hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into formatTaint

Browse Source
This commit is contained in:
erik-krogh
2022-11-02 13:39:30 +01:00
parent 33cca29a8e 45320d91d1
commit 6bc12e8f2b
985 changed files with 17667 additions and 4426 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ruby/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,14 @@
## 0.4.2
### Minor Analysis Improvements
* The hashing algorithms from `Digest` and `OpenSSL::Digest` are now recognized and can be flagged by the `rb/weak-cryptographic-algorithm` query.
* More sources of remote input arising from methods on `ActionDispatch::Request` are now recognized.
* The response value returned by the `Faraday#run_request` method is now also considered a source of remote input.
* `ActiveJob::Serializers.deserialize` is considered to be a code execution sink.
* Calls to `params` in `ActionMailer` classes are now treated as sources of remote user input.
* Taint flow through `ActionController::Parameters` is tracked more accurately.
## 0.4.1
### Minor Analysis Improvements

4
ruby/ql/lib/change-notes/2022-09-27-actioncontroller-parameters.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Taint flow through `ActionController::Parameters` is tracked more accurately.

4
ruby/ql/lib/change-notes/2022-10-07-actionmailer-params.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Calls to `params` in `ActionMailer` classes are now treated as sources of remote user input.

4
ruby/ql/lib/change-notes/2022-10-09-activejob-serializers-deserialize.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* `ActiveJob::Serializers.deserialize` is considered to be a code execution sink.

5
ruby/ql/lib/change-notes/2022-10-13-actiondispatch-request.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
---
* More sources of remote input arising from methods on `ActionDispatch::Request`
are now recognised.

4
ruby/ql/lib/change-notes/2022-10-13-faraday-run-request.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The response value returned by the `Faraday#run_request` method is now also considered a source of remote input.

4
ruby/ql/lib/change-notes/2022-10-14-digest-model.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The hashing algorithms from `Digest` and `OpenSSL::Digest` are now recognized and can be flagged by the `rb/weak-cryptographic-algorithm` query.

5
ruby/ql/lib/change-notes/2022-10-18-activesupport-flow.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
---
* Taint flow is now tracked through extension methods on `Hash`, `String` and
`Object` provided by `ActiveSupport`.

5
ruby/ql/lib/change-notes/2022-10-20-expand-faraday-model-for-ssrf-sink.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
---
- Instantiations using `Faraday::Connection.new` are now recognized as part of `FaradayHttpRequest`s, meaning they will be considered as sinks for queries such as `rb/request-forgery`.

4
ruby/ql/lib/change-notes/2022-10-21-local-taint-step.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* There was a bug in `TaintTracking::localTaint` and `TaintTracking::localTaintStep` such that they only tracked non-value-preserving flow steps. They have been fixed and now also include value-preserving steps.

10
ruby/ql/lib/change-notes/released/0.4.2.md Normal file
View File

@@ -0,0 +1,10 @@
## 0.4.2
### Minor Analysis Improvements
* The hashing algorithms from `Digest` and `OpenSSL::Digest` are now recognized and can be flagged by the `rb/weak-cryptographic-algorithm` query.
* More sources of remote input arising from methods on `ActionDispatch::Request` are now recognized.
* The response value returned by the `Faraday#run_request` method is now also considered a source of remote input.
* `ActiveJob::Serializers.deserialize` is considered to be a code execution sink.
* Calls to `params` in `ActionMailer` classes are now treated as sources of remote user input.
* Taint flow through `ActionController::Parameters` is tracked more accurately.

2
ruby/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.1
lastReleaseVersion: 0.4.2

6
ruby/ql/lib/codeql/ruby/Concepts.qll
View File

@@ -701,6 +701,9 @@ module SystemCommandExecution {
class CodeExecution extends DataFlow::Node instanceof CodeExecution::Range {
/** Gets the argument that specifies the code to be executed. */
DataFlow::Node getCode() { result = super.getCode() }
/** Holds if this execution runs arbitrary code, as opposed to some restricted subset. E.g. `Object.send` will only run any method on an object. */
predicate runsArbitraryCode() { super.runsArbitraryCode() }
}
/** Provides a class for modeling new dynamic code execution APIs. */
@@ -714,6 +717,9 @@ module CodeExecution {
abstract class Range extends DataFlow::Node {
/** Gets the argument that specifies the code to be executed. */
abstract DataFlow::Node getCode();
/** Holds if this execution runs arbitrary code, as opposed to some restricted subset. E.g. `Object.send` will only run any method on an object. */
predicate runsArbitraryCode() { any() }
}
}

18
ruby/ql/lib/codeql/ruby/ast/Constant.qll
View File

@@ -252,6 +252,20 @@ private class ConstantReadAccessSynth extends ConstantAccess, TConstantReadAcces
final override predicate hasGlobalScope() { value.matches("::%") }
}
private class ConstantWriteAccessSynth extends ConstantAccess, TConstantWriteAccessSynth {
private string value;
ConstantWriteAccessSynth() { this = TConstantWriteAccessSynth(_, _, value) }
final override string getName() {
if this.hasGlobalScope() then result = value.suffix(2) else result = value
}
final override Expr getScopeExpr() { synthChild(this, 0, result) }
final override predicate hasGlobalScope() { value.matches("::%") }
}
/**
* A use (read) of a constant.
*
@@ -323,7 +337,9 @@ class ConstantReadAccess extends ConstantAccess {
*/
class ConstantWriteAccess extends ConstantAccess {
ConstantWriteAccess() {
explicitAssignmentNode(toGenerated(this), _) or this instanceof TNamespace
explicitAssignmentNode(toGenerated(this), _) or
this instanceof TNamespace or
this instanceof TConstantWriteAccessSynth
}
override string getAPrimaryQlClass() { result = "ConstantWriteAccess" }

2
ruby/ql/lib/codeql/ruby/ast/Expr.qll
View File

@@ -61,7 +61,7 @@ class ArgumentList extends Expr, TArgumentList {
private class LhsExpr_ =
TVariableAccess or TTokenConstantAccess or TScopeResolutionConstantAccess or TMethodCall or
TDestructuredLhsExpr;
TDestructuredLhsExpr or TConstantWriteAccessSynth;
/**
* A "left-hand-side" (LHS) expression. An `LhsExpr` can occur on the left-hand side of

7
ruby/ql/lib/codeql/ruby/ast/Module.qll
View File

@@ -25,7 +25,12 @@ class Module extends TModule {
/** Holds if this module is a class. */
pragma[noinline]
predicate isClass() { this.getADeclaration() instanceof ClassDeclaration }
predicate isClass() {
this.getADeclaration() instanceof ClassDeclaration
or
// If another class extends this, but we can't see the class declaration, assume it's a class
getSuperClass(_) = this
}
/** Gets a textual representation of this module. */
string toString() {

21
ruby/ql/lib/codeql/ruby/ast/internal/AST.qll
View File

@@ -116,6 +116,9 @@ private module Cached {
TConstantReadAccessSynth(Ast::AstNode parent, int i, string value) {
mkSynthChild(ConstantReadAccessKind(value), parent, i)
} or
TConstantWriteAccessSynth(Ast::AstNode parent, int i, string value) {
mkSynthChild(ConstantWriteAccessKind(value), parent, i)
} or
TDefinedExpr(Ruby::Unary g) { g instanceof @ruby_unary_definedquestion } or
TDelimitedSymbolLiteral(Ruby::DelimitedSymbol g) or
TDestructuredLeftAssignment(Ruby::DestructuredLeftAssignment g) {
@@ -373,12 +376,13 @@ private module Cached {
class TAstNodeSynth =
TAddExprSynth or TAssignExprSynth or TBitwiseAndExprSynth or TBitwiseOrExprSynth or
TBitwiseXorExprSynth or TBraceBlockSynth or TClassVariableAccessSynth or
TConstantReadAccessSynth or TDivExprSynth or TExponentExprSynth or
TGlobalVariableAccessSynth or TIfSynth or TInstanceVariableAccessSynth or
TIntegerLiteralSynth or TLShiftExprSynth or TLocalVariableAccessSynth or
TLogicalAndExprSynth or TLogicalOrExprSynth or TMethodCallSynth or TModuloExprSynth or
TMulExprSynth or TNilLiteralSynth or TRShiftExprSynth or TRangeLiteralSynth or TSelfSynth or
TSimpleParameterSynth or TSplatExprSynth or TStmtSequenceSynth or TSubExprSynth;
TConstantReadAccessSynth or TConstantWriteAccessSynth or TDivExprSynth or
TExponentExprSynth or TGlobalVariableAccessSynth or TIfSynth or
TInstanceVariableAccessSynth or TIntegerLiteralSynth or TLShiftExprSynth or
TLocalVariableAccessSynth or TLogicalAndExprSynth or TLogicalOrExprSynth or
TMethodCallSynth or TModuloExprSynth or TMulExprSynth or TNilLiteralSynth or
TRShiftExprSynth or TRangeLiteralSynth or TSelfSynth or TSimpleParameterSynth or
TSplatExprSynth or TStmtSequenceSynth or TSubExprSynth;
/**
* Gets the underlying TreeSitter entity for a given AST node. This does not
@@ -565,6 +569,8 @@ private module Cached {
or
result = TConstantReadAccessSynth(parent, i, _)
or
result = TConstantWriteAccessSynth(parent, i, _)
or
result = TDivExprSynth(parent, i)
or
result = TExponentExprSynth(parent, i)
@@ -672,7 +678,8 @@ class TMethodCall =
class TSuperCall = TTokenSuperCall or TRegularSuperCall;
class TConstantAccess =
TTokenConstantAccess or TScopeResolutionConstantAccess or TNamespace or TConstantReadAccessSynth;
TTokenConstantAccess or TScopeResolutionConstantAccess or TNamespace or
TConstantReadAccessSynth or TConstantWriteAccessSynth;
class TControlExpr = TConditionalExpr or TCaseExpr or TCaseMatch or TLoop;

63
ruby/ql/lib/codeql/ruby/ast/internal/Module.qll
View File

@@ -1,11 +1,13 @@
private import codeql.ruby.AST
private import Scope as Scope
// Names of built-in modules and classes
private string builtin() {
result =
[
"Object", "Kernel", "BasicObject", "Class", "Module", "NilClass", "FalseClass", "TrueClass",
"Numeric", "Integer", "Float", "Rational", "Complex", "Array", "Hash", "Symbol", "Proc"
"Numeric", "Integer", "Float", "Rational", "Complex", "Array", "Hash", "String", "Symbol",
"Proc",
]
}
@@ -16,6 +18,8 @@ private module Cached {
TResolved(string qName) {
qName = builtin()
or
qName = getAnAssumedGlobalConst()
or
qName = namespaceDeclaration(_)
} or
TUnresolved(Namespace n) { not exists(namespaceDeclaration(n)) }
@@ -38,7 +42,10 @@ private module Cached {
Module getSuperClass(Module cls) {
cls = TResolved("Object") and result = TResolved("BasicObject")
or
cls = TResolved(["Module", "Numeric", "Array", "Hash", "FalseClass", "TrueClass", "NilClass"]) and
cls =
TResolved([
"Module", "Numeric", "Array", "Hash", "FalseClass", "TrueClass", "NilClass", "String"
]) and
result = TResolved("Object")
or
cls = TResolved(["Integer", "Float", "Rational", "Complex"]) and
@@ -58,6 +65,12 @@ private module Cached {
forex(ClassDeclaration d | d = cls.getADeclaration() |
not exists(resolveConstantReadAccess(d.getSuperclassExpr()))
)
or
// If a module is used as a base class of another class, but we don't see its class declaration
// treat it as a class extending Object, so its subclasses transitively extend Object.
result = TResolved("Object") and
not cls.getADeclaration() instanceof ClassDeclaration and
cls = resolveConstantReadAccess(any(ClassDeclaration d).getSuperclassExpr())
)
}
@@ -65,7 +78,7 @@ private module Cached {
(
m = resolveConstantReadAccess(c.getReceiver())
or
m = enclosingModule(c).getModule() and
m = enclosingModuleNoBlock(c).getModule() and
c.getReceiver() instanceof SelfVariableAccess
) and
result = resolveConstantReadAccess(c.getAnArgument())
@@ -388,11 +401,23 @@ private module ResolveImpl {
result = resolveConstantWriteAccessRec(c, _, _)
}
/**
* Gets the name of a constant `C` that we assume to be defined in the top-level because
* it is referenced in a way that can only resolve to a top-level constant.
*/
string getAnAssumedGlobalConst() {
exists(ConstantAccess access |
not exists(access.getScopeExpr()) and
result = access.getName() and
isToplevel(access)
)
}
pragma[nomagic]
private string isDefinedConstantNonRec(string container, string name) {
result = resolveConstantWriteAccessNonRec(_, container, name)
or
result = builtin() and
result = [builtin(), getAnAssumedGlobalConst()] and
name = result and
container = "Object"
}
@@ -447,7 +472,7 @@ private module ResolveImpl {
result = resolveConstantReadAccess(this.getReceiver(), _)
or
exists(ModuleBase encl |
encl = enclosingModule(this) and
encl = enclosingModuleNoBlock(this) and
result = [qualifiedModuleNameNonRec(encl, _, _), qualifiedModuleNameRec(encl, _, _)]
|
this.getReceiver() instanceof SelfVariableAccess
@@ -495,7 +520,20 @@ private module ResolveImpl {
private import ResolveImpl
/**
* A variant of AstNode::getEnclosingModule that excludes
* Gets an enclosing scope of `scope`, stopping at the first module or block.
*
* Includes `scope` itself and the final module/block.
*/
private Scope enclosingScopesNoBlock(Scope scope) {
result = scope
or
not scope instanceof ModuleBase and
not scope instanceof Block and
result = enclosingScopesNoBlock(scope.getOuterScope())
}
/**
* A variant of `AstNode::getEnclosingModule` that excludes
* results that are enclosed in a block. This is a bit wrong because
* it could lead to false negatives. However, `include` statements in
* blocks are very rare in normal code. The majority of cases are in calls
@@ -503,15 +541,10 @@ private import ResolveImpl
* methods evaluate the block in the context of some other module/class instead of
* the enclosing one.
*/
private ModuleBase enclosingModule(AstNode node) {
result = node.getParent()
or
exists(AstNode mid |
result = enclosingModule(mid) and
mid = node.getParent() and
not mid instanceof ModuleBase and
not mid instanceof Block
)
private ModuleBase enclosingModuleNoBlock(Stmt node) {
// Note: don't rely on AstNode.getParent() here.
// Instead use Scope.getOuterScope() to correctly handle the scoping of things like Namespace.getScopeExpr().
result = enclosingScopesNoBlock(Scope::scopeOfInclSynth(node))
}
private Module getAncestors(Module m) {

233
ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll
View File

@@ -42,7 +42,8 @@ newtype SynthKind =
StmtSequenceKind() or
SelfKind(SelfVariable v) or
SubExprKind() or
ConstantReadAccessKind(string value) { any(Synthesis s).constantReadAccess(value) }
ConstantReadAccessKind(string value) { any(Synthesis s).constantReadAccess(value) } or
ConstantWriteAccessKind(string value) { any(Synthesis s).constantWriteAccess(value) }
/**
* An AST child.
@@ -107,6 +108,11 @@ class Synthesis extends TSynthesis {
*/
predicate constantReadAccess(string name) { none() }
/**
* Holds if a constant write access of `name` is needed.
*/
predicate constantWriteAccess(string name) { none() }
/**
* Holds if `n` should be excluded from `ControlFlowTree` in the CFG construction.
*/
@@ -493,6 +499,231 @@ private module AssignOperationDesugar {
}
}
/**
* An assignment operation where the left-hand side is a constant
* without scope expression, such as`FOO` or `::Foo`.
*/
private class ConstantAssignOperation extends AssignOperation {
string name;
pragma[nomagic]
ConstantAssignOperation() {
name =
any(Ruby::Constant constant | TTokenConstantAccess(constant) = this.getLeftOperand())
.getValue()
or
name =
"::" +
any(Ruby::Constant constant |
TScopeResolutionConstantAccess(any(Ruby::ScopeResolution g | not exists(g.getScope())),
constant) = this.getLeftOperand()
).getValue()
}
final string getName() { result = name }
}
pragma[nomagic]
private predicate constantAssignOperationSynthesis(AstNode parent, int i, Child child) {
exists(ConstantAssignOperation cao |
parent = cao and
i = -1 and
child = SynthChild(AssignExprKind())
or
exists(AstNode assign | assign = TAssignExprSynth(cao, -1) |
parent = assign and
i = 0 and
child = childRef(cao.getLeftOperand())
or
parent = assign and
i = 1 and
child = SynthChild(getKind(cao))
or
parent = getSynthChild(assign, 1) and
(
i = 0 and
child = SynthChild(ConstantReadAccessKind(cao.getName()))
or
i = 1 and
child = childRef(cao.getRightOperand())
)
)
)
}
/**
* ```rb
* FOO += y
* ```
*
* desugars to
*
* ```rb
* FOO = FOO + y
* ```
*/
private class ConstantAssignOperationSynthesis extends Synthesis {
final override predicate child(AstNode parent, int i, Child child) {
constantAssignOperationSynthesis(parent, i, child)
}
final override predicate constantReadAccess(string name) {
name = any(ConstantAssignOperation o).getName()
}
final override predicate location(AstNode n, Location l) {
exists(ConstantAssignOperation cao, BinaryOperation bo |
bo = cao.getDesugared().(AssignExpr).getRightOperand()
|
n = bo and
l = getAssignOperationLocation(cao)
or
n = bo.getLeftOperand() and
hasLocation(cao.getLeftOperand(), l)
)
}
}
/**
* An assignment operation where the left-hand side is a constant
* with scope expression, such as `expr::FOO`.
*/
private class ScopeResolutionAssignOperation extends AssignOperation {
string name;
Expr scope;
pragma[nomagic]
ScopeResolutionAssignOperation() {
exists(Ruby::Constant constant, Ruby::ScopeResolution g |
TScopeResolutionConstantAccess(g, constant) = this.getLeftOperand() and
name = constant.getValue() and
toGenerated(scope) = g.getScope()
)
}
final string getName() { result = name }
final Expr getScopeExpr() { result = scope }
}
pragma[nomagic]
private predicate scopeResolutionAssignOperationSynthesis(AstNode parent, int i, Child child) {
exists(ScopeResolutionAssignOperation cao |
parent = cao and
i = -1 and
child = SynthChild(StmtSequenceKind())
or
exists(AstNode stmts | stmts = TStmtSequenceSynth(cao, -1) |
parent = stmts and
i = 0 and
child = SynthChild(AssignExprKind())
or
exists(AstNode assign | assign = TAssignExprSynth(stmts, 0) |
parent = assign and
i = 0 and
child = SynthChild(LocalVariableAccessSynthKind(TLocalVariableSynth(cao, 0)))
or
parent = assign and
i = 1 and
child = childRef(cao.getScopeExpr())
)
or
parent = stmts and
i = 1 and
child = SynthChild(AssignExprKind())
or
exists(AstNode assign | assign = TAssignExprSynth(stmts, 1) |
parent = assign and
i = 0 and
child = SynthChild(ConstantWriteAccessKind(cao.getName()))
or
exists(AstNode cwa | cwa = TConstantWriteAccessSynth(assign, 0, cao.getName()) |
parent = cwa and
i = 0 and
child = SynthChild(LocalVariableAccessSynthKind(TLocalVariableSynth(cao, 0)))
)
or
parent = assign and
i = 1 and
child = SynthChild(getKind(cao))
or
exists(AstNode op | op = getSynthChild(assign, 1) |
parent = op and
i = 0 and
child = SynthChild(ConstantReadAccessKind(cao.getName()))
or
exists(AstNode cra | cra = TConstantReadAccessSynth(op, 0, cao.getName()) |
parent = cra and
i = 0 and
child = SynthChild(LocalVariableAccessSynthKind(TLocalVariableSynth(cao, 0)))
)
or
parent = op and
i = 1 and
child = childRef(cao.getRightOperand())
)
)
)
)
}
/**
* ```rb
* expr::FOO += y
* ```
*
* desugars to
*
* ```rb
* __synth__0 = expr
* __synth__0::FOO = _synth__0::FOO + y
* ```
*/
private class ScopeResolutionAssignOperationSynthesis extends Synthesis {
final override predicate child(AstNode parent, int i, Child child) {
scopeResolutionAssignOperationSynthesis(parent, i, child)
}
final override predicate constantReadAccess(string name) {
name = any(ScopeResolutionAssignOperation o).getName()
}
final override predicate localVariable(AstNode n, int i) {
n instanceof ScopeResolutionAssignOperation and
i = 0
}
final override predicate constantWriteAccess(string name) { this.constantReadAccess(name) }
final override predicate location(AstNode n, Location l) {
exists(ScopeResolutionAssignOperation cao, StmtSequence stmts | stmts = cao.getDesugared() |
n = stmts.getStmt(0) and
hasLocation(cao.getScopeExpr(), l)
or
exists(AssignExpr assign | assign = stmts.getStmt(1) |
n = assign and hasLocation(cao, l)
or
n = assign.getLeftOperand() and
hasLocation(cao.getLeftOperand(), l)
or
n = assign.getLeftOperand().(ConstantAccess).getScopeExpr() and
hasLocation(cao.getScopeExpr(), l)
or
exists(BinaryOperation bo | bo = assign.getRightOperand() |
n = bo and
l = getAssignOperationLocation(cao)
or
n = bo.getLeftOperand() and
hasLocation(cao.getLeftOperand(), l)
or
n = bo.getLeftOperand().(ConstantAccess).getScopeExpr() and
hasLocation(cao.getScopeExpr(), l)
)
)
)
}
}
/** An assignment operation where the left-hand side is a method call. */
private class SetterAssignOperation extends AssignOperation {
private MethodCall mc;

9
ruby/ql/lib/codeql/ruby/controlflow/ControlFlowGraph.qll
View File

@@ -7,7 +7,14 @@ private import internal.ControlFlowGraphImpl
private import internal.Splitting
private import internal.Completion
/** An AST node with an associated control-flow graph. */
/**
* An AST node with an associated control-flow graph.
*
* Top-levels, methods, blocks, and lambdas are all CFG scopes.
*
* Note that module declarations are not themselves CFG scopes, as they are part of
* the CFG of the enclosing top-level or callable.
*/
class CfgScope extends Scope instanceof CfgScopeImpl {
/** Gets the CFG scope that this scope is nested under, if any. */
final CfgScope getOuterCfgScope() {

7
ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll
View File

@@ -890,7 +890,12 @@ module Trees {
private class ConstantAccessTree extends PostOrderTree, ConstantAccess {
ConstantAccessTree() {
not this instanceof ClassDeclaration and
not this instanceof ModuleDeclaration
not this instanceof ModuleDeclaration and
// constant accesses with scope expression in compound assignments are desugared
not (
this = any(AssignOperation op).getLeftOperand() and
exists(this.getScopeExpr())
)
}
final override predicate propagatesAbnormal(AstNode child) { child = this.getScopeExpr() }

207
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
View File

@@ -375,17 +375,10 @@ private module Cached {
private predicate selfInSingletonMethodFlowsToMethodCallReceiver(
RelevantCall call, Module m, string method
) {
exists(SsaSelfDefinitionNode self, Module target, MethodBase caller |
exists(SsaSelfDefinitionNode self, MethodBase caller |
flowsToMethodCallReceiver(call, self, method) and
target = m.getSuperClass*() and
selfInMethod(self.getVariable(), caller, target) and
singletonMethod(caller, _, _) and
// Singleton methods declared in a block in the top-level may spuriously end up being seen as singleton
// methods on Object, if the block is actually evaluated in the context of another class.
// The 'self' inside such a singleton method could then be any class, leading to self-calls
// being resolved to arbitrary singleton methods.
// To remedy this, we do not allow following super-classes all the way to Object.
not (m != target and target = TResolved("Object"))
selfInMethod(self.getVariable(), caller, m) and
singletonMethod(caller, _, _)
)
}
@@ -441,12 +434,13 @@ private module Cached {
// M.extend(M)
// M.instance # <- call
// ```
exists(Module m | result = lookupSingletonMethod(m, method) |
exists(Module m, boolean exact | result = lookupSingletonMethod(m, method, exact) |
// ```rb
// def C.singleton; end # <- result
// C.singleton # <- call
// ```
moduleFlowsToMethodCallReceiver(call, m, method)
moduleFlowsToMethodCallReceiver(call, m, method) and
exact = true
or
// ```rb
// class C
@@ -454,7 +448,8 @@ private module Cached {
// self.singleton # <- call
// end
// ```
selfInModuleFlowsToMethodCallReceiver(call, m, method)
selfInModuleFlowsToMethodCallReceiver(call, m, method) and
exact = true
or
// ```rb
// class C
@@ -464,7 +459,8 @@ private module Cached {
// end
// end
// ```
selfInSingletonMethodFlowsToMethodCallReceiver(call, m, method)
selfInSingletonMethodFlowsToMethodCallReceiver(call, m, method) and
exact = false
)
)
or
@@ -537,9 +533,14 @@ private DataFlow::LocalSourceNode trackModuleAccess(Module m, TypeTracker t) {
)
}
/**
* We exclude steps into `self` parameters, and instead rely on the type of the
* enclosing module.
*/
pragma[nomagic]
private DataFlow::LocalSourceNode trackModuleAccessRec(Module m, TypeTracker t, StepSummary summary) {
StepSummary::step(trackModuleAccess(m, t), result, summary)
StepSummary::step(trackModuleAccess(m, t), result, summary) and
not result instanceof SelfParameterNode
}
pragma[nomagic]
@@ -603,17 +604,22 @@ private predicate isInstance(DataFlow::Node n, Module tp, boolean exact) {
or
exists(RelevantCall call, DataFlow::LocalSourceNode sourceNode |
flowsToMethodCallReceiver(call, sourceNode, "new") and
exact = true and
n.asExpr() = call
|
// `C.new`
sourceNode = trackModuleAccess(tp)
sourceNode = trackModuleAccess(tp) and
exact = true
or
// `self.new` inside a module
selfInModule(sourceNode.(SsaSelfDefinitionNode).getVariable(), tp)
selfInModule(sourceNode.(SsaSelfDefinitionNode).getVariable(), tp) and
exact = true
or
// `self.new` inside a singleton method
selfInMethod(sourceNode.(SsaSelfDefinitionNode).getVariable(), any(SingletonMethod sm), tp)
exists(MethodBase caller |
selfInMethod(sourceNode.(SsaSelfDefinitionNode).getVariable(), caller, tp) and
singletonMethod(caller, _, _) and
exact = false
)
)
or
// `self` reference in method or top-level (but not in module or singleton method,
@@ -786,26 +792,54 @@ private predicate singletonMethodOnModule(MethodBase method, string name, Module
)
}
pragma[nomagic]
private MethodBase lookupSingletonMethodDirect(Module m, string name) {
singletonMethodOnModule(result, name, m)
or
exists(DataFlow::LocalSourceNode sourceNode |
sourceNode = trackModuleAccess(m) and
not m = resolveConstantReadAccess(sourceNode.asExpr().getExpr()) and
flowsToSingletonMethodObject(sourceNode, result, name)
)
}
/**
* Holds if `method` is a singleton method named `name`, defined on module
* `m`, or any transitive base class of `m`.
*/
pragma[nomagic]
private MethodBase lookupSingletonMethod(Module m, string name) {
singletonMethodOnModule(result, name, m)
or
// cannot be part of `singletonMethodOnModule` because it would introduce
// negative recursion below
exists(DataFlow::LocalSourceNode sourceNode |
sourceNode = trackModuleAccess(m) and
not m = resolveConstantReadAccess(sourceNode.asExpr().getExpr()) and
flowsToSingletonMethodObject(sourceNode, result, name)
)
result = lookupSingletonMethodDirect(m, name)
or
// cannot use `lookupSingletonMethodDirect` because it would introduce
// negative recursion
not singletonMethodOnModule(_, name, m) and
result = lookupSingletonMethod(m.getSuperClass(), name)
}
pragma[nomagic]
private MethodBase lookupSingletonMethodInSubClasses(Module m, string name) {
// Singleton methods declared in a block in the top-level may spuriously end up being seen as singleton
// methods on Object, if the block is actually evaluated in the context of another class.
// The 'self' inside such a singleton method could then be any class, leading to self-calls
// being resolved to arbitrary singleton methods.
// To remedy this, we do not allow following super-classes all the way to Object.
not m = TResolved("Object") and
exists(Module sub | sub.getSuperClass() = m |
result = lookupSingletonMethodDirect(sub, name) or
result = lookupSingletonMethodInSubClasses(sub, name)
)
}
pragma[nomagic]
private MethodBase lookupSingletonMethod(Module m, string name, boolean exact) {
result = lookupSingletonMethod(m, name) and
exact in [false, true]
or
result = lookupSingletonMethodInSubClasses(m, name) and
exact = false
}
/**
* Holds if `method` is a singleton method named `name`, defined on expression
* `object`, where `object` is not likely to resolve to a module:
@@ -957,14 +991,13 @@ private predicate isInstanceLocalMustFlow(DataFlow::Node n, Module tp, boolean e
* `name` is the name of the method being called by `call`.
*/
pragma[nomagic]
private predicate mayBenefitFromCallContext0(
private predicate argFlowsToReceiver(
RelevantCall ctx, ArgumentNode arg, RelevantCall call, Callable encl, string name
) {
exists(
ParameterNodeImpl p, SsaDefinitionNode ssaNode, ParameterPosition ppos, ArgumentPosition apos
|
// the receiver of `call` references `p`
ssaNode = trackInstance(_, _) and
LocalFlow::localFlowSsaParamInput(p, ssaNode) and
flowsToMethodCallReceiver(pragma[only_bind_into](call), pragma[only_bind_into](ssaNode),
pragma[only_bind_into](name)) and
@@ -982,24 +1015,66 @@ private predicate mayBenefitFromCallContext0(
/**
* Holds if `ctx` targets `encl`, which is the enclosing callable of `call`, and
* the receiver of `call` is a parameter access, where the corresponding argument
* of `ctx` has type `tp`.
* `arg` of `ctx` has type `tp`.
*
* `name` is the name of the method being called by `call`, and `exact` is pertaining
* to the type of the argument.
*/
pragma[nomagic]
private predicate mayBenefitFromCallContext1(
RelevantCall ctx, RelevantCall call, Callable encl, Module tp, boolean exact, string name
private predicate mayBenefitFromCallContextInstance(
RelevantCall ctx, RelevantCall call, ArgumentNode arg, Callable encl, Module tp, boolean exact,
string name
) {
exists(ArgumentNode arg |
mayBenefitFromCallContext0(ctx, pragma[only_bind_into](arg), call, encl,
pragma[only_bind_into](name)) and
// `arg` has a relevant instance type
isInstanceLocalMustFlow(arg, tp, exact) and
exists(lookupMethod(tp, pragma[only_bind_into](name)))
argFlowsToReceiver(ctx, pragma[only_bind_into](arg), call, encl, pragma[only_bind_into](name)) and
// `arg` has a relevant instance type
isInstanceLocalMustFlow(arg, tp, exact) and
exists(lookupMethod(tp, pragma[only_bind_into](name)))
}
/** Same as `resolveConstantReadAccess`, but includes local must-flow through SSA definitions. */
private predicate resolveConstantReadAccessMustFlow(DataFlow::Node n, Module tp) {
tp = resolveConstantReadAccess(n.asExpr().getExpr())
or
exists(DataFlow::Node mid | resolveConstantReadAccessMustFlow(mid, tp) |
n.asExpr() = mid.(SsaDefinitionNode).getDefinition().getARead()
or
n.(SsaDefinitionNode).getDefinition().(Ssa::WriteDefinition).assigns(mid.asExpr())
)
}
/**
* Holds if `ctx` targets `encl`, which is the enclosing callable of `call`, and
* the receiver of `call` is a parameter access, where the corresponding argument
* `arg` of `ctx` is a module access targeting a module of type `tp`.
*
* `name` is the name of the method being called by `call`, and `exact` is pertaining
* to the type of the argument.
*/
pragma[nomagic]
private predicate mayBenefitFromCallContextSingleton(
RelevantCall ctx, RelevantCall call, ArgumentNode arg, Callable encl, Module tp, boolean exact,
string name
) {
argFlowsToReceiver(ctx, pragma[only_bind_into](arg), call, encl, pragma[only_bind_into](name)) and
// `arg` has a relevant module type
(
resolveConstantReadAccessMustFlow(arg, tp) and
exact = true
or
exists(SelfVariable self | arg.asExpr().getExpr() = self.getAnAccess() |
selfInModule(self, tp) and
exact = true
or
exists(MethodBase caller |
selfInMethod(self, caller, tp) and
singletonMethod(caller, _, _) and
exact = false
)
)
) and
exists(lookupSingletonMethod(tp, pragma[only_bind_into](name), exact))
}
/**
* Holds if the set of viable implementations that can be called by `call`
* might be improved by knowing the call context. This is the case if the
@@ -1007,7 +1082,9 @@ private predicate mayBenefitFromCallContext1(
* the implicit `self` parameter).
*/
predicate mayBenefitFromCallContext(DataFlowCall call, DataFlowCallable c) {
mayBenefitFromCallContext1(_, call.asCall(), c.asCallable(), _, _, _)
mayBenefitFromCallContextInstance(_, call.asCall(), _, c.asCallable(), _, _, _)
or
mayBenefitFromCallContextSingleton(_, call.asCall(), _, c.asCallable(), _, _, _)
}
/**
@@ -1016,28 +1093,38 @@ predicate mayBenefitFromCallContext(DataFlowCall call, DataFlowCallable c) {
*/
pragma[nomagic]
DataFlowCallable viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) {
// `ctx` can provide a potentially better type bound
exists(RelevantCall call0, Callable res |
call0 = call.asCall() and
res = result.asCallable() and
res = getTarget(call0) and // make sure to not include e.g. private methods
exists(Module m, boolean exact, string name |
res = lookupMethod(m, name, exact) and
mayBenefitFromCallContext1(ctx.asCall(), pragma[only_bind_into](call0), _,
pragma[only_bind_into](m), exact, pragma[only_bind_into](name))
mayBenefitFromCallContext(call, _) and
(
// `ctx` can provide a potentially better type bound
exists(RelevantCall call0, Callable res |
call0 = call.asCall() and
res = result.asCallable() and
res = getTarget(call0) and // make sure to not include e.g. private methods
exists(Module m, boolean exact, string name |
mayBenefitFromCallContextInstance(ctx.asCall(), pragma[only_bind_into](call0), _, _,
pragma[only_bind_into](m), exact, pragma[only_bind_into](name)) and
res = lookupMethod(m, name, exact)
or
mayBenefitFromCallContextSingleton(ctx.asCall(), pragma[only_bind_into](call0), _, _,
pragma[only_bind_into](m), exact, pragma[only_bind_into](name)) and
res = lookupSingletonMethod(m, name, exact)
)
)
or
// `ctx` cannot provide a type bound
exists(RelevantCall call0, RelevantCall ctx0, ArgumentNode arg, string name |
call0 = call.asCall() and
ctx0 = ctx.asCall() and
argFlowsToReceiver(ctx0, arg, call0, _, name) and
not mayBenefitFromCallContextInstance(ctx0, call0, arg, _, _, _, name) and
not mayBenefitFromCallContextSingleton(ctx0, call0, arg, _, _, _, name) and
result = viableSourceCallable(call)
)
or
// library calls should always be able to resolve
argFlowsToReceiver(ctx.asCall(), _, call.asCall(), _, _) and
result = viableLibraryCallable(call)
)
or
// `ctx` cannot provide a type bound
exists(ArgumentNode arg |
mayBenefitFromCallContext0(ctx.asCall(), arg, call.asCall(), _, _) and
not isInstanceLocalMustFlow(arg, _, _) and
result = viableSourceCallable(call)
)
or
// library calls should always be able to resolve
mayBenefitFromCallContext0(ctx.asCall(), _, call.asCall(), _, _) and
result = viableLibraryCallable(call)
}
predicate exprNodeReturnedFrom = exprNodeReturnedFromCached/2;

67
ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImpl.qll
View File

@@ -179,6 +179,59 @@ private predicate hasVariableReadWithCapturedWrite(
variableReadActualInOuterScope(bb, v, scope)
}
pragma[noinline]
private predicate adjacentDefRead(
Definition def, SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2,
SsaInput::SourceVariable v
) {
adjacentDefRead(def, bb1, i1, bb2, i2) and
v = def.getSourceVariable()
}
private predicate adjacentDefReachesRead(
Definition def, SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2
) {
exists(SsaInput::SourceVariable v | adjacentDefRead(def, bb1, i1, bb2, i2, v) |
def.definesAt(v, bb1, i1)
or
SsaInput::variableRead(bb1, i1, v, true)
)
or
exists(SsaInput::BasicBlock bb3, int i3 |
adjacentDefReachesRead(def, bb1, i1, bb3, i3) and
SsaInput::variableRead(bb3, i3, _, false) and
adjacentDefRead(def, bb3, i3, bb2, i2)
)
}
/** Same as `adjacentDefRead`, but skips uncertain reads. */
pragma[nomagic]
private predicate adjacentDefSkipUncertainReads(
Definition def, SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2
) {
adjacentDefReachesRead(def, bb1, i1, bb2, i2) and
SsaInput::variableRead(bb2, i2, _, true)
}
private predicate adjacentDefReachesUncertainRead(
Definition def, SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2
) {
adjacentDefReachesRead(def, bb1, i1, bb2, i2) and
SsaInput::variableRead(bb2, i2, _, false)
}
/** Same as `lastRefRedef`, but skips uncertain reads. */
pragma[nomagic]
private predicate lastRefSkipUncertainReads(Definition def, SsaInput::BasicBlock bb, int i) {
lastRef(def, bb, i) and
not SsaInput::variableRead(bb, i, def.getSourceVariable(), false)
or
exists(SsaInput::BasicBlock bb0, int i0 |
lastRef(def, bb0, i0) and
adjacentDefReachesUncertainRead(def, bb, i, bb0, i0)
)
}
cached
private module Cached {
/**
@@ -341,7 +394,7 @@ private module Cached {
predicate firstRead(Definition def, VariableReadAccessCfgNode read) {
exists(Cfg::BasicBlock bb1, int i1, Cfg::BasicBlock bb2, int i2 |
def.definesAt(_, bb1, i1) and
adjacentDefNoUncertainReads(def, bb1, i1, bb2, i2) and
adjacentDefSkipUncertainReads(def, bb1, i1, bb2, i2) and
read = bb2.getNode(i2)
)
}
@@ -358,7 +411,7 @@ private module Cached {
exists(Cfg::BasicBlock bb1, int i1, Cfg::BasicBlock bb2, int i2 |
read1 = bb1.getNode(i1) and
variableReadActual(bb1, i1, _) and
adjacentDefNoUncertainReads(def, bb1, i1, bb2, i2) and
adjacentDefSkipUncertainReads(def, bb1, i1, bb2, i2) and
read2 = bb2.getNode(i2)
)
}
@@ -371,7 +424,7 @@ private module Cached {
cached
predicate lastRead(Definition def, VariableReadAccessCfgNode read) {
exists(Cfg::BasicBlock bb, int i |
lastRefNoUncertainReads(def, bb, i) and
lastRefSkipUncertainReads(def, bb, i) and
variableReadActual(bb, i, _) and
read = bb.getNode(i)
)
@@ -386,7 +439,13 @@ private module Cached {
*/
cached
predicate lastRefBeforeRedef(Definition def, Cfg::BasicBlock bb, int i, Definition next) {
lastRefRedefNoUncertainReads(def, bb, i, next)
lastRefRedef(def, bb, i, next) and
not SsaInput::variableRead(bb, i, def.getSourceVariable(), false)
or
exists(SsaInput::BasicBlock bb0, int i0 |
lastRefRedef(def, bb0, i0, next) and
adjacentDefReachesUncertainRead(def, bb, i, bb0, i0)
)
}
cached

4
ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll
View File

@@ -115,8 +115,8 @@ private module Cached {
*/
cached
predicate localTaintStepCached(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
defaultAdditionalTaintStep(nodeFrom, nodeTo)
or
DataFlow::localFlowStep(nodeFrom, nodeTo) or
defaultAdditionalTaintStep(nodeFrom, nodeTo) or
// Simple flow through library code is included in the exposed local
// step relation, even though flow is technically inter-procedural
FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(nodeFrom, nodeTo, _)

2
ruby/ql/lib/codeql/ruby/frameworks/ActiveJob.qll
View File

@@ -25,6 +25,8 @@ module ActiveJob {
}
override DataFlow::Node getCode() { result = this.getArgument(0) }
override predicate runsArbitraryCode() { none() }
}
}
}

2
ruby/ql/lib/codeql/ruby/frameworks/ActiveStorage.qll
View File

@@ -221,5 +221,7 @@ module ActiveStorage {
}
override DataFlow::Node getCode() { result = this.getArgument(0) }
override predicate runsArbitraryCode() { none() }
}
}

125
ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
View File

@@ -24,17 +24,22 @@ module ActiveSupport {
*/
module String {
/**
* A call to `String#constantize`, which tries to find a declared constant with the given name.
* Passing user input to this method may result in instantiation of arbitrary Ruby classes.
* A call to `String#constantize` or `String#safe_constantize`, which
* tries to find a declared constant with the given name.
* Passing user input to this method may result in instantiation of
* arbitrary Ruby classes.
*/
class Constantize extends CodeExecution::Range, DataFlow::CallNode {
// We treat this an `UnknownMethodCall` in order to match every call to `constantize` that isn't overridden.
// We can't (yet) rely on API Graphs or dataflow to tell us that the receiver is a String.
Constantize() {
this.asExpr().getExpr().(UnknownMethodCall).getMethodName() = "constantize"
this.asExpr().getExpr().(UnknownMethodCall).getMethodName() =
["constantize", "safe_constantize"]
}
override DataFlow::Node getCode() { result = this.getReceiver() }
override predicate runsArbitraryCode() { none() }
}
/**
@@ -47,9 +52,11 @@ module ActiveSupport {
override MethodCall getACall() {
result.getMethodName() =
[
"camelize", "camelcase", "classify", "dasherize", "deconstantize", "demodulize",
"foreign_key", "humanize", "indent", "parameterize", "pluralize", "singularize",
"squish", "strip_heredoc", "tableize", "titlecase", "titleize", "underscore",
"at", "camelize", "camelcase", "classify", "dasherize", "deconstantize", "demodulize",
"first", "foreign_key", "from", "html_safe", "humanize", "indent", "indent!",
"inquiry", "last", "mb_chars", "parameterize", "pluralize", "remove", "remove!",
"singularize", "squish", "squish!", "strip_heredoc", "tableize", "titlecase",
"titleize", "to", "truncate", "truncate_bytes", "truncate_words", "underscore",
"upcase_first"
]
}
@@ -60,6 +67,112 @@ module ActiveSupport {
}
}
/**
* Extensions to the `Object` class.
*/
module Object {
/** Flow summary for methods which can return the receiver. */
private class IdentitySummary extends SimpleSummarizedCallable {
IdentitySummary() { this = ["presence", "deep_dup"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Argument[self]" and
output = "ReturnValue" and
preservesValue = true
}
}
}
/**
* Extensions to the `Hash` class.
*/
module Hash {
private class WithIndifferentAccessSummary extends SimpleSummarizedCallable {
WithIndifferentAccessSummary() { this = "with_indifferent_access" }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Argument[self].Element[any]" and
output = "ReturnValue.Element[any]" and
preservesValue = true
}
}
private class TransformSummary extends SimpleSummarizedCallable {
TransformSummary() {
this =
[
"stringify_keys", "to_options", "symbolize_keys", "deep_stringify_keys",
"deep_symbolize_keys", "with_indifferent_access"
]
}
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Argument[self].Element[any]" and
output = "ReturnValue.Element[?]" and
preservesValue = true
}
}
private string getExtractComponent(MethodCall mc, int i) {
mc.getMethodName() = "extract!" and
result = DataFlow::Content::getKnownElementIndex(mc.getArgument(i)).serialize()
}
/**
* A flow summary for `Hash#extract!`. This method removes the key/value pairs
* matching the given keys from the receiver and returns them (as a Hash).
*
* Example:
*
* ```rb
* hash = { a: 1, b: 2, c: 3, d: 4 }
* hash.extract!(:a, :b) # => {:a=>1, :b=>2}
* hash # => {:c=>3, :d=>4}
* ```
*
* There is value flow from elements corresponding to keys in the
* arguments (`:a` and `:b` in the example) to elements in
* the return value.
* There is also value flow from any element corresponding to a key _not_
* mentioned in the arguments to an element in `self`, including elements
* at unknown keys.
*/
private class ExtractSummary extends SummarizedCallable {
MethodCall mc;
ExtractSummary() {
mc.getMethodName() = "extract!" and
this =
"extract!(" +
concat(int i, string s | s = getExtractComponent(mc, i) | s, "," order by i) + ")"
}
final override MethodCall getACall() { result = mc }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
(
exists(string s | s = getExtractComponent(mc, _) |
input = "Argument[self].Element[" + s + "!]" and
output = "ReturnValue.Element[" + s + "!]"
)
or
// Argument[self].WithoutElement[:a!, :b!].WithElement[any] means
// "an element of self whose key is not :a or :b, including elements
// with unknown keys"
input =
"Argument[self]" +
concat(int i, string s |
s = getExtractComponent(mc, i)
|
".WithoutElement[" + s + "!]" order by i
) + ".WithElement[any]" and
output = "Argument[self]"
) and
preservesValue = true
}
}
}
/**
* Extensions to the `Enumerable` module.
*/

36
ruby/ql/lib/codeql/ruby/frameworks/Files.qll
View File

@@ -182,3 +182,39 @@ module FileUtils {
override DataFlow::Node getAPermissionNode() { result = permissionArg }
}
}
/**
* Classes and predicates for modeling the core `Dir` module.
*/
module Dir {
/**
* A call to a method on `Dir` that operates on a path as its first argument, and produces file-names.
* Considered as a `FileNameSource` and a `FileSystemAccess`.
*/
class DirGlob extends FileSystemAccess::Range, FileNameSource instanceof DataFlow::CallNode {
DirGlob() {
this =
API::getTopLevelMember("Dir")
.getAMethodCall(["glob", "[]", "children", "each_child", "entries", "foreach"])
}
override DataFlow::Node getAPathArgument() { result = super.getArgument(0) }
}
/**
* A call to a method on `Dir` that operates on a path as its first argument, considered as a `FileSystemAccess`.
*/
class DirPathAccess extends FileSystemAccess::Range instanceof DataFlow::CallNode {
DirPathAccess() {
this =
API::getTopLevelMember("Dir")
.getAMethodCall([
"chdir", "chroot", "delete", "empty?", "exist?", "exists?", "mkdir", "new", "open",
"rmdir", "unlink"
])
}
override DataFlow::Node getAPathArgument() { result = super.getArgument(0) }
}
// TODO: Model that `(Dir.new "foo").each { |f| ... }` yields a filename (and some other public methods)
}

