFlow=tainted | +| summaries.rb:27:6:27:13 | tainted5 | Unexpected result: hasTaintFlow=tainted | +| summaries.rb:30:6:30:42 | call to onlyWithBlock | Unexpected result: hasTaintFlow=tainted | +| summaries.rb:31:6:31:34 | call to onlyWithoutBlock | Unexpected result: hasTaintFlow=tainted | +| summaries.rb:34:16:34:22 | tainted | Unexpected result: hasValueFlow=tainted | +| summaries.rb:35:16:35:22 | tainted | Unexpected result: hasValueFlow=tainted | +| summaries.rb:36:21:36:27 | tainted | Unexpected result: hasValueFlow=tainted | +| summaries.rb:37:36:37:42 | tainted | Unexpected result: hasValueFlow=tainted | +| summaries.rb:41:8:41:25 | call to matchedByName | Unexpected result: hasTaintFlow=t | +| summaries.rb:42:8:42:25 | call to matchedByName | Unexpected result: hasTaintFlow=t | +| summaries.rb:44:8:44:27 | call to matchedByNameRcv | Unexpected result: hasTaintFlow=t | +| summaries.rb:48:8:48:42 | call to preserveTaint | Unexpected result: hasTaintFlow=blockArg | +| summaries.rb:51:6:51:31 | call to namedArg | Unexpected result: hasTaintFlow=tainted | +| summaries.rb:55:8:55:8 | x | Unexpected result: hasTaintFlow=tainted | +| summaries.rb:62:8:62:54 | call to preserveTaint | Unexpected result: hasTaintFlow=startInNamedCallback | +| summaries.rb:65:8:65:57 | call to preserveTaint | Unexpected result: hasTaintFlow=startInNamedParameter | invalidSpecComponent invalidOutputSpecComponent -#select -| summaries.rb:2:6:2:12 | tainted | summaries.rb:1:20:1:26 | "taint" : | summaries.rb:2:6:2:12 | tainted | $@ | summaries.rb:1:20:1:26 | "taint" : | "taint" : | -| summaries.rb:5:8:5:8 | x | summaries.rb:1:20:1:26 | "taint" : | summaries.rb:5:8:5:8 | x | $@ | summaries.rb:1:20:1:26 | "taint" : | "taint" : | -| summaries.rb:9:6:9:13 | tainted2 | summaries.rb:1:20:1:26 | "taint" : | summaries.rb:9:6:9:13 | tainted2 | $@ | summaries.rb:1:20:1:26 | "taint" : | "taint" : | -| summaries.rb:12:8:12:8 | x | summaries.rb:1:20:1:26 | "taint" : | summaries.rb:12:8:12:8 | x | $@ | summaries.rb:1:20:1:26 | "taint" : | "taint" : | -| summaries.rb:18:6:18:13 | tainted3 | summaries.rb:1:20:1:26 | "taint" : | summaries.rb:18:6:18:13 | tainted3 | $@ | summaries.rb:1:20:1:26 | "taint" : | "taint" : | -| summaries.rb:21:6:21:13 | tainted4 | summaries.rb:1:20:1:26 | "taint" : | summaries.rb:21:6:21:13 | tainted4 | $@ | summaries.rb:1:20:1:26 | "taint" : | "taint" : | -| summaries.rb:27:6:27:13 | tainted5 | summaries.rb:1:20:1:26 | "taint" : | summaries.rb:27:6:27:13 | tainted5 | $@ | summaries.rb:1:20:1:26 | "taint" : | "taint" : | -| summaries.rb:30:6:30:42 | call to onlyWithBlock | summaries.rb:1:20:1:26 | "taint" : | summaries.rb:30:6:30:42 | call to onlyWithBlock | $@ | summaries.rb:1:20:1:26 | "taint" : | "taint" : | -| summaries.rb:31:6:31:34 | call to onlyWithoutBlock | summaries.rb:1:20:1:26 | "taint" : | summaries.rb:31:6:31:34 | call to onlyWithoutBlock | $@ | summaries.rb:1:20:1:26 | "taint" : | "taint" : | -| summaries.rb:34:16:34:22 | tainted | summaries.rb:1:20:1:26 | "taint" : | summaries.rb:34:16:34:22 | tainted | $@ | summaries.rb:1:20:1:26 | "taint" : | "taint" : | -| summaries.rb:35:16:35:22 | tainted | summaries.rb:1:20:1:26 | "taint" : | summaries.rb:35:16:35:22 | tainted | $@ | summaries.rb:1:20:1:26 | "taint" : | "taint" : | -| summaries.rb:36:21:36:27 | tainted | summaries.rb:1:20:1:26 | "taint" : | summaries.rb:36:21:36:27 | tainted | $@ | summaries.rb:1:20:1:26 | "taint" : | "taint" : | -| summaries.rb:37:36:37:42 | tainted | summaries.rb:1:20:1:26 | "taint" : | summaries.rb:37:36:37:42 | tainted | $@ | summaries.rb:1:20:1:26 | "taint" : | "taint" : | -| summaries.rb:41:8:41:25 | call to matchedByName | summaries.rb:40:7:40:13 | "taint" : | summaries.rb:41:8:41:25 | call to matchedByName | $@ | summaries.rb:40:7:40:13 | "taint" : | "taint" : | -| summaries.rb:42:8:42:25 | call to matchedByName | summaries.rb:40:7:40:13 | "taint" : | summaries.rb:42:8:42:25 | call to matchedByName | $@ | summaries.rb:40:7:40:13 | "taint" : | "taint" : | -| summaries.rb:44:8:44:27 | call to matchedByNameRcv | summaries.rb:40:7:40:13 | "taint" : | summaries.rb:44:8:44:27 | call to