Ruby: Update string const barrier guard

This change recognises guards like `FOO.include?`, where `FOO` is an array constant.
2026-05-05 05:35:13 +02:00 · 2022-01-20 17:08:05 +13:00
parent 13a0ece25c
commit 6bae03a7cc
2 changed files with 3 additions and 1 deletions
--- a/ruby/ql/lib/codeql/ruby/dataflow/BarrierGuards.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/BarrierGuards.qll
@@ -64,7 +64,8 @@ class StringConstArrayInclusionCall extends DataFlow::BarrierGuard,
  StringConstArrayInclusionCall() {
    exists(ArrayLiteral aLit |
      this.getExpr().getMethodName() = "include?" and
-      this.getExpr().getReceiver() = aLit
+      [this.getExpr().getReceiver(), this.getExpr().getReceiver().(ConstantReadAccess).getValue()] =
+        aLit
    |
      forall(Expr elem | elem = aLit.getAnElement() | elem instanceof StringLiteral) and
      this.getArgument(0) = checkedNode