28
ruby/ql/lib/codeql/ruby/frameworks/core/Hash.qll
View File

@@ -244,7 +244,7 @@ module Hash {
}
private string getExceptComponent(MethodCall mc, int i) {
mc.getMethodName() = "except" and
mc.getMethodName() = ["except", "except!"] and
result = DataFlow::Content::getKnownElementIndex(mc.getArgument(i)).serialize()
}
@@ -252,10 +252,12 @@ module Hash {
MethodCall mc;
ExceptSummary() {
mc.getMethodName() = "except" and
// except! is an ActiveSupport extension
// https://api.rubyonrails.org/classes/Hash.html#method-i-except-21
mc.getMethodName() = ["except", "except!"] and
this =
"except(" + concat(int i, string s | s = getExceptComponent(mc, i) | s, "," order by i) +
")"
mc.getMethodName() + "(" +
concat(int i, string s | s = getExceptComponent(mc, i) | s, "," order by i) + ")"
}
final override MethodCall getACallSimple() { result = mc }
@@ -268,7 +270,11 @@ module Hash {
|
".WithoutElement[" + s + "!]" order by i
) + ".WithElement[any]" and
output = "ReturnValue" and
(
if mc.getMethodName() = "except!"
then output = ["ReturnValue", "Argument[self]"]
else output = "ReturnValue"
) and
preservesValue = true
}
}
@@ -331,7 +337,11 @@ private class FetchValuesUnknownSummary extends FetchValuesSummary {
}
private class MergeSummary extends SimpleSummarizedCallable {
MergeSummary() { this = "merge" }
MergeSummary() {
// deep_merge is an ActiveSupport extension
// https://api.rubyonrails.org/classes/Hash.html#method-i-deep_merge
this = ["merge", "deep_merge"]
}
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
(
@@ -346,7 +356,11 @@ private class MergeSummary extends SimpleSummarizedCallable {
}
private class MergeBangSummary extends SimpleSummarizedCallable {
MergeBangSummary() { this = ["merge!", "update"] }
MergeBangSummary() {
// deep_merge! is an ActiveSupport extension
// https://api.rubyonrails.org/classes/Hash.html#method-i-deep_merge-21
this = ["merge!", "deep_merge!", "update"]
}
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
(

2
ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
View File

@@ -166,6 +166,8 @@ module Kernel {
SendCallCodeExecution() { this.getMethodName() = "send" }
override DataFlow::Node getCode() { result = this.getArgument(0) }
override predicate runsArbitraryCode() { none() }
}
private class TapSummary extends SimpleSummarizedCallable {

2
ruby/ql/lib/codeql/ruby/frameworks/core/Module.qll
View File

@@ -42,5 +42,7 @@ module Module {
}
override DataFlow::Node getCode() { result = this.getArgument(0) }
override predicate runsArbitraryCode() { none() }
}
}

4
ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll
View File

@@ -34,7 +34,9 @@ class FaradayHttpRequest extends Http::Client::Request::Range, DataFlow::CallNod
// one-off requests
API::getTopLevelMember("Faraday"),
// connection re-use
API::getTopLevelMember("Faraday").getInstance()
API::getTopLevelMember("Faraday").getInstance(),
// connection re-use with Faraday::Connection.new instantiation
API::getTopLevelMember("Faraday").getMember("Connection").getInstance()
] and
requestNode =
connectionNode

58
ruby/ql/lib/codeql/ruby/security/CodeInjectionCustomizations.qll
View File

@@ -11,20 +11,41 @@ private import codeql.ruby.dataflow.BarrierGuards
* adding your own.
*/
module CodeInjection {
/** Flow states used to distinguish whether an attacker controls the entire string. */
module FlowState {
/** Flow state used for normal tainted data, where an attacker might only control a substring. */
DataFlow::FlowState substring() { result = "substring" }
/** Flow state used for data that is entirely controlled by the attacker. */
DataFlow::FlowState full() { result = "full" }
}
/**
* A data flow source for "Code injection" vulnerabilities.
*/
abstract class Source extends DataFlow::Node { }
abstract class Source extends DataFlow::Node {
/** Gets a flow state for which this is a source. */
DataFlow::FlowState getAFlowState() { result = [FlowState::substring(), FlowState::full()] }
}
/**
* A data flow sink for "Code injection" vulnerabilities.
*/
abstract class Sink extends DataFlow::Node { }
abstract class Sink extends DataFlow::Node {
/** Holds if this sink is safe for an attacker that only controls a substring. */
DataFlow::FlowState getAFlowState() { result = [FlowState::substring(), FlowState::full()] }
}
/**
* A sanitizer for "Code injection" vulnerabilities.
*/
abstract class Sanitizer extends DataFlow::Node { }
abstract class Sanitizer extends DataFlow::Node {
/**
* Gets a flow state for which this is a sanitizer.
* Sanitizes all states if the result is empty.
*/
DataFlow::FlowState getAFlowState() { none() }
}
/**
* DEPRECATED: Use `Sanitizer` instead.
@@ -42,6 +63,35 @@ module CodeInjection {
* A call that evaluates its arguments as Ruby code, considered as a flow sink.
*/
class CodeExecutionAsSink extends Sink {
CodeExecutionAsSink() { this = any(CodeExecution c).getCode() }
CodeExecution c;
CodeExecutionAsSink() { this = c.getCode() }
/** Gets a flow state for which this is a sink. */
override DataFlow::FlowState getAFlowState() {
if c.runsArbitraryCode()
then result = [FlowState::substring(), FlowState::full()] // If it runs arbitrary code then it's always vulnerable.
else result = FlowState::full() // If it "just" loads something, then it's only vulnerable if the attacker controls the entire string.
}
}
private import codeql.ruby.AST as Ast
/**
* A string-concatenation that sanitizes the `full()` state.
*/
class StringConcatenationSanitizer extends Sanitizer {
StringConcatenationSanitizer() {
// string concatenations sanitize the `full` state, as an attacker no longer controls the entire string
exists(Ast::AstNode str |
str instanceof Ast::StringLiteral
or
str instanceof Ast::AddExpr
|
this.asExpr().getExpr() = str
)
}
override DataFlow::FlowState getAFlowState() { result = FlowState::full() }
}
}

18
ruby/ql/lib/codeql/ruby/security/CodeInjectionQuery.qll
View File

@@ -16,16 +16,26 @@ import codeql.ruby.dataflow.BarrierGuards
class Configuration extends TaintTracking::Configuration {
Configuration() { this = "CodeInjection" }
override predicate isSource(DataFlow::Node source) { source instanceof Source }
override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) {
state = source.(Source).getAFlowState()
}
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) {
state = sink.(Sink).getAFlowState()
}
override predicate isSanitizer(DataFlow::Node node) {
node instanceof Sanitizer or
node instanceof StringConstCompareBarrier or
node instanceof Sanitizer and not exists(node.(Sanitizer).getAFlowState())
or
node instanceof StringConstCompareBarrier
or
node instanceof StringConstArrayInclusionCallBarrier
}
override predicate isSanitizer(DataFlow::Node node, DataFlow::FlowState state) {
node.(Sanitizer).getAFlowState() = state
}
deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
guard instanceof SanitizerGuard
}

2
ruby/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/ruby-all
version: 0.4.2-dev
version: 0.4.3-dev
groups: ruby
extractor: ruby
dbscheme: ruby.dbscheme

14
ruby/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,17 @@
## 0.4.2
### New Queries
* Added a new query, `rb/non-constant-kernel-open`, to detect uses of Kernel.open and related methods with non-constant values.
* Added a new query, `rb/sensitive-get-query`, to detect cases where sensitive data is read from the query parameters of an HTTP `GET` request.
### Minor Analysis Improvements
* HTTP response header and body writes via `ActionDispatch::Response` are now
recognized.
* The `rb/path-injection` query now treats the `file:` argument of the Rails `render` method as a sink.
* The alert messages of many queries were changed to better follow the style guide and make the messages consistent with other languages.
## 0.4.1
### Minor Analysis Improvements

4
ruby/ql/src/change-notes/2022-09-10-sensitive-get-query.md
View File

@@ -1,4 +0,0 @@
---
category: newQuery
---
* Added a new query, `rb/sensitive-get-query`, to detect cases where sensitive data is read from the query parameters of an HTTP `GET` request.

4
ruby/ql/src/change-notes/2022-10-06-non-constant-kernel-open.md
View File

@@ -1,4 +0,0 @@
---
category: newQuery
---
* Added a new query, `rb/non-constant-kernel-open`, to detect uses of Kernel.open and related methods with non-constant values.

4
ruby/ql/src/change-notes/2022-10-07-alert-messages.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages.

4
ruby/ql/src/change-notes/2022-10-12-rails-render-file.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The `rb/path-injection` query now treats the `file:` argument of the Rails `render` method as a sink.

5
ruby/ql/src/change-notes/2022-10-14-actiondispatch-response.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
---
* HTTP response header and body writes via `ActionDispatch::Response` are now
recognized.

13
ruby/ql/src/change-notes/released/0.4.2.md Normal file
View File

@@ -0,0 +1,13 @@
## 0.4.2
### New Queries
* Added a new query, `rb/non-constant-kernel-open`, to detect uses of Kernel.open and related methods with non-constant values.
* Added a new query, `rb/sensitive-get-query`, to detect cases where sensitive data is read from the query parameters of an HTTP `GET` request.
### Minor Analysis Improvements
* HTTP response header and body writes via `ActionDispatch::Response` are now
recognized.
* The `rb/path-injection` query now treats the `file:` argument of the Rails `render` method as a sink.
* The alert messages of many queries were changed to better follow the style guide and make the messages consistent with other languages.

2
ruby/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.1
lastReleaseVersion: 0.4.2

4
ruby/ql/src/qlpack.lock.yml
View File

@@ -1,6 +1,4 @@
---
dependencies:
codeql/suite-helpers:
version: 0.0.2
dependencies: {}
compiled: false
lockVersion: 1.0.0

2
ruby/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/ruby-queries
version: 0.4.2-dev
version: 0.4.3-dev
groups:
- ruby
- queries

12
ruby/ql/src/queries/security/cwe-094/CodeInjection.ql
View File

@@ -21,6 +21,14 @@ import DataFlow::PathGraph
from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink, Source sourceNode
where
config.hasFlowPath(source, sink) and
sourceNode = source.getNode()
select sink.getNode(), source, sink, "This code execution depends on a $@.", source.getNode(),
sourceNode = source.getNode() and
// removing duplications of the same path, but different flow-labels.
sink =
min(DataFlow::PathNode otherSink |
config.hasFlowPath(any(DataFlow::PathNode s | s.getNode() = sourceNode), otherSink) and
otherSink.getNode() = sink.getNode()
|
otherSink order by otherSink.getState()
)
select sink.getNode(), source, sink, "This code execution depends on a $@.", sourceNode,
"user-provided value"

12
ruby/ql/test/TestUtilities/InlineExpectationsTest.qll
View File

@@ -137,6 +137,7 @@ abstract class InlineExpectationsTest extends string {
final predicate hasFailureMessage(FailureLocatable element, string message) {
exists(ActualResult actualResult |
actualResult.getTest() = this and
actualResult.getTag() = this.getARelevantTag() and
element = actualResult and
(
exists(FalseNegativeExpectation falseNegative |
@@ -150,9 +151,18 @@ abstract class InlineExpectationsTest extends string {
)
)
or
exists(ActualResult actualResult |
actualResult.getTest() = this and
not actualResult.getTag() = this.getARelevantTag() and
element = actualResult and
message =
"Tag mismatch: Actual result with tag '" + actualResult.getTag() +
"' that is not part of getARelevantTag()"
)
or
exists(ValidExpectation expectation |
not exists(ActualResult actualResult | expectation.matchesActualResult(actualResult)) and
expectation.getTag() = getARelevantTag() and
expectation.getTag() = this.getARelevantTag() and
element = expectation and
(
expectation instanceof GoodExpectation and

23
ruby/ql/test/library-tests/ast/Ast.expected
View File

@@ -2833,6 +2833,29 @@ operations/operations.rb:
# 96| getStmt: [AssignMulExpr] ... *= ...
# 96| getAnOperand/getLeftOperand: [GlobalVariableAccess] $global_var
# 96| getAnOperand/getRightOperand: [IntegerLiteral] 6
# 98| getStmt: [AssignExpr] ... = ...
# 98| getAnOperand/getLeftOperand: [ConstantAssignment] CONSTANT1
# 98| getAnOperand/getRightOperand: [IntegerLiteral] 5
# 99| getStmt: [AssignAddExpr] ... += ...
# 99| getAnOperand/getLeftOperand: [ConstantAssignment, ConstantReadAccess] CONSTANT2
# 99| getAnOperand/getRightOperand: [IntegerLiteral] 6
# 100| getStmt: [AssignLogicalOrExpr] ... ||= ...
# 100| getAnOperand/getLeftOperand: [ConstantAssignment, ConstantReadAccess] CONSTANT3
# 100| getAnOperand/getRightOperand: [IntegerLiteral] 7
# 101| getStmt: [AssignLogicalOrExpr] ... ||= ...
# 101| getAnOperand/getLeftOperand: [ConstantAssignment, ConstantReadAccess] MemberConstant
# 101| getScopeExpr: [ConstantReadAccess] Foo
# 101| getAnOperand/getRightOperand: [IntegerLiteral] 8
# 102| getStmt: [AssignLogicalOrExpr] ... ||= ...
# 102| getAnOperand/getLeftOperand: [ConstantAssignment, ConstantReadAccess] OtherConstant
# 102| getScopeExpr: [MethodCall] call to bar
# 102| getReceiver: [MethodCall] call to foo
# 102| getReceiver: [SelfVariableAccess] self
# 102| getArgument: [IntegerLiteral] 1
# 102| getAnOperand/getRightOperand: [IntegerLiteral] 7
# 103| getStmt: [AssignLogicalOrExpr] ... ||= ...
# 103| getAnOperand/getLeftOperand: [ConstantAssignment, ConstantReadAccess] CONSTANT4
# 103| getAnOperand/getRightOperand: [IntegerLiteral] 7
params/params.rb:
# 1| [Toplevel] params.rb
# 4| getStmt: [Method] identifier_method_params

45
ruby/ql/test/library-tests/ast/AstDesugar.expected
View File

@@ -865,6 +865,51 @@ operations/operations.rb:
# 96| getAnOperand/getRightOperand: [MulExpr] ... * ...
# 96| getAnOperand/getLeftOperand/getReceiver: [GlobalVariableAccess] $global_var
# 96| getAnOperand/getArgument/getRightOperand: [IntegerLiteral] 6
# 99| [AssignAddExpr] ... += ...
# 99| getDesugared: [AssignExpr] ... = ...
# 99| getAnOperand/getLeftOperand: [ConstantAssignment, ConstantReadAccess] CONSTANT2
# 99| getAnOperand/getRightOperand: [AddExpr] ... + ...
# 99| getAnOperand/getLeftOperand/getReceiver: [ConstantReadAccess] CONSTANT2
# 99| getAnOperand/getArgument/getRightOperand: [IntegerLiteral] 6
# 100| [AssignLogicalOrExpr] ... ||= ...
# 100| getDesugared: [AssignExpr] ... = ...
# 100| getAnOperand/getLeftOperand: [ConstantAssignment, ConstantReadAccess] CONSTANT3
# 100| getAnOperand/getRightOperand: [LogicalOrExpr] ... || ...
# 100| getAnOperand/getLeftOperand/getReceiver: [ConstantReadAccess] CONSTANT3
# 100| getAnOperand/getArgument/getRightOperand: [IntegerLiteral] 7
# 101| [AssignLogicalOrExpr] ... ||= ...
# 101| getDesugared: [StmtSequence] ...
# 101| getStmt: [AssignExpr] ... = ...
# 101| getAnOperand/getRightOperand: [ConstantReadAccess] Foo
# 101| getAnOperand/getLeftOperand: [LocalVariableAccess] __synth__0
# 101| getStmt: [AssignExpr] ... = ...
# 101| getAnOperand/getLeftOperand: [ConstantAssignment] MemberConstant
# 101| getScopeExpr: [LocalVariableAccess] __synth__0
# 101| getAnOperand/getRightOperand: [LogicalOrExpr] ... || ...
# 101| getAnOperand/getLeftOperand/getReceiver: [ConstantReadAccess] MemberConstant
# 101| getScopeExpr: [LocalVariableAccess] __synth__0
# 101| getAnOperand/getArgument/getRightOperand: [IntegerLiteral] 8
# 102| [AssignLogicalOrExpr] ... ||= ...
# 102| getDesugared: [StmtSequence] ...
# 102| getStmt: [AssignExpr] ... = ...
# 102| getAnOperand/getRightOperand: [MethodCall] call to bar
# 102| getReceiver: [MethodCall] call to foo
# 102| getReceiver: [SelfVariableAccess] self
# 102| getArgument: [IntegerLiteral] 1
# 102| getAnOperand/getLeftOperand: [LocalVariableAccess] __synth__0
# 102| getStmt: [AssignExpr] ... = ...
# 102| getAnOperand/getLeftOperand: [ConstantAssignment] OtherConstant
# 102| getScopeExpr: [LocalVariableAccess] __synth__0
# 102| getAnOperand/getRightOperand: [LogicalOrExpr] ... || ...
# 102| getAnOperand/getLeftOperand/getReceiver: [ConstantReadAccess] OtherConstant
# 102| getScopeExpr: [LocalVariableAccess] __synth__0
# 102| getAnOperand/getArgument/getRightOperand: [IntegerLiteral] 7
# 103| [AssignLogicalOrExpr] ... ||= ...
# 103| getDesugared: [AssignExpr] ... = ...
# 103| getAnOperand/getLeftOperand: [ConstantAssignment, ConstantReadAccess] CONSTANT4
# 103| getAnOperand/getRightOperand: [LogicalOrExpr] ... || ...
# 103| getAnOperand/getLeftOperand/getReceiver: [ConstantReadAccess] CONSTANT4
# 103| getAnOperand/getArgument/getRightOperand: [IntegerLiteral] 7
params/params.rb:
# 8| [HashLiteral] {...}
# 8| getDesugared: [MethodCall] call to []

40
ruby/ql/test/library-tests/ast/TreeSitter.expected
View File

@@ -5537,6 +5537,46 @@ operations/operations.rb:
# 96| 0: [GlobalVariable] $global_var
# 96| 1: [ReservedWord] *=
# 96| 2: [Integer] 6
# 98| 66: [Assignment] Assignment
# 98| 0: [Constant] CONSTANT1
# 98| 1: [ReservedWord] =
# 98| 2: [Integer] 5
# 99| 67: [OperatorAssignment] OperatorAssignment
# 99| 0: [Constant] CONSTANT2
# 99| 1: [ReservedWord] +=
# 99| 2: [Integer] 6
# 100| 68: [OperatorAssignment] OperatorAssignment
# 100| 0: [Constant] CONSTANT3
# 100| 1: [ReservedWord] ||=
# 100| 2: [Integer] 7
# 101| 69: [OperatorAssignment] OperatorAssignment
# 101| 0: [ScopeResolution] ScopeResolution
# 101| 0: [Constant] Foo
# 101| 1: [ReservedWord] ::
# 101| 2: [Constant] MemberConstant
# 101| 1: [ReservedWord] ||=
# 101| 2: [Integer] 8
# 102| 70: [OperatorAssignment] OperatorAssignment
# 102| 0: [ScopeResolution] ScopeResolution
# 102| 0: [Call] Call
# 102| 0: [Call] Call
# 102| 0: [Identifier] foo
# 102| 1: [ArgumentList] ArgumentList
# 102| 0: [ReservedWord] (
# 102| 1: [Integer] 1
# 102| 2: [ReservedWord] )
# 102| 1: [ReservedWord] .
# 102| 2: [Identifier] bar
# 102| 1: [ReservedWord] ::
# 102| 2: [Constant] OtherConstant
# 102| 1: [ReservedWord] ||=
# 102| 2: [Integer] 7
# 103| 71: [OperatorAssignment] OperatorAssignment
# 103| 0: [ScopeResolution] ScopeResolution
# 103| 0: [ReservedWord] ::
# 103| 1: [Constant] CONSTANT4
# 103| 1: [ReservedWord] ||=
# 103| 2: [Integer] 7
# 1| [Comment] # Start with assignments to all the identifiers used below, so that they are
# 2| [Comment] # interpreted as variables.
# 22| [Comment] # Unary operations

14
ruby/ql/test/library-tests/ast/ValueText.expected
View File

@@ -888,6 +888,13 @@ exprValue
| operations/operations.rb:92:10:92:10 | 4 | 4 | int |
| operations/operations.rb:95:15:95:15 | 5 | 5 | int |
| operations/operations.rb:96:16:96:16 | 6 | 6 | int |
| operations/operations.rb:98:13:98:13 | 5 | 5 | int |
| operations/operations.rb:99:14:99:14 | 6 | 6 | int |
| operations/operations.rb:100:15:100:15 | 7 | 7 | int |
| operations/operations.rb:101:25:101:25 | 8 | 8 | int |
| operations/operations.rb:102:5:102:5 | 1 | 1 | int |
| operations/operations.rb:102:31:102:31 | 7 | 7 | int |
| operations/operations.rb:103:17:103:17 | 7 | 7 | int |
| params/params.rb:41:46:41:46 | 7 | 7 | int |
| params/params.rb:47:19:47:21 | :bar | :bar | symbol |
| params/params.rb:47:24:47:24 | 2 | 2 | int |
@@ -1764,6 +1771,13 @@ exprCfgNodeValue
| operations/operations.rb:92:10:92:10 | 4 | 4 | int |
| operations/operations.rb:95:15:95:15 | 5 | 5 | int |
| operations/operations.rb:96:16:96:16 | 6 | 6 | int |
| operations/operations.rb:98:13:98:13 | 5 | 5 | int |
| operations/operations.rb:99:14:99:14 | 6 | 6 | int |
| operations/operations.rb:100:15:100:15 | 7 | 7 | int |
| operations/operations.rb:101:25:101:25 | 8 | 8 | int |
| operations/operations.rb:102:5:102:5 | 1 | 1 | int |
| operations/operations.rb:102:31:102:31 | 7 | 7 | int |
| operations/operations.rb:103:17:103:17 | 7 | 7 | int |
| params/params.rb:41:46:41:46 | 7 | 7 | int |
| params/params.rb:47:19:47:21 | :bar | :bar | symbol |
| params/params.rb:47:24:47:24 | 2 | 2 | int |

23
ruby/ql/test/library-tests/ast/operations/assignment.expected
View File

@@ -52,6 +52,19 @@ assignments
| operations.rb:95:1:95:15 | ... = ... | = | operations.rb:95:1:95:11 | $global_var | operations.rb:95:15:95:15 | 5 | AssignExpr |
| operations.rb:96:1:96:16 | ... *= ... | *= | operations.rb:96:1:96:11 | $global_var | operations.rb:96:16:96:16 | 6 | AssignMulExpr |
| operations.rb:96:1:96:16 | ... = ... | = | operations.rb:96:1:96:11 | $global_var | operations.rb:96:13:96:14 | ... * ... | AssignExpr |
| operations.rb:98:1:98:13 | ... = ... | = | operations.rb:98:1:98:9 | CONSTANT1 | operations.rb:98:13:98:13 | 5 | AssignExpr |
| operations.rb:99:1:99:14 | ... += ... | += | operations.rb:99:1:99:9 | CONSTANT2 | operations.rb:99:14:99:14 | 6 | AssignAddExpr |
| operations.rb:99:1:99:14 | ... = ... | = | operations.rb:99:1:99:9 | CONSTANT2 | operations.rb:99:11:99:12 | ... + ... | AssignExpr |
| operations.rb:100:1:100:15 | ... = ... | = | operations.rb:100:1:100:9 | CONSTANT3 | operations.rb:100:11:100:13 | ... \|\| ... | AssignExpr |
| operations.rb:100:1:100:15 | ... \|\|= ... | \|\|= | operations.rb:100:1:100:9 | CONSTANT3 | operations.rb:100:15:100:15 | 7 | AssignLogicalOrExpr |
| operations.rb:101:1:101:3 | ... = ... | = | operations.rb:101:1:101:3 | __synth__0 | operations.rb:101:1:101:3 | Foo | AssignExpr |
| operations.rb:101:1:101:25 | ... = ... | = | operations.rb:101:1:101:19 | MemberConstant | operations.rb:101:21:101:23 | ... \|\| ... | AssignExpr |
| operations.rb:101:1:101:25 | ... \|\|= ... | \|\|= | operations.rb:101:1:101:19 | MemberConstant | operations.rb:101:25:101:25 | 8 | AssignLogicalOrExpr |
| operations.rb:102:1:102:10 | ... = ... | = | operations.rb:102:1:102:10 | __synth__0 | operations.rb:102:1:102:10 | call to bar | AssignExpr |
| operations.rb:102:1:102:31 | ... = ... | = | operations.rb:102:1:102:25 | OtherConstant | operations.rb:102:27:102:29 | ... \|\| ... | AssignExpr |
| operations.rb:102:1:102:31 | ... \|\|= ... | \|\|= | operations.rb:102:1:102:25 | OtherConstant | operations.rb:102:31:102:31 | 7 | AssignLogicalOrExpr |
| operations.rb:103:1:103:17 | ... = ... | = | operations.rb:103:1:103:11 | CONSTANT4 | operations.rb:103:13:103:15 | ... \|\| ... | AssignExpr |
| operations.rb:103:1:103:17 | ... \|\|= ... | \|\|= | operations.rb:103:1:103:11 | CONSTANT4 | operations.rb:103:17:103:17 | 7 | AssignLogicalOrExpr |
assignOperations
| operations.rb:69:1:69:8 | ... += ... | += | operations.rb:69:1:69:1 | x | operations.rb:69:6:69:8 | 128 | AssignAddExpr |
| operations.rb:70:1:70:7 | ... -= ... | -= | operations.rb:70:1:70:1 | y | operations.rb:70:6:70:7 | 32 | AssignSubExpr |
@@ -69,6 +82,11 @@ assignOperations
| operations.rb:89:3:89:9 | ... += ... | += | operations.rb:89:3:89:4 | @x | operations.rb:89:9:89:9 | 2 | AssignAddExpr |
| operations.rb:92:3:92:10 | ... /= ... | /= | operations.rb:92:3:92:5 | @@y | operations.rb:92:10:92:10 | 4 | AssignDivExpr |
| operations.rb:96:1:96:16 | ... *= ... | *= | operations.rb:96:1:96:11 | $global_var | operations.rb:96:16:96:16 | 6 | AssignMulExpr |
| operations.rb:99:1:99:14 | ... += ... | += | operations.rb:99:1:99:9 | CONSTANT2 | operations.rb:99:14:99:14 | 6 | AssignAddExpr |
| operations.rb:100:1:100:15 | ... \|\|= ... | \|\|= | operations.rb:100:1:100:9 | CONSTANT3 | operations.rb:100:15:100:15 | 7 | AssignLogicalOrExpr |
| operations.rb:101:1:101:25 | ... \|\|= ... | \|\|= | operations.rb:101:1:101:19 | MemberConstant | operations.rb:101:25:101:25 | 8 | AssignLogicalOrExpr |
| operations.rb:102:1:102:31 | ... \|\|= ... | \|\|= | operations.rb:102:1:102:25 | OtherConstant | operations.rb:102:31:102:31 | 7 | AssignLogicalOrExpr |
| operations.rb:103:1:103:17 | ... \|\|= ... | \|\|= | operations.rb:103:1:103:11 | CONSTANT4 | operations.rb:103:17:103:17 | 7 | AssignLogicalOrExpr |
assignArithmeticOperations
| operations.rb:69:1:69:8 | ... += ... | += | operations.rb:69:1:69:1 | x | operations.rb:69:6:69:8 | 128 | AssignAddExpr |
| operations.rb:70:1:70:7 | ... -= ... | -= | operations.rb:70:1:70:1 | y | operations.rb:70:6:70:7 | 32 | AssignSubExpr |
@@ -79,9 +97,14 @@ assignArithmeticOperations
| operations.rb:89:3:89:9 | ... += ... | += | operations.rb:89:3:89:4 | @x | operations.rb:89:9:89:9 | 2 | AssignAddExpr |
| operations.rb:92:3:92:10 | ... /= ... | /= | operations.rb:92:3:92:5 | @@y | operations.rb:92:10:92:10 | 4 | AssignDivExpr |
| operations.rb:96:1:96:16 | ... *= ... | *= | operations.rb:96:1:96:11 | $global_var | operations.rb:96:16:96:16 | 6 | AssignMulExpr |
| operations.rb:99:1:99:14 | ... += ... | += | operations.rb:99:1:99:9 | CONSTANT2 | operations.rb:99:14:99:14 | 6 | AssignAddExpr |
assignLogicalOperations
| operations.rb:77:2:77:8 | ... &&= ... | &&= | operations.rb:77:2:77:2 | x | operations.rb:77:8:77:8 | y | AssignLogicalAndExpr |
| operations.rb:78:2:78:8 | ... \|\|= ... | \|\|= | operations.rb:78:2:78:2 | a | operations.rb:78:8:78:8 | b | AssignLogicalOrExpr |
| operations.rb:100:1:100:15 | ... \|\|= ... | \|\|= | operations.rb:100:1:100:9 | CONSTANT3 | operations.rb:100:15:100:15 | 7 | AssignLogicalOrExpr |
| operations.rb:101:1:101:25 | ... \|\|= ... | \|\|= | operations.rb:101:1:101:19 | MemberConstant | operations.rb:101:25:101:25 | 8 | AssignLogicalOrExpr |
| operations.rb:102:1:102:31 | ... \|\|= ... | \|\|= | operations.rb:102:1:102:25 | OtherConstant | operations.rb:102:31:102:31 | 7 | AssignLogicalOrExpr |
| operations.rb:103:1:103:17 | ... \|\|= ... | \|\|= | operations.rb:103:1:103:11 | CONSTANT4 | operations.rb:103:17:103:17 | 7 | AssignLogicalOrExpr |
assignBitwiseOperations
| operations.rb:81:2:81:8 | ... <<= ... | <<= | operations.rb:81:2:81:2 | x | operations.rb:81:8:81:8 | 2 | AssignLShiftExpr |
| operations.rb:82:2:82:8 | ... >>= ... | >>= | operations.rb:82:2:82:2 | y | operations.rb:82:8:82:8 | 3 | AssignRShiftExpr |

10
ruby/ql/test/library-tests/ast/operations/binary.expected
View File

@@ -40,6 +40,11 @@ binaryOperations
| operations.rb:89:6:89:7 | ... + ... | + | operations.rb:89:3:89:4 | @x | operations.rb:89:9:89:9 | 2 | AddExpr |
| operations.rb:92:7:92:8 | ... / ... | / | operations.rb:92:3:92:5 | @@y | operations.rb:92:10:92:10 | 4 | DivExpr |
| operations.rb:96:13:96:14 | ... * ... | * | operations.rb:96:1:96:11 | $global_var | operations.rb:96:16:96:16 | 6 | MulExpr |
| operations.rb:99:11:99:12 | ... + ... | + | operations.rb:99:1:99:9 | CONSTANT2 | operations.rb:99:14:99:14 | 6 | AddExpr |
| operations.rb:100:11:100:13 | ... \|\| ... | \|\| | operations.rb:100:1:100:9 | CONSTANT3 | operations.rb:100:15:100:15 | 7 | LogicalOrExpr |
| operations.rb:101:21:101:23 | ... \|\| ... | \|\| | operations.rb:101:1:101:19 | MemberConstant | operations.rb:101:25:101:25 | 8 | LogicalOrExpr |
| operations.rb:102:27:102:29 | ... \|\| ... | \|\| | operations.rb:102:1:102:25 | OtherConstant | operations.rb:102:31:102:31 | 7 | LogicalOrExpr |
| operations.rb:103:13:103:15 | ... \|\| ... | \|\| | operations.rb:103:1:103:11 | CONSTANT4 | operations.rb:103:17:103:17 | 7 | LogicalOrExpr |
binaryArithmeticOperations
| operations.rb:32:1:32:7 | ... + ... | + | operations.rb:32:1:32:1 | w | operations.rb:32:5:32:7 | 234 | AddExpr |
| operations.rb:33:1:33:6 | ... - ... | - | operations.rb:33:1:33:1 | x | operations.rb:33:5:33:6 | 17 | SubExpr |
@@ -56,6 +61,7 @@ binaryArithmeticOperations
| operations.rb:89:6:89:7 | ... + ... | + | operations.rb:89:3:89:4 | @x | operations.rb:89:9:89:9 | 2 | AddExpr |
| operations.rb:92:7:92:8 | ... / ... | / | operations.rb:92:3:92:5 | @@y | operations.rb:92:10:92:10 | 4 | DivExpr |
| operations.rb:96:13:96:14 | ... * ... | * | operations.rb:96:1:96:11 | $global_var | operations.rb:96:16:96:16 | 6 | MulExpr |
| operations.rb:99:11:99:12 | ... + ... | + | operations.rb:99:1:99:9 | CONSTANT2 | operations.rb:99:14:99:14 | 6 | AddExpr |
binaryLogicalOperations
| operations.rb:40:1:40:10 | ... && ... | && | operations.rb:40:1:40:3 | foo | operations.rb:40:8:40:10 | bar | LogicalAndExpr |
| operations.rb:41:1:41:11 | ... and ... | and | operations.rb:41:1:41:3 | baz | operations.rb:41:9:41:11 | qux | LogicalAndExpr |
@@ -63,6 +69,10 @@ binaryLogicalOperations
| operations.rb:43:1:43:6 | ... \|\| ... | \|\| | operations.rb:43:1:43:1 | x | operations.rb:43:6:43:6 | y | LogicalOrExpr |
| operations.rb:77:4:77:6 | ... && ... | && | operations.rb:77:2:77:2 | x | operations.rb:77:8:77:8 | y | LogicalAndExpr |
| operations.rb:78:4:78:6 | ... \|\| ... | \|\| | operations.rb:78:2:78:2 | a | operations.rb:78:8:78:8 | b | LogicalOrExpr |
| operations.rb:100:11:100:13 | ... \|\| ... | \|\| | operations.rb:100:1:100:9 | CONSTANT3 | operations.rb:100:15:100:15 | 7 | LogicalOrExpr |
| operations.rb:101:21:101:23 | ... \|\| ... | \|\| | operations.rb:101:1:101:19 | MemberConstant | operations.rb:101:25:101:25 | 8 | LogicalOrExpr |
| operations.rb:102:27:102:29 | ... \|\| ... | \|\| | operations.rb:102:1:102:25 | OtherConstant | operations.rb:102:31:102:31 | 7 | LogicalOrExpr |
| operations.rb:103:13:103:15 | ... \|\| ... | \|\| | operations.rb:103:1:103:11 | CONSTANT4 | operations.rb:103:17:103:17 | 7 | LogicalOrExpr |
binaryBitwiseOperations
| operations.rb:46:1:46:6 | ... << ... | << | operations.rb:46:1:46:1 | x | operations.rb:46:6:46:6 | 3 | LShiftExpr |
| operations.rb:47:1:47:7 | ... >> ... | >> | operations.rb:47:1:47:1 | y | operations.rb:47:6:47:7 | 16 | RShiftExpr |

36
ruby/ql/test/library-tests/ast/operations/operation.expected
View File

@@ -194,3 +194,39 @@
| operations.rb:96:1:96:16 | ... = ... | = | operations.rb:96:13:96:14 | ... * ... | AssignExpr |
| operations.rb:96:13:96:14 | ... * ... | * | operations.rb:96:1:96:11 | $global_var | MulExpr |
| operations.rb:96:13:96:14 | ... * ... | * | operations.rb:96:16:96:16 | 6 | MulExpr |
| operations.rb:98:1:98:13 | ... = ... | = | operations.rb:98:1:98:9 | CONSTANT1 | AssignExpr |
| operations.rb:98:1:98:13 | ... = ... | = | operations.rb:98:13:98:13 | 5 | AssignExpr |
| operations.rb:99:1:99:14 | ... += ... | += | operations.rb:99:1:99:9 | CONSTANT2 | AssignAddExpr |
| operations.rb:99:1:99:14 | ... += ... | += | operations.rb:99:14:99:14 | 6 | AssignAddExpr |
| operations.rb:99:1:99:14 | ... = ... | = | operations.rb:99:1:99:9 | CONSTANT2 | AssignExpr |
| operations.rb:99:1:99:14 | ... = ... | = | operations.rb:99:11:99:12 | ... + ... | AssignExpr |
| operations.rb:99:11:99:12 | ... + ... | + | operations.rb:99:1:99:9 | CONSTANT2 | AddExpr |
| operations.rb:99:11:99:12 | ... + ... | + | operations.rb:99:14:99:14 | 6 | AddExpr |
| operations.rb:100:1:100:15 | ... = ... | = | operations.rb:100:1:100:9 | CONSTANT3 | AssignExpr |
| operations.rb:100:1:100:15 | ... = ... | = | operations.rb:100:11:100:13 | ... \|\| ... | AssignExpr |
| operations.rb:100:1:100:15 | ... \|\|= ... | \|\|= | operations.rb:100:1:100:9 | CONSTANT3 | AssignLogicalOrExpr |
| operations.rb:100:1:100:15 | ... \|\|= ... | \|\|= | operations.rb:100:15:100:15 | 7 | AssignLogicalOrExpr |
| operations.rb:100:11:100:13 | ... \|\| ... | \|\| | operations.rb:100:1:100:9 | CONSTANT3 | LogicalOrExpr |
| operations.rb:100:11:100:13 | ... \|\| ... | \|\| | operations.rb:100:15:100:15 | 7 | LogicalOrExpr |
| operations.rb:101:1:101:3 | ... = ... | = | operations.rb:101:1:101:3 | Foo | AssignExpr |
| operations.rb:101:1:101:3 | ... = ... | = | operations.rb:101:1:101:3 | __synth__0 | AssignExpr |
| operations.rb:101:1:101:25 | ... = ... | = | operations.rb:101:1:101:19 | MemberConstant | AssignExpr |
| operations.rb:101:1:101:25 | ... = ... | = | operations.rb:101:21:101:23 | ... \|\| ... | AssignExpr |
| operations.rb:101:1:101:25 | ... \|\|= ... | \|\|= | operations.rb:101:1:101:19 | MemberConstant | AssignLogicalOrExpr |
| operations.rb:101:1:101:25 | ... \|\|= ... | \|\|= | operations.rb:101:25:101:25 | 8 | AssignLogicalOrExpr |
| operations.rb:101:21:101:23 | ... \|\| ... | \|\| | operations.rb:101:1:101:19 | MemberConstant | LogicalOrExpr |
| operations.rb:101:21:101:23 | ... \|\| ... | \|\| | operations.rb:101:25:101:25 | 8 | LogicalOrExpr |
| operations.rb:102:1:102:10 | ... = ... | = | operations.rb:102:1:102:10 | __synth__0 | AssignExpr |
| operations.rb:102:1:102:10 | ... = ... | = | operations.rb:102:1:102:10 | call to bar | AssignExpr |
| operations.rb:102:1:102:31 | ... = ... | = | operations.rb:102:1:102:25 | OtherConstant | AssignExpr |
| operations.rb:102:1:102:31 | ... = ... | = | operations.rb:102:27:102:29 | ... \|\| ... | AssignExpr |
| operations.rb:102:1:102:31 | ... \|\|= ... | \|\|= | operations.rb:102:1:102:25 | OtherConstant | AssignLogicalOrExpr |
| operations.rb:102:1:102:31 | ... \|\|= ... | \|\|= | operations.rb:102:31:102:31 | 7 | AssignLogicalOrExpr |
| operations.rb:102:27:102:29 | ... \|\| ... | \|\| | operations.rb:102:1:102:25 | OtherConstant | LogicalOrExpr |
| operations.rb:102:27:102:29 | ... \|\| ... | \|\| | operations.rb:102:31:102:31 | 7 | LogicalOrExpr |
| operations.rb:103:1:103:17 | ... = ... | = | operations.rb:103:1:103:11 | CONSTANT4 | AssignExpr |
| operations.rb:103:1:103:17 | ... = ... | = | operations.rb:103:13:103:15 | ... \|\| ... | AssignExpr |
| operations.rb:103:1:103:17 | ... \|\|= ... | \|\|= | operations.rb:103:1:103:11 | CONSTANT4 | AssignLogicalOrExpr |
| operations.rb:103:1:103:17 | ... \|\|= ... | \|\|= | operations.rb:103:17:103:17 | 7 | AssignLogicalOrExpr |
| operations.rb:103:13:103:15 | ... \|\| ... | \|\| | operations.rb:103:1:103:11 | CONSTANT4 | LogicalOrExpr |
| operations.rb:103:13:103:15 | ... \|\| ... | \|\| | operations.rb:103:17:103:17 | 7 | LogicalOrExpr |

7
ruby/ql/test/library-tests/ast/operations/operations.rb
View File

@@ -94,3 +94,10 @@ end
$global_var = 5
$global_var *= 6
CONSTANT1 = 5
CONSTANT2 += 6
CONSTANT3 ||= 7
Foo::MemberConstant ||= 8
foo(1).bar::OtherConstant ||= 7
::CONSTANT4 ||= 7

75
ruby/ql/test/library-tests/controlflow/graph/Cfg.expected
View File

@@ -3762,6 +3762,81 @@ cfg.rb:
# 215| self
#-----| -> call to something_else
constant_compound_assign.rb:
# 1| Foo
#-----| -> foo_before
# 1| enter constant_compound_assign.rb
#-----| -> Foo
# 1| exit constant_compound_assign.rb
# 1| exit constant_compound_assign.rb (normal)
#-----| -> exit constant_compound_assign.rb
# 2| foo_before
#-----| -> FOO_CONSTANT
# 5| FOO_CONSTANT
#-----| -> FOO_CONSTANT
# 5| FOO_CONSTANT
#-----| true -> ... || ...
#-----| false -> 123
# 5| ... = ...
#-----| -> foo_after
# 5| ... || ...
#-----| -> ... = ...
# 5| 123
#-----| -> ... || ...
# 7| foo_after
#-----| -> top_before
# 11| top_before
#-----| -> TOP_CONSTANT
# 14| TOP_CONSTANT
#-----| -> TOP_CONSTANT
# 14| TOP_CONSTANT
#-----| true -> ... || ...
#-----| false -> 123
# 14| ... = ...
#-----| -> top_after
# 14| ... || ...
#-----| -> ... = ...
# 14| 123
#-----| -> ... || ...
# 16| top_after
#-----| -> TOP_CONSTANT2
# 19| TOP_CONSTANT2
#-----| -> TOP_CONSTANT2
# 19| TOP_CONSTANT2
#-----| true -> ... || ...
#-----| false -> 123
# 19| ... = ...
#-----| -> top_after2
# 19| ... || ...
#-----| -> ... = ...
# 19| 123
#-----| -> ... || ...
# 21| top_after2
#-----| -> exit constant_compound_assign.rb (normal)
desugar.rb:
# 1| enter m1
#-----| -> x

3
ruby/ql/test/library-tests/controlflow/graph/Nodes.expected
View File

@@ -212,6 +212,9 @@ positionalArguments
| cfg.rb:205:1:205:23 | call to bar | cfg.rb:205:10:205:10 | 1 |
| cfg.rb:205:1:205:23 | call to bar | cfg.rb:205:12:205:12 | 2 |
| cfg.rb:205:4:205:5 | call to == | cfg.rb:205:1:205:3 | __synth__0__1 |
| constant_compound_assign.rb:5:18:5:20 | ... \|\| ... | constant_compound_assign.rb:5:22:5:24 | 123 |
| constant_compound_assign.rb:14:14:14:16 | ... \|\| ... | constant_compound_assign.rb:14:18:14:20 | 123 |
| constant_compound_assign.rb:19:17:19:19 | ... \|\| ... | constant_compound_assign.rb:19:21:19:23 | 123 |
| desugar.rb:2:5:2:6 | ... + ... | desugar.rb:2:8:2:8 | 1 |
| desugar.rb:6:3:6:13 | call to count= | desugar.rb:6:17:6:17 | ... = ... |
| desugar.rb:10:3:10:10 | call to []= | desugar.rb:10:9:10:9 | 0 |

22
ruby/ql/test/library-tests/controlflow/graph/constant_compound_assign.rb Normal file
View File

@@ -0,0 +1,22 @@
module Foo
def foo_before
end
FOO_CONSTANT ||= 123
def foo_after
end
end
def top_before
end
TOP_CONSTANT ||= 123
def top_after
end
::TOP_CONSTANT2 ||= 123
def top_after2
end

2
ruby/ql/test/library-tests/dataflow/api-graphs/use.ql
View File

@@ -20,7 +20,7 @@ class CustomEntryPointUse extends API::EntryPoint {
class ApiUseTest extends InlineExpectationsTest {
ApiUseTest() { this = "ApiUseTest" }
override string getARelevantTag() { result = ["use", "def"] }
override string getARelevantTag() { result = ["use", "def", "call"] }
private predicate relevantNode(API::Node a, DataFlow::Node n, Location l, string tag) {
l = n.getLocation() and

5
ruby/ql/test/library-tests/dataflow/array-flow/type-tracking-array-flow.ql
View File

@@ -1 +1,6 @@
// This test flags any difference in flow between the type-tracking and dataflow
// libraries. New results in this query do not necessarily indicate a problem,
// only that type-tracking cannot follow the flow in your test. If the dataflow
// test (`array-flow.ql`) shows no failures, then that may be sufficient
// (depending on your use case).
import TestUtilities.InlineTypeTrackingFlowTest

