Ruby: fix another SystemCommandExecution::isShellInterpreted implementation

2026-04-28 02:05:14 +02:00 · 2022-07-11 16:34:38 +01:00
parent 348ad95fc0
commit 6632dfaf88
2 changed files with 7 additions and 5 deletions
--- a/ruby/ql/lib/codeql/ruby/frameworks/PosixSpawn.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/PosixSpawn.qll
@@ -62,9 +62,9 @@ module PosixSpawn {
    // is shell interpreted unless there is another argument with a string
    // constant value.
    override predicate isShellInterpreted(DataFlow::Node arg) {
+      this.argument(arg) and
      not exists(DataFlow::Node otherArg |
        otherArg != arg and
-        this.argument(arg) and
        this.argument(otherArg) and
        otherArg.asExpr().getConstantValue().isString(_)
      )
--- a/ruby/ql/test/library-tests/frameworks/PosixSpawn.ql
+++ b/ruby/ql/test/library-tests/frameworks/PosixSpawn.ql
@@ -5,11 +5,13 @@ import codeql.ruby.DataFlow
 query predicate systemCalls(
  PosixSpawn::SystemCall call, DataFlow::Node arg, boolean shellInterpreted
 ) {
-  arg = call.getAnArgument() and
-  if call.isShellInterpreted(arg) then shellInterpreted = true else shellInterpreted = false
+  call.isShellInterpreted(arg) and shellInterpreted = true
+  or
+  not call.isShellInterpreted(arg) and arg = call.getAnArgument() and shellInterpreted = false
 }

 query predicate childCalls(PosixSpawn::ChildCall call, DataFlow::Node arg, boolean shellInterpreted) {
-  arg = call.getAnArgument() and
-  if call.isShellInterpreted(arg) then shellInterpreted = true else shellInterpreted = false
+  call.isShellInterpreted(arg) and shellInterpreted = true
+  or
+  not call.isShellInterpreted(arg) and arg = call.getAnArgument() and shellInterpreted = false
 }