matchedByNameRcv | $@ | summaries.rb:40:7:40:13 | "taint" : | "taint" : | -| summaries.rb:48:8:48:31 | call to preserveTaint | summaries.rb:48:24:48:30 | "taint" : | summaries.rb:48:8:48:31 | call to preserveTaint | $@ | summaries.rb:48:24:48:30 | "taint" : | "taint" : | -| summaries.rb:51:6:51:31 | call to namedArg | summaries.rb:1:20:1:26 | "taint" : | summaries.rb:51:6:51:31 | call to namedArg | $@ | summaries.rb:1:20:1:26 | "taint" : | "taint" : | -| summaries.rb:55:8:55:8 | x | summaries.rb:1:20:1:26 | "taint" : | summaries.rb:55:8:55:8 | x | $@ | summaries.rb:1:20:1:26 | "taint" : | "taint" : | -| summaries.rb:62:8:62:31 | call to preserveTaint | summaries.rb:62:24:62:30 | "taint" : | summaries.rb:62:8:62:31 | call to preserveTaint | $@ | summaries.rb:62:24:62:30 | "taint" : | "taint" : | -| summaries.rb:65:8:65:33 | call to preserveTaint | summaries.rb:65:26:65:32 | "taint" : | summaries.rb:65:8:65:33 | call to preserveTaint | $@ | summaries.rb:65:26:65:32 | "taint" : | "taint" : | warning | CSV type row should have 5 columns but has 2: test;TooFewColumns | | CSV type row should have 5 columns but has 8: test;TooManyColumns;;;Member[Foo].Instance;too;many;columns | diff --git a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql index 703fd6786d0..717addb24ce 100644 --- a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql +++ b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql @@ -4,11 +4,11 @@ import ruby import codeql.ruby.dataflow.FlowSummary -import DataFlow::PathGraph import codeql.ruby.TaintTracking import codeql.ruby.dataflow.internal.FlowSummaryImpl import codeql.ruby.dataflow.internal.AccessPathSyntax import codeql.ruby.frameworks.data.ModelsAsData +import TestUtilities.InlineFlowTest query predicate invalidSpecComponent(SummarizedCallable sc, string s, string c) { (sc.propagatesFlowExt(s, _, _) or sc.propagatesFlowExt(_, s, _)) and @@ -117,23 +117,18 @@ private class SinkFromModel extends ModelInput::SinkModelCsv { override predicate row(string row) { row = "test;FooOrBar;Method[method].Argument[0];test-sink" } } -class Conf extends TaintTracking::Configuration { - Conf() { this = "FlowSummaries" } - - override predicate isSource(DataFlow::Node src) { - src.asExpr().getExpr().(StringLiteral).getConstantValue().isString("taint") - } - +class CustomValueSink extends DefaultValueFlowConf { override predicate isSink(DataFlow::Node sink) { - exists(MethodCall mc | - mc.getMethodName() = "sink" and - mc.getAnArgument() = sink.asExpr().getExpr() - ) + super.isSink(sink) or sink = ModelOutput::getASinkNode("test-sink").getARhs() } } -from DataFlow::PathNode source, DataFlow::PathNode sink, Conf conf -where conf.hasFlowPath(source, sink) -select sink, source, sink, "$@", source, source.toString() +class CustomTaintSink extends DefaultTaintFlowConf { + override predicate isSink(DataFlow::Node sink) { + super.isSink(sink) + or + sink = ModelOutput::getASinkNode("test-sink").getARhs() + } +} diff --git a/ruby/ql/test/library-tests/dataflow/summaries/summaries.rb b/ruby/ql/test/library-tests/dataflow/summaries/summaries.rb index 13fd08209a7..fb32ead6dac 100644 --- a/ruby/ql/test/library-tests/dataflow/summaries/summaries.rb +++ b/ruby/ql/test/library-tests/dataflow/summaries/summaries.rb @@ -1,4 +1,4 @@ -tainted = identity "taint" +tainted = identity source("tainted") sink tainted tainted2 = apply_block tainted do |x| @@ -37,7 +37,7 @@ Bar.new.next.method(tainted) Bar.new.next.next.next.next.method(tainted) def userDefinedFunction(x, y) - t = "taint" + t = source("t") sink(x.matchedByName(t)) sink(y.matchedByName(t)) sink(x.unmatchedName(t)) @@ -45,7 +45,7 @@ def userDefinedFunction(x, y) end Foo.blockArg do |x| - sink(x.preserveTaint("taint")) + sink(x.preserveTaint(source("blockArg"))) end sink(Foo.namedArg(foo: tainted)) @@ -59,8 +59,8 @@ Foo.intoNamedParameter(tainted, ->(foo:) { }) Foo.startInNamedCallback(foo: ->(x) { - sink(x.preserveTaint("taint")) + sink(x.preserveTaint(source("startInNamedCallback"))) }) Foo.startInNamedParameter(->(foo:) { - sink(foo.preserveTaint("taint")) + sink(foo.preserveTaint(source("startInNamedParameter"))) })