198
ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected
View File

@@ -40,16 +40,70 @@ edges
| call_sensitivity.rb:50:15:50:15 | x : | call_sensitivity.rb:51:10:51:10 | x |
| call_sensitivity.rb:54:15:54:15 | x : | call_sensitivity.rb:55:13:55:13 | x : |
| call_sensitivity.rb:54:15:54:15 | x : | call_sensitivity.rb:55:13:55:13 | x : |
| call_sensitivity.rb:54:15:54:15 | x : | call_sensitivity.rb:55:13:55:13 | x : |
| call_sensitivity.rb:54:15:54:15 | x : | call_sensitivity.rb:55:13:55:13 | x : |
| call_sensitivity.rb:55:13:55:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:55:13:55:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:58:18:58:18 | y : | call_sensitivity.rb:59:15:59:15 | y : |
| call_sensitivity.rb:58:18:58:18 | y : | call_sensitivity.rb:59:15:59:15 | y : |
| call_sensitivity.rb:59:15:59:15 | y : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:59:15:59:15 | y : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:64:11:64:18 | call to taint : | call_sensitivity.rb:54:15:54:15 | x : |
| call_sensitivity.rb:64:11:64:18 | call to taint : | call_sensitivity.rb:54:15:54:15 | x : |
| call_sensitivity.rb:65:14:65:22 | call to taint : | call_sensitivity.rb:58:18:58:18 | y : |
| call_sensitivity.rb:65:14:65:22 | call to taint : | call_sensitivity.rb:58:18:58:18 | y : |
| call_sensitivity.rb:55:13:55:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:55:13:55:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:58:20:58:20 | x : | call_sensitivity.rb:59:18:59:18 | x : |
| call_sensitivity.rb:58:20:58:20 | x : | call_sensitivity.rb:59:18:59:18 | x : |
| call_sensitivity.rb:59:18:59:18 | x : | call_sensitivity.rb:54:15:54:15 | x : |
| call_sensitivity.rb:59:18:59:18 | x : | call_sensitivity.rb:54:15:54:15 | x : |
| call_sensitivity.rb:62:18:62:18 | y : | call_sensitivity.rb:63:15:63:15 | y : |
| call_sensitivity.rb:62:18:62:18 | y : | call_sensitivity.rb:63:15:63:15 | y : |
| call_sensitivity.rb:62:18:62:18 | y : | call_sensitivity.rb:63:15:63:15 | y : |
| call_sensitivity.rb:62:18:62:18 | y : | call_sensitivity.rb:63:15:63:15 | y : |
| call_sensitivity.rb:63:15:63:15 | y : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:63:15:63:15 | y : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:63:15:63:15 | y : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:63:15:63:15 | y : | call_sensitivity.rb:50:15:50:15 | x : |
| call_sensitivity.rb:66:20:66:20 | x : | call_sensitivity.rb:67:24:67:24 | x : |
| call_sensitivity.rb:66:20:66:20 | x : | call_sensitivity.rb:67:24:67:24 | x : |
| call_sensitivity.rb:67:24:67:24 | x : | call_sensitivity.rb:62:18:62:18 | y : |
| call_sensitivity.rb:67:24:67:24 | x : | call_sensitivity.rb:62:18:62:18 | y : |
| call_sensitivity.rb:70:30:70:30 | x : | call_sensitivity.rb:71:10:71:10 | x |
| call_sensitivity.rb:70:30:70:30 | x : | call_sensitivity.rb:71:10:71:10 | x |
| call_sensitivity.rb:74:30:74:30 | x : | call_sensitivity.rb:75:23:75:23 | x : |
| call_sensitivity.rb:74:30:74:30 | x : | call_sensitivity.rb:75:23:75:23 | x : |
| call_sensitivity.rb:74:30:74:30 | x : | call_sensitivity.rb:75:23:75:23 | x : |
| call_sensitivity.rb:74:30:74:30 | x : | call_sensitivity.rb:75:23:75:23 | x : |
| call_sensitivity.rb:75:23:75:23 | x : | call_sensitivity.rb:70:30:70:30 | x : |
| call_sensitivity.rb:75:23:75:23 | x : | call_sensitivity.rb:70:30:70:30 | x : |
| call_sensitivity.rb:75:23:75:23 | x : | call_sensitivity.rb:70:30:70:30 | x : |
| call_sensitivity.rb:75:23:75:23 | x : | call_sensitivity.rb:70:30:70:30 | x : |
| call_sensitivity.rb:78:35:78:35 | x : | call_sensitivity.rb:79:28:79:28 | x : |
| call_sensitivity.rb:78:35:78:35 | x : | call_sensitivity.rb:79:28:79:28 | x : |
| call_sensitivity.rb:79:28:79:28 | x : | call_sensitivity.rb:74:30:74:30 | x : |
| call_sensitivity.rb:79:28:79:28 | x : | call_sensitivity.rb:74:30:74:30 | x : |
| call_sensitivity.rb:82:33:82:33 | y : | call_sensitivity.rb:83:25:83:25 | y : |
| call_sensitivity.rb:82:33:82:33 | y : | call_sensitivity.rb:83:25:83:25 | y : |
| call_sensitivity.rb:82:33:82:33 | y : | call_sensitivity.rb:83:25:83:25 | y : |
| call_sensitivity.rb:82:33:82:33 | y : | call_sensitivity.rb:83:25:83:25 | y : |
| call_sensitivity.rb:83:25:83:25 | y : | call_sensitivity.rb:70:30:70:30 | x : |
| call_sensitivity.rb:83:25:83:25 | y : | call_sensitivity.rb:70:30:70:30 | x : |
| call_sensitivity.rb:83:25:83:25 | y : | call_sensitivity.rb:70:30:70:30 | x : |
| call_sensitivity.rb:83:25:83:25 | y : | call_sensitivity.rb:70:30:70:30 | x : |
| call_sensitivity.rb:86:35:86:35 | x : | call_sensitivity.rb:87:34:87:34 | x : |
| call_sensitivity.rb:86:35:86:35 | x : | call_sensitivity.rb:87:34:87:34 | x : |
| call_sensitivity.rb:87:34:87:34 | x : | call_sensitivity.rb:82:33:82:33 | y : |
| call_sensitivity.rb:87:34:87:34 | x : | call_sensitivity.rb:82:33:82:33 | y : |
| call_sensitivity.rb:92:11:92:18 | call to taint : | call_sensitivity.rb:54:15:54:15 | x : |
| call_sensitivity.rb:92:11:92:18 | call to taint : | call_sensitivity.rb:54:15:54:15 | x : |
| call_sensitivity.rb:93:16:93:23 | call to taint : | call_sensitivity.rb:58:20:58:20 | x : |
| call_sensitivity.rb:93:16:93:23 | call to taint : | call_sensitivity.rb:58:20:58:20 | x : |
| call_sensitivity.rb:94:14:94:22 | call to taint : | call_sensitivity.rb:62:18:62:18 | y : |
| call_sensitivity.rb:94:14:94:22 | call to taint : | call_sensitivity.rb:62:18:62:18 | y : |
| call_sensitivity.rb:95:16:95:24 | call to taint : | call_sensitivity.rb:66:20:66:20 | x : |
| call_sensitivity.rb:95:16:95:24 | call to taint : | call_sensitivity.rb:66:20:66:20 | x : |
| call_sensitivity.rb:97:21:97:28 | call to taint : | call_sensitivity.rb:74:30:74:30 | x : |
| call_sensitivity.rb:97:21:97:28 | call to taint : | call_sensitivity.rb:74:30:74:30 | x : |
| call_sensitivity.rb:98:26:98:33 | call to taint : | call_sensitivity.rb:78:35:78:35 | x : |
| call_sensitivity.rb:98:26:98:33 | call to taint : | call_sensitivity.rb:78:35:78:35 | x : |
| call_sensitivity.rb:99:24:99:32 | call to taint : | call_sensitivity.rb:82:33:82:33 | y : |
| call_sensitivity.rb:99:24:99:32 | call to taint : | call_sensitivity.rb:82:33:82:33 | y : |
| call_sensitivity.rb:100:26:100:33 | call to taint : | call_sensitivity.rb:86:35:86:35 | x : |
| call_sensitivity.rb:100:26:100:33 | call to taint : | call_sensitivity.rb:86:35:86:35 | x : |
nodes
| call_sensitivity.rb:9:6:9:14 | ( ... ) | semmle.label | ( ... ) |
| call_sensitivity.rb:9:6:9:14 | ( ... ) | semmle.label | ( ... ) |
@@ -103,16 +157,72 @@ nodes
| call_sensitivity.rb:51:10:51:10 | x | semmle.label | x |
| call_sensitivity.rb:54:15:54:15 | x : | semmle.label | x : |
| call_sensitivity.rb:54:15:54:15 | x : | semmle.label | x : |
| call_sensitivity.rb:54:15:54:15 | x : | semmle.label | x : |
| call_sensitivity.rb:54:15:54:15 | x : | semmle.label | x : |
| call_sensitivity.rb:55:13:55:13 | x : | semmle.label | x : |
| call_sensitivity.rb:55:13:55:13 | x : | semmle.label | x : |
| call_sensitivity.rb:58:18:58:18 | y : | semmle.label | y : |
| call_sensitivity.rb:58:18:58:18 | y : | semmle.label | y : |
| call_sensitivity.rb:59:15:59:15 | y : | semmle.label | y : |
| call_sensitivity.rb:59:15:59:15 | y : | semmle.label | y : |
| call_sensitivity.rb:64:11:64:18 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:64:11:64:18 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:65:14:65:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:65:14:65:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:55:13:55:13 | x : | semmle.label | x : |
| call_sensitivity.rb:55:13:55:13 | x : | semmle.label | x : |
| call_sensitivity.rb:58:20:58:20 | x : | semmle.label | x : |
| call_sensitivity.rb:58:20:58:20 | x : | semmle.label | x : |
| call_sensitivity.rb:59:18:59:18 | x : | semmle.label | x : |
| call_sensitivity.rb:59:18:59:18 | x : | semmle.label | x : |
| call_sensitivity.rb:62:18:62:18 | y : | semmle.label | y : |
| call_sensitivity.rb:62:18:62:18 | y : | semmle.label | y : |
| call_sensitivity.rb:62:18:62:18 | y : | semmle.label | y : |
| call_sensitivity.rb:62:18:62:18 | y : | semmle.label | y : |
| call_sensitivity.rb:63:15:63:15 | y : | semmle.label | y : |
| call_sensitivity.rb:63:15:63:15 | y : | semmle.label | y : |
| call_sensitivity.rb:63:15:63:15 | y : | semmle.label | y : |
| call_sensitivity.rb:63:15:63:15 | y : | semmle.label | y : |
| call_sensitivity.rb:66:20:66:20 | x : | semmle.label | x : |
| call_sensitivity.rb:66:20:66:20 | x : | semmle.label | x : |
| call_sensitivity.rb:67:24:67:24 | x : | semmle.label | x : |
| call_sensitivity.rb:67:24:67:24 | x : | semmle.label | x : |
| call_sensitivity.rb:70:30:70:30 | x : | semmle.label | x : |
| call_sensitivity.rb:70:30:70:30 | x : | semmle.label | x : |
| call_sensitivity.rb:71:10:71:10 | x | semmle.label | x |
| call_sensitivity.rb:71:10:71:10 | x | semmle.label | x |
| call_sensitivity.rb:74:30:74:30 | x : | semmle.label | x : |
| call_sensitivity.rb:74:30:74:30 | x : | semmle.label | x : |
| call_sensitivity.rb:74:30:74:30 | x : | semmle.label | x : |
| call_sensitivity.rb:74:30:74:30 | x : | semmle.label | x : |
| call_sensitivity.rb:75:23:75:23 | x : | semmle.label | x : |
| call_sensitivity.rb:75:23:75:23 | x : | semmle.label | x : |
| call_sensitivity.rb:75:23:75:23 | x : | semmle.label | x : |
| call_sensitivity.rb:75:23:75:23 | x : | semmle.label | x : |
| call_sensitivity.rb:78:35:78:35 | x : | semmle.label | x : |
| call_sensitivity.rb:78:35:78:35 | x : | semmle.label | x : |
| call_sensitivity.rb:79:28:79:28 | x : | semmle.label | x : |
| call_sensitivity.rb:79:28:79:28 | x : | semmle.label | x : |
| call_sensitivity.rb:82:33:82:33 | y : | semmle.label | y : |
| call_sensitivity.rb:82:33:82:33 | y : | semmle.label | y : |
| call_sensitivity.rb:82:33:82:33 | y : | semmle.label | y : |
| call_sensitivity.rb:82:33:82:33 | y : | semmle.label | y : |
| call_sensitivity.rb:83:25:83:25 | y : | semmle.label | y : |
| call_sensitivity.rb:83:25:83:25 | y : | semmle.label | y : |
| call_sensitivity.rb:83:25:83:25 | y : | semmle.label | y : |
| call_sensitivity.rb:83:25:83:25 | y : | semmle.label | y : |
| call_sensitivity.rb:86:35:86:35 | x : | semmle.label | x : |
| call_sensitivity.rb:86:35:86:35 | x : | semmle.label | x : |
| call_sensitivity.rb:87:34:87:34 | x : | semmle.label | x : |
| call_sensitivity.rb:87:34:87:34 | x : | semmle.label | x : |
| call_sensitivity.rb:92:11:92:18 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:92:11:92:18 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:93:16:93:23 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:93:16:93:23 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:94:14:94:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:94:14:94:22 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:95:16:95:24 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:95:16:95:24 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:97:21:97:28 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:97:21:97:28 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:98:26:98:33 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:98:26:98:33 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:99:24:99:32 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:99:24:99:32 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:100:26:100:33 | call to taint : | semmle.label | call to taint : |
| call_sensitivity.rb:100:26:100:33 | call to taint : | semmle.label | call to taint : |
subpaths
#select
| call_sensitivity.rb:9:6:9:14 | ( ... ) | call_sensitivity.rb:9:7:9:13 | call to taint : | call_sensitivity.rb:9:6:9:14 | ( ... ) | $@ | call_sensitivity.rb:9:7:9:13 | call to taint : | call to taint : |
@@ -120,16 +230,56 @@ subpaths
| call_sensitivity.rb:31:27:31:27 | x | call_sensitivity.rb:32:25:32:32 | call to taint : | call_sensitivity.rb:31:27:31:27 | x | $@ | call_sensitivity.rb:32:25:32:32 | call to taint : | call to taint : |
| call_sensitivity.rb:40:31:40:31 | x | call_sensitivity.rb:41:25:41:32 | call to taint : | call_sensitivity.rb:40:31:40:31 | x | $@ | call_sensitivity.rb:41:25:41:32 | call to taint : | call to taint : |
| call_sensitivity.rb:43:32:43:32 | x | call_sensitivity.rb:44:26:44:33 | call to taint : | call_sensitivity.rb:43:32:43:32 | x | $@ | call_sensitivity.rb:44:26:44:33 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:64:11:64:18 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:64:11:64:18 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:65:14:65:22 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:65:14:65:22 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:92:11:92:18 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:92:11:92:18 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:93:16:93:23 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:93:16:93:23 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:94:14:94:22 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:94:14:94:22 | call to taint : | call to taint : |
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:95:16:95:24 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:95:16:95:24 | call to taint : | call to taint : |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:97:21:97:28 | call to taint : | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:97:21:97:28 | call to taint : | call to taint : |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:98:26:98:33 | call to taint : | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:98:26:98:33 | call to taint : | call to taint : |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:99:24:99:32 | call to taint : | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:99:24:99:32 | call to taint : | call to taint : |
| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:100:26:100:33 | call to taint : | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:100:26:100:33 | call to taint : | call to taint : |
mayBenefitFromCallContext
| call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:54:3:56:5 | method2 |
| call_sensitivity.rb:59:5:59:16 | call to method1 | call_sensitivity.rb:58:3:60:5 | method3 |
| call_sensitivity.rb:59:5:59:18 | call to method2 | call_sensitivity.rb:58:3:60:5 | call_method2 |
| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:62:3:64:5 | method3 |
| call_sensitivity.rb:67:5:67:25 | call to method3 | call_sensitivity.rb:66:3:68:5 | call_method3 |
| call_sensitivity.rb:75:5:75:23 | call to singleton_method1 | call_sensitivity.rb:74:3:76:5 | singleton_method2 |
| call_sensitivity.rb:79:5:79:28 | call to singleton_method2 | call_sensitivity.rb:78:3:80:5 | call_singleton_method2 |
| call_sensitivity.rb:83:5:83:26 | call to singleton_method1 | call_sensitivity.rb:82:3:84:5 | singleton_method3 |
| call_sensitivity.rb:87:5:87:35 | call to singleton_method3 | call_sensitivity.rb:86:3:88:5 | call_singleton_method3 |
| call_sensitivity.rb:112:5:112:18 | call to method2 | call_sensitivity.rb:111:3:113:5 | call_method2 |
| call_sensitivity.rb:116:5:116:25 | call to method3 | call_sensitivity.rb:115:3:117:5 | call_method3 |
| call_sensitivity.rb:120:5:120:28 | call to singleton_method2 | call_sensitivity.rb:119:3:121:5 | call_singleton_method2 |
| call_sensitivity.rb:124:5:124:35 | call to singleton_method3 | call_sensitivity.rb:123:3:125:5 | call_singleton_method3 |
viableImplInCallContext
| call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:5:1:7:3 | sink |
| call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:59:5:59:16 | call to method1 | call_sensitivity.rb:5:1:7:3 | sink |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:64:1:64:19 | call to method2 | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:74:1:74:19 | call to method2 | call_sensitivity.rb:68:3:70:5 | method1 |
| call_sensitivity.rb:59:5:59:16 | call to method1 | call_sensitivity.rb:65:1:65:23 | call to method3 | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:59:5:59:16 | call to method1 | call_sensitivity.rb:75:1:75:23 | call to method3 | call_sensitivity.rb:68:3:70:5 | method1 |
| call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:5:1:7:3 | sink |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:59:5:59:18 | call to method2 | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:59:5:59:18 | call to method2 | call_sensitivity.rb:103:3:105:5 | method1 |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:92:1:92:19 | call to method2 | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:112:5:112:18 | call to method2 | call_sensitivity.rb:103:3:105:5 | method1 |
| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:129:1:129:19 | call to method2 | call_sensitivity.rb:103:3:105:5 | method1 |
| call_sensitivity.rb:59:5:59:18 | call to method2 | call_sensitivity.rb:93:1:93:24 | call to call_method2 | call_sensitivity.rb:54:3:56:5 | method2 |
| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:67:5:67:25 | call to method3 | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:67:5:67:25 | call to method3 | call_sensitivity.rb:103:3:105:5 | method1 |
| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:94:1:94:23 | call to method3 | call_sensitivity.rb:50:3:52:5 | method1 |
| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:116:5:116:25 | call to method3 | call_sensitivity.rb:103:3:105:5 | method1 |
| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:131:1:131:23 | call to method3 | call_sensitivity.rb:103:3:105:5 | method1 |
| call_sensitivity.rb:67:5:67:25 | call to method3 | call_sensitivity.rb:95:1:95:25 | call to call_method3 | call_sensitivity.rb:62:3:64:5 | method3 |
| call_sensitivity.rb:75:5:75:23 | call to singleton_method1 | call_sensitivity.rb:79:5:79:28 | call to singleton_method2 | call_sensitivity.rb:70:3:72:5 | singleton_method1 |
| call_sensitivity.rb:75:5:75:23 | call to singleton_method1 | call_sensitivity.rb:79:5:79:28 | call to singleton_method2 | call_sensitivity.rb:107:3:109:5 | singleton_method1 |
| call_sensitivity.rb:75:5:75:23 | call to singleton_method1 | call_sensitivity.rb:97:1:97:29 | call to singleton_method2 | call_sensitivity.rb:70:3:72:5 | singleton_method1 |
| call_sensitivity.rb:75:5:75:23 | call to singleton_method1 | call_sensitivity.rb:120:5:120:28 | call to singleton_method2 | call_sensitivity.rb:107:3:109:5 | singleton_method1 |
| call_sensitivity.rb:75:5:75:23 | call to singleton_method1 | call_sensitivity.rb:134:1:134:29 | call to singleton_method2 | call_sensitivity.rb:107:3:109:5 | singleton_method1 |
| call_sensitivity.rb:79:5:79:28 | call to singleton_method2 | call_sensitivity.rb:98:1:98:34 | call to call_singleton_method2 | call_sensitivity.rb:74:3:76:5 | singleton_method2 |
| call_sensitivity.rb:83:5:83:26 | call to singleton_method1 | call_sensitivity.rb:87:5:87:35 | call to singleton_method3 | call_sensitivity.rb:70:3:72:5 | singleton_method1 |
| call_sensitivity.rb:83:5:83:26 | call to singleton_method1 | call_sensitivity.rb:87:5:87:35 | call to singleton_method3 | call_sensitivity.rb:107:3:109:5 | singleton_method1 |
| call_sensitivity.rb:83:5:83:26 | call to singleton_method1 | call_sensitivity.rb:99:1:99:33 | call to singleton_method3 | call_sensitivity.rb:70:3:72:5 | singleton_method1 |
| call_sensitivity.rb:83:5:83:26 | call to singleton_method1 | call_sensitivity.rb:124:5:124:35 | call to singleton_method3 | call_sensitivity.rb:107:3:109:5 | singleton_method1 |
| call_sensitivity.rb:83:5:83:26 | call to singleton_method1 | call_sensitivity.rb:136:1:136:33 | call to singleton_method3 | call_sensitivity.rb:107:3:109:5 | singleton_method1 |
| call_sensitivity.rb:87:5:87:35 | call to singleton_method3 | call_sensitivity.rb:100:1:100:34 | call to call_singleton_method3 | call_sensitivity.rb:82:3:84:5 | singleton_method3 |
| call_sensitivity.rb:112:5:112:18 | call to method2 | call_sensitivity.rb:130:1:130:24 | call to call_method2 | call_sensitivity.rb:54:3:56:5 | method2 |
| call_sensitivity.rb:116:5:116:25 | call to method3 | call_sensitivity.rb:132:1:132:25 | call to call_method3 | call_sensitivity.rb:62:3:64:5 | method3 |
| call_sensitivity.rb:120:5:120:28 | call to singleton_method2 | call_sensitivity.rb:135:1:135:34 | call to call_singleton_method2 | call_sensitivity.rb:74:3:76:5 | singleton_method2 |
| call_sensitivity.rb:124:5:124:35 | call to singleton_method3 | call_sensitivity.rb:137:1:137:34 | call to call_singleton_method3 | call_sensitivity.rb:82:3:84:5 | singleton_method3 |

72
ruby/ql/test/library-tests/dataflow/call-sensitivity/call_sensitivity.rb
View File

@@ -48,28 +48,90 @@ apply_lambda(MY_LAMBDA2, taint(9))
class A
def method1 x
sink x # $ hasValueFlow=10 $ hasValueFlow=11
sink x # $ hasValueFlow=10 $ hasValueFlow=11 $ hasValueFlow=12 $ hasValueFlow=13
end
def method2 x
method1 x
end
def call_method2 x
self.method2 x
end
def method3(x, y)
x.method1(y)
end
def call_method3 x
self.method3(self, x)
end
def self.singleton_method1 x
sink x # $ hasValueFlow=14 $ hasValueFlow=15 # $ hasValueFlow=16 $ hasValueFlow=17
end
def self.singleton_method2 x
singleton_method1 x
end
def self.call_singleton_method2 x
self.singleton_method2 x
end
def self.singleton_method3(x, y)
x.singleton_method1(y)
end
def self.call_singleton_method3 x
self.singleton_method3(self, x)
end
end
a = A.new
a.method2(taint 10)
a.method3(a, taint(11))
a.call_method2(taint 11)
a.method3(a, taint(12))
a.call_method3(taint(13))
A.singleton_method2(taint 14)
A.call_singleton_method2(taint 15)
A.singleton_method3(A, taint(16))
A.call_singleton_method3(taint 17)
class B < A
def method1 x
puts x
puts "NON SINK: #{x}"
end
def self.singleton_method1 x
puts "NON SINK: #{x}"
end
def call_method2 x
self.method2 x
end
def call_method3 x
self.method3(self, x)
end
def self.call_singleton_method2 x
self.singleton_method2 x
end
def self.call_singleton_method3 x
self.singleton_method3(self, x)
end
end
b = B.new
b.method2(taint 12)
b.method3(b, taint(13))
b.method2(taint 18)
b.call_method2(taint 19)
b.method3(b, taint(20))
b.call_method3(taint(21))
B.singleton_method2(taint 22)
B.call_singleton_method2(taint 23)
B.singleton_method3(B, taint(24))
B.call_singleton_method3(taint 25)

210
ruby/ql/test/library-tests/dataflow/hash-flow/hash-flow.expected
View File

@@ -523,6 +523,95 @@ edges
| hash_flow.rb:750:10:750:13 | hash [element :d] : | hash_flow.rb:750:10:750:17 | ...[...] |
| hash_flow.rb:752:10:752:13 | hash [element :f] : | hash_flow.rb:752:10:752:17 | ...[...] |
| hash_flow.rb:753:10:753:13 | hash [element :g] : | hash_flow.rb:753:10:753:17 | ...[...] |
| hash_flow.rb:761:15:761:25 | call to taint : | hash_flow.rb:767:10:767:13 | hash [element :a] : |
| hash_flow.rb:763:15:763:25 | call to taint : | hash_flow.rb:769:10:769:13 | hash [element :c] : |
| hash_flow.rb:763:15:763:25 | call to taint : | hash_flow.rb:772:9:772:12 | hash [element :c] : |
| hash_flow.rb:764:15:764:25 | call to taint : | hash_flow.rb:770:10:770:13 | hash [element :d] : |
| hash_flow.rb:767:10:767:13 | hash [element :a] : | hash_flow.rb:767:10:767:17 | ...[...] |
| hash_flow.rb:769:10:769:13 | hash [element :c] : | hash_flow.rb:769:10:769:17 | ...[...] |
| hash_flow.rb:770:10:770:13 | hash [element :d] : | hash_flow.rb:770:10:770:17 | ...[...] |
| hash_flow.rb:772:9:772:12 | [post] hash [element :c] : | hash_flow.rb:781:10:781:13 | hash [element :c] : |
| hash_flow.rb:772:9:772:12 | hash [element :c] : | hash_flow.rb:772:9:772:12 | [post] hash [element :c] : |
| hash_flow.rb:772:9:772:12 | hash [element :c] : | hash_flow.rb:772:9:772:31 | call to except! [element :c] : |
| hash_flow.rb:772:9:772:31 | call to except! [element :c] : | hash_flow.rb:776:10:776:10 | x [element :c] : |
| hash_flow.rb:776:10:776:10 | x [element :c] : | hash_flow.rb:776:10:776:14 | ...[...] |
| hash_flow.rb:781:10:781:13 | hash [element :c] : | hash_flow.rb:781:10:781:17 | ...[...] |
| hash_flow.rb:789:15:789:25 | call to taint : | hash_flow.rb:798:12:798:16 | hash1 [element :a] : |
| hash_flow.rb:791:15:791:25 | call to taint : | hash_flow.rb:798:12:798:16 | hash1 [element :c] : |
| hash_flow.rb:794:15:794:25 | call to taint : | hash_flow.rb:798:29:798:33 | hash2 [element :d] : |
| hash_flow.rb:796:15:796:25 | call to taint : | hash_flow.rb:798:29:798:33 | hash2 [element :f] : |
| hash_flow.rb:798:12:798:16 | hash1 [element :a] : | hash_flow.rb:798:12:802:7 | call to deep_merge [element :a] : |
| hash_flow.rb:798:12:798:16 | hash1 [element :a] : | hash_flow.rb:798:45:798:53 | old_value : |
| hash_flow.rb:798:12:798:16 | hash1 [element :a] : | hash_flow.rb:798:56:798:64 | new_value : |
| hash_flow.rb:798:12:798:16 | hash1 [element :c] : | hash_flow.rb:798:12:802:7 | call to deep_merge [element :c] : |
| hash_flow.rb:798:12:798:16 | hash1 [element :c] : | hash_flow.rb:798:45:798:53 | old_value : |
| hash_flow.rb:798:12:798:16 | hash1 [element :c] : | hash_flow.rb:798:56:798:64 | new_value : |
| hash_flow.rb:798:12:802:7 | call to deep_merge [element :a] : | hash_flow.rb:803:11:803:14 | hash [element :a] : |
| hash_flow.rb:798:12:802:7 | call to deep_merge [element :c] : | hash_flow.rb:805:11:805:14 | hash [element :c] : |
| hash_flow.rb:798:12:802:7 | call to deep_merge [element :d] : | hash_flow.rb:806:11:806:14 | hash [element :d] : |
| hash_flow.rb:798:12:802:7 | call to deep_merge [element :f] : | hash_flow.rb:808:11:808:14 | hash [element :f] : |
| hash_flow.rb:798:29:798:33 | hash2 [element :d] : | hash_flow.rb:798:12:802:7 | call to deep_merge [element :d] : |
| hash_flow.rb:798:29:798:33 | hash2 [element :d] : | hash_flow.rb:798:45:798:53 | old_value : |
| hash_flow.rb:798:29:798:33 | hash2 [element :d] : | hash_flow.rb:798:56:798:64 | new_value : |
| hash_flow.rb:798:29:798:33 | hash2 [element :f] : | hash_flow.rb:798:12:802:7 | call to deep_merge [element :f] : |
| hash_flow.rb:798:29:798:33 | hash2 [element :f] : | hash_flow.rb:798:45:798:53 | old_value : |
| hash_flow.rb:798:29:798:33 | hash2 [element :f] : | hash_flow.rb:798:56:798:64 | new_value : |
| hash_flow.rb:798:45:798:53 | old_value : | hash_flow.rb:800:14:800:22 | old_value |
| hash_flow.rb:798:56:798:64 | new_value : | hash_flow.rb:801:14:801:22 | new_value |
| hash_flow.rb:803:11:803:14 | hash [element :a] : | hash_flow.rb:803:11:803:18 | ...[...] : |
| hash_flow.rb:803:11:803:18 | ...[...] : | hash_flow.rb:803:10:803:19 | ( ... ) |
| hash_flow.rb:805:11:805:14 | hash [element :c] : | hash_flow.rb:805:11:805:18 | ...[...] : |
| hash_flow.rb:805:11:805:18 | ...[...] : | hash_flow.rb:805:10:805:19 | ( ... ) |
| hash_flow.rb:806:11:806:14 | hash [element :d] : | hash_flow.rb:806:11:806:18 | ...[...] : |
| hash_flow.rb:806:11:806:18 | ...[...] : | hash_flow.rb:806:10:806:19 | ( ... ) |
| hash_flow.rb:808:11:808:14 | hash [element :f] : | hash_flow.rb:808:11:808:18 | ...[...] : |
| hash_flow.rb:808:11:808:18 | ...[...] : | hash_flow.rb:808:10:808:19 | ( ... ) |
| hash_flow.rb:815:15:815:25 | call to taint : | hash_flow.rb:824:12:824:16 | hash1 [element :a] : |
| hash_flow.rb:817:15:817:25 | call to taint : | hash_flow.rb:824:12:824:16 | hash1 [element :c] : |
| hash_flow.rb:820:15:820:25 | call to taint : | hash_flow.rb:824:30:824:34 | hash2 [element :d] : |
| hash_flow.rb:822:15:822:25 | call to taint : | hash_flow.rb:824:30:824:34 | hash2 [element :f] : |
| hash_flow.rb:824:12:824:16 | [post] hash1 [element :a] : | hash_flow.rb:836:11:836:15 | hash1 [element :a] : |
| hash_flow.rb:824:12:824:16 | [post] hash1 [element :c] : | hash_flow.rb:838:11:838:15 | hash1 [element :c] : |
| hash_flow.rb:824:12:824:16 | [post] hash1 [element :d] : | hash_flow.rb:839:11:839:15 | hash1 [element :d] : |
| hash_flow.rb:824:12:824:16 | [post] hash1 [element :f] : | hash_flow.rb:841:11:841:15 | hash1 [element :f] : |
| hash_flow.rb:824:12:824:16 | hash1 [element :a] : | hash_flow.rb:824:12:824:16 | [post] hash1 [element :a] : |
| hash_flow.rb:824:12:824:16 | hash1 [element :a] : | hash_flow.rb:824:12:828:7 | call to deep_merge! [element :a] : |
| hash_flow.rb:824:12:824:16 | hash1 [element :a] : | hash_flow.rb:824:46:824:54 | old_value : |
| hash_flow.rb:824:12:824:16 | hash1 [element :a] : | hash_flow.rb:824:57:824:65 | new_value : |
| hash_flow.rb:824:12:824:16 | hash1 [element :c] : | hash_flow.rb:824:12:824:16 | [post] hash1 [element :c] : |
| hash_flow.rb:824:12:824:16 | hash1 [element :c] : | hash_flow.rb:824:12:828:7 | call to deep_merge! [element :c] : |
| hash_flow.rb:824:12:824:16 | hash1 [element :c] : | hash_flow.rb:824:46:824:54 | old_value : |
| hash_flow.rb:824:12:824:16 | hash1 [element :c] : | hash_flow.rb:824:57:824:65 | new_value : |
| hash_flow.rb:824:12:828:7 | call to deep_merge! [element :a] : | hash_flow.rb:829:11:829:14 | hash [element :a] : |
| hash_flow.rb:824:12:828:7 | call to deep_merge! [element :c] : | hash_flow.rb:831:11:831:14 | hash [element :c] : |
| hash_flow.rb:824:12:828:7 | call to deep_merge! [element :d] : | hash_flow.rb:832:11:832:14 | hash [element :d] : |
| hash_flow.rb:824:12:828:7 | call to deep_merge! [element :f] : | hash_flow.rb:834:11:834:14 | hash [element :f] : |
| hash_flow.rb:824:30:824:34 | hash2 [element :d] : | hash_flow.rb:824:12:824:16 | [post] hash1 [element :d] : |
| hash_flow.rb:824:30:824:34 | hash2 [element :d] : | hash_flow.rb:824:12:828:7 | call to deep_merge! [element :d] : |
| hash_flow.rb:824:30:824:34 | hash2 [element :d] : | hash_flow.rb:824:46:824:54 | old_value : |
| hash_flow.rb:824:30:824:34 | hash2 [element :d] : | hash_flow.rb:824:57:824:65 | new_value : |
| hash_flow.rb:824:30:824:34 | hash2 [element :f] : | hash_flow.rb:824:12:824:16 | [post] hash1 [element :f] : |
| hash_flow.rb:824:30:824:34 | hash2 [element :f] : | hash_flow.rb:824:12:828:7 | call to deep_merge! [element :f] : |
| hash_flow.rb:824:30:824:34 | hash2 [element :f] : | hash_flow.rb:824:46:824:54 | old_value : |
| hash_flow.rb:824:30:824:34 | hash2 [element :f] : | hash_flow.rb:824:57:824:65 | new_value : |
| hash_flow.rb:824:46:824:54 | old_value : | hash_flow.rb:826:14:826:22 | old_value |
| hash_flow.rb:824:57:824:65 | new_value : | hash_flow.rb:827:14:827:22 | new_value |
| hash_flow.rb:829:11:829:14 | hash [element :a] : | hash_flow.rb:829:11:829:18 | ...[...] : |
| hash_flow.rb:829:11:829:18 | ...[...] : | hash_flow.rb:829:10:829:19 | ( ... ) |
| hash_flow.rb:831:11:831:14 | hash [element :c] : | hash_flow.rb:831:11:831:18 | ...[...] : |
| hash_flow.rb:831:11:831:18 | ...[...] : | hash_flow.rb:831:10:831:19 | ( ... ) |
| hash_flow.rb:832:11:832:14 | hash [element :d] : | hash_flow.rb:832:11:832:18 | ...[...] : |
| hash_flow.rb:832:11:832:18 | ...[...] : | hash_flow.rb:832:10:832:19 | ( ... ) |
| hash_flow.rb:834:11:834:14 | hash [element :f] : | hash_flow.rb:834:11:834:18 | ...[...] : |
| hash_flow.rb:834:11:834:18 | ...[...] : | hash_flow.rb:834:10:834:19 | ( ... ) |
| hash_flow.rb:836:11:836:15 | hash1 [element :a] : | hash_flow.rb:836:11:836:19 | ...[...] : |
| hash_flow.rb:836:11:836:19 | ...[...] : | hash_flow.rb:836:10:836:20 | ( ... ) |
| hash_flow.rb:838:11:838:15 | hash1 [element :c] : | hash_flow.rb:838:11:838:19 | ...[...] : |
| hash_flow.rb:838:11:838:19 | ...[...] : | hash_flow.rb:838:10:838:20 | ( ... ) |
| hash_flow.rb:839:11:839:15 | hash1 [element :d] : | hash_flow.rb:839:11:839:19 | ...[...] : |
| hash_flow.rb:839:11:839:19 | ...[...] : | hash_flow.rb:839:10:839:20 | ( ... ) |
| hash_flow.rb:841:11:841:15 | hash1 [element :f] : | hash_flow.rb:841:11:841:19 | ...[...] : |
| hash_flow.rb:841:11:841:19 | ...[...] : | hash_flow.rb:841:10:841:20 | ( ... ) |
nodes
| hash_flow.rb:11:15:11:24 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:13:12:13:21 | call to taint : | semmle.label | call to taint : |
@@ -1105,6 +1194,94 @@ nodes
| hash_flow.rb:752:10:752:17 | ...[...] | semmle.label | ...[...] |
| hash_flow.rb:753:10:753:13 | hash [element :g] : | semmle.label | hash [element :g] : |
| hash_flow.rb:753:10:753:17 | ...[...] | semmle.label | ...[...] |
| hash_flow.rb:761:15:761:25 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:763:15:763:25 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:764:15:764:25 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:767:10:767:13 | hash [element :a] : | semmle.label | hash [element :a] : |
| hash_flow.rb:767:10:767:17 | ...[...] | semmle.label | ...[...] |
| hash_flow.rb:769:10:769:13 | hash [element :c] : | semmle.label | hash [element :c] : |
| hash_flow.rb:769:10:769:17 | ...[...] | semmle.label | ...[...] |
| hash_flow.rb:770:10:770:13 | hash [element :d] : | semmle.label | hash [element :d] : |
| hash_flow.rb:770:10:770:17 | ...[...] | semmle.label | ...[...] |
| hash_flow.rb:772:9:772:12 | [post] hash [element :c] : | semmle.label | [post] hash [element :c] : |
| hash_flow.rb:772:9:772:12 | hash [element :c] : | semmle.label | hash [element :c] : |
| hash_flow.rb:772:9:772:31 | call to except! [element :c] : | semmle.label | call to except! [element :c] : |
| hash_flow.rb:776:10:776:10 | x [element :c] : | semmle.label | x [element :c] : |
| hash_flow.rb:776:10:776:14 | ...[...] | semmle.label | ...[...] |
| hash_flow.rb:781:10:781:13 | hash [element :c] : | semmle.label | hash [element :c] : |
| hash_flow.rb:781:10:781:17 | ...[...] | semmle.label | ...[...] |
| hash_flow.rb:789:15:789:25 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:791:15:791:25 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:794:15:794:25 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:796:15:796:25 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:798:12:798:16 | hash1 [element :a] : | semmle.label | hash1 [element :a] : |
| hash_flow.rb:798:12:798:16 | hash1 [element :c] : | semmle.label | hash1 [element :c] : |
| hash_flow.rb:798:12:802:7 | call to deep_merge [element :a] : | semmle.label | call to deep_merge [element :a] : |
| hash_flow.rb:798:12:802:7 | call to deep_merge [element :c] : | semmle.label | call to deep_merge [element :c] : |
| hash_flow.rb:798:12:802:7 | call to deep_merge [element :d] : | semmle.label | call to deep_merge [element :d] : |
| hash_flow.rb:798:12:802:7 | call to deep_merge [element :f] : | semmle.label | call to deep_merge [element :f] : |
| hash_flow.rb:798:29:798:33 | hash2 [element :d] : | semmle.label | hash2 [element :d] : |
| hash_flow.rb:798:29:798:33 | hash2 [element :f] : | semmle.label | hash2 [element :f] : |
| hash_flow.rb:798:45:798:53 | old_value : | semmle.label | old_value : |
| hash_flow.rb:798:56:798:64 | new_value : | semmle.label | new_value : |
| hash_flow.rb:800:14:800:22 | old_value | semmle.label | old_value |
| hash_flow.rb:801:14:801:22 | new_value | semmle.label | new_value |
| hash_flow.rb:803:10:803:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:803:11:803:14 | hash [element :a] : | semmle.label | hash [element :a] : |
| hash_flow.rb:803:11:803:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:805:10:805:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:805:11:805:14 | hash [element :c] : | semmle.label | hash [element :c] : |
| hash_flow.rb:805:11:805:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:806:10:806:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:806:11:806:14 | hash [element :d] : | semmle.label | hash [element :d] : |
| hash_flow.rb:806:11:806:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:808:10:808:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:808:11:808:14 | hash [element :f] : | semmle.label | hash [element :f] : |
| hash_flow.rb:808:11:808:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:815:15:815:25 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:817:15:817:25 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:820:15:820:25 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:822:15:822:25 | call to taint : | semmle.label | call to taint : |
| hash_flow.rb:824:12:824:16 | [post] hash1 [element :a] : | semmle.label | [post] hash1 [element :a] : |
| hash_flow.rb:824:12:824:16 | [post] hash1 [element :c] : | semmle.label | [post] hash1 [element :c] : |
| hash_flow.rb:824:12:824:16 | [post] hash1 [element :d] : | semmle.label | [post] hash1 [element :d] : |
| hash_flow.rb:824:12:824:16 | [post] hash1 [element :f] : | semmle.label | [post] hash1 [element :f] : |
| hash_flow.rb:824:12:824:16 | hash1 [element :a] : | semmle.label | hash1 [element :a] : |
| hash_flow.rb:824:12:824:16 | hash1 [element :c] : | semmle.label | hash1 [element :c] : |
| hash_flow.rb:824:12:828:7 | call to deep_merge! [element :a] : | semmle.label | call to deep_merge! [element :a] : |
| hash_flow.rb:824:12:828:7 | call to deep_merge! [element :c] : | semmle.label | call to deep_merge! [element :c] : |
| hash_flow.rb:824:12:828:7 | call to deep_merge! [element :d] : | semmle.label | call to deep_merge! [element :d] : |
| hash_flow.rb:824:12:828:7 | call to deep_merge! [element :f] : | semmle.label | call to deep_merge! [element :f] : |
| hash_flow.rb:824:30:824:34 | hash2 [element :d] : | semmle.label | hash2 [element :d] : |
| hash_flow.rb:824:30:824:34 | hash2 [element :f] : | semmle.label | hash2 [element :f] : |
| hash_flow.rb:824:46:824:54 | old_value : | semmle.label | old_value : |
| hash_flow.rb:824:57:824:65 | new_value : | semmle.label | new_value : |
| hash_flow.rb:826:14:826:22 | old_value | semmle.label | old_value |
| hash_flow.rb:827:14:827:22 | new_value | semmle.label | new_value |
| hash_flow.rb:829:10:829:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:829:11:829:14 | hash [element :a] : | semmle.label | hash [element :a] : |
| hash_flow.rb:829:11:829:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:831:10:831:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:831:11:831:14 | hash [element :c] : | semmle.label | hash [element :c] : |
| hash_flow.rb:831:11:831:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:832:10:832:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:832:11:832:14 | hash [element :d] : | semmle.label | hash [element :d] : |
| hash_flow.rb:832:11:832:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:834:10:834:19 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:834:11:834:14 | hash [element :f] : | semmle.label | hash [element :f] : |
| hash_flow.rb:834:11:834:18 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:836:10:836:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:836:11:836:15 | hash1 [element :a] : | semmle.label | hash1 [element :a] : |
| hash_flow.rb:836:11:836:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:838:10:838:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:838:11:838:15 | hash1 [element :c] : | semmle.label | hash1 [element :c] : |
| hash_flow.rb:838:11:838:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:839:10:839:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:839:11:839:15 | hash1 [element :d] : | semmle.label | hash1 [element :d] : |
| hash_flow.rb:839:11:839:19 | ...[...] : | semmle.label | ...[...] : |
| hash_flow.rb:841:10:841:20 | ( ... ) | semmle.label | ( ... ) |
| hash_flow.rb:841:11:841:15 | hash1 [element :f] : | semmle.label | hash1 [element :f] : |
| hash_flow.rb:841:11:841:19 | ...[...] : | semmle.label | ...[...] : |
subpaths
#select
| hash_flow.rb:22:10:22:17 | ...[...] | hash_flow.rb:11:15:11:24 | call to taint : | hash_flow.rb:22:10:22:17 | ...[...] | $@ | hash_flow.rb:11:15:11:24 | call to taint : | call to taint : |
@@ -1279,3 +1456,36 @@ subpaths
| hash_flow.rb:750:10:750:17 | ...[...] | hash_flow.rb:742:15:742:25 | call to taint : | hash_flow.rb:750:10:750:17 | ...[...] | $@ | hash_flow.rb:742:15:742:25 | call to taint : | call to taint : |
| hash_flow.rb:752:10:752:17 | ...[...] | hash_flow.rb:744:15:744:25 | call to taint : | hash_flow.rb:752:10:752:17 | ...[...] | $@ | hash_flow.rb:744:15:744:25 | call to taint : | call to taint : |
| hash_flow.rb:753:10:753:17 | ...[...] | hash_flow.rb:746:29:746:39 | call to taint : | hash_flow.rb:753:10:753:17 | ...[...] | $@ | hash_flow.rb:746:29:746:39 | call to taint : | call to taint : |
| hash_flow.rb:767:10:767:17 | ...[...] | hash_flow.rb:761:15:761:25 | call to taint : | hash_flow.rb:767:10:767:17 | ...[...] | $@ | hash_flow.rb:761:15:761:25 | call to taint : | call to taint : |
| hash_flow.rb:769:10:769:17 | ...[...] | hash_flow.rb:763:15:763:25 | call to taint : | hash_flow.rb:769:10:769:17 | ...[...] | $@ | hash_flow.rb:763:15:763:25 | call to taint : | call to taint : |
| hash_flow.rb:770:10:770:17 | ...[...] | hash_flow.rb:764:15:764:25 | call to taint : | hash_flow.rb:770:10:770:17 | ...[...] | $@ | hash_flow.rb:764:15:764:25 | call to taint : | call to taint : |
| hash_flow.rb:776:10:776:14 | ...[...] | hash_flow.rb:763:15:763:25 | call to taint : | hash_flow.rb:776:10:776:14 | ...[...] | $@ | hash_flow.rb:763:15:763:25 | call to taint : | call to taint : |
| hash_flow.rb:781:10:781:17 | ...[...] | hash_flow.rb:763:15:763:25 | call to taint : | hash_flow.rb:781:10:781:17 | ...[...] | $@ | hash_flow.rb:763:15:763:25 | call to taint : | call to taint : |
| hash_flow.rb:800:14:800:22 | old_value | hash_flow.rb:789:15:789:25 | call to taint : | hash_flow.rb:800:14:800:22 | old_value | $@ | hash_flow.rb:789:15:789:25 | call to taint : | call to taint : |
| hash_flow.rb:800:14:800:22 | old_value | hash_flow.rb:791:15:791:25 | call to taint : | hash_flow.rb:800:14:800:22 | old_value | $@ | hash_flow.rb:791:15:791:25 | call to taint : | call to taint : |
| hash_flow.rb:800:14:800:22 | old_value | hash_flow.rb:794:15:794:25 | call to taint : | hash_flow.rb:800:14:800:22 | old_value | $@ | hash_flow.rb:794:15:794:25 | call to taint : | call to taint : |
| hash_flow.rb:800:14:800:22 | old_value | hash_flow.rb:796:15:796:25 | call to taint : | hash_flow.rb:800:14:800:22 | old_value | $@ | hash_flow.rb:796:15:796:25 | call to taint : | call to taint : |
| hash_flow.rb:801:14:801:22 | new_value | hash_flow.rb:789:15:789:25 | call to taint : | hash_flow.rb:801:14:801:22 | new_value | $@ | hash_flow.rb:789:15:789:25 | call to taint : | call to taint : |
| hash_flow.rb:801:14:801:22 | new_value | hash_flow.rb:791:15:791:25 | call to taint : | hash_flow.rb:801:14:801:22 | new_value | $@ | hash_flow.rb:791:15:791:25 | call to taint : | call to taint : |
| hash_flow.rb:801:14:801:22 | new_value | hash_flow.rb:794:15:794:25 | call to taint : | hash_flow.rb:801:14:801:22 | new_value | $@ | hash_flow.rb:794:15:794:25 | call to taint : | call to taint : |
| hash_flow.rb:801:14:801:22 | new_value | hash_flow.rb:796:15:796:25 | call to taint : | hash_flow.rb:801:14:801:22 | new_value | $@ | hash_flow.rb:796:15:796:25 | call to taint : | call to taint : |
| hash_flow.rb:803:10:803:19 | ( ... ) | hash_flow.rb:789:15:789:25 | call to taint : | hash_flow.rb:803:10:803:19 | ( ... ) | $@ | hash_flow.rb:789:15:789:25 | call to taint : | call to taint : |
| hash_flow.rb:805:10:805:19 | ( ... ) | hash_flow.rb:791:15:791:25 | call to taint : | hash_flow.rb:805:10:805:19 | ( ... ) | $@ | hash_flow.rb:791:15:791:25 | call to taint : | call to taint : |
| hash_flow.rb:806:10:806:19 | ( ... ) | hash_flow.rb:794:15:794:25 | call to taint : | hash_flow.rb:806:10:806:19 | ( ... ) | $@ | hash_flow.rb:794:15:794:25 | call to taint : | call to taint : |
| hash_flow.rb:808:10:808:19 | ( ... ) | hash_flow.rb:796:15:796:25 | call to taint : | hash_flow.rb:808:10:808:19 | ( ... ) | $@ | hash_flow.rb:796:15:796:25 | call to taint : | call to taint : |
| hash_flow.rb:826:14:826:22 | old_value | hash_flow.rb:815:15:815:25 | call to taint : | hash_flow.rb:826:14:826:22 | old_value | $@ | hash_flow.rb:815:15:815:25 | call to taint : | call to taint : |
| hash_flow.rb:826:14:826:22 | old_value | hash_flow.rb:817:15:817:25 | call to taint : | hash_flow.rb:826:14:826:22 | old_value | $@ | hash_flow.rb:817:15:817:25 | call to taint : | call to taint : |
| hash_flow.rb:826:14:826:22 | old_value | hash_flow.rb:820:15:820:25 | call to taint : | hash_flow.rb:826:14:826:22 | old_value | $@ | hash_flow.rb:820:15:820:25 | call to taint : | call to taint : |
| hash_flow.rb:826:14:826:22 | old_value | hash_flow.rb:822:15:822:25 | call to taint : | hash_flow.rb:826:14:826:22 | old_value | $@ | hash_flow.rb:822:15:822:25 | call to taint : | call to taint : |
| hash_flow.rb:827:14:827:22 | new_value | hash_flow.rb:815:15:815:25 | call to taint : | hash_flow.rb:827:14:827:22 | new_value | $@ | hash_flow.rb:815:15:815:25 | call to taint : | call to taint : |
| hash_flow.rb:827:14:827:22 | new_value | hash_flow.rb:817:15:817:25 | call to taint : | hash_flow.rb:827:14:827:22 | new_value | $@ | hash_flow.rb:817:15:817:25 | call to taint : | call to taint : |
| hash_flow.rb:827:14:827:22 | new_value | hash_flow.rb:820:15:820:25 | call to taint : | hash_flow.rb:827:14:827:22 | new_value | $@ | hash_flow.rb:820:15:820:25 | call to taint : | call to taint : |
| hash_flow.rb:827:14:827:22 | new_value | hash_flow.rb:822:15:822:25 | call to taint : | hash_flow.rb:827:14:827:22 | new_value | $@ | hash_flow.rb:822:15:822:25 | call to taint : | call to taint : |
| hash_flow.rb:829:10:829:19 | ( ... ) | hash_flow.rb:815:15:815:25 | call to taint : | hash_flow.rb:829:10:829:19 | ( ... ) | $@ | hash_flow.rb:815:15:815:25 | call to taint : | call to taint : |
| hash_flow.rb:831:10:831:19 | ( ... ) | hash_flow.rb:817:15:817:25 | call to taint : | hash_flow.rb:831:10:831:19 | ( ... ) | $@ | hash_flow.rb:817:15:817:25 | call to taint : | call to taint : |
| hash_flow.rb:832:10:832:19 | ( ... ) | hash_flow.rb:820:15:820:25 | call to taint : | hash_flow.rb:832:10:832:19 | ( ... ) | $@ | hash_flow.rb:820:15:820:25 | call to taint : | call to taint : |
| hash_flow.rb:834:10:834:19 | ( ... ) | hash_flow.rb:822:15:822:25 | call to taint : | hash_flow.rb:834:10:834:19 | ( ... ) | $@ | hash_flow.rb:822:15:822:25 | call to taint : | call to taint : |
| hash_flow.rb:836:10:836:20 | ( ... ) | hash_flow.rb:815:15:815:25 | call to taint : | hash_flow.rb:836:10:836:20 | ( ... ) | $@ | hash_flow.rb:815:15:815:25 | call to taint : | call to taint : |
| hash_flow.rb:838:10:838:20 | ( ... ) | hash_flow.rb:817:15:817:25 | call to taint : | hash_flow.rb:838:10:838:20 | ( ... ) | $@ | hash_flow.rb:817:15:817:25 | call to taint : | call to taint : |
| hash_flow.rb:839:10:839:20 | ( ... ) | hash_flow.rb:820:15:820:25 | call to taint : | hash_flow.rb:839:10:839:20 | ( ... ) | $@ | hash_flow.rb:820:15:820:25 | call to taint : | call to taint : |
| hash_flow.rb:841:10:841:20 | ( ... ) | hash_flow.rb:822:15:822:25 | call to taint : | hash_flow.rb:841:10:841:20 | ( ... ) | $@ | hash_flow.rb:822:15:822:25 | call to taint : | call to taint : |

89
ruby/ql/test/library-tests/dataflow/hash-flow/hash_flow.rb
View File

@@ -754,4 +754,91 @@ def m45()
sink(hash[:h])
end
m45()
m45()
def m46(x)
hash = {
:a => taint(46.1),
:b => 1,
:c => taint(46.2),
:d => taint(46.3)
}
sink(hash[:a]) # $ hasValueFlow=46.1
sink(hash[:b])
sink(hash[:c]) # $ hasValueFlow=46.2
sink(hash[:d]) # $ hasValueFlow=46.3
x = hash.except!(:a, x, :d)
sink(x[:a])
sink(x[:b])
sink(x[:c]) # $ hasValueFlow=46.2
sink(x[:d])
sink(hash[:a])
sink(hash[:b])
sink(hash[:c]) # $ hasValueFlow=46.2
sink(hash[:d])
end
m46(:c)
def m47()
hash1 = {
:a => taint(47.1),
:b => 1,
:c => taint(47.2)
}
hash2 = {
:d => taint(47.3),
:e => 1,
:f => taint(47.4)
}
hash = hash1.deep_merge(hash2) do |key, old_value, new_value|
sink key
sink old_value # $ hasValueFlow=47.1 $ hasValueFlow=47.2 $ hasValueFlow=47.3 $ hasValueFlow=47.4
sink new_value # $ hasValueFlow=47.1 $ hasValueFlow=47.2 $ hasValueFlow=47.3 $ hasValueFlow=47.4
end
sink (hash[:a]) # $ hasValueFlow=47.1
sink (hash[:b])
sink (hash[:c]) # $ hasValueFlow=47.2
sink (hash[:d]) # $ hasValueFlow=47.3
sink (hash[:e])
sink (hash[:f]) # $ hasValueFlow=47.4
end
m47()
def m48()
hash1 = {
:a => taint(48.1),
:b => 1,
:c => taint(48.2)
}
hash2 = {
:d => taint(48.3),
:e => 1,
:f => taint(48.4)
}
hash = hash1.deep_merge!(hash2) do |key, old_value, new_value|
sink key
sink old_value # $ hasValueFlow=48.1 $ hasValueFlow=48.2 $ hasValueFlow=48.3 $ hasValueFlow=48.4
sink new_value # $ hasValueFlow=48.1 $ hasValueFlow=48.2 $ hasValueFlow=48.3 $ hasValueFlow=48.4
end
sink (hash[:a]) # $ hasValueFlow=48.1
sink (hash[:b])
sink (hash[:c]) # $ hasValueFlow=48.2
sink (hash[:d]) # $ hasValueFlow=48.3
sink (hash[:e])
sink (hash[:f]) # $ hasValueFlow=48.4
sink (hash1[:a]) # $ hasValueFlow=48.1
sink (hash1[:b])
sink (hash1[:c]) # $ hasValueFlow=48.2
sink (hash1[:d]) # $ hasValueFlow=48.3
sink (hash1[:e])
sink (hash1[:f]) # $ hasValueFlow=48.4
end
m48()

6
ruby/ql/test/library-tests/dataflow/hash-flow/type-tracking-hash-flow.expected
View File

@@ -25,3 +25,9 @@
| hash_flow.rb:671:10:671:19 | ( ... ) | Unexpected result: hasValueFlow=41.1 |
| hash_flow.rb:702:22:702:42 | # $ hasValueFlow=42.3 | Missing result:hasValueFlow=42.3 |
| hash_flow.rb:704:22:704:42 | # $ hasValueFlow=42.4 | Missing result:hasValueFlow=42.4 |
| hash_flow.rb:774:10:774:14 | ...[...] | Unexpected result: hasValueFlow=46.1 |
| hash_flow.rb:777:10:777:14 | ...[...] | Unexpected result: hasValueFlow=46.3 |
| hash_flow.rb:779:10:779:17 | ...[...] | Unexpected result: hasValueFlow=46.1 |
| hash_flow.rb:782:10:782:17 | ...[...] | Unexpected result: hasValueFlow=46.3 |
| hash_flow.rb:839:22:839:42 | # $ hasValueFlow=48.3 | Missing result:hasValueFlow=48.3 |
| hash_flow.rb:841:22:841:42 | # $ hasValueFlow=48.4 | Missing result:hasValueFlow=48.4 |

5
ruby/ql/test/library-tests/dataflow/hash-flow/type-tracking-hash-flow.ql
View File

@@ -1 +1,6 @@
// This test flags any difference in flow between the type-tracking and dataflow
// libraries. New results in this query do not necessarily indicate a problem,
// only that type-tracking cannot follow the flow in your test. If the dataflow
// test (`hash-flow.ql`) shows no failures, then that may be sufficient
// (depending on your use case).
import TestUtilities.InlineTypeTrackingFlowTest

0
ruby/ql/test/library-tests/dataflow/local/TaintflowStep.expected → ruby/ql/test/library-tests/dataflow/local/InlineFlowTest.expected
View File

0
ruby/ql/test/library-tests/dataflow/local/TaintflowStep.ql → ruby/ql/test/library-tests/dataflow/local/InlineFlowTest.ql
View File

355
ruby/ql/test/library-tests/dataflow/local/TaintStep.expected Normal file
View File

@@ -0,0 +1,355 @@
| file://:0:0:0:0 | parameter any of ;Pathname;Method[join] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[join] |
| file://:0:0:0:0 | parameter position 0 of & | file://:0:0:0:0 | [summary] read: argument position 0.any element in & |
| file://:0:0:0:0 | parameter position 0 of + | file://:0:0:0:0 | [summary] read: argument position 0.any element in + |
| file://:0:0:0:0 | parameter position 0 of ;;Member[Pathname].Method[new] | file://:0:0:0:0 | [summary] to write: return (return) in ;;Member[Pathname].Method[new] |
| file://:0:0:0:0 | parameter position 0 of ;;Member[Regexp].Method[escape,quote] | file://:0:0:0:0 | [summary] to write: return (return) in ;;Member[Regexp].Method[escape,quote] |
| file://:0:0:0:0 | parameter position 0 of ActionController::Parameters#merge | file://:0:0:0:0 | [summary] to write: return (return) in ActionController::Parameters#merge |
| file://:0:0:0:0 | parameter position 0 of ActionController::Parameters#merge! | file://:0:0:0:0 | [summary] to write: argument self in ActionController::Parameters#merge! |
| file://:0:0:0:0 | parameter position 0 of ActionController::Parameters#merge! | file://:0:0:0:0 | [summary] to write: return (return) in ActionController::Parameters#merge! |
| file://:0:0:0:0 | parameter position 0 of Arel.sql | file://:0:0:0:0 | [summary] to write: return (return) in Arel.sql |
| file://:0:0:0:0 | parameter position 0 of File.absolute_path | file://:0:0:0:0 | [summary] to write: return (return) in File.absolute_path |
| file://:0:0:0:0 | parameter position 0 of File.dirname | file://:0:0:0:0 | [summary] to write: return (return) in File.dirname |
| file://:0:0:0:0 | parameter position 0 of File.expand_path | file://:0:0:0:0 | [summary] to write: return (return) in File.expand_path |
| file://:0:0:0:0 | parameter position 0 of File.path | file://:0:0:0:0 | [summary] to write: return (return) in File.path |
| file://:0:0:0:0 | parameter position 0 of File.realdirpath | file://:0:0:0:0 | [summary] to write: return (return) in File.realdirpath |
| file://:0:0:0:0 | parameter position 0 of File.realpath | file://:0:0:0:0 | [summary] to write: return (return) in File.realpath |
| file://:0:0:0:0 | parameter position 0 of Hash[] | file://:0:0:0:0 | [summary] read: argument position 0.any element in Hash[] |
| file://:0:0:0:0 | parameter position 0 of String.try_convert | file://:0:0:0:0 | [summary] to write: return (return) in String.try_convert |
| file://:0:0:0:0 | parameter position 0 of \| | file://:0:0:0:0 | [summary] read: argument position 0.any element in \| |
| file://:0:0:0:0 | parameter position 0 of activestorage;;Member[ActiveStorage].Member[Filename].Method[new] | file://:0:0:0:0 | [summary] to write: return (return) in activestorage;;Member[ActiveStorage].Member[Filename].Method[new] |
| file://:0:0:0:0 | parameter position 0 of activesupport;;Member[ActionView].Member[SafeBuffer].Instance.Method[safe_concat] | file://:0:0:0:0 | [summary] to write: argument self in activesupport;;Member[ActionView].Member[SafeBuffer].Instance.Method[safe_concat] |
| file://:0:0:0:0 | parameter position 0 of activesupport;;Member[ActionView].Member[SafeBuffer].Instance.Method[safe_concat] | file://:0:0:0:0 | [summary] to write: return (return) in activesupport;;Member[ActionView].Member[SafeBuffer].Instance.Method[safe_concat] |
| file://:0:0:0:0 | parameter position 0 of activesupport;;Member[ActionView].Member[SafeBuffer].Method[new] | file://:0:0:0:0 | [summary] to write: return (return) in activesupport;;Member[ActionView].Member[SafeBuffer].Method[new] |
| file://:0:0:0:0 | parameter position 0.. of File.join | file://:0:0:0:0 | [summary] to write: return (return) in File.join |
| file://:0:0:0:0 | parameter self of & | file://:0:0:0:0 | [summary] read: argument self.any element in & |
| file://:0:0:0:0 | parameter self of * | file://:0:0:0:0 | [summary] read: argument self.any element in * |
| file://:0:0:0:0 | parameter self of - | file://:0:0:0:0 | [summary] read: argument self.any element in - |
| file://:0:0:0:0 | parameter self of ;Pathname;Method[basename] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[basename] |
| file://:0:0:0:0 | parameter self of ;Pathname;Method[cleanpath] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[cleanpath] |
| file://:0:0:0:0 | parameter self of ;Pathname;Method[dirname] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[dirname] |
| file://:0:0:0:0 | parameter self of ;Pathname;Method[each_filename] | file://:0:0:0:0 | [summary] to write: argument block.parameter position 0 in ;Pathname;Method[each_filename] |
| file://:0:0:0:0 | parameter self of ;Pathname;Method[existence] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[existence] |
| file://:0:0:0:0 | parameter self of ;Pathname;Method[expand_path] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[expand_path] |
| file://:0:0:0:0 | parameter self of ;Pathname;Method[join] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[join] |
| file://:0:0:0:0 | parameter self of ;Pathname;Method[parent] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[parent] |
| file://:0:0:0:0 | parameter self of ;Pathname;Method[realpath] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[realpath] |
| file://:0:0:0:0 | parameter self of ;Pathname;Method[relative_path_from] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[relative_path_from] |
| file://:0:0:0:0 | parameter self of ;Pathname;Method[sub] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[sub] |
| file://:0:0:0:0 | parameter self of ;Pathname;Method[sub_ext] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[sub_ext] |
| file://:0:0:0:0 | parameter self of ;Pathname;Method[to_path] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[to_path] |
| file://:0:0:0:0 | parameter self of ActionController::Parameters#<various> | file://:0:0:0:0 | [summary] to write: return (return) in ActionController::Parameters#<various> |
| file://:0:0:0:0 | parameter self of ActionController::Parameters#merge | file://:0:0:0:0 | [summary] to write: return (return) in ActionController::Parameters#merge |
| file://:0:0:0:0 | parameter self of ActionController::Parameters#merge! | file://:0:0:0:0 | [summary] to write: argument self in ActionController::Parameters#merge! |
| file://:0:0:0:0 | parameter self of ActionController::Parameters#merge! | file://:0:0:0:0 | [summary] to write: return (return) in ActionController::Parameters#merge! |
| file://:0:0:0:0 | parameter self of ActiveSupportStringTransform | file://:0:0:0:0 | [summary] to write: return (return) in ActiveSupportStringTransform |
| file://:0:0:0:0 | parameter self of [] | file://:0:0:0:0 | [summary] to write: return (return) in [] |
| file://:0:0:0:0 | parameter self of \| | file://:0:0:0:0 | [summary] read: argument self.any element in \| |
| file://:0:0:0:0 | parameter self of activestorage;;Member[ActiveStorage].Member[Filename].Instance.Method[sanitized] | file://:0:0:0:0 | [summary] to write: return (return) in activestorage;;Member[ActiveStorage].Member[Filename].Instance.Method[sanitized] |
| file://:0:0:0:0 | parameter self of activesupport;;Member[ActionView].Member[SafeBuffer].Instance.Method[concat,insert,prepend,to_s,to_param] | file://:0:0:0:0 | [summary] to write: return (return) in activesupport;;Member[ActionView].Member[SafeBuffer].Instance.Method[concat,insert,prepend,to_s,to_param] |
| file://:0:0:0:0 | parameter self of each(0) | file://:0:0:0:0 | [summary] read: argument self.any element in each(0) |
| local_dataflow.rb:1:1:7:3 | self (foo) | local_dataflow.rb:3:8:3:10 | self |
| local_dataflow.rb:1:1:7:3 | self (local_dataflow.rb) | local_dataflow.rb:49:1:53:3 | self |
| local_dataflow.rb:1:1:7:3 | self in foo | local_dataflow.rb:1:1:7:3 | self (foo) |
| local_dataflow.rb:1:9:1:9 | a | local_dataflow.rb:1:9:1:9 | a |
| local_dataflow.rb:1:9:1:9 | a | local_dataflow.rb:2:7:2:7 | a |
| local_dataflow.rb:2:3:2:7 | ... = ... | local_dataflow.rb:3:13:3:13 | b |
| local_dataflow.rb:2:7:2:7 | a | local_dataflow.rb:2:3:2:7 | ... = ... |
| local_dataflow.rb:2:7:2:7 | a | local_dataflow.rb:2:3:2:7 | ... = ... |
| local_dataflow.rb:2:7:2:7 | a | local_dataflow.rb:3:10:3:10 | a |
| local_dataflow.rb:3:7:3:14 | ( ... ) | local_dataflow.rb:3:3:3:14 | ... = ... |
| local_dataflow.rb:3:10:3:10 | [post] a | local_dataflow.rb:4:11:4:11 | a |
| local_dataflow.rb:3:10:3:10 | a | local_dataflow.rb:4:11:4:11 | a |
| local_dataflow.rb:3:13:3:13 | b | local_dataflow.rb:3:7:3:14 | ( ... ) |
| local_dataflow.rb:3:13:3:13 | b | local_dataflow.rb:6:13:6:13 | b |
| local_dataflow.rb:4:7:4:11 | ... = ... | local_dataflow.rb:4:3:4:11 | ... = ... |
| local_dataflow.rb:4:11:4:11 | a | local_dataflow.rb:4:7:4:11 | ... = ... |
| local_dataflow.rb:4:11:4:11 | a | local_dataflow.rb:5:12:5:12 | a |
| local_dataflow.rb:5:7:5:13 | ( ... ) | local_dataflow.rb:5:3:5:13 | ... = ... |
| local_dataflow.rb:5:8:5:12 | ... = ... | local_dataflow.rb:5:7:5:13 | ( ... ) |
| local_dataflow.rb:5:12:5:12 | a | local_dataflow.rb:5:8:5:12 | ... = ... |
| local_dataflow.rb:5:12:5:12 | a | local_dataflow.rb:6:8:6:8 | a |
| local_dataflow.rb:6:7:6:14 | ( ... ) | local_dataflow.rb:6:3:6:14 | ... = ... |
| local_dataflow.rb:6:8:6:8 | a | local_dataflow.rb:6:10:6:11 | ... + ... |
| local_dataflow.rb:6:8:6:13 | ... = ... | local_dataflow.rb:6:7:6:14 | ( ... ) |
| local_dataflow.rb:6:10:6:11 | ... + ... | local_dataflow.rb:6:8:6:13 | ... = ... |
| local_dataflow.rb:6:13:6:13 | b | local_dataflow.rb:6:10:6:11 | ... + ... |
| local_dataflow.rb:9:1:9:15 | ... = ... | local_dataflow.rb:10:14:10:18 | array |
| local_dataflow.rb:9:9:9:15 | Array | local_dataflow.rb:9:9:9:15 | call to [] |
| local_dataflow.rb:9:9:9:15 | call to [] | local_dataflow.rb:9:1:9:15 | ... = ... |
| local_dataflow.rb:9:9:9:15 | call to [] | local_dataflow.rb:9:1:9:15 | ... = ... |
| local_dataflow.rb:10:5:13:3 | ... = ... | local_dataflow.rb:12:5:12:5 | x |
| local_dataflow.rb:10:5:13:3 | <captured> | local_dataflow.rb:11:1:11:2 | self |
| local_dataflow.rb:10:5:13:3 | __synth__0__1 | local_dataflow.rb:10:5:13:3 | ... = ... |
| local_dataflow.rb:10:5:13:3 | __synth__0__1 | local_dataflow.rb:10:5:13:3 | ... = ... |
| local_dataflow.rb:10:5:13:3 | __synth__0__1 | local_dataflow.rb:10:5:13:3 | __synth__0__1 |
| local_dataflow.rb:10:5:13:3 | __synth__0__1 | local_dataflow.rb:10:5:13:3 | __synth__0__1 |
| local_dataflow.rb:10:5:13:3 | call to each | local_dataflow.rb:10:1:13:3 | ... = ... |
| local_dataflow.rb:10:14:10:18 | [post] array | local_dataflow.rb:15:10:15:14 | array |
| local_dataflow.rb:10:14:10:18 | array | local_dataflow.rb:15:10:15:14 | array |
| local_dataflow.rb:11:1:11:2 | [post] self | local_dataflow.rb:12:3:12:5 | self |
| local_dataflow.rb:11:1:11:2 | self | local_dataflow.rb:12:3:12:5 | self |
| local_dataflow.rb:15:1:17:3 | __synth__0__1 | local_dataflow.rb:15:1:17:3 | ... = ... |
| local_dataflow.rb:15:1:17:3 | __synth__0__1 | local_dataflow.rb:15:1:17:3 | ... = ... |
| local_dataflow.rb:15:1:17:3 | __synth__0__1 | local_dataflow.rb:15:1:17:3 | __synth__0__1 |
| local_dataflow.rb:15:1:17:3 | __synth__0__1 | local_dataflow.rb:15:1:17:3 | __synth__0__1 |
| local_dataflow.rb:15:10:15:14 | [post] array | local_dataflow.rb:19:10:19:14 | array |
| local_dataflow.rb:15:10:15:14 | array | local_dataflow.rb:19:10:19:14 | array |
| local_dataflow.rb:16:9:16:10 | 10 | local_dataflow.rb:16:3:16:10 | break |
| local_dataflow.rb:19:1:21:3 | ... = ... | local_dataflow.rb:20:6:20:6 | x |
| local_dataflow.rb:19:1:21:3 | __synth__0__1 | local_dataflow.rb:19:1:21:3 | ... = ... |
| local_dataflow.rb:19:1:21:3 | __synth__0__1 | local_dataflow.rb:19:1:21:3 | ... = ... |
| local_dataflow.rb:19:1:21:3 | __synth__0__1 | local_dataflow.rb:19:1:21:3 | __synth__0__1 |
| local_dataflow.rb:19:1:21:3 | __synth__0__1 | local_dataflow.rb:19:1:21:3 | __synth__0__1 |
| local_dataflow.rb:20:6:20:6 | x | local_dataflow.rb:20:6:20:10 | ... > ... |
| local_dataflow.rb:20:10:20:10 | 1 | local_dataflow.rb:20:6:20:10 | ... > ... |
| local_dataflow.rb:24:2:24:8 | break | local_dataflow.rb:23:1:25:3 | while ... |
| local_dataflow.rb:24:8:24:8 | 5 | local_dataflow.rb:24:2:24:8 | break |
| local_dataflow.rb:28:5:28:26 | M | local_dataflow.rb:28:1:28:26 | ... = ... |
| local_dataflow.rb:28:15:28:22 | "module" | local_dataflow.rb:28:5:28:26 | M |
| local_dataflow.rb:30:5:30:24 | C | local_dataflow.rb:30:1:30:24 | ... = ... |
| local_dataflow.rb:30:14:30:20 | "class" | local_dataflow.rb:30:5:30:24 | C |
| local_dataflow.rb:32:5:32:25 | bar | local_dataflow.rb:32:1:32:25 | ... = ... |
| local_dataflow.rb:32:5:32:25 | bar | local_dataflow.rb:32:1:32:25 | ... = ... |
| local_dataflow.rb:34:7:34:7 | x | local_dataflow.rb:34:7:34:7 | x |
| local_dataflow.rb:34:7:34:7 | x | local_dataflow.rb:35:6:35:6 | x |
| local_dataflow.rb:35:6:35:6 | x | local_dataflow.rb:35:6:35:11 | ... == ... |
| local_dataflow.rb:35:11:35:11 | 4 | local_dataflow.rb:35:6:35:11 | ... == ... |
| local_dataflow.rb:36:13:36:13 | 7 | local_dataflow.rb:36:6:36:13 | return |
| local_dataflow.rb:41:7:41:7 | x | local_dataflow.rb:41:7:41:7 | x |
| local_dataflow.rb:41:7:41:7 | x | local_dataflow.rb:42:6:42:6 | x |
| local_dataflow.rb:42:6:42:6 | x | local_dataflow.rb:42:6:42:11 | ... == ... |
| local_dataflow.rb:42:11:42:11 | 4 | local_dataflow.rb:42:6:42:11 | ... == ... |
| local_dataflow.rb:43:13:43:13 | 7 | local_dataflow.rb:43:6:43:13 | return |
| local_dataflow.rb:45:10:45:10 | 6 | local_dataflow.rb:45:3:45:10 | return |
| local_dataflow.rb:49:1:53:3 | [post] self | local_dataflow.rb:55:1:55:14 | self |
| local_dataflow.rb:49:1:53:3 | self | local_dataflow.rb:55:1:55:14 | self |
| local_dataflow.rb:49:3:53:3 | <captured> | local_dataflow.rb:50:18:50:18 | x |
| local_dataflow.rb:50:8:50:13 | "next" | local_dataflow.rb:50:3:50:13 | next |
| local_dataflow.rb:50:18:50:18 | [post] x | local_dataflow.rb:51:20:51:20 | x |
| local_dataflow.rb:50:18:50:18 | x | local_dataflow.rb:50:18:50:22 | ... < ... |
| local_dataflow.rb:50:18:50:18 | x | local_dataflow.rb:51:20:51:20 | x |
| local_dataflow.rb:50:22:50:22 | 4 | local_dataflow.rb:50:18:50:22 | ... < ... |
| local_dataflow.rb:51:9:51:15 | "break" | local_dataflow.rb:51:3:51:15 | break |
| local_dataflow.rb:51:20:51:20 | x | local_dataflow.rb:51:20:51:24 | ... < ... |
| local_dataflow.rb:51:24:51:24 | 9 | local_dataflow.rb:51:20:51:24 | ... < ... |
| local_dataflow.rb:55:5:55:13 | Array | local_dataflow.rb:55:5:55:13 | call to [] |
| local_dataflow.rb:60:1:90:3 | self (test_case) | local_dataflow.rb:78:12:78:20 | self |
| local_dataflow.rb:60:1:90:3 | self in test_case | local_dataflow.rb:60:1:90:3 | self (test_case) |
| local_dataflow.rb:60:15:60:15 | x | local_dataflow.rb:60:15:60:15 | x |
| local_dataflow.rb:60:15:60:15 | x | local_dataflow.rb:61:12:61:12 | x |
| local_dataflow.rb:61:7:68:5 | case ... | local_dataflow.rb:61:3:68:5 | ... = ... |
| local_dataflow.rb:61:12:61:12 | x | local_dataflow.rb:63:15:63:15 | x |
| local_dataflow.rb:61:12:61:12 | x | local_dataflow.rb:65:6:65:6 | x |
| local_dataflow.rb:61:12:61:12 | x | local_dataflow.rb:67:5:67:5 | x |
| local_dataflow.rb:61:12:61:12 | x | local_dataflow.rb:69:12:69:12 | x |
| local_dataflow.rb:62:10:62:15 | then ... | local_dataflow.rb:61:7:68:5 | case ... |
| local_dataflow.rb:62:15:62:15 | 3 | local_dataflow.rb:62:10:62:15 | then ... |
| local_dataflow.rb:63:10:63:15 | then ... | local_dataflow.rb:61:7:68:5 | case ... |
| local_dataflow.rb:63:15:63:15 | x | local_dataflow.rb:63:10:63:15 | then ... |
| local_dataflow.rb:63:15:63:15 | x | local_dataflow.rb:69:12:69:12 | x |
| local_dataflow.rb:64:9:65:6 | then ... | local_dataflow.rb:61:7:68:5 | case ... |
| local_dataflow.rb:65:6:65:6 | x | local_dataflow.rb:64:9:65:6 | then ... |
| local_dataflow.rb:65:6:65:6 | x | local_dataflow.rb:69:12:69:12 | x |
| local_dataflow.rb:66:3:67:5 | else ... | local_dataflow.rb:61:7:68:5 | case ... |
| local_dataflow.rb:67:5:67:5 | x | local_dataflow.rb:66:3:67:5 | else ... |
| local_dataflow.rb:67:5:67:5 | x | local_dataflow.rb:69:12:69:12 | x |
| local_dataflow.rb:69:7:76:5 | case ... | local_dataflow.rb:69:3:76:5 | ... = ... |
| local_dataflow.rb:69:12:69:12 | x | local_dataflow.rb:71:13:71:13 | x |
| local_dataflow.rb:69:12:69:12 | x | local_dataflow.rb:73:7:73:7 | x |
| local_dataflow.rb:69:12:69:12 | x | local_dataflow.rb:75:6:75:6 | x |
| local_dataflow.rb:70:8:70:13 | then ... | local_dataflow.rb:69:7:76:5 | case ... |
| local_dataflow.rb:70:13:70:13 | 4 | local_dataflow.rb:70:8:70:13 | then ... |
| local_dataflow.rb:71:8:71:13 | then ... | local_dataflow.rb:69:7:76:5 | case ... |
| local_dataflow.rb:71:13:71:13 | x | local_dataflow.rb:71:8:71:13 | then ... |
| local_dataflow.rb:72:7:73:7 | then ... | local_dataflow.rb:69:7:76:5 | case ... |
| local_dataflow.rb:73:7:73:7 | x | local_dataflow.rb:72:7:73:7 | then ... |
| local_dataflow.rb:74:3:75:6 | else ... | local_dataflow.rb:69:7:76:5 | case ... |
| local_dataflow.rb:75:6:75:6 | x | local_dataflow.rb:74:3:75:6 | else ... |
| local_dataflow.rb:78:3:88:5 | ... = ... | local_dataflow.rb:89:8:89:8 | z |
| local_dataflow.rb:78:7:88:5 | case ... | local_dataflow.rb:78:3:88:5 | ... = ... |
| local_dataflow.rb:78:7:88:5 | case ... | local_dataflow.rb:78:3:88:5 | ... = ... |
| local_dataflow.rb:78:12:78:20 | [post] self | local_dataflow.rb:79:20:79:26 | self |
| local_dataflow.rb:78:12:78:20 | [post] self | local_dataflow.rb:80:24:80:30 | self |
| local_dataflow.rb:78:12:78:20 | [post] self | local_dataflow.rb:82:7:82:13 | self |
| local_dataflow.rb:78:12:78:20 | [post] self | local_dataflow.rb:85:22:85:28 | self |
| local_dataflow.rb:78:12:78:20 | [post] self | local_dataflow.rb:86:28:86:34 | self |
| local_dataflow.rb:78:12:78:20 | [post] self | local_dataflow.rb:87:20:87:26 | self |
| local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:79:13:79:13 | b |
| local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:80:8:80:8 | a |
| local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:81:9:81:9 | c |
| local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:81:13:81:13 | d |
| local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:81:16:81:16 | e |
| local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:85:13:85:13 | f |
| local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:86:18:86:18 | g |
| local_dataflow.rb:78:12:78:20 | call to source | local_dataflow.rb:87:10:87:10 | x |
| local_dataflow.rb:78:12:78:20 | self | local_dataflow.rb:79:20:79:26 | self |
| local_dataflow.rb:78:12:78:20 | self | local_dataflow.rb:80:24:80:30 | self |
| local_dataflow.rb:78:12:78:20 | self | local_dataflow.rb:82:7:82:13 | self |
| local_dataflow.rb:78:12:78:20 | self | local_dataflow.rb:85:22:85:28 | self |
| local_dataflow.rb:78:12:78:20 | self | local_dataflow.rb:86:28:86:34 | self |
| local_dataflow.rb:78:12:78:20 | self | local_dataflow.rb:87:20:87:26 | self |
| local_dataflow.rb:79:13:79:13 | b | local_dataflow.rb:79:25:79:25 | b |
| local_dataflow.rb:79:15:79:45 | then ... | local_dataflow.rb:78:7:88:5 | case ... |
| local_dataflow.rb:79:20:79:26 | [post] self | local_dataflow.rb:89:3:89:9 | self |
| local_dataflow.rb:79:20:79:26 | call to sink | local_dataflow.rb:79:15:79:45 | then ... |
| local_dataflow.rb:79:20:79:26 | self | local_dataflow.rb:89:3:89:9 | self |
| local_dataflow.rb:80:8:80:8 | a | local_dataflow.rb:80:13:80:13 | a |
| local_dataflow.rb:80:13:80:13 | [post] a | local_dataflow.rb:80:29:80:29 | a |
| local_dataflow.rb:80:13:80:13 | a | local_dataflow.rb:80:13:80:17 | ... > ... |
| local_dataflow.rb:80:13:80:13 | a | local_dataflow.rb:80:29:80:29 | a |
| local_dataflow.rb:80:17:80:17 | 0 | local_dataflow.rb:80:13:80:17 | ... > ... |
| local_dataflow.rb:80:19:80:49 | then ... | local_dataflow.rb:78:7:88:5 | case ... |
| local_dataflow.rb:80:24:80:30 | [post] self | local_dataflow.rb:89:3:89:9 | self |
| local_dataflow.rb:80:24:80:30 | call to sink | local_dataflow.rb:80:19:80:49 | then ... |
| local_dataflow.rb:80:24:80:30 | self | local_dataflow.rb:89:3:89:9 | self |
| local_dataflow.rb:81:9:81:9 | c | local_dataflow.rb:82:12:82:12 | c |
| local_dataflow.rb:81:13:81:13 | d | local_dataflow.rb:83:12:83:12 | d |
| local_dataflow.rb:81:16:81:16 | e | local_dataflow.rb:84:12:84:12 | e |
| local_dataflow.rb:81:20:84:33 | then ... | local_dataflow.rb:78:7:88:5 | case ... |
| local_dataflow.rb:81:25:84:14 | Array | local_dataflow.rb:81:25:84:14 | call to [] |
| local_dataflow.rb:81:25:84:14 | call to [] | local_dataflow.rb:81:20:84:33 | then ... |
| local_dataflow.rb:82:7:82:13 | [post] self | local_dataflow.rb:83:7:83:13 | self |
| local_dataflow.rb:82:7:82:13 | self | local_dataflow.rb:83:7:83:13 | self |
| local_dataflow.rb:83:7:83:13 | [post] self | local_dataflow.rb:84:7:84:13 | self |
| local_dataflow.rb:83:7:83:13 | self | local_dataflow.rb:84:7:84:13 | self |
| local_dataflow.rb:84:7:84:13 | [post] self | local_dataflow.rb:89:3:89:9 | self |
| local_dataflow.rb:84:7:84:13 | self | local_dataflow.rb:89:3:89:9 | self |
| local_dataflow.rb:85:13:85:13 | f | local_dataflow.rb:85:27:85:27 | f |
| local_dataflow.rb:85:17:85:47 | then ... | local_dataflow.rb:78:7:88:5 | case ... |
| local_dataflow.rb:85:22:85:28 | [post] self | local_dataflow.rb:89:3:89:9 | self |
| local_dataflow.rb:85:22:85:28 | call to sink | local_dataflow.rb:85:17:85:47 | then ... |
| local_dataflow.rb:85:22:85:28 | self | local_dataflow.rb:89:3:89:9 | self |
| local_dataflow.rb:86:18:86:18 | g | local_dataflow.rb:86:33:86:33 | g |
| local_dataflow.rb:86:23:86:53 | then ... | local_dataflow.rb:78:7:88:5 | case ... |
| local_dataflow.rb:86:28:86:34 | [post] self | local_dataflow.rb:89:3:89:9 | self |
| local_dataflow.rb:86:28:86:34 | call to sink | local_dataflow.rb:86:23:86:53 | then ... |
| local_dataflow.rb:86:28:86:34 | self | local_dataflow.rb:89:3:89:9 | self |
| local_dataflow.rb:87:10:87:10 | x | local_dataflow.rb:87:25:87:25 | x |
| local_dataflow.rb:87:15:87:48 | then ... | local_dataflow.rb:78:7:88:5 | case ... |
| local_dataflow.rb:87:20:87:26 | [post] self | local_dataflow.rb:89:3:89:9 | self |
| local_dataflow.rb:87:20:87:26 | self | local_dataflow.rb:89:3:89:9 | self |
| local_dataflow.rb:87:25:87:25 | [post] x | local_dataflow.rb:87:29:87:29 | x |
| local_dataflow.rb:87:25:87:25 | x | local_dataflow.rb:87:29:87:29 | x |
| local_dataflow.rb:87:29:87:29 | x | local_dataflow.rb:87:15:87:48 | then ... |
| local_dataflow.rb:92:1:109:3 | self (and_or) | local_dataflow.rb:93:7:93:15 | self |
| local_dataflow.rb:92:1:109:3 | self in and_or | local_dataflow.rb:92:1:109:3 | self (and_or) |
| local_dataflow.rb:93:3:93:28 | ... = ... | local_dataflow.rb:94:8:94:8 | a |
| local_dataflow.rb:93:7:93:15 | [post] self | local_dataflow.rb:93:20:93:28 | self |
| local_dataflow.rb:93:7:93:15 | [post] self | local_dataflow.rb:94:3:94:9 | self |
| local_dataflow.rb:93:7:93:15 | call to source | local_dataflow.rb:93:7:93:28 | ... \|\| ... |
| local_dataflow.rb:93:7:93:15 | self | local_dataflow.rb:93:20:93:28 | self |
| local_dataflow.rb:93:7:93:15 | self | local_dataflow.rb:94:3:94:9 | self |
| local_dataflow.rb:93:7:93:28 | ... \|\| ... | local_dataflow.rb:93:3:93:28 | ... = ... |
| local_dataflow.rb:93:7:93:28 | ... \|\| ... | local_dataflow.rb:93:3:93:28 | ... = ... |
| local_dataflow.rb:93:20:93:28 | [post] self | local_dataflow.rb:94:3:94:9 | self |
| local_dataflow.rb:93:20:93:28 | call to source | local_dataflow.rb:93:7:93:28 | ... \|\| ... |
| local_dataflow.rb:93:20:93:28 | self | local_dataflow.rb:94:3:94:9 | self |
| local_dataflow.rb:94:3:94:9 | [post] self | local_dataflow.rb:95:8:95:16 | self |
| local_dataflow.rb:94:3:94:9 | self | local_dataflow.rb:95:8:95:16 | self |
| local_dataflow.rb:95:3:95:30 | ... = ... | local_dataflow.rb:96:8:96:8 | b |
| local_dataflow.rb:95:7:95:30 | ( ... ) | local_dataflow.rb:95:3:95:30 | ... = ... |
| local_dataflow.rb:95:7:95:30 | ( ... ) | local_dataflow.rb:95:3:95:30 | ... = ... |
| local_dataflow.rb:95:8:95:16 | [post] self | local_dataflow.rb:95:21:95:29 | self |
| local_dataflow.rb:95:8:95:16 | [post] self | local_dataflow.rb:96:3:96:9 | self |
| local_dataflow.rb:95:8:95:16 | call to source | local_dataflow.rb:95:8:95:29 | ... or ... |
| local_dataflow.rb:95:8:95:16 | self | local_dataflow.rb:95:21:95:29 | self |
| local_dataflow.rb:95:8:95:16 | self | local_dataflow.rb:96:3:96:9 | self |
| local_dataflow.rb:95:8:95:29 | ... or ... | local_dataflow.rb:95:7:95:30 | ( ... ) |
| local_dataflow.rb:95:21:95:29 | [post] self | local_dataflow.rb:96:3:96:9 | self |
| local_dataflow.rb:95:21:95:29 | call to source | local_dataflow.rb:95:8:95:29 | ... or ... |
| local_dataflow.rb:95:21:95:29 | self | local_dataflow.rb:96:3:96:9 | self |
| local_dataflow.rb:96:3:96:9 | [post] self | local_dataflow.rb:98:7:98:15 | self |
| local_dataflow.rb:96:3:96:9 | self | local_dataflow.rb:98:7:98:15 | self |
| local_dataflow.rb:98:3:98:28 | ... = ... | local_dataflow.rb:99:8:99:8 | a |
| local_dataflow.rb:98:7:98:15 | [post] self | local_dataflow.rb:98:20:98:28 | self |
| local_dataflow.rb:98:7:98:15 | [post] self | local_dataflow.rb:99:3:99:9 | self |
| local_dataflow.rb:98:7:98:15 | call to source | local_dataflow.rb:98:7:98:28 | ... && ... |
| local_dataflow.rb:98:7:98:15 | self | local_dataflow.rb:98:20:98:28 | self |
| local_dataflow.rb:98:7:98:15 | self | local_dataflow.rb:99:3:99:9 | self |
| local_dataflow.rb:98:7:98:28 | ... && ... | local_dataflow.rb:98:3:98:28 | ... = ... |
| local_dataflow.rb:98:7:98:28 | ... && ... | local_dataflow.rb:98:3:98:28 | ... = ... |
| local_dataflow.rb:98:20:98:28 | [post] self | local_dataflow.rb:99:3:99:9 | self |
| local_dataflow.rb:98:20:98:28 | call to source | local_dataflow.rb:98:7:98:28 | ... && ... |
| local_dataflow.rb:98:20:98:28 | self | local_dataflow.rb:99:3:99:9 | self |
| local_dataflow.rb:99:3:99:9 | [post] self | local_dataflow.rb:100:8:100:16 | self |
| local_dataflow.rb:99:3:99:9 | self | local_dataflow.rb:100:8:100:16 | self |
| local_dataflow.rb:100:3:100:31 | ... = ... | local_dataflow.rb:101:8:101:8 | b |
| local_dataflow.rb:100:7:100:31 | ( ... ) | local_dataflow.rb:100:3:100:31 | ... = ... |
| local_dataflow.rb:100:7:100:31 | ( ... ) | local_dataflow.rb:100:3:100:31 | ... = ... |
| local_dataflow.rb:100:8:100:16 | [post] self | local_dataflow.rb:100:22:100:30 | self |
| local_dataflow.rb:100:8:100:16 | [post] self | local_dataflow.rb:101:3:101:9 | self |
| local_dataflow.rb:100:8:100:16 | call to source | local_dataflow.rb:100:8:100:30 | ... and ... |
| local_dataflow.rb:100:8:100:16 | self | local_dataflow.rb:100:22:100:30 | self |
| local_dataflow.rb:100:8:100:16 | self | local_dataflow.rb:101:3:101:9 | self |
| local_dataflow.rb:100:8:100:30 | ... and ... | local_dataflow.rb:100:7:100:31 | ( ... ) |
| local_dataflow.rb:100:22:100:30 | [post] self | local_dataflow.rb:101:3:101:9 | self |
| local_dataflow.rb:100:22:100:30 | call to source | local_dataflow.rb:100:8:100:30 | ... and ... |
| local_dataflow.rb:100:22:100:30 | self | local_dataflow.rb:101:3:101:9 | self |
| local_dataflow.rb:101:3:101:9 | [post] self | local_dataflow.rb:103:7:103:15 | self |
| local_dataflow.rb:101:3:101:9 | self | local_dataflow.rb:103:7:103:15 | self |
| local_dataflow.rb:103:3:103:15 | ... = ... | local_dataflow.rb:104:3:104:3 | a |
| local_dataflow.rb:103:7:103:15 | [post] self | local_dataflow.rb:104:9:104:17 | self |
| local_dataflow.rb:103:7:103:15 | [post] self | local_dataflow.rb:105:3:105:9 | self |
| local_dataflow.rb:103:7:103:15 | call to source | local_dataflow.rb:103:3:103:15 | ... = ... |
| local_dataflow.rb:103:7:103:15 | call to source | local_dataflow.rb:103:3:103:15 | ... = ... |
| local_dataflow.rb:103:7:103:15 | self | local_dataflow.rb:104:9:104:17 | self |
| local_dataflow.rb:103:7:103:15 | self | local_dataflow.rb:105:3:105:9 | self |
| local_dataflow.rb:104:3:104:3 | a | local_dataflow.rb:104:5:104:7 | ... \|\| ... |
| local_dataflow.rb:104:3:104:17 | ... = ... | local_dataflow.rb:105:8:105:8 | a |
| local_dataflow.rb:104:5:104:7 | ... \|\| ... | local_dataflow.rb:104:3:104:17 | ... = ... |
| local_dataflow.rb:104:5:104:7 | ... \|\| ... | local_dataflow.rb:104:3:104:17 | ... = ... |
| local_dataflow.rb:104:9:104:17 | [post] self | local_dataflow.rb:105:3:105:9 | self |
| local_dataflow.rb:104:9:104:17 | call to source | local_dataflow.rb:104:5:104:7 | ... \|\| ... |
| local_dataflow.rb:104:9:104:17 | self | local_dataflow.rb:105:3:105:9 | self |
| local_dataflow.rb:105:3:105:9 | [post] self | local_dataflow.rb:106:7:106:15 | self |
| local_dataflow.rb:105:3:105:9 | self | local_dataflow.rb:106:7:106:15 | self |
| local_dataflow.rb:106:3:106:15 | ... = ... | local_dataflow.rb:107:3:107:3 | b |
| local_dataflow.rb:106:7:106:15 | [post] self | local_dataflow.rb:107:9:107:17 | self |
| local_dataflow.rb:106:7:106:15 | [post] self | local_dataflow.rb:108:3:108:9 | self |
| local_dataflow.rb:106:7:106:15 | call to source | local_dataflow.rb:106:3:106:15 | ... = ... |
| local_dataflow.rb:106:7:106:15 | call to source | local_dataflow.rb:106:3:106:15 | ... = ... |
| local_dataflow.rb:106:7:106:15 | self | local_dataflow.rb:107:9:107:17 | self |
| local_dataflow.rb:106:7:106:15 | self | local_dataflow.rb:108:3:108:9 | self |
| local_dataflow.rb:107:3:107:3 | b | local_dataflow.rb:107:5:107:7 | ... && ... |
| local_dataflow.rb:107:3:107:17 | ... = ... | local_dataflow.rb:108:8:108:8 | b |
| local_dataflow.rb:107:5:107:7 | ... && ... | local_dataflow.rb:107:3:107:17 | ... = ... |
| local_dataflow.rb:107:5:107:7 | ... && ... | local_dataflow.rb:107:3:107:17 | ... = ... |
| local_dataflow.rb:107:9:107:17 | [post] self | local_dataflow.rb:108:3:108:9 | self |
| local_dataflow.rb:107:9:107:17 | call to source | local_dataflow.rb:107:5:107:7 | ... && ... |
| local_dataflow.rb:107:9:107:17 | self | local_dataflow.rb:108:3:108:9 | self |
| local_dataflow.rb:111:1:114:3 | self (object_dup) | local_dataflow.rb:112:3:112:21 | self |
| local_dataflow.rb:111:1:114:3 | self in object_dup | local_dataflow.rb:111:1:114:3 | self (object_dup) |
| local_dataflow.rb:112:3:112:21 | [post] self | local_dataflow.rb:112:8:112:16 | self |
| local_dataflow.rb:112:3:112:21 | self | local_dataflow.rb:112:8:112:16 | self |
| local_dataflow.rb:112:8:112:16 | [post] self | local_dataflow.rb:113:3:113:25 | self |
| local_dataflow.rb:112:8:112:16 | call to source | local_dataflow.rb:112:8:112:20 | call to dup |
| local_dataflow.rb:112:8:112:16 | self | local_dataflow.rb:113:3:113:25 | self |
| local_dataflow.rb:113:3:113:25 | [post] self | local_dataflow.rb:113:8:113:16 | self |
| local_dataflow.rb:113:3:113:25 | self | local_dataflow.rb:113:8:113:16 | self |
| local_dataflow.rb:113:8:113:16 | call to source | local_dataflow.rb:113:8:113:20 | call to dup |
| local_dataflow.rb:113:8:113:20 | call to dup | local_dataflow.rb:113:8:113:24 | call to dup |
| local_dataflow.rb:116:1:120:3 | self (kernel_tap) | local_dataflow.rb:117:3:117:24 | self |
| local_dataflow.rb:116:1:120:3 | self in kernel_tap | local_dataflow.rb:116:1:120:3 | self (kernel_tap) |
| local_dataflow.rb:117:3:117:24 | [post] self | local_dataflow.rb:117:8:117:16 | self |
| local_dataflow.rb:117:3:117:24 | self | local_dataflow.rb:117:8:117:16 | self |
| local_dataflow.rb:117:8:117:16 | [post] self | local_dataflow.rb:118:3:118:11 | self |
| local_dataflow.rb:117:8:117:16 | call to source | local_dataflow.rb:117:8:117:23 | call to tap |
| local_dataflow.rb:117:8:117:16 | self | local_dataflow.rb:118:3:118:11 | self |
| local_dataflow.rb:118:3:118:11 | [post] self | local_dataflow.rb:119:3:119:31 | self |
| local_dataflow.rb:118:3:118:11 | call to source | local_dataflow.rb:118:3:118:31 | call to tap |
| local_dataflow.rb:118:3:118:11 | self | local_dataflow.rb:119:3:119:31 | self |
| local_dataflow.rb:118:17:118:31 | <captured> | local_dataflow.rb:118:23:118:29 | self |
| local_dataflow.rb:118:20:118:20 | x | local_dataflow.rb:118:20:118:20 | x |
| local_dataflow.rb:118:20:118:20 | x | local_dataflow.rb:118:28:118:28 | x |
| local_dataflow.rb:119:3:119:31 | [post] self | local_dataflow.rb:119:8:119:16 | self |
| local_dataflow.rb:119:3:119:31 | self | local_dataflow.rb:119:8:119:16 | self |
| local_dataflow.rb:119:8:119:16 | call to source | local_dataflow.rb:119:8:119:23 | call to tap |
| local_dataflow.rb:119:8:119:23 | call to tap | local_dataflow.rb:119:8:119:30 | call to tap |
| local_dataflow.rb:122:1:124:3 | self (dup_tap) | local_dataflow.rb:123:3:123:50 | self |
| local_dataflow.rb:122:1:124:3 | self in dup_tap | local_dataflow.rb:122:1:124:3 | self (dup_tap) |
| local_dataflow.rb:123:3:123:50 | [post] self | local_dataflow.rb:123:8:123:16 | self |
| local_dataflow.rb:123:3:123:50 | self | local_dataflow.rb:123:8:123:16 | self |
| local_dataflow.rb:123:8:123:16 | call to source | local_dataflow.rb:123:8:123:20 | call to dup |
| local_dataflow.rb:123:8:123:20 | call to dup | local_dataflow.rb:123:8:123:45 | call to tap |
| local_dataflow.rb:123:8:123:45 | call to tap | local_dataflow.rb:123:8:123:49 | call to dup |
| local_dataflow.rb:123:26:123:45 | <captured> | local_dataflow.rb:123:32:123:43 | self |

6
ruby/ql/test/library-tests/dataflow/local/TaintStep.ql Normal file
View File

@@ -0,0 +1,6 @@
import codeql.ruby.DataFlow
import codeql.ruby.TaintTracking
from DataFlow::Node pred, DataFlow::Node succ
where TaintTracking::localTaintStep(pred, succ)
select pred, succ

5
ruby/ql/test/library-tests/frameworks/active_support/ActiveSupport.expected
View File

@@ -1,6 +1,7 @@
constantizeCalls
| active_support.rb:1:1:1:22 | call to constantize | active_support.rb:1:1:1:10 | "Foo::Bar" |
| active_support.rb:3:1:3:13 | call to constantize | active_support.rb:3:1:3:1 | call to a |
| active_support.rb:4:1:4:18 | call to safe_constantize | active_support.rb:4:1:4:1 | call to a |
loggerInstantiations
| active_support.rb:5:1:5:33 | call to new |
| active_support.rb:6:1:6:40 | call to new |
| active_support.rb:6:1:6:33 | call to new |
| active_support.rb:7:1:7:40 | call to new |

959
ruby/ql/test/library-tests/frameworks/active_support/ActiveSupportDataFlow.expected
View File

@@ -1,345 +1,624 @@
failures
edges
| active_support.rb:9:9:9:18 | call to source : | active_support.rb:10:10:10:10 | x : |
| active_support.rb:10:10:10:10 | x : | active_support.rb:10:10:10:19 | call to camelize |
| active_support.rb:14:9:14:18 | call to source : | active_support.rb:15:10:15:10 | x : |
| active_support.rb:15:10:15:10 | x : | active_support.rb:15:10:15:20 | call to camelcase |
| active_support.rb:19:9:19:18 | call to source : | active_support.rb:20:10:20:10 | x : |
| active_support.rb:20:10:20:10 | x : | active_support.rb:20:10:20:19 | call to classify |
| active_support.rb:24:9:24:18 | call to source : | active_support.rb:25:10:25:10 | x : |
| active_support.rb:25:10:25:10 | x : | active_support.rb:25:10:25:20 | call to dasherize |
| active_support.rb:29:9:29:18 | call to source : | active_support.rb:30:10:30:10 | x : |
| active_support.rb:30:10:30:10 | x : | active_support.rb:30:10:30:24 | call to deconstantize |
| active_support.rb:34:9:34:18 | call to source : | active_support.rb:35:10:35:10 | x : |
| active_support.rb:35:10:35:10 | x : | active_support.rb:35:10:35:21 | call to demodulize |
| active_support.rb:39:9:39:18 | call to source : | active_support.rb:40:10:40:10 | x : |
| active_support.rb:40:10:40:10 | x : | active_support.rb:40:10:40:22 | call to foreign_key |
| active_support.rb:44:9:44:18 | call to source : | active_support.rb:45:10:45:10 | x : |
| active_support.rb:45:10:45:10 | x : | active_support.rb:45:10:45:19 | call to humanize |
| active_support.rb:49:9:49:18 | call to source : | active_support.rb:50:10:50:10 | x : |
| active_support.rb:50:10:50:10 | x : | active_support.rb:50:10:50:20 | call to indent |
| active_support.rb:54:9:54:18 | call to source : | active_support.rb:55:10:55:10 | x : |
| active_support.rb:55:10:55:10 | x : | active_support.rb:55:10:55:23 | call to parameterize |
| active_support.rb:59:9:59:18 | call to source : | active_support.rb:60:10:60:10 | x : |
| active_support.rb:60:10:60:10 | x : | active_support.rb:60:10:60:20 | call to pluralize |
| active_support.rb:64:9:64:18 | call to source : | active_support.rb:65:10:65:10 | x : |
| active_support.rb:65:10:65:10 | x : | active_support.rb:65:10:65:22 | call to singularize |
| active_support.rb:69:9:69:18 | call to source : | active_support.rb:70:10:70:10 | x : |
| active_support.rb:70:10:70:10 | x : | active_support.rb:70:10:70:17 | call to squish |
| active_support.rb:74:9:74:18 | call to source : | active_support.rb:75:10:75:10 | x : |
| active_support.rb:75:10:75:10 | x : | active_support.rb:75:10:75:24 | call to strip_heredoc |
| active_support.rb:79:9:79:18 | call to source : | active_support.rb:80:10:80:10 | x : |
| active_support.rb:80:10:80:10 | x : | active_support.rb:80:10:80:19 | call to tableize |
| active_support.rb:84:9:84:18 | call to source : | active_support.rb:85:10:85:10 | x : |
| active_support.rb:85:10:85:10 | x : | active_support.rb:85:10:85:20 | call to titlecase |
| active_support.rb:89:9:89:18 | call to source : | active_support.rb:90:10:90:10 | x : |
| active_support.rb:90:10:90:10 | x : | active_support.rb:90:10:90:19 | call to titleize |
| active_support.rb:94:9:94:18 | call to source : | active_support.rb:95:10:95:10 | x : |
| active_support.rb:95:10:95:10 | x : | active_support.rb:95:10:95:21 | call to underscore |
| active_support.rb:99:9:99:18 | call to source : | active_support.rb:100:10:100:10 | x : |
| active_support.rb:100:10:100:10 | x : | active_support.rb:100:10:100:23 | call to upcase_first |
| active_support.rb:104:10:104:17 | call to source : | active_support.rb:105:9:105:9 | x [element 0] : |
| active_support.rb:104:10:104:17 | call to source : | active_support.rb:105:9:105:9 | x [element 0] : |
| active_support.rb:105:9:105:9 | x [element 0] : | active_support.rb:105:9:105:23 | call to compact_blank [element] : |
| active_support.rb:105:9:105:9 | x [element 0] : | active_support.rb:105:9:105:23 | call to compact_blank [element] : |
| active_support.rb:105:9:105:23 | call to compact_blank [element] : | active_support.rb:106:10:106:10 | y [element] : |
| active_support.rb:105:9:105:23 | call to compact_blank [element] : | active_support.rb:106:10:106:10 | y [element] : |
| active_support.rb:106:10:106:10 | y [element] : | active_support.rb:106:10:106:13 | ...[...] |
| active_support.rb:106:10:106:10 | y [element] : | active_support.rb:106:10:106:13 | ...[...] |
| active_support.rb:110:10:110:18 | call to source : | active_support.rb:111:9:111:9 | x [element 0] : |
| active_support.rb:110:10:110:18 | call to source : | active_support.rb:111:9:111:9 | x [element 0] : |
| active_support.rb:111:9:111:9 | x [element 0] : | active_support.rb:111:9:111:21 | call to excluding [element] : |
| active_support.rb:111:9:111:9 | x [element 0] : | active_support.rb:111:9:111:21 | call to excluding [element] : |
| active_support.rb:111:9:111:21 | call to excluding [element] : | active_support.rb:112:10:112:10 | y [element] : |
| active_support.rb:111:9:111:21 | call to excluding [element] : | active_support.rb:112:10:112:10 | y [element] : |
| active_support.rb:112:10:112:10 | y [element] : | active_support.rb:112:10:112:13 | ...[...] |
| active_support.rb:112:10:112:10 | y [element] : | active_support.rb:112:10:112:13 | ...[...] |
| active_support.rb:116:10:116:18 | call to source : | active_support.rb:117:9:117:9 | x [element 0] : |
| active_support.rb:116:10:116:18 | call to source : | active_support.rb:117:9:117:9 | x [element 0] : |
| active_support.rb:117:9:117:9 | x [element 0] : | active_support.rb:117:9:117:19 | call to without [element] : |
| active_support.rb:117:9:117:9 | x [element 0] : | active_support.rb:117:9:117:19 | call to without [element] : |
| active_support.rb:117:9:117:19 | call to without [element] : | active_support.rb:118:10:118:10 | y [element] : |
| active_support.rb:117:9:117:19 | call to without [element] : | active_support.rb:118:10:118:10 | y [element] : |
| active_support.rb:118:10:118:10 | y [element] : | active_support.rb:118:10:118:13 | ...[...] |
| active_support.rb:118:10:118:10 | y [element] : | active_support.rb:118:10:118:13 | ...[...] |
| active_support.rb:122:10:122:18 | call to source : | active_support.rb:123:9:123:9 | x [element 0] : |
| active_support.rb:122:10:122:18 | call to source : | active_support.rb:123:9:123:9 | x [element 0] : |
| active_support.rb:123:9:123:9 | x [element 0] : | active_support.rb:123:9:123:37 | call to in_order_of [element] : |
| active_support.rb:123:9:123:9 | x [element 0] : | active_support.rb:123:9:123:37 | call to in_order_of [element] : |
| active_support.rb:123:9:123:37 | call to in_order_of [element] : | active_support.rb:124:10:124:10 | y [element] : |
| active_support.rb:123:9:123:37 | call to in_order_of [element] : | active_support.rb:124:10:124:10 | y [element] : |
| active_support.rb:124:10:124:10 | y [element] : | active_support.rb:124:10:124:13 | ...[...] |
| active_support.rb:124:10:124:10 | y [element] : | active_support.rb:124:10:124:13 | ...[...] |
| active_support.rb:128:10:128:18 | call to source : | active_support.rb:129:9:129:9 | a [element 0] : |
| active_support.rb:128:10:128:18 | call to source : | active_support.rb:129:9:129:9 | a [element 0] : |
| active_support.rb:128:10:128:18 | call to source : | active_support.rb:130:10:130:10 | a [element 0] : |
| active_support.rb:128:10:128:18 | call to source : | active_support.rb:130:10:130:10 | a [element 0] : |
| active_support.rb:129:9:129:9 | a [element 0] : | active_support.rb:129:9:129:41 | call to including [element 0] : |
| active_support.rb:129:9:129:9 | a [element 0] : | active_support.rb:129:9:129:41 | call to including [element 0] : |
| active_support.rb:129:9:129:41 | call to including [element 0] : | active_support.rb:132:10:132:10 | b [element 0] : |
| active_support.rb:129:9:129:41 | call to including [element 0] : | active_support.rb:132:10:132:10 | b [element 0] : |
| active_support.rb:129:9:129:41 | call to including [element] : | active_support.rb:132:10:132:10 | b [element] : |
| active_support.rb:129:9:129:41 | call to including [element] : | active_support.rb:132:10:132:10 | b [element] : |
| active_support.rb:129:9:129:41 | call to including [element] : | active_support.rb:133:10:133:10 | b [element] : |
| active_support.rb:129:9:129:41 | call to including [element] : | active_support.rb:133:10:133:10 | b [element] : |
| active_support.rb:129:9:129:41 | call to including [element] : | active_support.rb:134:10:134:10 | b [element] : |
| active_support.rb:129:9:129:41 | call to including [element] : | active_support.rb:134:10:134:10 | b [element] : |
| active_support.rb:129:9:129:41 | call to including [element] : | active_support.rb:135:10:135:10 | b [element] : |
| active_support.rb:129:9:129:41 | call to including [element] : | active_support.rb:135:10:135:10 | b [element] : |
| active_support.rb:129:21:129:29 | call to source : | active_support.rb:129:9:129:41 | call to including [element] : |
| active_support.rb:129:21:129:29 | call to source : | active_support.rb:129:9:129:41 | call to including [element] : |
| active_support.rb:129:32:129:40 | call to source : | active_support.rb:129:9:129:41 | call to including [element] : |
| active_support.rb:129:32:129:40 | call to source : | active_support.rb:129:9:129:41 | call to including [element] : |
| active_support.rb:130:10:130:10 | a [element 0] : | active_support.rb:130:10:130:13 | ...[...] |
| active_support.rb:130:10:130:10 | a [element 0] : | active_support.rb:130:10:130:13 | ...[...] |
| active_support.rb:132:10:132:10 | b [element 0] : | active_support.rb:132:10:132:13 | ...[...] |
| active_support.rb:132:10:132:10 | b [element 0] : | active_support.rb:132:10:132:13 | ...[...] |
| active_support.rb:132:10:132:10 | b [element] : | active_support.rb:132:10:132:13 | ...[...] |
| active_support.rb:132:10:132:10 | b [element] : | active_support.rb:132:10:132:13 | ...[...] |
| active_support.rb:133:10:133:10 | b [element] : | active_support.rb:133:10:133:13 | ...[...] |
| active_support.rb:133:10:133:10 | b [element] : | active_support.rb:133:10:133:13 | ...[...] |
| active_support.rb:134:10:134:10 | b [element] : | active_support.rb:134:10:134:13 | ...[...] |
| active_support.rb:134:10:134:10 | b [element] : | active_support.rb:134:10:134:13 | ...[...] |
| active_support.rb:135:10:135:10 | b [element] : | active_support.rb:135:10:135:13 | ...[...] |
| active_support.rb:135:10:135:10 | b [element] : | active_support.rb:135:10:135:13 | ...[...] |
| active_support.rb:139:7:139:16 | call to source : | active_support.rb:140:34:140:34 | x : |
| active_support.rb:140:7:140:35 | call to new : | active_support.rb:141:8:141:8 | y |
| active_support.rb:140:34:140:34 | x : | active_support.rb:140:7:140:35 | call to new : |
| active_support.rb:146:7:146:16 | call to source : | active_support.rb:147:21:147:21 | b : |
| active_support.rb:147:7:147:22 | call to safe_concat : | active_support.rb:148:8:148:8 | y |
| active_support.rb:147:21:147:21 | b : | active_support.rb:147:7:147:22 | call to safe_concat : |
| active_support.rb:153:7:153:16 | call to source : | active_support.rb:154:17:154:17 | b : |
| active_support.rb:154:3:154:3 | [post] x : | active_support.rb:155:8:155:8 | x |
| active_support.rb:154:17:154:17 | b : | active_support.rb:154:3:154:3 | [post] x : |
| active_support.rb:159:7:159:16 | call to source : | active_support.rb:161:34:161:34 | a : |
| active_support.rb:161:7:161:35 | call to new : | active_support.rb:162:7:162:7 | x : |
| active_support.rb:161:34:161:34 | a : | active_support.rb:161:7:161:35 | call to new : |
| active_support.rb:162:7:162:7 | x : | active_support.rb:162:7:162:17 | call to concat : |
| active_support.rb:162:7:162:17 | call to concat : | active_support.rb:163:8:163:8 | y |
| active_support.rb:167:7:167:16 | call to source : | active_support.rb:169:34:169:34 | a : |
| active_support.rb:169:7:169:35 | call to new : | active_support.rb:170:7:170:7 | x : |
| active_support.rb:169:34:169:34 | a : | active_support.rb:169:7:169:35 | call to new : |
| active_support.rb:170:7:170:7 | x : | active_support.rb:170:7:170:20 | call to insert : |
| active_support.rb:170:7:170:20 | call to insert : | active_support.rb:171:8:171:8 | y |
| active_support.rb:175:7:175:16 | call to source : | active_support.rb:177:34:177:34 | a : |
| active_support.rb:177:7:177:35 | call to new : | active_support.rb:178:7:178:7 | x : |
| active_support.rb:177:34:177:34 | a : | active_support.rb:177:7:177:35 | call to new : |
| active_support.rb:178:7:178:7 | x : | active_support.rb:178:7:178:18 | call to prepend : |
| active_support.rb:178:7:178:18 | call to prepend : | active_support.rb:179:8:179:8 | y |
| active_support.rb:183:7:183:16 | call to source : | active_support.rb:184:34:184:34 | a : |
| active_support.rb:184:7:184:35 | call to new : | active_support.rb:185:7:185:7 | x : |
| active_support.rb:184:34:184:34 | a : | active_support.rb:184:7:184:35 | call to new : |
| active_support.rb:185:7:185:7 | x : | active_support.rb:185:7:185:12 | call to to_s : |
| active_support.rb:185:7:185:12 | call to to_s : | active_support.rb:186:8:186:8 | y |
| active_support.rb:190:7:190:16 | call to source : | active_support.rb:191:34:191:34 | a : |
| active_support.rb:191:7:191:35 | call to new : | active_support.rb:192:7:192:7 | x : |
| active_support.rb:191:34:191:34 | a : | active_support.rb:191:7:191:35 | call to new : |
| active_support.rb:192:7:192:7 | x : | active_support.rb:192:7:192:16 | call to to_param : |
| active_support.rb:192:7:192:16 | call to to_param : | active_support.rb:193:8:193:8 | y |
| active_support.rb:197:7:197:16 | call to source : | active_support.rb:198:20:198:20 | a : |
| active_support.rb:198:7:198:21 | call to new : | active_support.rb:199:7:199:7 | x : |
| active_support.rb:198:20:198:20 | a : | active_support.rb:198:7:198:21 | call to new : |
| active_support.rb:199:7:199:7 | x : | active_support.rb:199:7:199:17 | call to existence : |
| active_support.rb:199:7:199:17 | call to existence : | active_support.rb:200:8:200:8 | y |
| active_support.rb:199:7:199:17 | call to existence : | active_support.rb:201:7:201:7 | y : |
| active_support.rb:201:7:201:7 | y : | active_support.rb:201:7:201:17 | call to existence : |
| active_support.rb:201:7:201:17 | call to existence : | active_support.rb:202:8:202:8 | z |
| active_support.rb:10:9:10:18 | call to source : | active_support.rb:11:10:11:10 | x : |
| active_support.rb:11:10:11:10 | x : | active_support.rb:11:10:11:19 | call to at |
| active_support.rb:15:9:15:18 | call to source : | active_support.rb:16:10:16:10 | x : |
| active_support.rb:16:10:16:10 | x : | active_support.rb:16:10:16:19 | call to camelize |
| active_support.rb:20:9:20:18 | call to source : | active_support.rb:21:10:21:10 | x : |
| active_support.rb:21:10:21:10 | x : | active_support.rb:21:10:21:20 | call to camelcase |
| active_support.rb:25:9:25:18 | call to source : | active_support.rb:26:10:26:10 | x : |
| active_support.rb:26:10:26:10 | x : | active_support.rb:26:10:26:19 | call to classify |
| active_support.rb:30:9:30:18 | call to source : | active_support.rb:31:10:31:10 | x : |
| active_support.rb:31:10:31:10 | x : | active_support.rb:31:10:31:20 | call to dasherize |
| active_support.rb:35:9:35:18 | call to source : | active_support.rb:36:10:36:10 | x : |
| active_support.rb:36:10:36:10 | x : | active_support.rb:36:10:36:24 | call to deconstantize |
| active_support.rb:40:9:40:18 | call to source : | active_support.rb:41:10:41:10 | x : |
| active_support.rb:41:10:41:10 | x : | active_support.rb:41:10:41:21 | call to demodulize |
| active_support.rb:45:9:45:18 | call to source : | active_support.rb:46:10:46:10 | x : |
| active_support.rb:46:10:46:10 | x : | active_support.rb:46:10:46:19 | call to first |
| active_support.rb:50:9:50:18 | call to source : | active_support.rb:51:10:51:10 | x : |
| active_support.rb:51:10:51:10 | x : | active_support.rb:51:10:51:22 | call to foreign_key |
| active_support.rb:55:9:55:18 | call to source : | active_support.rb:56:10:56:10 | x : |
| active_support.rb:56:10:56:10 | x : | active_support.rb:56:10:56:18 | call to from |
| active_support.rb:60:9:60:18 | call to source : | active_support.rb:61:10:61:10 | x : |
| active_support.rb:61:10:61:10 | x : | active_support.rb:61:10:61:20 | call to html_safe |
| active_support.rb:65:9:65:18 | call to source : | active_support.rb:66:10:66:10 | x : |
| active_support.rb:66:10:66:10 | x : | active_support.rb:66:10:66:19 | call to humanize |
| active_support.rb:70:9:70:18 | call to source : | active_support.rb:71:10:71:10 | x : |
| active_support.rb:71:10:71:10 | x : | active_support.rb:71:10:71:20 | call to indent |
| active_support.rb:75:9:75:18 | call to source : | active_support.rb:76:10:76:10 | x : |
| active_support.rb:76:10:76:10 | x : | active_support.rb:76:10:76:21 | call to indent! |
| active_support.rb:80:9:80:18 | call to source : | active_support.rb:81:10:81:10 | x : |
| active_support.rb:81:10:81:10 | x : | active_support.rb:81:10:81:18 | call to inquiry |
| active_support.rb:85:9:85:18 | call to source : | active_support.rb:86:10:86:10 | x : |
| active_support.rb:86:10:86:10 | x : | active_support.rb:86:10:86:18 | call to last |
| active_support.rb:90:9:90:18 | call to source : | active_support.rb:91:10:91:10 | x : |
| active_support.rb:91:10:91:10 | x : | active_support.rb:91:10:91:19 | call to mb_chars |
| active_support.rb:95:9:95:18 | call to source : | active_support.rb:96:10:96:10 | x : |
| active_support.rb:96:10:96:10 | x : | active_support.rb:96:10:96:23 | call to parameterize |
| active_support.rb:100:9:100:18 | call to source : | active_support.rb:101:10:101:10 | x : |
| active_support.rb:101:10:101:10 | x : | active_support.rb:101:10:101:20 | call to pluralize |
| active_support.rb:105:9:105:18 | call to source : | active_support.rb:106:10:106:10 | x : |
| active_support.rb:106:10:106:10 | x : | active_support.rb:106:10:106:24 | call to remove |
| active_support.rb:110:9:110:18 | call to source : | active_support.rb:111:10:111:10 | x : |
| active_support.rb:111:10:111:10 | x : | active_support.rb:111:10:111:25 | call to remove! |
| active_support.rb:115:9:115:18 | call to source : | active_support.rb:116:10:116:10 | x : |
| active_support.rb:116:10:116:10 | x : | active_support.rb:116:10:116:22 | call to singularize |
| active_support.rb:120:9:120:18 | call to source : | active_support.rb:121:10:121:10 | x : |
| active_support.rb:121:10:121:10 | x : | active_support.rb:121:10:121:17 | call to squish |
| active_support.rb:125:9:125:18 | call to source : | active_support.rb:126:10:126:10 | x : |
| active_support.rb:126:10:126:10 | x : | active_support.rb:126:10:126:18 | call to squish! |
| active_support.rb:130:9:130:18 | call to source : | active_support.rb:131:10:131:10 | x : |
| active_support.rb:131:10:131:10 | x : | active_support.rb:131:10:131:24 | call to strip_heredoc |
| active_support.rb:135:9:135:18 | call to source : | active_support.rb:136:10:136:10 | x : |
| active_support.rb:136:10:136:10 | x : | active_support.rb:136:10:136:19 | call to tableize |
| active_support.rb:140:9:140:18 | call to source : | active_support.rb:141:10:141:10 | x : |
| active_support.rb:141:10:141:10 | x : | active_support.rb:141:10:141:20 | call to titlecase |
| active_support.rb:145:9:145:18 | call to source : | active_support.rb:146:10:146:10 | x : |
| active_support.rb:146:10:146:10 | x : | active_support.rb:146:10:146:19 | call to titleize |
| active_support.rb:150:9:150:18 | call to source : | active_support.rb:151:10:151:10 | x : |
| active_support.rb:151:10:151:10 | x : | active_support.rb:151:10:151:16 | call to to |
| active_support.rb:155:9:155:18 | call to source : | active_support.rb:156:10:156:10 | x : |
| active_support.rb:156:10:156:10 | x : | active_support.rb:156:10:156:22 | call to truncate |
| active_support.rb:160:9:160:18 | call to source : | active_support.rb:161:10:161:10 | x : |
| active_support.rb:161:10:161:10 | x : | active_support.rb:161:10:161:28 | call to truncate_bytes |
| active_support.rb:165:9:165:18 | call to source : | active_support.rb:166:10:166:10 | x : |
| active_support.rb:166:10:166:10 | x : | active_support.rb:166:10:166:28 | call to truncate_words |
| active_support.rb:170:9:170:18 | call to source : | active_support.rb:171:10:171:10 | x : |
| active_support.rb:171:10:171:10 | x : | active_support.rb:171:10:171:21 | call to underscore |
| active_support.rb:175:9:175:18 | call to source : | active_support.rb:176:10:176:10 | x : |
| active_support.rb:176:10:176:10 | x : | active_support.rb:176:10:176:23 | call to upcase_first |
| active_support.rb:180:10:180:17 | call to source : | active_support.rb:181:9:181:9 | x [element 0] : |
| active_support.rb:180:10:180:17 | call to source : | active_support.rb:181:9:181:9 | x [element 0] : |
| active_support.rb:181:9:181:9 | x [element 0] : | active_support.rb:181:9:181:23 | call to compact_blank [element] : |
| active_support.rb:181:9:181:9 | x [element 0] : | active_support.rb:181:9:181:23 | call to compact_blank [element] : |
| active_support.rb:181:9:181:23 | call to compact_blank [element] : | active_support.rb:182:10:182:10 | y [element] : |
| active_support.rb:181:9:181:23 | call to compact_blank [element] : | active_support.rb:182:10:182:10 | y [element] : |
| active_support.rb:182:10:182:10 | y [element] : | active_support.rb:182:10:182:13 | ...[...] |
| active_support.rb:182:10:182:10 | y [element] : | active_support.rb:182:10:182:13 | ...[...] |
| active_support.rb:186:10:186:18 | call to source : | active_support.rb:187:9:187:9 | x [element 0] : |
| active_support.rb:186:10:186:18 | call to source : | active_support.rb:187:9:187:9 | x [element 0] : |
| active_support.rb:187:9:187:9 | x [element 0] : | active_support.rb:187:9:187:21 | call to excluding [element] : |
| active_support.rb:187:9:187:9 | x [element 0] : | active_support.rb:187:9:187:21 | call to excluding [element] : |
| active_support.rb:187:9:187:21 | call to excluding [element] : | active_support.rb:188:10:188:10 | y [element] : |
| active_support.rb:187:9:187:21 | call to excluding [element] : | active_support.rb:188:10:188:10 | y [element] : |
| active_support.rb:188:10:188:10 | y [element] : | active_support.rb:188:10:188:13 | ...[...] |
| active_support.rb:188:10:188:10 | y [element] : | active_support.rb:188:10:188:13 | ...[...] |
| active_support.rb:192:10:192:18 | call to source : | active_support.rb:193:9:193:9 | x [element 0] : |
| active_support.rb:192:10:192:18 | call to source : | active_support.rb:193:9:193:9 | x [element 0] : |
| active_support.rb:193:9:193:9 | x [element 0] : | active_support.rb:193:9:193:19 | call to without [element] : |
| active_support.rb:193:9:193:9 | x [element 0] : | active_support.rb:193:9:193:19 | call to without [element] : |
| active_support.rb:193:9:193:19 | call to without [element] : | active_support.rb:194:10:194:10 | y [element] : |
| active_support.rb:193:9:193:19 | call to without [element] : | active_support.rb:194:10:194:10 | y [element] : |
| active_support.rb:194:10:194:10 | y [element] : | active_support.rb:194:10:194:13 | ...[...] |
| active_support.rb:194:10:194:10 | y [element] : | active_support.rb:194:10:194:13 | ...[...] |
| active_support.rb:198:10:198:18 | call to source : | active_support.rb:199:9:199:9 | x [element 0] : |
| active_support.rb:198:10:198:18 | call to source : | active_support.rb:199:9:199:9 | x [element 0] : |
| active_support.rb:199:9:199:9 | x [element 0] : | active_support.rb:199:9:199:37 | call to in_order_of [element] : |
| active_support.rb:199:9:199:9 | x [element 0] : | active_support.rb:199:9:199:37 | call to in_order_of [element] : |
| active_support.rb:199:9:199:37 | call to in_order_of [element] : | active_support.rb:200:10:200:10 | y [element] : |
| active_support.rb:199:9:199:37 | call to in_order_of [element] : | active_support.rb:200:10:200:10 | y [element] : |
| active_support.rb:200:10:200:10 | y [element] : | active_support.rb:200:10:200:13 | ...[...] |
| active_support.rb:200:10:200:10 | y [element] : | active_support.rb:200:10:200:13 | ...[...] |
| active_support.rb:204:10:204:18 | call to source : | active_support.rb:205:9:205:9 | a [element 0] : |
| active_support.rb:204:10:204:18 | call to source : | active_support.rb:205:9:205:9 | a [element 0] : |
| active_support.rb:204:10:204:18 | call to source : | active_support.rb:206:10:206:10 | a [element 0] : |
| active_support.rb:204:10:204:18 | call to source : | active_support.rb:206:10:206:10 | a [element 0] : |
| active_support.rb:205:9:205:9 | a [element 0] : | active_support.rb:205:9:205:41 | call to including [element 0] : |
| active_support.rb:205:9:205:9 | a [element 0] : | active_support.rb:205:9:205:41 | call to including [element 0] : |
| active_support.rb:205:9:205:41 | call to including [element 0] : | active_support.rb:208:10:208:10 | b [element 0] : |
| active_support.rb:205:9:205:41 | call to including [element 0] : | active_support.rb:208:10:208:10 | b [element 0] : |
| active_support.rb:205:9:205:41 | call to including [element] : | active_support.rb:208:10:208:10 | b [element] : |
| active_support.rb:205:9:205:41 | call to including [element] : | active_support.rb:208:10:208:10 | b [element] : |
| active_support.rb:205:9:205:41 | call to including [element] : | active_support.rb:209:10:209:10 | b [element] : |
| active_support.rb:205:9:205:41 | call to including [element] : | active_support.rb:209:10:209:10 | b [element] : |
| active_support.rb:205:9:205:41 | call to including [element] : | active_support.rb:210:10:210:10 | b [element] : |
| active_support.rb:205:9:205:41 | call to including [element] : | active_support.rb:210:10:210:10 | b [element] : |
| active_support.rb:205:9:205:41 | call to including [element] : | active_support.rb:211:10:211:10 | b [element] : |
| active_support.rb:205:9:205:41 | call to including [element] : | active_support.rb:211:10:211:10 | b [element] : |
| active_support.rb:205:21:205:29 | call to source : | active_support.rb:205:9:205:41 | call to including [element] : |
| active_support.rb:205:21:205:29 | call to source : | active_support.rb:205:9:205:41 | call to including [element] : |
| active_support.rb:205:32:205:40 | call to source : | active_support.rb:205:9:205:41 | call to including [element] : |
| active_support.rb:205:32:205:40 | call to source : | active_support.rb:205:9:205:41 | call to including [element] : |
| active_support.rb:206:10:206:10 | a [element 0] : | active_support.rb:206:10:206:13 | ...[...] |
| active_support.rb:206:10:206:10 | a [element 0] : | active_support.rb:206:10:206:13 | ...[...] |
| active_support.rb:208:10:208:10 | b [element 0] : | active_support.rb:208:10:208:13 | ...[...] |
| active_support.rb:208:10:208:10 | b [element 0] : | active_support.rb:208:10:208:13 | ...[...] |
| active_support.rb:208:10:208:10 | b [element] : | active_support.rb:208:10:208:13 | ...[...] |
| active_support.rb:208:10:208:10 | b [element] : | active_support.rb:208:10:208:13 | ...[...] |
| active_support.rb:209:10:209:10 | b [element] : | active_support.rb:209:10:209:13 | ...[...] |
| active_support.rb:209:10:209:10 | b [element] : | active_support.rb:209:10:209:13 | ...[...] |
| active_support.rb:210:10:210:10 | b [element] : | active_support.rb:210:10:210:13 | ...[...] |
| active_support.rb:210:10:210:10 | b [element] : | active_support.rb:210:10:210:13 | ...[...] |
| active_support.rb:211:10:211:10 | b [element] : | active_support.rb:211:10:211:13 | ...[...] |
| active_support.rb:211:10:211:10 | b [element] : | active_support.rb:211:10:211:13 | ...[...] |
| active_support.rb:215:7:215:16 | call to source : | active_support.rb:216:34:216:34 | x : |
| active_support.rb:216:7:216:35 | call to new : | active_support.rb:217:8:217:8 | y |
| active_support.rb:216:34:216:34 | x : | active_support.rb:216:7:216:35 | call to new : |
| active_support.rb:222:7:222:16 | call to source : | active_support.rb:223:21:223:21 | b : |
| active_support.rb:223:7:223:22 | call to safe_concat : | active_support.rb:224:8:224:8 | y |
| active_support.rb:223:21:223:21 | b : | active_support.rb:223:7:223:22 | call to safe_concat : |
| active_support.rb:229:7:229:16 | call to source : | active_support.rb:230:17:230:17 | b : |
| active_support.rb:230:3:230:3 | [post] x : | active_support.rb:231:8:231:8 | x |
| active_support.rb:230:17:230:17 | b : | active_support.rb:230:3:230:3 | [post] x : |
| active_support.rb:235:7:235:16 | call to source : | active_support.rb:237:34:237:34 | a : |
| active_support.rb:237:7:237:35 | call to new : | active_support.rb:238:7:238:7 | x : |
| active_support.rb:237:34:237:34 | a : | active_support.rb:237:7:237:35 | call to new : |
| active_support.rb:238:7:238:7 | x : | active_support.rb:238:7:238:17 | call to concat : |
| active_support.rb:238:7:238:17 | call to concat : | active_support.rb:239:8:239:8 | y |
| active_support.rb:243:7:243:16 | call to source : | active_support.rb:245:34:245:34 | a : |
| active_support.rb:245:7:245:35 | call to new : | active_support.rb:246:7:246:7 | x : |
| active_support.rb:245:34:245:34 | a : | active_support.rb:245:7:245:35 | call to new : |
| active_support.rb:246:7:246:7 | x : | active_support.rb:246:7:246:20 | call to insert : |
| active_support.rb:246:7:246:20 | call to insert : | active_support.rb:247:8:247:8 | y |
| active_support.rb:251:7:251:16 | call to source : | active_support.rb:253:34:253:34 | a : |
| active_support.rb:253:7:253:35 | call to new : | active_support.rb:254:7:254:7 | x : |
| active_support.rb:253:34:253:34 | a : | active_support.rb:253:7:253:35 | call to new : |
| active_support.rb:254:7:254:7 | x : | active_support.rb:254:7:254:18 | call to prepend : |
| active_support.rb:254:7:254:18 | call to prepend : | active_support.rb:255:8:255:8 | y |
| active_support.rb:259:7:259:16 | call to source : | active_support.rb:260:34:260:34 | a : |
| active_support.rb:260:7:260:35 | call to new : | active_support.rb:261:7:261:7 | x : |
| active_support.rb:260:34:260:34 | a : | active_support.rb:260:7:260:35 | call to new : |
| active_support.rb:261:7:261:7 | x : | active_support.rb:261:7:261:12 | call to to_s : |
| active_support.rb:261:7:261:12 | call to to_s : | active_support.rb:262:8:262:8 | y |
| active_support.rb:266:7:266:16 | call to source : | active_support.rb:267:34:267:34 | a : |
| active_support.rb:267:7:267:35 | call to new : | active_support.rb:268:7:268:7 | x : |
| active_support.rb:267:34:267:34 | a : | active_support.rb:267:7:267:35 | call to new : |
| active_support.rb:268:7:268:7 | x : | active_support.rb:268:7:268:16 | call to to_param : |
| active_support.rb:268:7:268:16 | call to to_param : | active_support.rb:269:8:269:8 | y |
| active_support.rb:273:7:273:16 | call to source : | active_support.rb:274:20:274:20 | a : |
| active_support.rb:274:7:274:21 | call to new : | active_support.rb:275:7:275:7 | x : |
| active_support.rb:274:20:274:20 | a : | active_support.rb:274:7:274:21 | call to new : |
| active_support.rb:275:7:275:7 | x : | active_support.rb:275:7:275:17 | call to existence : |
| active_support.rb:275:7:275:17 | call to existence : | active_support.rb:276:8:276:8 | y |
| active_support.rb:275:7:275:17 | call to existence : | active_support.rb:277:7:277:7 | y : |
| active_support.rb:277:7:277:7 | y : | active_support.rb:277:7:277:17 | call to existence : |
| active_support.rb:277:7:277:17 | call to existence : | active_support.rb:278:8:278:8 | z |
| active_support.rb:282:7:282:16 | call to source : | active_support.rb:283:8:283:8 | x : |
| active_support.rb:282:7:282:16 | call to source : | active_support.rb:283:8:283:8 | x : |
| active_support.rb:283:8:283:8 | x : | active_support.rb:283:8:283:17 | call to presence |
| active_support.rb:283:8:283:8 | x : | active_support.rb:283:8:283:17 | call to presence |
| active_support.rb:285:7:285:16 | call to source : | active_support.rb:286:8:286:8 | y : |
| active_support.rb:285:7:285:16 | call to source : | active_support.rb:286:8:286:8 | y : |
| active_support.rb:286:8:286:8 | y : | active_support.rb:286:8:286:17 | call to presence |
| active_support.rb:286:8:286:8 | y : | active_support.rb:286:8:286:17 | call to presence |
| active_support.rb:290:7:290:16 | call to source : | active_support.rb:291:8:291:8 | x : |
| active_support.rb:290:7:290:16 | call to source : | active_support.rb:291:8:291:8 | x : |
| active_support.rb:291:8:291:8 | x : | active_support.rb:291:8:291:17 | call to deep_dup |
| active_support.rb:291:8:291:8 | x : | active_support.rb:291:8:291:17 | call to deep_dup |
| hash_extensions.rb:2:14:2:24 | call to source : | hash_extensions.rb:3:9:3:9 | h [element :a] : |
| hash_extensions.rb:2:14:2:24 | call to source : | hash_extensions.rb:3:9:3:9 | h [element :a] : |
| hash_extensions.rb:3:9:3:9 | h [element :a] : | hash_extensions.rb:3:9:3:24 | call to stringify_keys [element] : |
| hash_extensions.rb:3:9:3:9 | h [element :a] : | hash_extensions.rb:3:9:3:24 | call to stringify_keys [element] : |
| hash_extensions.rb:3:9:3:24 | call to stringify_keys [element] : | hash_extensions.rb:4:10:4:10 | x [element] : |
| hash_extensions.rb:3:9:3:24 | call to stringify_keys [element] : | hash_extensions.rb:4:10:4:10 | x [element] : |
| hash_extensions.rb:4:10:4:10 | x [element] : | hash_extensions.rb:4:10:4:14 | ...[...] |
| hash_extensions.rb:4:10:4:10 | x [element] : | hash_extensions.rb:4:10:4:14 | ...[...] |
| hash_extensions.rb:10:14:10:24 | call to source : | hash_extensions.rb:11:9:11:9 | h [element :a] : |
| hash_extensions.rb:10:14:10:24 | call to source : | hash_extensions.rb:11:9:11:9 | h [element :a] : |
| hash_extensions.rb:11:9:11:9 | h [element :a] : | hash_extensions.rb:11:9:11:20 | call to to_options [element] : |
| hash_extensions.rb:11:9:11:9 | h [element :a] : | hash_extensions.rb:11:9:11:20 | call to to_options [element] : |
| hash_extensions.rb:11:9:11:20 | call to to_options [element] : | hash_extensions.rb:12:10:12:10 | x [element] : |
| hash_extensions.rb:11:9:11:20 | call to to_options [element] : | hash_extensions.rb:12:10:12:10 | x [element] : |
| hash_extensions.rb:12:10:12:10 | x [element] : | hash_extensions.rb:12:10:12:14 | ...[...] |
| hash_extensions.rb:12:10:12:10 | x [element] : | hash_extensions.rb:12:10:12:14 | ...[...] |
| hash_extensions.rb:18:14:18:24 | call to source : | hash_extensions.rb:19:9:19:9 | h [element :a] : |
| hash_extensions.rb:18:14:18:24 | call to source : | hash_extensions.rb:19:9:19:9 | h [element :a] : |
| hash_extensions.rb:19:9:19:9 | h [element :a] : | hash_extensions.rb:19:9:19:24 | call to symbolize_keys [element] : |
| hash_extensions.rb:19:9:19:9 | h [element :a] : | hash_extensions.rb:19:9:19:24 | call to symbolize_keys [element] : |
| hash_extensions.rb:19:9:19:24 | call to symbolize_keys [element] : | hash_extensions.rb:20:10:20:10 | x [element] : |
| hash_extensions.rb:19:9:19:24 | call to symbolize_keys [element] : | hash_extensions.rb:20:10:20:10 | x [element] : |
| hash_extensions.rb:20:10:20:10 | x [element] : | hash_extensions.rb:20:10:20:14 | ...[...] |
| hash_extensions.rb:20:10:20:10 | x [element] : | hash_extensions.rb:20:10:20:14 | ...[...] |
| hash_extensions.rb:26:14:26:24 | call to source : | hash_extensions.rb:27:9:27:9 | h [element :a] : |
| hash_extensions.rb:26:14:26:24 | call to source : | hash_extensions.rb:27:9:27:9 | h [element :a] : |
| hash_extensions.rb:27:9:27:9 | h [element :a] : | hash_extensions.rb:27:9:27:29 | call to deep_stringify_keys [element] : |
| hash_extensions.rb:27:9:27:9 | h [element :a] : | hash_extensions.rb:27:9:27:29 | call to deep_stringify_keys [element] : |
| hash_extensions.rb:27:9:27:29 | call to deep_stringify_keys [element] : | hash_extensions.rb:28:10:28:10 | x [element] : |
| hash_extensions.rb:27:9:27:29 | call to deep_stringify_keys [element] : | hash_extensions.rb:28:10:28:10 | x [element] : |
| hash_extensions.rb:28:10:28:10 | x [element] : | hash_extensions.rb:28:10:28:14 | ...[...] |
| hash_extensions.rb:28:10:28:10 | x [element] : | hash_extensions.rb:28:10:28:14 | ...[...] |
| hash_extensions.rb:34:14:34:24 | call to source : | hash_extensions.rb:35:9:35:9 | h [element :a] : |
| hash_extensions.rb:34:14:34:24 | call to source : | hash_extensions.rb:35:9:35:9 | h [element :a] : |
| hash_extensions.rb:35:9:35:9 | h [element :a] : | hash_extensions.rb:35:9:35:29 | call to deep_symbolize_keys [element] : |
| hash_extensions.rb:35:9:35:9 | h [element :a] : | hash_extensions.rb:35:9:35:29 | call to deep_symbolize_keys [element] : |
| hash_extensions.rb:35:9:35:29 | call to deep_symbolize_keys [element] : | hash_extensions.rb:36:10:36:10 | x [element] : |
| hash_extensions.rb:35:9:35:29 | call to deep_symbolize_keys [element] : | hash_extensions.rb:36:10:36:10 | x [element] : |
| hash_extensions.rb:36:10:36:10 | x [element] : | hash_extensions.rb:36:10:36:14 | ...[...] |
| hash_extensions.rb:36:10:36:10 | x [element] : | hash_extensions.rb:36:10:36:14 | ...[...] |
| hash_extensions.rb:42:14:42:24 | call to source : | hash_extensions.rb:43:9:43:9 | h [element :a] : |
| hash_extensions.rb:42:14:42:24 | call to source : | hash_extensions.rb:43:9:43:9 | h [element :a] : |
| hash_extensions.rb:43:9:43:9 | h [element :a] : | hash_extensions.rb:43:9:43:33 | call to with_indifferent_access [element] : |
| hash_extensions.rb:43:9:43:9 | h [element :a] : | hash_extensions.rb:43:9:43:33 | call to with_indifferent_access [element] : |
| hash_extensions.rb:43:9:43:33 | call to with_indifferent_access [element] : | hash_extensions.rb:44:10:44:10 | x [element] : |
| hash_extensions.rb:43:9:43:33 | call to with_indifferent_access [element] : | hash_extensions.rb:44:10:44:10 | x [element] : |
| hash_extensions.rb:44:10:44:10 | x [element] : | hash_extensions.rb:44:10:44:14 | ...[...] |
| hash_extensions.rb:44:10:44:10 | x [element] : | hash_extensions.rb:44:10:44:14 | ...[...] |
| hash_extensions.rb:50:14:50:23 | call to taint : | hash_extensions.rb:51:9:51:9 | h [element :a] : |
| hash_extensions.rb:50:14:50:23 | call to taint : | hash_extensions.rb:51:9:51:9 | h [element :a] : |
| hash_extensions.rb:50:29:50:38 | call to taint : | hash_extensions.rb:51:9:51:9 | h [element :b] : |
| hash_extensions.rb:50:29:50:38 | call to taint : | hash_extensions.rb:51:9:51:9 | h [element :b] : |
| hash_extensions.rb:50:52:50:61 | call to taint : | hash_extensions.rb:51:9:51:9 | h [element :d] : |
| hash_extensions.rb:50:52:50:61 | call to taint : | hash_extensions.rb:51:9:51:9 | h [element :d] : |
| hash_extensions.rb:51:9:51:9 | [post] h [element :d] : | hash_extensions.rb:56:10:56:10 | h [element :d] : |
| hash_extensions.rb:51:9:51:9 | [post] h [element :d] : | hash_extensions.rb:56:10:56:10 | h [element :d] : |
| hash_extensions.rb:51:9:51:9 | h [element :a] : | hash_extensions.rb:51:9:51:29 | call to extract! [element :a] : |
| hash_extensions.rb:51:9:51:9 | h [element :a] : | hash_extensions.rb:51:9:51:29 | call to extract! [element :a] : |
| hash_extensions.rb:51:9:51:9 | h [element :b] : | hash_extensions.rb:51:9:51:29 | call to extract! [element :b] : |
| hash_extensions.rb:51:9:51:9 | h [element :b] : | hash_extensions.rb:51:9:51:29 | call to extract! [element :b] : |
| hash_extensions.rb:51:9:51:9 | h [element :d] : | hash_extensions.rb:51:9:51:9 | [post] h [element :d] : |
| hash_extensions.rb:51:9:51:9 | h [element :d] : | hash_extensions.rb:51:9:51:9 | [post] h [element :d] : |
| hash_extensions.rb:51:9:51:29 | call to extract! [element :a] : | hash_extensions.rb:58:10:58:10 | x [element :a] : |
| hash_extensions.rb:51:9:51:29 | call to extract! [element :a] : | hash_extensions.rb:58:10:58:10 | x [element :a] : |
| hash_extensions.rb:51:9:51:29 | call to extract! [element :b] : | hash_extensions.rb:59:10:59:10 | x [element :b] : |
| hash_extensions.rb:51:9:51:29 | call to extract! [element :b] : | hash_extensions.rb:59:10:59:10 | x [element :b] : |
| hash_extensions.rb:56:10:56:10 | h [element :d] : | hash_extensions.rb:56:10:56:14 | ...[...] |
| hash_extensions.rb:56:10:56:10 | h [element :d] : | hash_extensions.rb:56:10:56:14 | ...[...] |
| hash_extensions.rb:58:10:58:10 | x [element :a] : | hash_extensions.rb:58:10:58:14 | ...[...] |
| hash_extensions.rb:58:10:58:10 | x [element :a] : | hash_extensions.rb:58:10:58:14 | ...[...] |
| hash_extensions.rb:59:10:59:10 | x [element :b] : | hash_extensions.rb:59:10:59:14 | ...[...] |
| hash_extensions.rb:59:10:59:10 | x [element :b] : | hash_extensions.rb:59:10:59:14 | ...[...] |
nodes
| active_support.rb:9:9:9:18 | call to source : | semmle.label | call to source : |
| active_support.rb:10:10:10:10 | x : | semmle.label | x : |
| active_support.rb:10:10:10:19 | call to camelize | semmle.label | call to camelize |
| active_support.rb:14:9:14:18 | call to source : | semmle.label | call to source : |
| active_support.rb:15:10:15:10 | x : | semmle.label | x : |
| active_support.rb:15:10:15:20 | call to camelcase | semmle.label | call to camelcase |
| active_support.rb:19:9:19:18 | call to source : | semmle.label | call to source : |
| active_support.rb:20:10:20:10 | x : | semmle.label | x : |
| active_support.rb:20:10:20:19 | call to classify | semmle.label | call to classify |
| active_support.rb:24:9:24:18 | call to source : | semmle.label | call to source : |
| active_support.rb:25:10:25:10 | x : | semmle.label | x : |
| active_support.rb:25:10:25:20 | call to dasherize | semmle.label | call to dasherize |
| active_support.rb:29:9:29:18 | call to source : | semmle.label | call to source : |
| active_support.rb:30:10:30:10 | x : | semmle.label | x : |
| active_support.rb:30:10:30:24 | call to deconstantize | semmle.label | call to deconstantize |
| active_support.rb:34:9:34:18 | call to source : | semmle.label | call to source : |
| active_support.rb:35:10:35:10 | x : | semmle.label | x : |
| active_support.rb:35:10:35:21 | call to demodulize | semmle.label | call to demodulize |
| active_support.rb:39:9:39:18 | call to source : | semmle.label | call to source : |
| active_support.rb:40:10:40:10 | x : | semmle.label | x : |
| active_support.rb:40:10:40:22 | call to foreign_key | semmle.label | call to foreign_key |
| active_support.rb:44:9:44:18 | call to source : | semmle.label | call to source : |
| active_support.rb:45:10:45:10 | x : | semmle.label | x : |
| active_support.rb:45:10:45:19 | call to humanize | semmle.label | call to humanize |
| active_support.rb:49:9:49:18 | call to source : | semmle.label | call to source : |
| active_support.rb:50:10:50:10 | x : | semmle.label | x : |
| active_support.rb:50:10:50:20 | call to indent | semmle.label | call to indent |
| active_support.rb:54:9:54:18 | call to source : | semmle.label | call to source : |
| active_support.rb:55:10:55:10 | x : | semmle.label | x : |
| active_support.rb:55:10:55:23 | call to parameterize | semmle.label | call to parameterize |
| active_support.rb:59:9:59:18 | call to source : | semmle.label | call to source : |
| active_support.rb:60:10:60:10 | x : | semmle.label | x : |
| active_support.rb:60:10:60:20 | call to pluralize | semmle.label | call to pluralize |
| active_support.rb:64:9:64:18 | call to source : | semmle.label | call to source : |
| active_support.rb:65:10:65:10 | x : | semmle.label | x : |
| active_support.rb:65:10:65:22 | call to singularize | semmle.label | call to singularize |
| active_support.rb:69:9:69:18 | call to source : | semmle.label | call to source : |
| active_support.rb:70:10:70:10 | x : | semmle.label | x : |
| active_support.rb:70:10:70:17 | call to squish | semmle.label | call to squish |
| active_support.rb:74:9:74:18 | call to source : | semmle.label | call to source : |
| active_support.rb:75:10:75:10 | x : | semmle.label | x : |
| active_support.rb:75:10:75:24 | call to strip_heredoc | semmle.label | call to strip_heredoc |
| active_support.rb:79:9:79:18 | call to source : | semmle.label | call to source : |
| active_support.rb:80:10:80:10 | x : | semmle.label | x : |
| active_support.rb:80:10:80:19 | call to tableize | semmle.label | call to tableize |
| active_support.rb:84:9:84:18 | call to source : | semmle.label | call to source : |
| active_support.rb:85:10:85:10 | x : | semmle.label | x : |
| active_support.rb:85:10:85:20 | call to titlecase | semmle.label | call to titlecase |
| active_support.rb:89:9:89:18 | call to source : | semmle.label | call to source : |
| active_support.rb:90:10:90:10 | x : | semmle.label | x : |
| active_support.rb:90:10:90:19 | call to titleize | semmle.label | call to titleize |
| active_support.rb:94:9:94:18 | call to source : | semmle.label | call to source : |
| active_support.rb:95:10:95:10 | x : | semmle.label | x : |
| active_support.rb:95:10:95:21 | call to underscore | semmle.label | call to underscore |
| active_support.rb:99:9:99:18 | call to source : | semmle.label | call to source : |
| active_support.rb:100:10:100:10 | x : | semmle.label | x : |
| active_support.rb:100:10:100:23 | call to upcase_first | semmle.label | call to upcase_first |
| active_support.rb:104:10:104:17 | call to source : | semmle.label | call to source : |
| active_support.rb:104:10:104:17 | call to source : | semmle.label | call to source : |
| active_support.rb:105:9:105:9 | x [element 0] : | semmle.label | x [element 0] : |
| active_support.rb:105:9:105:9 | x [element 0] : | semmle.label | x [element 0] : |
| active_support.rb:105:9:105:23 | call to compact_blank [element] : | semmle.label | call to compact_blank [element] : |
| active_support.rb:105:9:105:23 | call to compact_blank [element] : | semmle.label | call to compact_blank [element] : |
| active_support.rb:106:10:106:10 | y [element] : | semmle.label | y [element] : |
| active_support.rb:106:10:106:10 | y [element] : | semmle.label | y [element] : |
| active_support.rb:106:10:106:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:106:10:106:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:110:10:110:18 | call to source : | semmle.label | call to source : |
| active_support.rb:110:10:110:18 | call to source : | semmle.label | call to source : |
| active_support.rb:111:9:111:9 | x [element 0] : | semmle.label | x [element 0] : |
| active_support.rb:111:9:111:9 | x [element 0] : | semmle.label | x [element 0] : |
| active_support.rb:111:9:111:21 | call to excluding [element] : | semmle.label | call to excluding [element] : |
| active_support.rb:111:9:111:21 | call to excluding [element] : | semmle.label | call to excluding [element] : |
| active_support.rb:112:10:112:10 | y [element] : | semmle.label | y [element] : |
| active_support.rb:112:10:112:10 | y [element] : | semmle.label | y [element] : |
| active_support.rb:112:10:112:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:112:10:112:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:116:10:116:18 | call to source : | semmle.label | call to source : |
| active_support.rb:116:10:116:18 | call to source : | semmle.label | call to source : |
| active_support.rb:117:9:117:9 | x [element 0] : | semmle.label | x [element 0] : |
| active_support.rb:117:9:117:9 | x [element 0] : | semmle.label | x [element 0] : |
| active_support.rb:117:9:117:19 | call to without [element] : | semmle.label | call to without [element] : |
| active_support.rb:117:9:117:19 | call to without [element] : | semmle.label | call to without [element] : |
| active_support.rb:118:10:118:10 | y [element] : | semmle.label | y [element] : |
| active_support.rb:118:10:118:10 | y [element] : | semmle.label | y [element] : |
| active_support.rb:118:10:118:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:118:10:118:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:122:10:122:18 | call to source : | semmle.label | call to source : |
| active_support.rb:122:10:122:18 | call to source : | semmle.label | call to source : |
| active_support.rb:123:9:123:9 | x [element 0] : | semmle.label | x [element 0] : |
| active_support.rb:123:9:123:9 | x [element 0] : | semmle.label | x [element 0] : |
| active_support.rb:123:9:123:37 | call to in_order_of [element] : | semmle.label | call to in_order_of [element] : |
| active_support.rb:123:9:123:37 | call to in_order_of [element] : | semmle.label | call to in_order_of [element] : |
| active_support.rb:124:10:124:10 | y [element] : | semmle.label | y [element] : |
| active_support.rb:124:10:124:10 | y [element] : | semmle.label | y [element] : |
| active_support.rb:124:10:124:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:124:10:124:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:128:10:128:18 | call to source : | semmle.label | call to source : |
| active_support.rb:128:10:128:18 | call to source : | semmle.label | call to source : |
| active_support.rb:129:9:129:9 | a [element 0] : | semmle.label | a [element 0] : |
| active_support.rb:129:9:129:9 | a [element 0] : | semmle.label | a [element 0] : |
| active_support.rb:129:9:129:41 | call to including [element 0] : | semmle.label | call to including [element 0] : |
| active_support.rb:129:9:129:41 | call to including [element 0] : | semmle.label | call to including [element 0] : |
| active_support.rb:129:9:129:41 | call to including [element] : | semmle.label | call to including [element] : |
| active_support.rb:129:9:129:41 | call to including [element] : | semmle.label | call to including [element] : |
| active_support.rb:129:21:129:29 | call to source : | semmle.label | call to source : |
| active_support.rb:129:21:129:29 | call to source : | semmle.label | call to source : |
| active_support.rb:129:32:129:40 | call to source : | semmle.label | call to source : |
| active_support.rb:129:32:129:40 | call to source : | semmle.label | call to source : |
| active_support.rb:130:10:130:10 | a [element 0] : | semmle.label | a [element 0] : |
| active_support.rb:130:10:130:10 | a [element 0] : | semmle.label | a [element 0] : |
| active_support.rb:130:10:130:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:130:10:130:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:132:10:132:10 | b [element 0] : | semmle.label | b [element 0] : |
| active_support.rb:132:10:132:10 | b [element 0] : | semmle.label | b [element 0] : |
| active_support.rb:132:10:132:10 | b [element] : | semmle.label | b [element] : |
| active_support.rb:132:10:132:10 | b [element] : | semmle.label | b [element] : |
| active_support.rb:132:10:132:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:132:10:132:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:133:10:133:10 | b [element] : | semmle.label | b [element] : |
| active_support.rb:133:10:133:10 | b [element] : | semmle.label | b [element] : |
| active_support.rb:133:10:133:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:133:10:133:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:134:10:134:10 | b [element] : | semmle.label | b [element] : |
| active_support.rb:134:10:134:10 | b [element] : | semmle.label | b [element] : |
| active_support.rb:134:10:134:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:134:10:134:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:135:10:135:10 | b [element] : | semmle.label | b [element] : |
| active_support.rb:135:10:135:10 | b [element] : | semmle.label | b [element] : |
| active_support.rb:135:10:135:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:135:10:135:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:139:7:139:16 | call to source : | semmle.label | call to source : |
| active_support.rb:140:7:140:35 | call to new : | semmle.label | call to new : |
| active_support.rb:140:34:140:34 | x : | semmle.label | x : |
| active_support.rb:141:8:141:8 | y | semmle.label | y |
| active_support.rb:146:7:146:16 | call to source : | semmle.label | call to source : |
| active_support.rb:147:7:147:22 | call to safe_concat : | semmle.label | call to safe_concat : |
| active_support.rb:147:21:147:21 | b : | semmle.label | b : |
| active_support.rb:148:8:148:8 | y | semmle.label | y |
| active_support.rb:153:7:153:16 | call to source : | semmle.label | call to source : |
| active_support.rb:154:3:154:3 | [post] x : | semmle.label | [post] x : |
| active_support.rb:154:17:154:17 | b : | semmle.label | b : |
| active_support.rb:155:8:155:8 | x | semmle.label | x |
| active_support.rb:159:7:159:16 | call to source : | semmle.label | call to source : |
| active_support.rb:161:7:161:35 | call to new : | semmle.label | call to new : |
| active_support.rb:161:34:161:34 | a : | semmle.label | a : |
| active_support.rb:162:7:162:7 | x : | semmle.label | x : |
| active_support.rb:162:7:162:17 | call to concat : | semmle.label | call to concat : |
| active_support.rb:163:8:163:8 | y | semmle.label | y |
| active_support.rb:167:7:167:16 | call to source : | semmle.label | call to source : |
| active_support.rb:169:7:169:35 | call to new : | semmle.label | call to new : |
| active_support.rb:169:34:169:34 | a : | semmle.label | a : |
| active_support.rb:170:7:170:7 | x : | semmle.label | x : |
| active_support.rb:170:7:170:20 | call to insert : | semmle.label | call to insert : |
| active_support.rb:171:8:171:8 | y | semmle.label | y |
| active_support.rb:175:7:175:16 | call to source : | semmle.label | call to source : |
| active_support.rb:177:7:177:35 | call to new : | semmle.label | call to new : |
| active_support.rb:177:34:177:34 | a : | semmle.label | a : |
| active_support.rb:178:7:178:7 | x : | semmle.label | x : |
| active_support.rb:178:7:178:18 | call to prepend : | semmle.label | call to prepend : |
| active_support.rb:179:8:179:8 | y | semmle.label | y |
| active_support.rb:183:7:183:16 | call to source : | semmle.label | call to source : |
| active_support.rb:184:7:184:35 | call to new : | semmle.label | call to new : |
| active_support.rb:184:34:184:34 | a : | semmle.label | a : |
| active_support.rb:185:7:185:7 | x : | semmle.label | x : |
| active_support.rb:185:7:185:12 | call to to_s : | semmle.label | call to to_s : |
| active_support.rb:186:8:186:8 | y | semmle.label | y |
| active_support.rb:190:7:190:16 | call to source : | semmle.label | call to source : |
| active_support.rb:191:7:191:35 | call to new : | semmle.label | call to new : |
| active_support.rb:191:34:191:34 | a : | semmle.label | a : |
| active_support.rb:192:7:192:7 | x : | semmle.label | x : |
| active_support.rb:192:7:192:16 | call to to_param : | semmle.label | call to to_param : |
| active_support.rb:193:8:193:8 | y | semmle.label | y |
| active_support.rb:197:7:197:16 | call to source : | semmle.label | call to source : |
| active_support.rb:198:7:198:21 | call to new : | semmle.label | call to new : |
| active_support.rb:198:20:198:20 | a : | semmle.label | a : |
| active_support.rb:199:7:199:7 | x : | semmle.label | x : |
| active_support.rb:199:7:199:17 | call to existence : | semmle.label | call to existence : |
| active_support.rb:200:8:200:8 | y | semmle.label | y |
| active_support.rb:201:7:201:7 | y : | semmle.label | y : |
| active_support.rb:201:7:201:17 | call to existence : | semmle.label | call to existence : |
| active_support.rb:202:8:202:8 | z | semmle.label | z |
| active_support.rb:10:9:10:18 | call to source : | semmle.label | call to source : |
| active_support.rb:11:10:11:10 | x : | semmle.label | x : |
| active_support.rb:11:10:11:19 | call to at | semmle.label | call to at |
| active_support.rb:15:9:15:18 | call to source : | semmle.label | call to source : |
| active_support.rb:16:10:16:10 | x : | semmle.label | x : |
| active_support.rb:16:10:16:19 | call to camelize | semmle.label | call to camelize |
| active_support.rb:20:9:20:18 | call to source : | semmle.label | call to source : |
| active_support.rb:21:10:21:10 | x : | semmle.label | x : |
| active_support.rb:21:10:21:20 | call to camelcase | semmle.label | call to camelcase |
| active_support.rb:25:9:25:18 | call to source : | semmle.label | call to source : |
| active_support.rb:26:10:26:10 | x : | semmle.label | x : |
| active_support.rb:26:10:26:19 | call to classify | semmle.label | call to classify |
| active_support.rb:30:9:30:18 | call to source : | semmle.label | call to source : |
| active_support.rb:31:10:31:10 | x : | semmle.label | x : |
| active_support.rb:31:10:31:20 | call to dasherize | semmle.label | call to dasherize |
| active_support.rb:35:9:35:18 | call to source : | semmle.label | call to source : |
| active_support.rb:36:10:36:10 | x : | semmle.label | x : |
| active_support.rb:36:10:36:24 | call to deconstantize | semmle.label | call to deconstantize |
| active_support.rb:40:9:40:18 | call to source : | semmle.label | call to source : |
| active_support.rb:41:10:41:10 | x : | semmle.label | x : |
| active_support.rb:41:10:41:21 | call to demodulize | semmle.label | call to demodulize |
| active_support.rb:45:9:45:18 | call to source : | semmle.label | call to source : |
| active_support.rb:46:10:46:10 | x : | semmle.label | x : |
| active_support.rb:46:10:46:19 | call to first | semmle.label | call to first |
| active_support.rb:50:9:50:18 | call to source : | semmle.label | call to source : |
| active_support.rb:51:10:51:10 | x : | semmle.label | x : |
| active_support.rb:51:10:51:22 | call to foreign_key | semmle.label | call to foreign_key |
| active_support.rb:55:9:55:18 | call to source : | semmle.label | call to source : |
| active_support.rb:56:10:56:10 | x : | semmle.label | x : |
| active_support.rb:56:10:56:18 | call to from | semmle.label | call to from |
| active_support.rb:60:9:60:18 | call to source : | semmle.label | call to source : |
| active_support.rb:61:10:61:10 | x : | semmle.label | x : |
| active_support.rb:61:10:61:20 | call to html_safe | semmle.label | call to html_safe |
| active_support.rb:65:9:65:18 | call to source : | semmle.label | call to source : |
| active_support.rb:66:10:66:10 | x : | semmle.label | x : |
| active_support.rb:66:10:66:19 | call to humanize | semmle.label | call to humanize |
| active_support.rb:70:9:70:18 | call to source : | semmle.label | call to source : |
| active_support.rb:71:10:71:10 | x : | semmle.label | x : |
| active_support.rb:71:10:71:20 | call to indent | semmle.label | call to indent |
| active_support.rb:75:9:75:18 | call to source : | semmle.label | call to source : |
| active_support.rb:76:10:76:10 | x : | semmle.label | x : |
| active_support.rb:76:10:76:21 | call to indent! | semmle.label | call to indent! |
| active_support.rb:80:9:80:18 | call to source : | semmle.label | call to source : |
| active_support.rb:81:10:81:10 | x : | semmle.label | x : |
| active_support.rb:81:10:81:18 | call to inquiry | semmle.label | call to inquiry |
| active_support.rb:85:9:85:18 | call to source : | semmle.label | call to source : |
| active_support.rb:86:10:86:10 | x : | semmle.label | x : |
| active_support.rb:86:10:86:18 | call to last | semmle.label | call to last |
| active_support.rb:90:9:90:18 | call to source : | semmle.label | call to source : |
| active_support.rb:91:10:91:10 | x : | semmle.label | x : |
| active_support.rb:91:10:91:19 | call to mb_chars | semmle.label | call to mb_chars |
| active_support.rb:95:9:95:18 | call to source : | semmle.label | call to source : |
| active_support.rb:96:10:96:10 | x : | semmle.label | x : |
| active_support.rb:96:10:96:23 | call to parameterize | semmle.label | call to parameterize |
| active_support.rb:100:9:100:18 | call to source : | semmle.label | call to source : |
| active_support.rb:101:10:101:10 | x : | semmle.label | x : |
| active_support.rb:101:10:101:20 | call to pluralize | semmle.label | call to pluralize |
| active_support.rb:105:9:105:18 | call to source : | semmle.label | call to source : |
| active_support.rb:106:10:106:10 | x : | semmle.label | x : |
| active_support.rb:106:10:106:24 | call to remove | semmle.label | call to remove |
| active_support.rb:110:9:110:18 | call to source : | semmle.label | call to source : |
| active_support.rb:111:10:111:10 | x : | semmle.label | x : |
| active_support.rb:111:10:111:25 | call to remove! | semmle.label | call to remove! |
| active_support.rb:115:9:115:18 | call to source : | semmle.label | call to source : |
| active_support.rb:116:10:116:10 | x : | semmle.label | x : |
| active_support.rb:116:10:116:22 | call to singularize | semmle.label | call to singularize |
| active_support.rb:120:9:120:18 | call to source : | semmle.label | call to source : |
| active_support.rb:121:10:121:10 | x : | semmle.label | x : |
| active_support.rb:121:10:121:17 | call to squish | semmle.label | call to squish |
| active_support.rb:125:9:125:18 | call to source : | semmle.label | call to source : |
| active_support.rb:126:10:126:10 | x : | semmle.label | x : |
| active_support.rb:126:10:126:18 | call to squish! | semmle.label | call to squish! |
| active_support.rb:130:9:130:18 | call to source : | semmle.label | call to source : |
| active_support.rb:131:10:131:10 | x : | semmle.label | x : |
| active_support.rb:131:10:131:24 | call to strip_heredoc | semmle.label | call to strip_heredoc |
| active_support.rb:135:9:135:18 | call to source : | semmle.label | call to source : |
| active_support.rb:136:10:136:10 | x : | semmle.label | x : |
| active_support.rb:136:10:136:19 | call to tableize | semmle.label | call to tableize |
| active_support.rb:140:9:140:18 | call to source : | semmle.label | call to source : |
| active_support.rb:141:10:141:10 | x : | semmle.label | x : |
| active_support.rb:141:10:141:20 | call to titlecase | semmle.label | call to titlecase |
| active_support.rb:145:9:145:18 | call to source : | semmle.label | call to source : |
| active_support.rb:146:10:146:10 | x : | semmle.label | x : |
| active_support.rb:146:10:146:19 | call to titleize | semmle.label | call to titleize |
| active_support.rb:150:9:150:18 | call to source : | semmle.label | call to source : |
| active_support.rb:151:10:151:10 | x : | semmle.label | x : |
| active_support.rb:151:10:151:16 | call to to | semmle.label | call to to |
| active_support.rb:155:9:155:18 | call to source : | semmle.label | call to source : |
| active_support.rb:156:10:156:10 | x : | semmle.label | x : |
| active_support.rb:156:10:156:22 | call to truncate | semmle.label | call to truncate |
| active_support.rb:160:9:160:18 | call to source : | semmle.label | call to source : |
| active_support.rb:161:10:161:10 | x : | semmle.label | x : |
| active_support.rb:161:10:161:28 | call to truncate_bytes | semmle.label | call to truncate_bytes |
| active_support.rb:165:9:165:18 | call to source : | semmle.label | call to source : |
| active_support.rb:166:10:166:10 | x : | semmle.label | x : |
| active_support.rb:166:10:166:28 | call to truncate_words | semmle.label | call to truncate_words |
| active_support.rb:170:9:170:18 | call to source : | semmle.label | call to source : |
| active_support.rb:171:10:171:10 | x : | semmle.label | x : |
| active_support.rb:171:10:171:21 | call to underscore | semmle.label | call to underscore |
| active_support.rb:175:9:175:18 | call to source : | semmle.label | call to source : |
| active_support.rb:176:10:176:10 | x : | semmle.label | x : |
| active_support.rb:176:10:176:23 | call to upcase_first | semmle.label | call to upcase_first |
| active_support.rb:180:10:180:17 | call to source : | semmle.label | call to source : |
| active_support.rb:180:10:180:17 | call to source : | semmle.label | call to source : |
| active_support.rb:181:9:181:9 | x [element 0] : | semmle.label | x [element 0] : |
| active_support.rb:181:9:181:9 | x [element 0] : | semmle.label | x [element 0] : |
| active_support.rb:181:9:181:23 | call to compact_blank [element] : | semmle.label | call to compact_blank [element] : |
| active_support.rb:181:9:181:23 | call to compact_blank [element] : | semmle.label | call to compact_blank [element] : |
| active_support.rb:182:10:182:10 | y [element] : | semmle.label | y [element] : |
| active_support.rb:182:10:182:10 | y [element] : | semmle.label | y [element] : |
| active_support.rb:182:10:182:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:182:10:182:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:186:10:186:18 | call to source : | semmle.label | call to source : |
| active_support.rb:186:10:186:18 | call to source : | semmle.label | call to source : |
| active_support.rb:187:9:187:9 | x [element 0] : | semmle.label | x [element 0] : |
| active_support.rb:187:9:187:9 | x [element 0] : | semmle.label | x [element 0] : |
| active_support.rb:187:9:187:21 | call to excluding [element] : | semmle.label | call to excluding [element] : |
| active_support.rb:187:9:187:21 | call to excluding [element] : | semmle.label | call to excluding [element] : |
| active_support.rb:188:10:188:10 | y [element] : | semmle.label | y [element] : |
| active_support.rb:188:10:188:10 | y [element] : | semmle.label | y [element] : |
| active_support.rb:188:10:188:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:188:10:188:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:192:10:192:18 | call to source : | semmle.label | call to source : |
| active_support.rb:192:10:192:18 | call to source : | semmle.label | call to source : |
| active_support.rb:193:9:193:9 | x [element 0] : | semmle.label | x [element 0] : |
| active_support.rb:193:9:193:9 | x [element 0] : | semmle.label | x [element 0] : |
| active_support.rb:193:9:193:19 | call to without [element] : | semmle.label | call to without [element] : |
| active_support.rb:193:9:193:19 | call to without [element] : | semmle.label | call to without [element] : |
| active_support.rb:194:10:194:10 | y [element] : | semmle.label | y [element] : |
| active_support.rb:194:10:194:10 | y [element] : | semmle.label | y [element] : |
| active_support.rb:194:10:194:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:194:10:194:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:198:10:198:18 | call to source : | semmle.label | call to source : |
| active_support.rb:198:10:198:18 | call to source : | semmle.label | call to source : |
| active_support.rb:199:9:199:9 | x [element 0] : | semmle.label | x [element 0] : |
| active_support.rb:199:9:199:9 | x [element 0] : | semmle.label | x [element 0] : |
| active_support.rb:199:9:199:37 | call to in_order_of [element] : | semmle.label | call to in_order_of [element] : |
| active_support.rb:199:9:199:37 | call to in_order_of [element] : | semmle.label | call to in_order_of [element] : |
| active_support.rb:200:10:200:10 | y [element] : | semmle.label | y [element] : |
| active_support.rb:200:10:200:10 | y [element] : | semmle.label | y [element] : |
| active_support.rb:200:10:200:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:200:10:200:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:204:10:204:18 | call to source : | semmle.label | call to source : |
| active_support.rb:204:10:204:18 | call to source : | semmle.label | call to source : |
| active_support.rb:205:9:205:9 | a [element 0] : | semmle.label | a [element 0] : |
| active_support.rb:205:9:205:9 | a [element 0] : | semmle.label | a [element 0] : |
| active_support.rb:205:9:205:41 | call to including [element 0] : | semmle.label | call to including [element 0] : |
| active_support.rb:205:9:205:41 | call to including [element 0] : | semmle.label | call to including [element 0] : |
| active_support.rb:205:9:205:41 | call to including [element] : | semmle.label | call to including [element] : |
| active_support.rb:205:9:205:41 | call to including [element] : | semmle.label | call to including [element] : |
| active_support.rb:205:21:205:29 | call to source : | semmle.label | call to source : |
| active_support.rb:205:21:205:29 | call to source : | semmle.label | call to source : |
| active_support.rb:205:32:205:40 | call to source : | semmle.label | call to source : |
| active_support.rb:205:32:205:40 | call to source : | semmle.label | call to source : |
| active_support.rb:206:10:206:10 | a [element 0] : | semmle.label | a [element 0] : |
| active_support.rb:206:10:206:10 | a [element 0] : | semmle.label | a [element 0] : |
| active_support.rb:206:10:206:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:206:10:206:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:208:10:208:10 | b [element 0] : | semmle.label | b [element 0] : |
| active_support.rb:208:10:208:10 | b [element 0] : | semmle.label | b [element 0] : |
| active_support.rb:208:10:208:10 | b [element] : | semmle.label | b [element] : |
| active_support.rb:208:10:208:10 | b [element] : | semmle.label | b [element] : |
| active_support.rb:208:10:208:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:208:10:208:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:209:10:209:10 | b [element] : | semmle.label | b [element] : |
| active_support.rb:209:10:209:10 | b [element] : | semmle.label | b [element] : |
| active_support.rb:209:10:209:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:209:10:209:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:210:10:210:10 | b [element] : | semmle.label | b [element] : |
| active_support.rb:210:10:210:10 | b [element] : | semmle.label | b [element] : |
| active_support.rb:210:10:210:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:210:10:210:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:211:10:211:10 | b [element] : | semmle.label | b [element] : |
| active_support.rb:211:10:211:10 | b [element] : | semmle.label | b [element] : |
| active_support.rb:211:10:211:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:211:10:211:13 | ...[...] | semmle.label | ...[...] |
| active_support.rb:215:7:215:16 | call to source : | semmle.label | call to source : |
| active_support.rb:216:7:216:35 | call to new : | semmle.label | call to new : |
| active_support.rb:216:34:216:34 | x : | semmle.label | x : |
| active_support.rb:217:8:217:8 | y | semmle.label | y |
| active_support.rb:222:7:222:16 | call to source : | semmle.label | call to source : |
| active_support.rb:223:7:223:22 | call to safe_concat : | semmle.label | call to safe_concat : |
| active_support.rb:223:21:223:21 | b : | semmle.label | b : |
| active_support.rb:224:8:224:8 | y | semmle.label | y |
| active_support.rb:229:7:229:16 | call to source : | semmle.label | call to source : |
| active_support.rb:230:3:230:3 | [post] x : | semmle.label | [post] x : |
| active_support.rb:230:17:230:17 | b : | semmle.label | b : |
| active_support.rb:231:8:231:8 | x | semmle.label | x |
| active_support.rb:235:7:235:16 | call to source : | semmle.label | call to source : |
| active_support.rb:237:7:237:35 | call to new : | semmle.label | call to new : |
| active_support.rb:237:34:237:34 | a : | semmle.label | a : |
| active_support.rb:238:7:238:7 | x : | semmle.label | x : |
| active_support.rb:238:7:238:17 | call to concat : | semmle.label | call to concat : |
| active_support.rb:239:8:239:8 | y | semmle.label | y |
| active_support.rb:243:7:243:16 | call to source : | semmle.label | call to source : |
| active_support.rb:245:7:245:35 | call to new : | semmle.label | call to new : |
| active_support.rb:245:34:245:34 | a : | semmle.label | a : |
| active_support.rb:246:7:246:7 | x : | semmle.label | x : |
| active_support.rb:246:7:246:20 | call to insert : | semmle.label | call to insert : |
| active_support.rb:247:8:247:8 | y | semmle.label | y |
| active_support.rb:251:7:251:16 | call to source : | semmle.label | call to source : |
| active_support.rb:253:7:253:35 | call to new : | semmle.label | call to new : |
| active_support.rb:253:34:253:34 | a : | semmle.label | a : |
| active_support.rb:254:7:254:7 | x : | semmle.label | x : |
| active_support.rb:254:7:254:18 | call to prepend : | semmle.label | call to prepend : |
| active_support.rb:255:8:255:8 | y | semmle.label | y |
| active_support.rb:259:7:259:16 | call to source : | semmle.label | call to source : |
| active_support.rb:260:7:260:35 | call to new : | semmle.label | call to new : |
| active_support.rb:260:34:260:34 | a : | semmle.label | a : |
| active_support.rb:261:7:261:7 | x : | semmle.label | x : |
| active_support.rb:261:7:261:12 | call to to_s : | semmle.label | call to to_s : |
| active_support.rb:262:8:262:8 | y | semmle.label | y |
| active_support.rb:266:7:266:16 | call to source : | semmle.label | call to source : |
| active_support.rb:267:7:267:35 | call to new : | semmle.label | call to new : |
| active_support.rb:267:34:267:34 | a : | semmle.label | a : |
| active_support.rb:268:7:268:7 | x : | semmle.label | x : |
| active_support.rb:268:7:268:16 | call to to_param : | semmle.label | call to to_param : |
| active_support.rb:269:8:269:8 | y | semmle.label | y |
| active_support.rb:273:7:273:16 | call to source : | semmle.label | call to source : |
| active_support.rb:274:7:274:21 | call to new : | semmle.label | call to new : |
| active_support.rb:274:20:274:20 | a : | semmle.label | a : |
| active_support.rb:275:7:275:7 | x : | semmle.label | x : |
| active_support.rb:275:7:275:17 | call to existence : | semmle.label | call to existence : |
| active_support.rb:276:8:276:8 | y | semmle.label | y |
| active_support.rb:277:7:277:7 | y : | semmle.label | y : |
| active_support.rb:277:7:277:17 | call to existence : | semmle.label | call to existence : |
| active_support.rb:278:8:278:8 | z | semmle.label | z |
| active_support.rb:282:7:282:16 | call to source : | semmle.label | call to source : |
| active_support.rb:282:7:282:16 | call to source : | semmle.label | call to source : |
| active_support.rb:283:8:283:8 | x : | semmle.label | x : |
| active_support.rb:283:8:283:8 | x : | semmle.label | x : |
| active_support.rb:283:8:283:17 | call to presence | semmle.label | call to presence |
| active_support.rb:283:8:283:17 | call to presence | semmle.label | call to presence |
| active_support.rb:285:7:285:16 | call to source : | semmle.label | call to source : |
| active_support.rb:285:7:285:16 | call to source : | semmle.label | call to source : |
| active_support.rb:286:8:286:8 | y : | semmle.label | y : |
| active_support.rb:286:8:286:8 | y : | semmle.label | y : |
| active_support.rb:286:8:286:17 | call to presence | semmle.label | call to presence |
| active_support.rb:286:8:286:17 | call to presence | semmle.label | call to presence |
| active_support.rb:290:7:290:16 | call to source : | semmle.label | call to source : |
| active_support.rb:290:7:290:16 | call to source : | semmle.label | call to source : |
| active_support.rb:291:8:291:8 | x : | semmle.label | x : |
| active_support.rb:291:8:291:8 | x : | semmle.label | x : |
| active_support.rb:291:8:291:17 | call to deep_dup | semmle.label | call to deep_dup |
| active_support.rb:291:8:291:17 | call to deep_dup | semmle.label | call to deep_dup |
| hash_extensions.rb:2:14:2:24 | call to source : | semmle.label | call to source : |
| hash_extensions.rb:2:14:2:24 | call to source : | semmle.label | call to source : |
| hash_extensions.rb:3:9:3:9 | h [element :a] : | semmle.label | h [element :a] : |
| hash_extensions.rb:3:9:3:9 | h [element :a] : | semmle.label | h [element :a] : |
| hash_extensions.rb:3:9:3:24 | call to stringify_keys [element] : | semmle.label | call to stringify_keys [element] : |
| hash_extensions.rb:3:9:3:24 | call to stringify_keys [element] : | semmle.label | call to stringify_keys [element] : |
| hash_extensions.rb:4:10:4:10 | x [element] : | semmle.label | x [element] : |
| hash_extensions.rb:4:10:4:10 | x [element] : | semmle.label | x [element] : |
| hash_extensions.rb:4:10:4:14 | ...[...] | semmle.label | ...[...] |
| hash_extensions.rb:4:10:4:14 | ...[...] | semmle.label | ...[...] |
| hash_extensions.rb:10:14:10:24 | call to source : | semmle.label | call to source : |
| hash_extensions.rb:10:14:10:24 | call to source : | semmle.label | call to source : |
| hash_extensions.rb:11:9:11:9 | h [element :a] : | semmle.label | h [element :a] : |
| hash_extensions.rb:11:9:11:9 | h [element :a] : | semmle.label | h [element :a] : |
| hash_extensions.rb:11:9:11:20 | call to to_options [element] : | semmle.label | call to to_options [element] : |
| hash_extensions.rb:11:9:11:20 | call to to_options [element] : | semmle.label | call to to_options [element] : |
| hash_extensions.rb:12:10:12:10 | x [element] : | semmle.label | x [element] : |
| hash_extensions.rb:12:10:12:10 | x [element] : | semmle.label | x [element] : |
| hash_extensions.rb:12:10:12:14 | ...[...] | semmle.label | ...[...] |
| hash_extensions.rb:12:10:12:14 | ...[...] | semmle.label | ...[...] |
| hash_extensions.rb:18:14:18:24 | call to source : | semmle.label | call to source : |
| hash_extensions.rb:18:14:18:24 | call to source : | semmle.label | call to source : |
| hash_extensions.rb:19:9:19:9 | h [element :a] : | semmle.label | h [element :a] : |
| hash_extensions.rb:19:9:19:9 | h [element :a] : | semmle.label | h [element :a] : |
| hash_extensions.rb:19:9:19:24 | call to symbolize_keys [element] : | semmle.label | call to symbolize_keys [element] : |
| hash_extensions.rb:19:9:19:24 | call to symbolize_keys [element] : | semmle.label | call to symbolize_keys [element] : |
| hash_extensions.rb:20:10:20:10 | x [element] : | semmle.label | x [element] : |
| hash_extensions.rb:20:10:20:10 | x [element] : | semmle.label | x [element] : |
| hash_extensions.rb:20:10:20:14 | ...[...] | semmle.label | ...[...] |
| hash_extensions.rb:20:10:20:14 | ...[...] | semmle.label | ...[...] |
| hash_extensions.rb:26:14:26:24 | call to source : | semmle.label | call to source : |
| hash_extensions.rb:26:14:26:24 | call to source : | semmle.label | call to source : |
| hash_extensions.rb:27:9:27:9 | h [element :a] : | semmle.label | h [element :a] : |
| hash_extensions.rb:27:9:27:9 | h [element :a] : | semmle.label | h [element :a] : |
| hash_extensions.rb:27:9:27:29 | call to deep_stringify_keys [element] : | semmle.label | call to deep_stringify_keys [element] : |
| hash_extensions.rb:27:9:27:29 | call to deep_stringify_keys [element] : | semmle.label | call to deep_stringify_keys [element] : |
| hash_extensions.rb:28:10:28:10 | x [element] : | semmle.label | x [element] : |
| hash_extensions.rb:28:10:28:10 | x [element] : | semmle.label | x [element] : |
| hash_extensions.rb:28:10:28:14 | ...[...] | semmle.label | ...[...] |
| hash_extensions.rb:28:10:28:14 | ...[...] | semmle.label | ...[...] |
| hash_extensions.rb:34:14:34:24 | call to source : | semmle.label | call to source : |
| hash_extensions.rb:34:14:34:24 | call to source : | semmle.label | call to source : |
| hash_extensions.rb:35:9:35:9 | h [element :a] : | semmle.label | h [element :a] : |
| hash_extensions.rb:35:9:35:9 | h [element :a] : | semmle.label | h [element :a] : |
| hash_extensions.rb:35:9:35:29 | call to deep_symbolize_keys [element] : | semmle.label | call to deep_symbolize_keys [element] : |
| hash_extensions.rb:35:9:35:29 | call to deep_symbolize_keys [element] : | semmle.label | call to deep_symbolize_keys [element] : |
| hash_extensions.rb:36:10:36:10 | x [element] : | semmle.label | x [element] : |
| hash_extensions.rb:36:10:36:10 | x [element] : | semmle.label | x [element] : |
| hash_extensions.rb:36:10:36:14 | ...[...] | semmle.label | ...[...] |
| hash_extensions.rb:36:10:36:14 | ...[...] | semmle.label | ...[...] |
| hash_extensions.rb:42:14:42:24 | call to source : | semmle.label | call to source : |
| hash_extensions.rb:42:14:42:24 | call to source : | semmle.label | call to source : |
| hash_extensions.rb:43:9:43:9 | h [element :a] : | semmle.label | h [element :a] : |
| hash_extensions.rb:43:9:43:9 | h [element :a] : | semmle.label | h [element :a] : |
| hash_extensions.rb:43:9:43:33 | call to with_indifferent_access [element] : | semmle.label | call to with_indifferent_access [element] : |
| hash_extensions.rb:43:9:43:33 | call to with_indifferent_access [element] : | semmle.label | call to with_indifferent_access [element] : |
| hash_extensions.rb:44:10:44:10 | x [element] : | semmle.label | x [element] : |
| hash_extensions.rb:44:10:44:10 | x [element] : | semmle.label | x [element] : |
| hash_extensions.rb:44:10:44:14 | ...[...] | semmle.label | ...[...] |
| hash_extensions.rb:44:10:44:14 | ...[...] | semmle.label | ...[...] |
| hash_extensions.rb:50:14:50:23 | call to taint : | semmle.label | call to taint : |
| hash_extensions.rb:50:14:50:23 | call to taint : | semmle.label | call to taint : |
| hash_extensions.rb:50:29:50:38 | call to taint : | semmle.label | call to taint : |
| hash_extensions.rb:50:29:50:38 | call to taint : | semmle.label | call to taint : |
| hash_extensions.rb:50:52:50:61 | call to taint : | semmle.label | call to taint : |
| hash_extensions.rb:50:52:50:61 | call to taint : | semmle.label | call to taint : |
| hash_extensions.rb:51:9:51:9 | [post] h [element :d] : | semmle.label | [post] h [element :d] : |
| hash_extensions.rb:51:9:51:9 | [post] h [element :d] : | semmle.label | [post] h [element :d] : |
| hash_extensions.rb:51:9:51:9 | h [element :a] : | semmle.label | h [element :a] : |
| hash_extensions.rb:51:9:51:9 | h [element :a] : | semmle.label | h [element :a] : |
| hash_extensions.rb:51:9:51:9 | h [element :b] : | semmle.label | h [element :b] : |
| hash_extensions.rb:51:9:51:9 | h [element :b] : | semmle.label | h [element :b] : |
| hash_extensions.rb:51:9:51:9 | h [element :d] : | semmle.label | h [element :d] : |
| hash_extensions.rb:51:9:51:9 | h [element :d] : | semmle.label | h [element :d] : |
| hash_extensions.rb:51:9:51:29 | call to extract! [element :a] : | semmle.label | call to extract! [element :a] : |
| hash_extensions.rb:51:9:51:29 | call to extract! [element :a] : | semmle.label | call to extract! [element :a] : |
| hash_extensions.rb:51:9:51:29 | call to extract! [element :b] : | semmle.label | call to extract! [element :b] : |
| hash_extensions.rb:51:9:51:29 | call to extract! [element :b] : | semmle.label | call to extract! [element :b] : |
| hash_extensions.rb:56:10:56:10 | h [element :d] : | semmle.label | h [element :d] : |
| hash_extensions.rb:56:10:56:10 | h [element :d] : | semmle.label | h [element :d] : |
| hash_extensions.rb:56:10:56:14 | ...[...] | semmle.label | ...[...] |
| hash_extensions.rb:56:10:56:14 | ...[...] | semmle.label | ...[...] |
| hash_extensions.rb:58:10:58:10 | x [element :a] : | semmle.label | x [element :a] : |
| hash_extensions.rb:58:10:58:10 | x [element :a] : | semmle.label | x [element :a] : |
| hash_extensions.rb:58:10:58:14 | ...[...] | semmle.label | ...[...] |
| hash_extensions.rb:58:10:58:14 | ...[...] | semmle.label | ...[...] |
| hash_extensions.rb:59:10:59:10 | x [element :b] : | semmle.label | x [element :b] : |
| hash_extensions.rb:59:10:59:10 | x [element :b] : | semmle.label | x [element :b] : |
| hash_extensions.rb:59:10:59:14 | ...[...] | semmle.label | ...[...] |
| hash_extensions.rb:59:10:59:14 | ...[...] | semmle.label | ...[...] |
subpaths
#select
| active_support.rb:106:10:106:13 | ...[...] | active_support.rb:104:10:104:17 | call to source : | active_support.rb:106:10:106:13 | ...[...] | $@ | active_support.rb:104:10:104:17 | call to source : | call to source : |
| active_support.rb:112:10:112:13 | ...[...] | active_support.rb:110:10:110:18 | call to source : | active_support.rb:112:10:112:13 | ...[...] | $@ | active_support.rb:110:10:110:18 | call to source : | call to source : |
| active_support.rb:118:10:118:13 | ...[...] | active_support.rb:116:10:116:18 | call to source : | active_support.rb:118:10:118:13 | ...[...] | $@ | active_support.rb:116:10:116:18 | call to source : | call to source : |
| active_support.rb:124:10:124:13 | ...[...] | active_support.rb:122:10:122:18 | call to source : | active_support.rb:124:10:124:13 | ...[...] | $@ | active_support.rb:122:10:122:18 | call to source : | call to source : |
| active_support.rb:130:10:130:13 | ...[...] | active_support.rb:128:10:128:18 | call to source : | active_support.rb:130:10:130:13 | ...[...] | $@ | active_support.rb:128:10:128:18 | call to source : | call to source : |
| active_support.rb:132:10:132:13 | ...[...] | active_support.rb:128:10:128:18 | call to source : | active_support.rb:132:10:132:13 | ...[...] | $@ | active_support.rb:128:10:128:18 | call to source : | call to source : |
| active_support.rb:132:10:132:13 | ...[...] | active_support.rb:129:21:129:29 | call to source : | active_support.rb:132:10:132:13 | ...[...] | $@ | active_support.rb:129:21:129:29 | call to source : | call to source : |
| active_support.rb:132:10:132:13 | ...[...] | active_support.rb:129:32:129:40 | call to source : | active_support.rb:132:10:132:13 | ...[...] | $@ | active_support.rb:129:32:129:40 | call to source : | call to source : |
| active_support.rb:133:10:133:13 | ...[...] | active_support.rb:129:21:129:29 | call to source : | active_support.rb:133:10:133:13 | ...[...] | $@ | active_support.rb:129:21:129:29 | call to source : | call to source : |
| active_support.rb:133:10:133:13 | ...[...] | active_support.rb:129:32:129:40 | call to source : | active_support.rb:133:10:133:13 | ...[...] | $@ | active_support.rb:129:32:129:40 | call to source : | call to source : |
| active_support.rb:134:10:134:13 | ...[...] | active_support.rb:129:21:129:29 | call to source : | active_support.rb:134:10:134:13 | ...[...] | $@ | active_support.rb:129:21:129:29 | call to source : | call to source : |
| active_support.rb:134:10:134:13 | ...[...] | active_support.rb:129:32:129:40 | call to source : | active_support.rb:134:10:134:13 | ...[...] | $@ | active_support.rb:129:32:129:40 | call to source : | call to source : |
| active_support.rb:135:10:135:13 | ...[...] | active_support.rb:129:21:129:29 | call to source : | active_support.rb:135:10:135:13 | ...[...] | $@ | active_support.rb:129:21:129:29 | call to source : | call to source : |
| active_support.rb:135:10:135:13 | ...[...] | active_support.rb:129:32:129:40 | call to source : | active_support.rb:135:10:135:13 | ...[...] | $@ | active_support.rb:129:32:129:40 | call to source : | call to source : |
| active_support.rb:182:10:182:13 | ...[...] | active_support.rb:180:10:180:17 | call to source : | active_support.rb:182:10:182:13 | ...[...] | $@ | active_support.rb:180:10:180:17 | call to source : | call to source : |
| active_support.rb:188:10:188:13 | ...[...] | active_support.rb:186:10:186:18 | call to source : | active_support.rb:188:10:188:13 | ...[...] | $@ | active_support.rb:186:10:186:18 | call to source : | call to source : |
| active_support.rb:194:10:194:13 | ...[...] | active_support.rb:192:10:192:18 | call to source : | active_support.rb:194:10:194:13 | ...[...] | $@ | active_support.rb:192:10:192:18 | call to source : | call to source : |
| active_support.rb:200:10:200:13 | ...[...] | active_support.rb:198:10:198:18 | call to source : | active_support.rb:200:10:200:13 | ...[...] | $@ | active_support.rb:198:10:198:18 | call to source : | call to source : |
| active_support.rb:206:10:206:13 | ...[...] | active_support.rb:204:10:204:18 | call to source : | active_support.rb:206:10:206:13 | ...[...] | $@ | active_support.rb:204:10:204:18 | call to source : | call to source : |
| active_support.rb:208:10:208:13 | ...[...] | active_support.rb:204:10:204:18 | call to source : | active_support.rb:208:10:208:13 | ...[...] | $@ | active_support.rb:204:10:204:18 | call to source : | call to source : |
| active_support.rb:208:10:208:13 | ...[...] | active_support.rb:205:21:205:29 | call to source : | active_support.rb:208:10:208:13 | ...[...] | $@ | active_support.rb:205:21:205:29 | call to source : | call to source : |
| active_support.rb:208:10:208:13 | ...[...] | active_support.rb:205:32:205:40 | call to source : | active_support.rb:208:10:208:13 | ...[...] | $@ | active_support.rb:205:32:205:40 | call to source : | call to source : |
| active_support.rb:209:10:209:13 | ...[...] | active_support.rb:205:21:205:29 | call to source : | active_support.rb:209:10:209:13 | ...[...] | $@ | active_support.rb:205:21:205:29 | call to source : | call to source : |
| active_support.rb:209:10:209:13 | ...[...] | active_support.rb:205:32:205:40 | call to source : | active_support.rb:209:10:209:13 | ...[...] | $@ | active_support.rb:205:32:205:40 | call to source : | call to source : |
| active_support.rb:210:10:210:13 | ...[...] | active_support.rb:205:21:205:29 | call to source : | active_support.rb:210:10:210:13 | ...[...] | $@ | active_support.rb:205:21:205:29 | call to source : | call to source : |
| active_support.rb:210:10:210:13 | ...[...] | active_support.rb:205:32:205:40 | call to source : | active_support.rb:210:10:210:13 | ...[...] | $@ | active_support.rb:205:32:205:40 | call to source : | call to source : |
| active_support.rb:211:10:211:13 | ...[...] | active_support.rb:205:21:205:29 | call to source : | active_support.rb:211:10:211:13 | ...[...] | $@ | active_support.rb:205:21:205:29 | call to source : | call to source : |
| active_support.rb:211:10:211:13 | ...[...] | active_support.rb:205:32:205:40 | call to source : | active_support.rb:211:10:211:13 | ...[...] | $@ | active_support.rb:205:32:205:40 | call to source : | call to source : |
| active_support.rb:283:8:283:17 | call to presence | active_support.rb:282:7:282:16 | call to source : | active_support.rb:283:8:283:17 | call to presence | $@ | active_support.rb:282:7:282:16 | call to source : | call to source : |
| active_support.rb:286:8:286:17 | call to presence | active_support.rb:285:7:285:16 | call to source : | active_support.rb:286:8:286:17 | call to presence | $@ | active_support.rb:285:7:285:16 | call to source : | call to source : |
| active_support.rb:291:8:291:17 | call to deep_dup | active_support.rb:290:7:290:16 | call to source : | active_support.rb:291:8:291:17 | call to deep_dup | $@ | active_support.rb:290:7:290:16 | call to source : | call to source : |
| hash_extensions.rb:4:10:4:14 | ...[...] | hash_extensions.rb:2:14:2:24 | call to source : | hash_extensions.rb:4:10:4:14 | ...[...] | $@ | hash_extensions.rb:2:14:2:24 | call to source : | call to source : |
| hash_extensions.rb:12:10:12:14 | ...[...] | hash_extensions.rb:10:14:10:24 | call to source : | hash_extensions.rb:12:10:12:14 | ...[...] | $@ | hash_extensions.rb:10:14:10:24 | call to source : | call to source : |
| hash_extensions.rb:20:10:20:14 | ...[...] | hash_extensions.rb:18:14:18:24 | call to source : | hash_extensions.rb:20:10:20:14 | ...[...] | $@ | hash_extensions.rb:18:14:18:24 | call to source : | call to source : |
| hash_extensions.rb:28:10:28:14 | ...[...] | hash_extensions.rb:26:14:26:24 | call to source : | hash_extensions.rb:28:10:28:14 | ...[...] | $@ | hash_extensions.rb:26:14:26:24 | call to source : | call to source : |
| hash_extensions.rb:36:10:36:14 | ...[...] | hash_extensions.rb:34:14:34:24 | call to source : | hash_extensions.rb:36:10:36:14 | ...[...] | $@ | hash_extensions.rb:34:14:34:24 | call to source : | call to source : |
| hash_extensions.rb:44:10:44:14 | ...[...] | hash_extensions.rb:42:14:42:24 | call to source : | hash_extensions.rb:44:10:44:14 | ...[...] | $@ | hash_extensions.rb:42:14:42:24 | call to source : | call to source : |
| hash_extensions.rb:56:10:56:14 | ...[...] | hash_extensions.rb:50:52:50:61 | call to taint : | hash_extensions.rb:56:10:56:14 | ...[...] | $@ | hash_extensions.rb:50:52:50:61 | call to taint : | call to taint : |
| hash_extensions.rb:58:10:58:14 | ...[...] | hash_extensions.rb:50:14:50:23 | call to taint : | hash_extensions.rb:58:10:58:14 | ...[...] | $@ | hash_extensions.rb:50:14:50:23 | call to taint : | call to taint : |
| hash_extensions.rb:59:10:59:14 | ...[...] | hash_extensions.rb:50:29:50:38 | call to taint : | hash_extensions.rb:59:10:59:14 | ...[...] | $@ | hash_extensions.rb:50:29:50:38 | call to taint : | call to taint : |

1
ruby/ql/test/library-tests/frameworks/active_support/ActiveSupportDataFlow.ql
View File

@@ -4,6 +4,7 @@
import codeql.ruby.AST
import TestUtilities.InlineFlowTest
import codeql.ruby.Frameworks
import PathGraph
from DataFlow::PathNode source, DataFlow::PathNode sink, DefaultValueFlowConf conf

89
ruby/ql/test/library-tests/frameworks/active_support/active_support.rb
View File

@@ -1,10 +1,16 @@
"Foo::Bar".constantize
a.constantize
a.safe_constantize
ActiveSupport::Logger.new(STDOUT)
ActiveSupport::TaggedLogging.new(STDOUT)
def m_at
x = source "a"
sink x.at(1..3) # $hasTaintFlow=a
end
def m_camelize
x = source "a"
sink x.camelize # $hasTaintFlow=a
@@ -35,11 +41,26 @@ def m_demodulize
sink x.demodulize # $hasTaintFlow=a
end
def first
x = source "a"
sink x.first(3) # $hasTaintFlow=a
end
def m_foreign_key
x = source "a"
sink x.foreign_key # $hasTaintFlow=a
end
def m_from
x = source "a"
sink x.from(3) # $hasTaintFlow=a
end
def m_html_safe
x = source "a"
sink x.html_safe # $hasTaintFlow=a
end
def m_humanize
x = source "a"
sink x.humanize # $hasTaintFlow=a
@@ -50,6 +71,26 @@ def m_indent
sink x.indent(1) # $hasTaintFlow=a
end
def m_indent!
x = source "a"
sink x.indent!(1) # $hasTaintFlow=a
end
def m_inquiry
x = source "a"
sink x.inquiry # $hasTaintFlow=a
end
def m_last
x = source "a"
sink x.last(1) # $hasTaintFlow=a
end
def m_mb_chars
x = source "a"
sink x.mb_chars # $hasTaintFlow=a
end
def m_parameterize
x = source "a"
sink x.parameterize # $hasTaintFlow=a
@@ -60,6 +101,16 @@ def m_pluralize
sink x.pluralize # $hasTaintFlow=a
end
def m_remove
x = source "a"
sink x.remove("foo") # $hasTaintFlow=a
end
def m_remove!
x = source "a"
sink x.remove!("foo") # $hasTaintFlow=a
end
def m_singularize
x = source "a"
sink x.singularize # $hasTaintFlow=a
@@ -70,6 +121,11 @@ def m_squish
sink x.squish # $hasTaintFlow=a
end
def m_squish!
x = source "a"
sink x.squish! # $hasTaintFlow=a
end
def m_strip_heredoc
x = source "a"
sink x.strip_heredoc # $hasTaintFlow=a
@@ -90,6 +146,26 @@ def m_titleize
sink x.titleize # $hasTaintFlow=a
end
def m_to
x = source "a"
sink x.to(3) # $hasTaintFlow=a
end
def m_truncate
x = source "a"
sink x.truncate(3) # $hasTaintFlow=a
end
def m_truncate_bytes
x = source "a"
sink x.truncate_bytes(3) # $hasTaintFlow=a
end
def m_truncate_words
x = source "a"
sink x.truncate_words(3) # $hasTaintFlow=a
end
def m_underscore
x = source "a"
sink x.underscore # $hasTaintFlow=a
@@ -201,3 +277,16 @@ def m_pathname_existence
z = y.existence
sink z # $hasTaintFlow=a
end
def m_presence
x = source "a"
sink x.presence # $hasValueFlow=a
y = source 123
sink y.presence # $hasValueFlow=123
end
def m_deep_dup
x = source "a"
sink x.deep_dup # $hasValueFlow=a
end

64
ruby/ql/test/library-tests/frameworks/active_support/hash_extensions.rb Normal file
View File

@@ -0,0 +1,64 @@
def m_stringify_keys
h = { a: source("a") }
x = h.stringify_keys
sink x[:a] # $hasValueFlow=a
end
m_stringify_keys()
def m_to_options
h = { a: source("a") }
x = h.to_options
sink x[:a] # $hasValueFlow=a
end
m_to_options()
def m_symbolize_keys
h = { a: source("a") }
x = h.symbolize_keys
sink x[:a] # $hasValueFlow=a
end
m_symbolize_keys()
def m_deep_stringify_keys
h = { a: source("a") }
x = h.deep_stringify_keys
sink x[:a] # $hasValueFlow=a
end
m_deep_stringify_keys()
def m_deep_symbolize_keys
h = { a: source("a") }
x = h.deep_symbolize_keys
sink x[:a] # $hasValueFlow=a
end
m_deep_symbolize_keys()
def m_with_indifferent_access
h = { a: source("a") }
x = h.with_indifferent_access
sink x[:a] # $hasValueFlow=a
end
m_with_indifferent_access()
def m_extract!(x)
h = { a: taint("a"), b: taint("b"), c: "c", d: taint("d") }
x = h.extract!(:a, x, :b)
sink h[:a]
sink h[:b]
sink h[:c]
sink h[:d] # $ hasValueFlow=d
sink x[:a] # $ hasValueFlow=a
sink x[:b] # $ hasValueFlow=b
sink x[:c]
sink x[:d]
end
m_extract!(:c)

6
ruby/ql/test/library-tests/frameworks/http_clients/Faraday.rb
View File

@@ -33,4 +33,8 @@ resp10.body
connection = Faraday.new(url: "http://example.com")
resp11 = connection.get("/")
resp11.body
resp11.body
connection = Faraday::Connection.new(url: "https://example.com")
resp12 = connection.get("/")
resp12.body

3
ruby/ql/test/library-tests/frameworks/http_clients/HttpClients.expected
View File

@@ -28,6 +28,9 @@
| Faraday.rb:35:10:35:28 | call to get | Faraday | Faraday.rb:34:26:34:50 | Pair | Faraday.rb:36:1:36:11 | call to body |
| Faraday.rb:35:10:35:28 | call to get | Faraday | Faraday.rb:34:31:34:50 | "http://example.com" | Faraday.rb:36:1:36:11 | call to body |
| Faraday.rb:35:10:35:28 | call to get | Faraday | Faraday.rb:35:25:35:27 | "/" | Faraday.rb:36:1:36:11 | call to body |
| Faraday.rb:39:10:39:28 | call to get | Faraday | Faraday.rb:38:38:38:63 | Pair | Faraday.rb:40:1:40:11 | call to body |
| Faraday.rb:39:10:39:28 | call to get | Faraday | Faraday.rb:38:43:38:63 | "https://example.com" | Faraday.rb:40:1:40:11 | call to body |
| Faraday.rb:39:10:39:28 | call to get | Faraday | Faraday.rb:39:25:39:27 | "/" | Faraday.rb:40:1:40:11 | call to body |
| HttpClient.rb:3:9:3:45 | call to get | HTTPClient | HttpClient.rb:3:24:3:44 | "http://example.com/" | HttpClient.rb:4:1:4:10 | call to body |
| HttpClient.rb:6:9:6:65 | call to post | HTTPClient | HttpClient.rb:6:25:6:45 | "http://example.com/" | HttpClient.rb:7:1:7:13 | call to content |
| HttpClient.rb:9:9:9:64 | call to put | HTTPClient | HttpClient.rb:9:24:9:44 | "http://example.com/" | HttpClient.rb:10:1:10:15 | call to http_body |

52
ruby/ql/test/library-tests/modules/ancestors.expected
View File

@@ -1,6 +1,14 @@
#-----| Class
#-----| super -> Module
#-----| EsotericInstanceMethods
#-----| MyStruct
#-----| Struct
#-----| UnresolvedNamespace
#-----| BasicObject
#-----| Complex
@@ -89,36 +97,45 @@ calls.rb:
# 377| SingletonOverride1
#-----| super -> Object
# 404| SingletonOverride2
# 412| SingletonOverride2
#-----| super -> SingletonOverride1
# 421| ConditionalInstanceMethods
# 433| ConditionalInstanceMethods
#-----| super -> Object
# 484| ExtendSingletonMethod
# 496| ExtendSingletonMethod
# 494| ExtendSingletonMethod2
# 506| ExtendSingletonMethod2
# 500| ExtendSingletonMethod3
# 512| ExtendSingletonMethod3
# 513| ProtectedMethodInModule
# 525| ProtectedMethodInModule
# 519| ProtectedMethods
# 531| ProtectedMethods
#-----| super -> Object
#-----| include -> ProtectedMethodInModule
# 538| ProtectedMethodsSub
# 550| ProtectedMethodsSub
#-----| super -> ProtectedMethods
# 552| SingletonUpCall_Base
# 564| SingletonUpCall_Base
#-----| super -> Object
# 556| SingletonUpCall_Sub
# 568| SingletonUpCall_Sub
#-----| super -> SingletonUpCall_Base
# 564| SingletonUpCall_SubSub
# 576| SingletonUpCall_SubSub
#-----| super -> SingletonUpCall_Sub
# 583| SingletonA
#-----| super -> Object
# 596| SingletonB
#-----| super -> SingletonA
# 605| SingletonC
#-----| super -> SingletonA
hello.rb:
# 1| EnglishWords
@@ -230,3 +247,16 @@ toplevel_self_singleton.rb:
#-----| super -> Object
# 24| Good
unresolved_subclass.rb:
# 1| ResolvableBaseClass
#-----| super -> Object
# 4| UnresolvedNamespace::Subclass1
#-----| super -> ResolvableBaseClass
# 7| UnresolvedNamespace::Subclass2
#-----| super -> UnresolvedNamespace::Subclass1
# 11| UnresolvedNamespace::A
#-----| super -> Object

282
ruby/ql/test/library-tests/modules/callgraph.expected
View File

@@ -146,77 +146,93 @@ getTarget
| calls.rb:375:1:375:11 | call to instance | calls.rb:368:5:370:7 | instance |
| calls.rb:380:13:380:48 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:384:13:384:22 | call to singleton1 | calls.rb:379:9:381:11 | singleton1 |
| calls.rb:384:13:384:22 | call to singleton1 | calls.rb:406:9:408:11 | singleton1 |
| calls.rb:389:9:389:44 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:393:9:393:18 | call to singleton2 | calls.rb:388:5:390:7 | singleton2 |
| calls.rb:393:9:393:18 | call to singleton2 | calls.rb:411:5:413:7 | singleton2 |
| calls.rb:396:5:396:14 | call to singleton2 | calls.rb:388:5:390:7 | singleton2 |
| calls.rb:399:1:399:29 | call to singleton1 | calls.rb:379:9:381:11 | singleton1 |
| calls.rb:400:1:400:29 | call to singleton2 | calls.rb:388:5:390:7 | singleton2 |
| calls.rb:401:1:401:34 | call to call_singleton1 | calls.rb:383:9:385:11 | call_singleton1 |
| calls.rb:402:1:402:34 | call to call_singleton2 | calls.rb:392:5:394:7 | call_singleton2 |
| calls.rb:407:13:407:48 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:412:9:412:44 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:416:1:416:29 | call to singleton1 | calls.rb:406:9:408:11 | singleton1 |
| calls.rb:417:1:417:29 | call to singleton2 | calls.rb:411:5:413:7 | singleton2 |
| calls.rb:418:1:418:34 | call to call_singleton1 | calls.rb:383:9:385:11 | call_singleton1 |
| calls.rb:419:1:419:34 | call to call_singleton2 | calls.rb:392:5:394:7 | call_singleton2 |
| calls.rb:424:13:424:48 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:429:9:429:44 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:432:13:432:48 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:435:17:435:52 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:443:9:447:11 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:443:9:447:15 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:445:17:445:40 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:451:1:451:30 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:451:1:451:33 | call to m1 | calls.rb:423:9:425:11 | m1 |
| calls.rb:452:1:452:30 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:453:1:453:30 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:453:1:453:33 | call to m2 | calls.rb:428:5:440:7 | m2 |
| calls.rb:454:1:454:30 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:455:1:455:30 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:456:1:456:30 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:458:27:476:3 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:461:13:461:22 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:465:5:469:7 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:465:5:469:11 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:467:13:467:22 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:473:13:473:27 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:478:1:478:27 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:479:1:479:27 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:480:1:480:27 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:481:1:481:27 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:482:1:482:27 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:492:1:492:31 | call to singleton | calls.rb:485:5:487:7 | singleton |
| calls.rb:498:1:498:32 | call to singleton | calls.rb:485:5:487:7 | singleton |
| calls.rb:505:1:505:32 | call to singleton | calls.rb:485:5:487:7 | singleton |
| calls.rb:511:1:511:13 | call to singleton | calls.rb:485:5:487:7 | singleton |
| calls.rb:520:5:520:35 | call to include | calls.rb:108:5:110:7 | include |
| calls.rb:523:9:523:35 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:527:9:527:11 | call to foo | calls.rb:514:15:516:7 | foo |
| calls.rb:528:9:528:11 | call to bar | calls.rb:522:15:524:7 | bar |
| calls.rb:529:9:529:28 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:529:9:529:32 | call to foo | calls.rb:514:15:516:7 | foo |
| calls.rb:530:9:530:28 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:530:9:530:32 | call to bar | calls.rb:522:15:524:7 | bar |
| calls.rb:534:1:534:20 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:535:1:535:20 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:536:1:536:20 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:536:1:536:24 | call to baz | calls.rb:526:5:531:7 | baz |
| calls.rb:540:9:540:11 | call to foo | calls.rb:514:15:516:7 | foo |
| calls.rb:541:9:541:31 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:541:9:541:35 | call to foo | calls.rb:514:15:516:7 | foo |
| calls.rb:545:1:545:23 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:546:1:546:23 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:547:1:547:23 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:547:1:547:27 | call to baz | calls.rb:539:5:542:7 | baz |
| calls.rb:549:2:549:6 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:549:20:549:24 | call to baz | calls.rb:51:5:57:7 | baz |
| calls.rb:550:26:550:37 | call to capitalize | calls.rb:97:5:97:23 | capitalize |
| calls.rb:557:5:557:13 | call to singleton | calls.rb:553:5:554:7 | singleton |
| calls.rb:560:9:560:17 | call to singleton | calls.rb:553:5:554:7 | singleton |
| calls.rb:561:9:561:18 | call to singleton2 | calls.rb:565:5:566:7 | singleton2 |
| calls.rb:568:5:568:14 | call to mid_method | calls.rb:559:5:562:7 | mid_method |
| calls.rb:384:13:384:22 | call to singleton1 | calls.rb:414:9:416:11 | singleton1 |
| calls.rb:388:13:388:20 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:388:13:388:30 | call to instance1 | calls.rb:402:5:404:7 | instance1 |
| calls.rb:388:13:388:30 | call to instance1 | calls.rb:423:5:425:7 | instance1 |
| calls.rb:393:9:393:44 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:397:9:397:18 | call to singleton2 | calls.rb:392:5:394:7 | singleton2 |
| calls.rb:397:9:397:18 | call to singleton2 | calls.rb:419:5:421:7 | singleton2 |
| calls.rb:400:5:400:14 | call to singleton2 | calls.rb:392:5:394:7 | singleton2 |
| calls.rb:403:9:403:43 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:407:1:407:29 | call to singleton1 | calls.rb:379:9:381:11 | singleton1 |
| calls.rb:408:1:408:29 | call to singleton2 | calls.rb:392:5:394:7 | singleton2 |
| calls.rb:409:1:409:34 | call to call_singleton1 | calls.rb:383:9:385:11 | call_singleton1 |
| calls.rb:410:1:410:34 | call to call_singleton2 | calls.rb:396:5:398:7 | call_singleton2 |
| calls.rb:415:13:415:48 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:420:9:420:44 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:424:9:424:43 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:428:1:428:29 | call to singleton1 | calls.rb:414:9:416:11 | singleton1 |
| calls.rb:429:1:429:29 | call to singleton2 | calls.rb:419:5:421:7 | singleton2 |
| calls.rb:430:1:430:34 | call to call_singleton1 | calls.rb:383:9:385:11 | call_singleton1 |
| calls.rb:431:1:431:34 | call to call_singleton2 | calls.rb:396:5:398:7 | call_singleton2 |
| calls.rb:436:13:436:48 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:441:9:441:44 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:444:13:444:48 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:447:17:447:52 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:455:9:459:11 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:455:9:459:15 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:457:17:457:40 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:463:1:463:30 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:463:1:463:33 | call to m1 | calls.rb:435:9:437:11 | m1 |
| calls.rb:464:1:464:30 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:465:1:465:30 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:465:1:465:33 | call to m2 | calls.rb:440:5:452:7 | m2 |
| calls.rb:466:1:466:30 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:467:1:467:30 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:468:1:468:30 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:470:27:488:3 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:473:13:473:22 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:477:5:481:7 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:477:5:481:11 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:479:13:479:22 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:485:13:485:27 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:490:1:490:27 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:491:1:491:27 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:492:1:492:27 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:493:1:493:27 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:494:1:494:27 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:504:1:504:31 | call to singleton | calls.rb:497:5:499:7 | singleton |
| calls.rb:510:1:510:32 | call to singleton | calls.rb:497:5:499:7 | singleton |
| calls.rb:517:1:517:32 | call to singleton | calls.rb:497:5:499:7 | singleton |
| calls.rb:523:1:523:13 | call to singleton | calls.rb:497:5:499:7 | singleton |
| calls.rb:532:5:532:35 | call to include | calls.rb:108:5:110:7 | include |
| calls.rb:535:9:535:35 | call to puts | calls.rb:102:5:102:30 | puts |
| calls.rb:539:9:539:11 | call to foo | calls.rb:526:15:528:7 | foo |
| calls.rb:540:9:540:11 | call to bar | calls.rb:534:15:536:7 | bar |
| calls.rb:541:9:541:28 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:541:9:541:32 | call to foo | calls.rb:526:15:528:7 | foo |
| calls.rb:542:9:542:28 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:542:9:542:32 | call to bar | calls.rb:534:15:536:7 | bar |
| calls.rb:546:1:546:20 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:547:1:547:20 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:548:1:548:20 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:548:1:548:24 | call to baz | calls.rb:538:5:543:7 | baz |
| calls.rb:552:9:552:11 | call to foo | calls.rb:526:15:528:7 | foo |
| calls.rb:553:9:553:31 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:553:9:553:35 | call to foo | calls.rb:526:15:528:7 | foo |
| calls.rb:557:1:557:23 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:558:1:558:23 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:559:1:559:23 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:559:1:559:27 | call to baz | calls.rb:551:5:554:7 | baz |
| calls.rb:561:2:561:6 | call to new | calls.rb:117:5:117:16 | new |
| calls.rb:561:20:561:24 | call to baz | calls.rb:51:5:57:7 | baz |
| calls.rb:562:26:562:37 | call to capitalize | calls.rb:97:5:97:23 | capitalize |
| calls.rb:569:5:569:13 | call to singleton | calls.rb:565:5:566:7 | singleton |
| calls.rb:572:9:572:17 | call to singleton | calls.rb:565:5:566:7 | singleton |
| calls.rb:573:9:573:18 | call to singleton2 | calls.rb:577:5:578:7 | singleton2 |
| calls.rb:580:5:580:14 | call to mid_method | calls.rb:571:5:574:7 | mid_method |
| calls.rb:588:9:588:18 | call to singleton1 | calls.rb:584:5:585:7 | singleton1 |
| calls.rb:588:9:588:18 | call to singleton1 | calls.rb:597:5:598:7 | singleton1 |
| calls.rb:588:9:588:18 | call to singleton1 | calls.rb:606:5:607:7 | singleton1 |
| calls.rb:592:9:592:23 | call to call_singleton1 | calls.rb:587:5:589:7 | call_singleton1 |
| calls.rb:592:9:592:23 | call to call_singleton1 | calls.rb:600:5:602:7 | call_singleton1 |
| calls.rb:592:9:592:23 | call to call_singleton1 | calls.rb:609:5:611:7 | call_singleton1 |
| calls.rb:601:9:601:18 | call to singleton1 | calls.rb:597:5:598:7 | singleton1 |
| calls.rb:610:9:610:18 | call to singleton1 | calls.rb:606:5:607:7 | singleton1 |
| calls.rb:614:1:614:31 | call to call_call_singleton1 | calls.rb:591:5:593:7 | call_call_singleton1 |
| calls.rb:615:1:615:31 | call to call_call_singleton1 | calls.rb:591:5:593:7 | call_call_singleton1 |
| calls.rb:616:1:616:31 | call to call_call_singleton1 | calls.rb:591:5:593:7 | call_call_singleton1 |
| hello.rb:12:5:12:24 | call to include | calls.rb:108:5:110:7 | include |
| hello.rb:14:16:14:20 | call to hello | hello.rb:2:5:4:7 | hello |
| hello.rb:20:16:20:20 | call to super | hello.rb:13:5:15:7 | message |
@@ -265,6 +281,7 @@ getTarget
| private.rb:104:1:104:20 | call to new | calls.rb:117:5:117:16 | new |
| private.rb:104:1:104:28 | call to call_m1 | private.rb:91:3:93:5 | call_m1 |
| private.rb:105:1:105:20 | call to new | calls.rb:117:5:117:16 | new |
| toplevel_self_singleton.rb:18:12:22:1 | call to new | calls.rb:117:5:117:16 | new |
| toplevel_self_singleton.rb:30:13:30:19 | call to call_me | toplevel_self_singleton.rb:26:9:27:11 | call_me |
| toplevel_self_singleton.rb:31:13:31:20 | call to call_you | toplevel_self_singleton.rb:29:9:32:11 | call_you |
unresolvedCall
@@ -301,45 +318,45 @@ unresolvedCall
| calls.rb:274:1:274:14 | call to singleton_g |
| calls.rb:276:1:276:14 | call to singleton_g |
| calls.rb:313:9:313:20 | call to instance |
| calls.rb:422:8:422:13 | call to rand |
| calls.rb:422:8:422:17 | ... > ... |
| calls.rb:439:9:439:10 | call to m3 |
| calls.rb:442:8:442:13 | call to rand |
| calls.rb:442:8:442:17 | ... > ... |
| calls.rb:443:9:447:18 | call to m5 |
| calls.rb:452:1:452:33 | call to m3 |
| calls.rb:454:1:454:33 | call to m3 |
| calls.rb:455:1:455:33 | call to m4 |
| calls.rb:456:1:456:33 | call to m5 |
| calls.rb:459:5:459:11 | call to [] |
| calls.rb:459:5:463:7 | call to each |
| calls.rb:465:5:469:15 | call to bar |
| calls.rb:434:8:434:13 | call to rand |
| calls.rb:434:8:434:17 | ... > ... |
| calls.rb:451:9:451:10 | call to m3 |
| calls.rb:454:8:454:13 | call to rand |
| calls.rb:454:8:454:17 | ... > ... |
| calls.rb:455:9:459:18 | call to m5 |
| calls.rb:464:1:464:33 | call to m3 |
| calls.rb:466:1:466:33 | call to m3 |
| calls.rb:467:1:467:33 | call to m4 |
| calls.rb:468:1:468:33 | call to m5 |
| calls.rb:471:5:471:11 | call to [] |
| calls.rb:471:5:475:7 | call to each |
| calls.rb:472:9:474:11 | call to define_method |
| calls.rb:478:1:478:31 | call to foo |
| calls.rb:479:1:479:31 | call to bar |
| calls.rb:480:1:480:33 | call to baz_0 |
| calls.rb:481:1:481:33 | call to baz_1 |
| calls.rb:482:1:482:33 | call to baz_2 |
| calls.rb:486:9:486:46 | call to puts |
| calls.rb:489:5:489:15 | call to extend |
| calls.rb:495:5:495:32 | call to extend |
| calls.rb:503:1:503:51 | call to extend |
| calls.rb:508:1:508:13 | call to singleton |
| calls.rb:509:1:509:32 | call to extend |
| calls.rb:514:5:516:7 | call to protected |
| calls.rb:515:9:515:42 | call to puts |
| calls.rb:522:5:524:7 | call to protected |
| calls.rb:534:1:534:24 | call to foo |
| calls.rb:535:1:535:24 | call to bar |
| calls.rb:545:1:545:27 | call to foo |
| calls.rb:546:1:546:27 | call to bar |
| calls.rb:549:1:549:7 | call to [] |
| calls.rb:549:1:549:26 | call to each |
| calls.rb:550:1:550:13 | call to [] |
| calls.rb:550:1:550:39 | call to each |
| calls.rb:558:5:558:14 | call to singleton2 |
| calls.rb:477:5:481:15 | call to bar |
| calls.rb:483:5:483:11 | call to [] |
| calls.rb:483:5:487:7 | call to each |
| calls.rb:484:9:486:11 | call to define_method |
| calls.rb:490:1:490:31 | call to foo |
| calls.rb:491:1:491:31 | call to bar |
| calls.rb:492:1:492:33 | call to baz_0 |
| calls.rb:493:1:493:33 | call to baz_1 |
| calls.rb:494:1:494:33 | call to baz_2 |
| calls.rb:498:9:498:46 | call to puts |
| calls.rb:501:5:501:15 | call to extend |
| calls.rb:507:5:507:32 | call to extend |
| calls.rb:515:1:515:51 | call to extend |
| calls.rb:520:1:520:13 | call to singleton |
| calls.rb:521:1:521:32 | call to extend |
| calls.rb:526:5:528:7 | call to protected |
| calls.rb:527:9:527:42 | call to puts |
| calls.rb:534:5:536:7 | call to protected |
| calls.rb:546:1:546:24 | call to foo |
| calls.rb:547:1:547:24 | call to bar |
| calls.rb:557:1:557:27 | call to foo |
| calls.rb:558:1:558:27 | call to bar |
| calls.rb:561:1:561:7 | call to [] |
| calls.rb:561:1:561:26 | call to each |
| calls.rb:562:1:562:13 | call to [] |
| calls.rb:562:1:562:39 | call to each |
| calls.rb:570:5:570:14 | call to singleton2 |
| hello.rb:20:16:20:26 | ... + ... |
| hello.rb:20:16:20:34 | ... + ... |
| hello.rb:20:16:20:40 | ... + ... |
@@ -356,7 +373,6 @@ unresolvedCall
| toplevel_self_singleton.rb:8:1:16:3 | call to do_something |
| toplevel_self_singleton.rb:10:9:10:27 | call to ab_singleton_method |
| toplevel_self_singleton.rb:14:9:14:27 | call to ab_singleton_method |
| toplevel_self_singleton.rb:18:12:22:1 | call to new |
| toplevel_self_singleton.rb:20:9:20:27 | call to ab_singleton_method |
privateMethod
| calls.rb:1:1:3:3 | foo |
@@ -370,8 +386,8 @@ privateMethod
| calls.rb:278:1:286:3 | create |
| calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:367:1:371:3 | add_singleton |
| calls.rb:460:9:462:11 | foo |
| calls.rb:466:9:468:11 | bar |
| calls.rb:472:9:474:11 | foo |
| calls.rb:478:9:480:11 | bar |
| private.rb:2:11:3:5 | private1 |
| private.rb:8:3:9:5 | private2 |
| private.rb:14:3:15:5 | private3 |
@@ -435,21 +451,31 @@ publicMethod
| calls.rb:368:5:370:7 | instance |
| calls.rb:379:9:381:11 | singleton1 |
| calls.rb:383:9:385:11 | call_singleton1 |
| calls.rb:388:5:390:7 | singleton2 |
| calls.rb:392:5:394:7 | call_singleton2 |
| calls.rb:406:9:408:11 | singleton1 |
| calls.rb:411:5:413:7 | singleton2 |
| calls.rb:423:9:425:11 | m1 |
| calls.rb:428:5:440:7 | m2 |
| calls.rb:431:9:437:11 | m3 |
| calls.rb:434:13:436:15 | m4 |
| calls.rb:444:13:446:15 | m5 |
| calls.rb:485:5:487:7 | singleton |
| calls.rb:526:5:531:7 | baz |
| calls.rb:539:5:542:7 | baz |
| calls.rb:553:5:554:7 | singleton |
| calls.rb:559:5:562:7 | mid_method |
| calls.rb:565:5:566:7 | singleton2 |
| calls.rb:387:9:389:11 | factory |
| calls.rb:392:5:394:7 | singleton2 |
| calls.rb:396:5:398:7 | call_singleton2 |
| calls.rb:402:5:404:7 | instance1 |
| calls.rb:414:9:416:11 | singleton1 |
| calls.rb:419:5:421:7 | singleton2 |
| calls.rb:423:5:425:7 | instance1 |
| calls.rb:435:9:437:11 | m1 |
| calls.rb:440:5:452:7 | m2 |
| calls.rb:443:9:449:11 | m3 |
| calls.rb:446:13:448:15 | m4 |
| calls.rb:456:13:458:15 | m5 |
| calls.rb:497:5:499:7 | singleton |
| calls.rb:538:5:543:7 | baz |
| calls.rb:551:5:554:7 | baz |
| calls.rb:565:5:566:7 | singleton |
| calls.rb:571:5:574:7 | mid_method |
| calls.rb:577:5:578:7 | singleton2 |
| calls.rb:584:5:585:7 | singleton1 |
| calls.rb:587:5:589:7 | call_singleton1 |
| calls.rb:591:5:593:7 | call_call_singleton1 |
| calls.rb:597:5:598:7 | singleton1 |
| calls.rb:600:5:602:7 | call_singleton1 |
| calls.rb:606:5:607:7 | singleton1 |
| calls.rb:609:5:611:7 | call_singleton1 |
| hello.rb:2:5:4:7 | hello |
| hello.rb:5:5:7:7 | world |
| hello.rb:13:5:15:7 | message |
@@ -477,7 +503,7 @@ publicMethod
| toplevel_self_singleton.rb:26:9:27:11 | call_me |
| toplevel_self_singleton.rb:29:9:32:11 | call_you |
protectedMethod
| calls.rb:514:15:516:7 | foo |
| calls.rb:522:15:524:7 | bar |
| calls.rb:526:15:528:7 | foo |
| calls.rb:534:15:536:7 | bar |
| private.rb:32:3:33:5 | protected1 |
| private.rb:35:3:36:5 | protected2 |

47
ruby/ql/test/library-tests/modules/calls.rb
View File

@@ -383,6 +383,10 @@ class SingletonOverride1
def call_singleton1
singleton1
end
def factory
self.new.instance1
end
end
def self.singleton2
@@ -394,6 +398,10 @@ class SingletonOverride1
end
singleton2
def instance1
puts "SingletonOverride1#instance1"
end
end
SingletonOverride1.singleton1
@@ -411,6 +419,10 @@ class SingletonOverride2 < SingletonOverride1
def self.singleton2
puts "SingletonOverride2#singleton2"
end
def instance1
puts "SingletonOverride2#instance1"
end
end
SingletonOverride2.singleton1
@@ -567,3 +579,38 @@ class SingletonUpCall_SubSub < SingletonUpCall_Sub
mid_method
end
class SingletonA
def self.singleton1
end
def self.call_singleton1
singleton1
end
def self.call_call_singleton1
call_singleton1
end
end
class SingletonB < SingletonA
def self.singleton1
end
def self.call_singleton1
singleton1 # should not be able to target `SingletonA:::singleton1` and `SingletonC:::singleton1`
end
end
class SingletonC < SingletonA
def self.singleton1
end
def self.call_singleton1
singleton1 # should not be able to target `SingletonA:::singleton1` and `SingletonB:::singleton1`
end
end
SingletonA.call_call_singleton1
SingletonB.call_call_singleton1
SingletonC.call_call_singleton1

481
ruby/ql/test/library-tests/modules/methods.expected
View File

@@ -36,13 +36,15 @@ getMethod
| calls.rb:325:1:329:3 | C1 | instance | calls.rb:326:5:328:7 | instance |
| calls.rb:331:1:335:3 | C2 | instance | calls.rb:332:5:334:7 | instance |
| calls.rb:337:1:341:3 | C3 | instance | calls.rb:338:5:340:7 | instance |
| calls.rb:421:1:449:3 | ConditionalInstanceMethods | m1 | calls.rb:423:9:425:11 | m1 |
| calls.rb:421:1:449:3 | ConditionalInstanceMethods | m2 | calls.rb:428:5:440:7 | m2 |
| calls.rb:484:1:490:3 | ExtendSingletonMethod | singleton | calls.rb:485:5:487:7 | singleton |
| calls.rb:513:1:517:3 | ProtectedMethodInModule | foo | calls.rb:514:15:516:7 | foo |
| calls.rb:519:1:532:3 | ProtectedMethods | bar | calls.rb:522:15:524:7 | bar |
| calls.rb:519:1:532:3 | ProtectedMethods | baz | calls.rb:526:5:531:7 | baz |
| calls.rb:538:1:543:3 | ProtectedMethodsSub | baz | calls.rb:539:5:542:7 | baz |
| calls.rb:377:1:405:3 | SingletonOverride1 | instance1 | calls.rb:402:5:404:7 | instance1 |
| calls.rb:412:1:426:3 | SingletonOverride2 | instance1 | calls.rb:423:5:425:7 | instance1 |
| calls.rb:433:1:461:3 | ConditionalInstanceMethods | m1 | calls.rb:435:9:437:11 | m1 |
| calls.rb:433:1:461:3 | ConditionalInstanceMethods | m2 | calls.rb:440:5:452:7 | m2 |
| calls.rb:496:1:502:3 | ExtendSingletonMethod | singleton | calls.rb:497:5:499:7 | singleton |
| calls.rb:525:1:529:3 | ProtectedMethodInModule | foo | calls.rb:526:15:528:7 | foo |
| calls.rb:531:1:544:3 | ProtectedMethods | bar | calls.rb:534:15:536:7 | bar |
| calls.rb:531:1:544:3 | ProtectedMethods | baz | calls.rb:538:5:543:7 | baz |
| calls.rb:550:1:555:3 | ProtectedMethodsSub | baz | calls.rb:551:5:554:7 | baz |
| hello.rb:1:1:8:3 | EnglishWords | hello | hello.rb:2:5:4:7 | hello |
| hello.rb:1:1:8:3 | EnglishWords | world | hello.rb:5:5:7:7 | world |
| hello.rb:11:1:16:3 | Greeting | message | hello.rb:13:5:15:7 | message |
@@ -314,124 +316,168 @@ lookupMethod
| calls.rb:337:1:341:3 | C3 | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:337:1:341:3 | C3 | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:337:1:341:3 | C3 | to_s | calls.rb:172:5:173:7 | to_s |
| calls.rb:377:1:397:3 | SingletonOverride1 | add_singleton | calls.rb:367:1:371:3 | add_singleton |
| calls.rb:377:1:397:3 | SingletonOverride1 | call_block | calls.rb:81:1:83:3 | call_block |
| calls.rb:377:1:397:3 | SingletonOverride1 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
| calls.rb:377:1:397:3 | SingletonOverride1 | create | calls.rb:278:1:286:3 | create |
| calls.rb:377:1:397:3 | SingletonOverride1 | foo | calls.rb:1:1:3:3 | foo |
| calls.rb:377:1:397:3 | SingletonOverride1 | foo | calls.rb:85:1:89:3 | foo |
| calls.rb:377:1:397:3 | SingletonOverride1 | funny | calls.rb:140:1:142:3 | funny |
| calls.rb:377:1:397:3 | SingletonOverride1 | indirect | calls.rb:158:1:160:3 | indirect |
| calls.rb:377:1:397:3 | SingletonOverride1 | new | calls.rb:117:5:117:16 | new |
| calls.rb:377:1:397:3 | SingletonOverride1 | optional_arg | calls.rb:76:1:79:3 | optional_arg |
| calls.rb:377:1:397:3 | SingletonOverride1 | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:377:1:397:3 | SingletonOverride1 | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:377:1:397:3 | SingletonOverride1 | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:377:1:397:3 | SingletonOverride1 | to_s | calls.rb:172:5:173:7 | to_s |
| calls.rb:404:1:414:3 | SingletonOverride2 | add_singleton | calls.rb:367:1:371:3 | add_singleton |
| calls.rb:404:1:414:3 | SingletonOverride2 | call_block | calls.rb:81:1:83:3 | call_block |
| calls.rb:404:1:414:3 | SingletonOverride2 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
| calls.rb:404:1:414:3 | SingletonOverride2 | create | calls.rb:278:1:286:3 | create |
| calls.rb:404:1:414:3 | SingletonOverride2 | foo | calls.rb:1:1:3:3 | foo |
| calls.rb:404:1:414:3 | SingletonOverride2 | foo | calls.rb:85:1:89:3 | foo |
| calls.rb:404:1:414:3 | SingletonOverride2 | funny | calls.rb:140:1:142:3 | funny |
| calls.rb:404:1:414:3 | SingletonOverride2 | indirect | calls.rb:158:1:160:3 | indirect |
| calls.rb:404:1:414:3 | SingletonOverride2 | new | calls.rb:117:5:117:16 | new |
| calls.rb:404:1:414:3 | SingletonOverride2 | optional_arg | calls.rb:76:1:79:3 | optional_arg |
| calls.rb:404:1:414:3 | SingletonOverride2 | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:404:1:414:3 | SingletonOverride2 | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:404:1:414:3 | SingletonOverride2 | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:404:1:414:3 | SingletonOverride2 | to_s | calls.rb:172:5:173:7 | to_s |
| calls.rb:421:1:449:3 | ConditionalInstanceMethods | add_singleton | calls.rb:367:1:371:3 | add_singleton |
| calls.rb:421:1:449:3 | ConditionalInstanceMethods | call_block | calls.rb:81:1:83:3 | call_block |
| calls.rb:421:1:449:3 | ConditionalInstanceMethods | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
| calls.rb:421:1:449:3 | ConditionalInstanceMethods | create | calls.rb:278:1:286:3 | create |
| calls.rb:421:1:449:3 | ConditionalInstanceMethods | foo | calls.rb:1:1:3:3 | foo |
| calls.rb:421:1:449:3 | ConditionalInstanceMethods | foo | calls.rb:85:1:89:3 | foo |
| calls.rb:421:1:449:3 | ConditionalInstanceMethods | funny | calls.rb:140:1:142:3 | funny |
| calls.rb:421:1:449:3 | ConditionalInstanceMethods | indirect | calls.rb:158:1:160:3 | indirect |
| calls.rb:421:1:449:3 | ConditionalInstanceMethods | m1 | calls.rb:423:9:425:11 | m1 |
| calls.rb:421:1:449:3 | ConditionalInstanceMethods | m2 | calls.rb:428:5:440:7 | m2 |
| calls.rb:421:1:449:3 | ConditionalInstanceMethods | new | calls.rb:117:5:117:16 | new |
| calls.rb:421:1:449:3 | ConditionalInstanceMethods | optional_arg | calls.rb:76:1:79:3 | optional_arg |
| calls.rb:421:1:449:3 | ConditionalInstanceMethods | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:421:1:449:3 | ConditionalInstanceMethods | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:421:1:449:3 | ConditionalInstanceMethods | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:421:1:449:3 | ConditionalInstanceMethods | to_s | calls.rb:172:5:173:7 | to_s |
| calls.rb:484:1:490:3 | ExtendSingletonMethod | singleton | calls.rb:485:5:487:7 | singleton |
| calls.rb:513:1:517:3 | ProtectedMethodInModule | foo | calls.rb:514:15:516:7 | foo |
| calls.rb:519:1:532:3 | ProtectedMethods | add_singleton | calls.rb:367:1:371:3 | add_singleton |
| calls.rb:519:1:532:3 | ProtectedMethods | bar | calls.rb:522:15:524:7 | bar |
| calls.rb:519:1:532:3 | ProtectedMethods | baz | calls.rb:526:5:531:7 | baz |
| calls.rb:519:1:532:3 | ProtectedMethods | call_block | calls.rb:81:1:83:3 | call_block |
| calls.rb:519:1:532:3 | ProtectedMethods | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
| calls.rb:519:1:532:3 | ProtectedMethods | create | calls.rb:278:1:286:3 | create |
| calls.rb:519:1:532:3 | ProtectedMethods | foo | calls.rb:514:15:516:7 | foo |
| calls.rb:519:1:532:3 | ProtectedMethods | funny | calls.rb:140:1:142:3 | funny |
| calls.rb:519:1:532:3 | ProtectedMethods | indirect | calls.rb:158:1:160:3 | indirect |
| calls.rb:519:1:532:3 | ProtectedMethods | new | calls.rb:117:5:117:16 | new |
| calls.rb:519:1:532:3 | ProtectedMethods | optional_arg | calls.rb:76:1:79:3 | optional_arg |
| calls.rb:519:1:532:3 | ProtectedMethods | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:519:1:532:3 | ProtectedMethods | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:519:1:532:3 | ProtectedMethods | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:519:1:532:3 | ProtectedMethods | to_s | calls.rb:172:5:173:7 | to_s |
| calls.rb:538:1:543:3 | ProtectedMethodsSub | add_singleton | calls.rb:367:1:371:3 | add_singleton |
| calls.rb:538:1:543:3 | ProtectedMethodsSub | bar | calls.rb:522:15:524:7 | bar |
| calls.rb:538:1:543:3 | ProtectedMethodsSub | baz | calls.rb:539:5:542:7 | baz |
| calls.rb:538:1:543:3 | ProtectedMethodsSub | call_block | calls.rb:81:1:83:3 | call_block |
| calls.rb:538:1:543:3 | ProtectedMethodsSub | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
| calls.rb:538:1:543:3 | ProtectedMethodsSub | create | calls.rb:278:1:286:3 | create |
| calls.rb:538:1:543:3 | ProtectedMethodsSub | foo | calls.rb:514:15:516:7 | foo |
| calls.rb:538:1:543:3 | ProtectedMethodsSub | funny | calls.rb:140:1:142:3 | funny |
| calls.rb:538:1:543:3 | ProtectedMethodsSub | indirect | calls.rb:158:1:160:3 | indirect |
| calls.rb:538:1:543:3 | ProtectedMethodsSub | new | calls.rb:117:5:117:16 | new |
| calls.rb:538:1:543:3 | ProtectedMethodsSub | optional_arg | calls.rb:76:1:79:3 | optional_arg |
| calls.rb:538:1:543:3 | ProtectedMethodsSub | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:538:1:543:3 | ProtectedMethodsSub | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:538:1:543:3 | ProtectedMethodsSub | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:538:1:543:3 | ProtectedMethodsSub | to_s | calls.rb:172:5:173:7 | to_s |
| calls.rb:552:1:555:3 | SingletonUpCall_Base | add_singleton | calls.rb:367:1:371:3 | add_singleton |
| calls.rb:552:1:555:3 | SingletonUpCall_Base | call_block | calls.rb:81:1:83:3 | call_block |
| calls.rb:552:1:555:3 | SingletonUpCall_Base | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
| calls.rb:552:1:555:3 | SingletonUpCall_Base | create | calls.rb:278:1:286:3 | create |
| calls.rb:552:1:555:3 | SingletonUpCall_Base | foo | calls.rb:1:1:3:3 | foo |
| calls.rb:552:1:555:3 | SingletonUpCall_Base | foo | calls.rb:85:1:89:3 | foo |
| calls.rb:552:1:555:3 | SingletonUpCall_Base | funny | calls.rb:140:1:142:3 | funny |
| calls.rb:552:1:555:3 | SingletonUpCall_Base | indirect | calls.rb:158:1:160:3 | indirect |
| calls.rb:552:1:555:3 | SingletonUpCall_Base | new | calls.rb:117:5:117:16 | new |
| calls.rb:552:1:555:3 | SingletonUpCall_Base | optional_arg | calls.rb:76:1:79:3 | optional_arg |
| calls.rb:552:1:555:3 | SingletonUpCall_Base | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:552:1:555:3 | SingletonUpCall_Base | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:552:1:555:3 | SingletonUpCall_Base | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:552:1:555:3 | SingletonUpCall_Base | to_s | calls.rb:172:5:173:7 | to_s |
| calls.rb:556:1:563:3 | SingletonUpCall_Sub | add_singleton | calls.rb:367:1:371:3 | add_singleton |
| calls.rb:556:1:563:3 | SingletonUpCall_Sub | call_block | calls.rb:81:1:83:3 | call_block |
| calls.rb:556:1:563:3 | SingletonUpCall_Sub | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
| calls.rb:556:1:563:3 | SingletonUpCall_Sub | create | calls.rb:278:1:286:3 | create |
| calls.rb:556:1:563:3 | SingletonUpCall_Sub | foo | calls.rb:1:1:3:3 | foo |
| calls.rb:556:1:563:3 | SingletonUpCall_Sub | foo | calls.rb:85:1:89:3 | foo |
| calls.rb:556:1:563:3 | SingletonUpCall_Sub | funny | calls.rb:140:1:142:3 | funny |
| calls.rb:556:1:563:3 | SingletonUpCall_Sub | indirect | calls.rb:158:1:160:3 | indirect |
| calls.rb:556:1:563:3 | SingletonUpCall_Sub | new | calls.rb:117:5:117:16 | new |
| calls.rb:556:1:563:3 | SingletonUpCall_Sub | optional_arg | calls.rb:76:1:79:3 | optional_arg |
| calls.rb:556:1:563:3 | SingletonUpCall_Sub | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:556:1:563:3 | SingletonUpCall_Sub | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:556:1:563:3 | SingletonUpCall_Sub | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:556:1:563:3 | SingletonUpCall_Sub | to_s | calls.rb:172:5:173:7 | to_s |
| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | add_singleton | calls.rb:367:1:371:3 | add_singleton |
| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | call_block | calls.rb:81:1:83:3 | call_block |
| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | create | calls.rb:278:1:286:3 | create |
| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | foo | calls.rb:1:1:3:3 | foo |
| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | foo | calls.rb:85:1:89:3 | foo |
| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | funny | calls.rb:140:1:142:3 | funny |
| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | indirect | calls.rb:158:1:160:3 | indirect |
| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | new | calls.rb:117:5:117:16 | new |
| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | optional_arg | calls.rb:76:1:79:3 | optional_arg |
| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | to_s | calls.rb:172:5:173:7 | to_s |
| calls.rb:377:1:405:3 | SingletonOverride1 | add_singleton | calls.rb:367:1:371:3 | add_singleton |
| calls.rb:377:1:405:3 | SingletonOverride1 | call_block | calls.rb:81:1:83:3 | call_block |
| calls.rb:377:1:405:3 | SingletonOverride1 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
| calls.rb:377:1:405:3 | SingletonOverride1 | create | calls.rb:278:1:286:3 | create |
| calls.rb:377:1:405:3 | SingletonOverride1 | foo | calls.rb:1:1:3:3 | foo |
| calls.rb:377:1:405:3 | SingletonOverride1 | foo | calls.rb:85:1:89:3 | foo |
| calls.rb:377:1:405:3 | SingletonOverride1 | funny | calls.rb:140:1:142:3 | funny |
| calls.rb:377:1:405:3 | SingletonOverride1 | indirect | calls.rb:158:1:160:3 | indirect |
| calls.rb:377:1:405:3 | SingletonOverride1 | instance1 | calls.rb:402:5:404:7 | instance1 |
| calls.rb:377:1:405:3 | SingletonOverride1 | new | calls.rb:117:5:117:16 | new |
| calls.rb:377:1:405:3 | SingletonOverride1 | optional_arg | calls.rb:76:1:79:3 | optional_arg |
| calls.rb:377:1:405:3 | SingletonOverride1 | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:377:1:405:3 | SingletonOverride1 | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:377:1:405:3 | SingletonOverride1 | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:377:1:405:3 | SingletonOverride1 | to_s | calls.rb:172:5:173:7 | to_s |
| calls.rb:412:1:426:3 | SingletonOverride2 | add_singleton | calls.rb:367:1:371:3 | add_singleton |
| calls.rb:412:1:426:3 | SingletonOverride2 | call_block | calls.rb:81:1:83:3 | call_block |
| calls.rb:412:1:426:3 | SingletonOverride2 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
| calls.rb:412:1:426:3 | SingletonOverride2 | create | calls.rb:278:1:286:3 | create |
| calls.rb:412:1:426:3 | SingletonOverride2 | foo | calls.rb:1:1:3:3 | foo |
| calls.rb:412:1:426:3 | SingletonOverride2 | foo | calls.rb:85:1:89:3 | foo |
| calls.rb:412:1:426:3 | SingletonOverride2 | funny | calls.rb:140:1:142:3 | funny |
| calls.rb:412:1:426:3 | SingletonOverride2 | indirect | calls.rb:158:1:160:3 | indirect |
| calls.rb:412:1:426:3 | SingletonOverride2 | instance1 | calls.rb:423:5:425:7 | instance1 |
| calls.rb:412:1:426:3 | SingletonOverride2 | new | calls.rb:117:5:117:16 | new |
| calls.rb:412:1:426:3 | SingletonOverride2 | optional_arg | calls.rb:76:1:79:3 | optional_arg |
| calls.rb:412:1:426:3 | SingletonOverride2 | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:412:1:426:3 | SingletonOverride2 | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:412:1:426:3 | SingletonOverride2 | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:412:1:426:3 | SingletonOverride2 | to_s | calls.rb:172:5:173:7 | to_s |
| calls.rb:433:1:461:3 | ConditionalInstanceMethods | add_singleton | calls.rb:367:1:371:3 | add_singleton |
| calls.rb:433:1:461:3 | ConditionalInstanceMethods | call_block | calls.rb:81:1:83:3 | call_block |
| calls.rb:433:1:461:3 | ConditionalInstanceMethods | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
| calls.rb:433:1:461:3 | ConditionalInstanceMethods | create | calls.rb:278:1:286:3 | create |
| calls.rb:433:1:461:3 | ConditionalInstanceMethods | foo | calls.rb:1:1:3:3 | foo |
| calls.rb:433:1:461:3 | ConditionalInstanceMethods | foo | calls.rb:85:1:89:3 | foo |
| calls.rb:433:1:461:3 | ConditionalInstanceMethods | funny | calls.rb:140:1:142:3 | funny |
| calls.rb:433:1:461:3 | ConditionalInstanceMethods | indirect | calls.rb:158:1:160:3 | indirect |
| calls.rb:433:1:461:3 | ConditionalInstanceMethods | m1 | calls.rb:435:9:437:11 | m1 |
| calls.rb:433:1:461:3 | ConditionalInstanceMethods | m2 | calls.rb:440:5:452:7 | m2 |
| calls.rb:433:1:461:3 | ConditionalInstanceMethods | new | calls.rb:117:5:117:16 | new |
| calls.rb:433:1:461:3 | ConditionalInstanceMethods | optional_arg | calls.rb:76:1:79:3 | optional_arg |
| calls.rb:433:1:461:3 | ConditionalInstanceMethods | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:433:1:461:3 | ConditionalInstanceMethods | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:433:1:461:3 | ConditionalInstanceMethods | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:433:1:461:3 | ConditionalInstanceMethods | to_s | calls.rb:172:5:173:7 | to_s |
| calls.rb:496:1:502:3 | ExtendSingletonMethod | singleton | calls.rb:497:5:499:7 | singleton |
| calls.rb:525:1:529:3 | ProtectedMethodInModule | foo | calls.rb:526:15:528:7 | foo |
| calls.rb:531:1:544:3 | ProtectedMethods | add_singleton | calls.rb:367:1:371:3 | add_singleton |
| calls.rb:531:1:544:3 | ProtectedMethods | bar | calls.rb:534:15:536:7 | bar |
| calls.rb:531:1:544:3 | ProtectedMethods | baz | calls.rb:538:5:543:7 | baz |
| calls.rb:531:1:544:3 | ProtectedMethods | call_block | calls.rb:81:1:83:3 | call_block |
| calls.rb:531:1:544:3 | ProtectedMethods | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
| calls.rb:531:1:544:3 | ProtectedMethods | create | calls.rb:278:1:286:3 | create |
| calls.rb:531:1:544:3 | ProtectedMethods | foo | calls.rb:526:15:528:7 | foo |
| calls.rb:531:1:544:3 | ProtectedMethods | funny | calls.rb:140:1:142:3 | funny |
| calls.rb:531:1:544:3 | ProtectedMethods | indirect | calls.rb:158:1:160:3 | indirect |
| calls.rb:531:1:544:3 | ProtectedMethods | new | calls.rb:117:5:117:16 | new |
| calls.rb:531:1:544:3 | ProtectedMethods | optional_arg | calls.rb:76:1:79:3 | optional_arg |
| calls.rb:531:1:544:3 | ProtectedMethods | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:531:1:544:3 | ProtectedMethods | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:531:1:544:3 | ProtectedMethods | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:531:1:544:3 | ProtectedMethods | to_s | calls.rb:172:5:173:7 | to_s |
| calls.rb:550:1:555:3 | ProtectedMethodsSub | add_singleton | calls.rb:367:1:371:3 | add_singleton |
| calls.rb:550:1:555:3 | ProtectedMethodsSub | bar | calls.rb:534:15:536:7 | bar |
| calls.rb:550:1:555:3 | ProtectedMethodsSub | baz | calls.rb:551:5:554:7 | baz |
| calls.rb:550:1:555:3 | ProtectedMethodsSub | call_block | calls.rb:81:1:83:3 | call_block |
| calls.rb:550:1:555:3 | ProtectedMethodsSub | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
| calls.rb:550:1:555:3 | ProtectedMethodsSub | create | calls.rb:278:1:286:3 | create |
| calls.rb:550:1:555:3 | ProtectedMethodsSub | foo | calls.rb:526:15:528:7 | foo |
| calls.rb:550:1:555:3 | ProtectedMethodsSub | funny | calls.rb:140:1:142:3 | funny |
| calls.rb:550:1:555:3 | ProtectedMethodsSub | indirect | calls.rb:158:1:160:3 | indirect |
| calls.rb:550:1:555:3 | ProtectedMethodsSub | new | calls.rb:117:5:117:16 | new |
| calls.rb:550:1:555:3 | ProtectedMethodsSub | optional_arg | calls.rb:76:1:79:3 | optional_arg |
| calls.rb:550:1:555:3 | ProtectedMethodsSub | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:550:1:555:3 | ProtectedMethodsSub | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:550:1:555:3 | ProtectedMethodsSub | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:550:1:555:3 | ProtectedMethodsSub | to_s | calls.rb:172:5:173:7 | to_s |
| calls.rb:564:1:567:3 | SingletonUpCall_Base | add_singleton | calls.rb:367:1:371:3 | add_singleton |
| calls.rb:564:1:567:3 | SingletonUpCall_Base | call_block | calls.rb:81:1:83:3 | call_block |
| calls.rb:564:1:567:3 | SingletonUpCall_Base | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
| calls.rb:564:1:567:3 | SingletonUpCall_Base | create | calls.rb:278:1:286:3 | create |
| calls.rb:564:1:567:3 | SingletonUpCall_Base | foo | calls.rb:1:1:3:3 | foo |
| calls.rb:564:1:567:3 | SingletonUpCall_Base | foo | calls.rb:85:1:89:3 | foo |
| calls.rb:564:1:567:3 | SingletonUpCall_Base | funny | calls.rb:140:1:142:3 | funny |
| calls.rb:564:1:567:3 | SingletonUpCall_Base | indirect | calls.rb:158:1:160:3 | indirect |
| calls.rb:564:1:567:3 | SingletonUpCall_Base | new | calls.rb:117:5:117:16 | new |
| calls.rb:564:1:567:3 | SingletonUpCall_Base | optional_arg | calls.rb:76:1:79:3 | optional_arg |
| calls.rb:564:1:567:3 | SingletonUpCall_Base | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:564:1:567:3 | SingletonUpCall_Base | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:564:1:567:3 | SingletonUpCall_Base | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:564:1:567:3 | SingletonUpCall_Base | to_s | calls.rb:172:5:173:7 | to_s |
| calls.rb:568:1:575:3 | SingletonUpCall_Sub | add_singleton | calls.rb:367:1:371:3 | add_singleton |
| calls.rb:568:1:575:3 | SingletonUpCall_Sub | call_block | calls.rb:81:1:83:3 | call_block |
| calls.rb:568:1:575:3 | SingletonUpCall_Sub | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
| calls.rb:568:1:575:3 | SingletonUpCall_Sub | create | calls.rb:278:1:286:3 | create |
| calls.rb:568:1:575:3 | SingletonUpCall_Sub | foo | calls.rb:1:1:3:3 | foo |
| calls.rb:568:1:575:3 | SingletonUpCall_Sub | foo | calls.rb:85:1:89:3 | foo |
| calls.rb:568:1:575:3 | SingletonUpCall_Sub | funny | calls.rb:140:1:142:3 | funny |
| calls.rb:568:1:575:3 | SingletonUpCall_Sub | indirect | calls.rb:158:1:160:3 | indirect |
| calls.rb:568:1:575:3 | SingletonUpCall_Sub | new | calls.rb:117:5:117:16 | new |
| calls.rb:568:1:575:3 | SingletonUpCall_Sub | optional_arg | calls.rb:76:1:79:3 | optional_arg |
| calls.rb:568:1:575:3 | SingletonUpCall_Sub | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:568:1:575:3 | SingletonUpCall_Sub | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:568:1:575:3 | SingletonUpCall_Sub | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:568:1:575:3 | SingletonUpCall_Sub | to_s | calls.rb:172:5:173:7 | to_s |
| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | add_singleton | calls.rb:367:1:371:3 | add_singleton |
| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | call_block | calls.rb:81:1:83:3 | call_block |
| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | create | calls.rb:278:1:286:3 | create |
| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | foo | calls.rb:1:1:3:3 | foo |
| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | foo | calls.rb:85:1:89:3 | foo |
| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | funny | calls.rb:140:1:142:3 | funny |
| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | indirect | calls.rb:158:1:160:3 | indirect |
| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | new | calls.rb:117:5:117:16 | new |
| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | optional_arg | calls.rb:76:1:79:3 | optional_arg |
| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | to_s | calls.rb:172:5:173:7 | to_s |
| calls.rb:583:1:594:3 | SingletonA | add_singleton | calls.rb:367:1:371:3 | add_singleton |
| calls.rb:583:1:594:3 | SingletonA | call_block | calls.rb:81:1:83:3 | call_block |
| calls.rb:583:1:594:3 | SingletonA | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
| calls.rb:583:1:594:3 | SingletonA | create | calls.rb:278:1:286:3 | create |
| calls.rb:583:1:594:3 | SingletonA | foo | calls.rb:1:1:3:3 | foo |
| calls.rb:583:1:594:3 | SingletonA | foo | calls.rb:85:1:89:3 | foo |
| calls.rb:583:1:594:3 | SingletonA | funny | calls.rb:140:1:142:3 | funny |
| calls.rb:583:1:594:3 | SingletonA | indirect | calls.rb:158:1:160:3 | indirect |
| calls.rb:583:1:594:3 | SingletonA | new | calls.rb:117:5:117:16 | new |
| calls.rb:583:1:594:3 | SingletonA | optional_arg | calls.rb:76:1:79:3 | optional_arg |
| calls.rb:583:1:594:3 | SingletonA | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:583:1:594:3 | SingletonA | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:583:1:594:3 | SingletonA | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:583:1:594:3 | SingletonA | to_s | calls.rb:172:5:173:7 | to_s |
| calls.rb:596:1:603:3 | SingletonB | add_singleton | calls.rb:367:1:371:3 | add_singleton |
| calls.rb:596:1:603:3 | SingletonB | call_block | calls.rb:81:1:83:3 | call_block |
| calls.rb:596:1:603:3 | SingletonB | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
| calls.rb:596:1:603:3 | SingletonB | create | calls.rb:278:1:286:3 | create |
| calls.rb:596:1:603:3 | SingletonB | foo | calls.rb:1:1:3:3 | foo |
| calls.rb:596:1:603:3 | SingletonB | foo | calls.rb:85:1:89:3 | foo |
| calls.rb:596:1:603:3 | SingletonB | funny | calls.rb:140:1:142:3 | funny |
| calls.rb:596:1:603:3 | SingletonB | indirect | calls.rb:158:1:160:3 | indirect |
| calls.rb:596:1:603:3 | SingletonB | new | calls.rb:117:5:117:16 | new |
| calls.rb:596:1:603:3 | SingletonB | optional_arg | calls.rb:76:1:79:3 | optional_arg |
| calls.rb:596:1:603:3 | SingletonB | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:596:1:603:3 | SingletonB | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:596:1:603:3 | SingletonB | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:596:1:603:3 | SingletonB | to_s | calls.rb:172:5:173:7 | to_s |
| calls.rb:605:1:612:3 | SingletonC | add_singleton | calls.rb:367:1:371:3 | add_singleton |
| calls.rb:605:1:612:3 | SingletonC | call_block | calls.rb:81:1:83:3 | call_block |
| calls.rb:605:1:612:3 | SingletonC | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
| calls.rb:605:1:612:3 | SingletonC | create | calls.rb:278:1:286:3 | create |
| calls.rb:605:1:612:3 | SingletonC | foo | calls.rb:1:1:3:3 | foo |
| calls.rb:605:1:612:3 | SingletonC | foo | calls.rb:85:1:89:3 | foo |
| calls.rb:605:1:612:3 | SingletonC | funny | calls.rb:140:1:142:3 | funny |
| calls.rb:605:1:612:3 | SingletonC | indirect | calls.rb:158:1:160:3 | indirect |
| calls.rb:605:1:612:3 | SingletonC | new | calls.rb:117:5:117:16 | new |
| calls.rb:605:1:612:3 | SingletonC | optional_arg | calls.rb:76:1:79:3 | optional_arg |
| calls.rb:605:1:612:3 | SingletonC | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
| calls.rb:605:1:612:3 | SingletonC | private_on_main | calls.rb:185:1:186:3 | private_on_main |
| calls.rb:605:1:612:3 | SingletonC | puts | calls.rb:102:5:102:30 | puts |
| calls.rb:605:1:612:3 | SingletonC | to_s | calls.rb:172:5:173:7 | to_s |
| file://:0:0:0:0 | Class | include | calls.rb:108:5:110:7 | include |
| file://:0:0:0:0 | Class | module_eval | calls.rb:107:5:107:24 | module_eval |
| file://:0:0:0:0 | Class | new | calls.rb:117:5:117:16 | new |
@@ -553,6 +599,18 @@ lookupMethod
| toplevel_self_singleton.rb:2:5:5:7 | A::B | new | calls.rb:117:5:117:16 | new |
| toplevel_self_singleton.rb:2:5:5:7 | A::B | puts | calls.rb:102:5:102:30 | puts |
| toplevel_self_singleton.rb:2:5:5:7 | A::B | to_s | calls.rb:172:5:173:7 | to_s |
| unresolved_subclass.rb:1:1:2:3 | ResolvableBaseClass | new | calls.rb:117:5:117:16 | new |
| unresolved_subclass.rb:1:1:2:3 | ResolvableBaseClass | puts | calls.rb:102:5:102:30 | puts |
| unresolved_subclass.rb:1:1:2:3 | ResolvableBaseClass | to_s | calls.rb:172:5:173:7 | to_s |
| unresolved_subclass.rb:4:1:5:3 | UnresolvedNamespace::Subclass1 | new | calls.rb:117:5:117:16 | new |
| unresolved_subclass.rb:4:1:5:3 | UnresolvedNamespace::Subclass1 | puts | calls.rb:102:5:102:30 | puts |
| unresolved_subclass.rb:4:1:5:3 | UnresolvedNamespace::Subclass1 | to_s | calls.rb:172:5:173:7 | to_s |
| unresolved_subclass.rb:7:1:8:3 | UnresolvedNamespace::Subclass2 | new | calls.rb:117:5:117:16 | new |
| unresolved_subclass.rb:7:1:8:3 | UnresolvedNamespace::Subclass2 | puts | calls.rb:102:5:102:30 | puts |
| unresolved_subclass.rb:7:1:8:3 | UnresolvedNamespace::Subclass2 | to_s | calls.rb:172:5:173:7 | to_s |
| unresolved_subclass.rb:11:1:12:3 | UnresolvedNamespace::A | new | calls.rb:117:5:117:16 | new |
| unresolved_subclass.rb:11:1:12:3 | UnresolvedNamespace::A | puts | calls.rb:102:5:102:30 | puts |
| unresolved_subclass.rb:11:1:12:3 | UnresolvedNamespace::A | to_s | calls.rb:172:5:173:7 | to_s |
enclosingMethod
| calls.rb:2:5:2:14 | call to puts | calls.rb:1:1:3:3 | foo |
| calls.rb:2:5:2:14 | self | calls.rb:1:1:3:3 | foo |
@@ -811,83 +869,102 @@ enclosingMethod
| calls.rb:380:19:380:47 | SingletonOverride1#singleton1 | calls.rb:379:9:381:11 | singleton1 |
| calls.rb:384:13:384:22 | call to singleton1 | calls.rb:383:9:385:11 | call_singleton1 |
| calls.rb:384:13:384:22 | self | calls.rb:383:9:385:11 | call_singleton1 |
| calls.rb:389:9:389:44 | call to puts | calls.rb:388:5:390:7 | singleton2 |
| calls.rb:389:9:389:44 | self | calls.rb:388:5:390:7 | singleton2 |
| calls.rb:389:14:389:44 | "SingletonOverride1#singleton2" | calls.rb:388:5:390:7 | singleton2 |
| calls.rb:389:15:389:43 | SingletonOverride1#singleton2 | calls.rb:388:5:390:7 | singleton2 |
| calls.rb:393:9:393:18 | call to singleton2 | calls.rb:392:5:394:7 | call_singleton2 |
| calls.rb:393:9:393:18 | self | calls.rb:392:5:394:7 | call_singleton2 |
| calls.rb:407:13:407:48 | call to puts | calls.rb:406:9:408:11 | singleton1 |
| calls.rb:407:13:407:48 | self | calls.rb:406:9:408:11 | singleton1 |
| calls.rb:407:18:407:48 | "SingletonOverride2#singleton1" | calls.rb:406:9:408:11 | singleton1 |
| calls.rb:407:19:407:47 | SingletonOverride2#singleton1 | calls.rb:406:9:408:11 | singleton1 |
| calls.rb:412:9:412:44 | call to puts | calls.rb:411:5:413:7 | singleton2 |
| calls.rb:412:9:412:44 | self | calls.rb:411:5:413:7 | singleton2 |
| calls.rb:412:14:412:44 | "SingletonOverride2#singleton2" | calls.rb:411:5:413:7 | singleton2 |
| calls.rb:412:15:412:43 | SingletonOverride2#singleton2 | calls.rb:411:5:413:7 | singleton2 |
| calls.rb:424:13:424:48 | call to puts | calls.rb:423:9:425:11 | m1 |
| calls.rb:424:13:424:48 | self | calls.rb:423:9:425:11 | m1 |
| calls.rb:424:18:424:48 | "ConditionalInstanceMethods#m1" | calls.rb:423:9:425:11 | m1 |
| calls.rb:424:19:424:47 | ConditionalInstanceMethods#m1 | calls.rb:423:9:425:11 | m1 |
| calls.rb:429:9:429:44 | call to puts | calls.rb:428:5:440:7 | m2 |
| calls.rb:429:9:429:44 | self | calls.rb:428:5:440:7 | m2 |
| calls.rb:429:14:429:44 | "ConditionalInstanceMethods#m2" | calls.rb:428:5:440:7 | m2 |
| calls.rb:429:15:429:43 | ConditionalInstanceMethods#m2 | calls.rb:428:5:440:7 | m2 |
| calls.rb:431:9:437:11 | m3 | calls.rb:428:5:440:7 | m2 |
| calls.rb:432:13:432:48 | call to puts | calls.rb:431:9:437:11 | m3 |
| calls.rb:432:13:432:48 | self | calls.rb:431:9:437:11 | m3 |
| calls.rb:432:18:432:48 | "ConditionalInstanceMethods#m3" | calls.rb:431:9:437:11 | m3 |
| calls.rb:432:19:432:47 | ConditionalInstanceMethods#m3 | calls.rb:431:9:437:11 | m3 |
| calls.rb:434:13:436:15 | m4 | calls.rb:431:9:437:11 | m3 |
| calls.rb:435:17:435:52 | call to puts | calls.rb:434:13:436:15 | m4 |
| calls.rb:435:17:435:52 | self | calls.rb:434:13:436:15 | m4 |
| calls.rb:435:22:435:52 | "ConditionalInstanceMethods#m4" | calls.rb:434:13:436:15 | m4 |
| calls.rb:435:23:435:51 | ConditionalInstanceMethods#m4 | calls.rb:434:13:436:15 | m4 |
| calls.rb:439:9:439:10 | call to m3 | calls.rb:428:5:440:7 | m2 |
| calls.rb:439:9:439:10 | self | calls.rb:428:5:440:7 | m2 |
| calls.rb:445:17:445:40 | call to puts | calls.rb:444:13:446:15 | m5 |
| calls.rb:445:17:445:40 | self | calls.rb:444:13:446:15 | m5 |
| calls.rb:445:22:445:40 | "AnonymousClass#m5" | calls.rb:444:13:446:15 | m5 |
| calls.rb:445:23:445:39 | AnonymousClass#m5 | calls.rb:444:13:446:15 | m5 |
| calls.rb:461:13:461:22 | call to puts | calls.rb:460:9:462:11 | foo |
| calls.rb:461:13:461:22 | self | calls.rb:460:9:462:11 | foo |
| calls.rb:461:18:461:22 | "foo" | calls.rb:460:9:462:11 | foo |
| calls.rb:461:19:461:21 | foo | calls.rb:460:9:462:11 | foo |
| calls.rb:467:13:467:22 | call to puts | calls.rb:466:9:468:11 | bar |
| calls.rb:467:13:467:22 | self | calls.rb:466:9:468:11 | bar |
| calls.rb:467:18:467:22 | "bar" | calls.rb:466:9:468:11 | bar |
| calls.rb:467:19:467:21 | bar | calls.rb:466:9:468:11 | bar |
| calls.rb:486:9:486:46 | call to puts | calls.rb:485:5:487:7 | singleton |
| calls.rb:486:9:486:46 | self | calls.rb:485:5:487:7 | singleton |
| calls.rb:486:14:486:46 | "ExtendSingletonMethod#singleton" | calls.rb:485:5:487:7 | singleton |
| calls.rb:486:15:486:45 | ExtendSingletonMethod#singleton | calls.rb:485:5:487:7 | singleton |
| calls.rb:515:9:515:42 | call to puts | calls.rb:514:15:516:7 | foo |
| calls.rb:515:9:515:42 | self | calls.rb:514:15:516:7 | foo |
| calls.rb:515:14:515:42 | "ProtectedMethodInModule#foo" | calls.rb:514:15:516:7 | foo |
| calls.rb:515:15:515:41 | ProtectedMethodInModule#foo | calls.rb:514:15:516:7 | foo |
| calls.rb:523:9:523:35 | call to puts | calls.rb:522:15:524:7 | bar |
| calls.rb:523:9:523:35 | self | calls.rb:522:15:524:7 | bar |
| calls.rb:523:14:523:35 | "ProtectedMethods#bar" | calls.rb:522:15:524:7 | bar |
| calls.rb:523:15:523:34 | ProtectedMethods#bar | calls.rb:522:15:524:7 | bar |
| calls.rb:527:9:527:11 | call to foo | calls.rb:526:5:531:7 | baz |
| calls.rb:527:9:527:11 | self | calls.rb:526:5:531:7 | baz |
| calls.rb:528:9:528:11 | call to bar | calls.rb:526:5:531:7 | baz |
| calls.rb:528:9:528:11 | self | calls.rb:526:5:531:7 | baz |
| calls.rb:529:9:529:24 | ProtectedMethods | calls.rb:526:5:531:7 | baz |
| calls.rb:529:9:529:28 | call to new | calls.rb:526:5:531:7 | baz |
| calls.rb:529:9:529:32 | call to foo | calls.rb:526:5:531:7 | baz |
| calls.rb:530:9:530:24 | ProtectedMethods | calls.rb:526:5:531:7 | baz |
| calls.rb:530:9:530:28 | call to new | calls.rb:526:5:531:7 | baz |
| calls.rb:530:9:530:32 | call to bar | calls.rb:526:5:531:7 | baz |
| calls.rb:540:9:540:11 | call to foo | calls.rb:539:5:542:7 | baz |
| calls.rb:540:9:540:11 | self | calls.rb:539:5:542:7 | baz |
| calls.rb:541:9:541:27 | ProtectedMethodsSub | calls.rb:539:5:542:7 | baz |
| calls.rb:541:9:541:31 | call to new | calls.rb:539:5:542:7 | baz |
| calls.rb:541:9:541:35 | call to foo | calls.rb:539:5:542:7 | baz |
| calls.rb:560:9:560:17 | call to singleton | calls.rb:559:5:562:7 | mid_method |
| calls.rb:560:9:560:17 | self | calls.rb:559:5:562:7 | mid_method |
| calls.rb:561:9:561:18 | call to singleton2 | calls.rb:559:5:562:7 | mid_method |
| calls.rb:561:9:561:18 | self | calls.rb:559:5:562:7 | mid_method |
| calls.rb:388:13:388:16 | self | calls.rb:387:9:389:11 | factory |
| calls.rb:388:13:388:20 | call to new | calls.rb:387:9:389:11 | factory |
| calls.rb:388:13:388:30 | call to instance1 | calls.rb:387:9:389:11 | factory |
| calls.rb:393:9:393:44 | call to puts | calls.rb:392:5:394:7 | singleton2 |
| calls.rb:393:9:393:44 | self | calls.rb:392:5:394:7 | singleton2 |
| calls.rb:393:14:393:44 | "SingletonOverride1#singleton2" | calls.rb:392:5:394:7 | singleton2 |
| calls.rb:393:15:393:43 | SingletonOverride1#singleton2 | calls.rb:392:5:394:7 | singleton2 |
| calls.rb:397:9:397:18 | call to singleton2 | calls.rb:396:5:398:7 | call_singleton2 |
| calls.rb:397:9:397:18 | self | calls.rb:396:5:398:7 | call_singleton2 |
| calls.rb:403:9:403:43 | call to puts | calls.rb:402:5:404:7 | instance1 |
| calls.rb:403:9:403:43 | self | calls.rb:402:5:404:7 | instance1 |
| calls.rb:403:14:403:43 | "SingletonOverride1#instance1" | calls.rb:402:5:404:7 | instance1 |
| calls.rb:403:15:403:42 | SingletonOverride1#instance1 | calls.rb:402:5:404:7 | instance1 |
| calls.rb:415:13:415:48 | call to puts | calls.rb:414:9:416:11 | singleton1 |
| calls.rb:415:13:415:48 | self | calls.rb:414:9:416:11 | singleton1 |
| calls.rb:415:18:415:48 | "SingletonOverride2#singleton1" | calls.rb:414:9:416:11 | singleton1 |
| calls.rb:415:19:415:47 | SingletonOverride2#singleton1 | calls.rb:414:9:416:11 | singleton1 |
| calls.rb:420:9:420:44 | call to puts | calls.rb:419:5:421:7 | singleton2 |
| calls.rb:420:9:420:44 | self | calls.rb:419:5:421:7 | singleton2 |
| calls.rb:420:14:420:44 | "SingletonOverride2#singleton2" | calls.rb:419:5:421:7 | singleton2 |
| calls.rb:420:15:420:43 | SingletonOverride2#singleton2 | calls.rb:419:5:421:7 | singleton2 |
| calls.rb:424:9:424:43 | call to puts | calls.rb:423:5:425:7 | instance1 |
| calls.rb:424:9:424:43 | self | calls.rb:423:5:425:7 | instance1 |
| calls.rb:424:14:424:43 | "SingletonOverride2#instance1" | calls.rb:423:5:425:7 | instance1 |
| calls.rb:424:15:424:42 | SingletonOverride2#instance1 | calls.rb:423:5:425:7 | instance1 |
| calls.rb:436:13:436:48 | call to puts | calls.rb:435:9:437:11 | m1 |
| calls.rb:436:13:436:48 | self | calls.rb:435:9:437:11 | m1 |
| calls.rb:436:18:436:48 | "ConditionalInstanceMethods#m1" | calls.rb:435:9:437:11 | m1 |
| calls.rb:436:19:436:47 | ConditionalInstanceMethods#m1 | calls.rb:435:9:437:11 | m1 |
| calls.rb:441:9:441:44 | call to puts | calls.rb:440:5:452:7 | m2 |
| calls.rb:441:9:441:44 | self | calls.rb:440:5:452:7 | m2 |
| calls.rb:441:14:441:44 | "ConditionalInstanceMethods#m2" | calls.rb:440:5:452:7 | m2 |
| calls.rb:441:15:441:43 | ConditionalInstanceMethods#m2 | calls.rb:440:5:452:7 | m2 |
| calls.rb:443:9:449:11 | m3 | calls.rb:440:5:452:7 | m2 |
| calls.rb:444:13:444:48 | call to puts | calls.rb:443:9:449:11 | m3 |
| calls.rb:444:13:444:48 | self | calls.rb:443:9:449:11 | m3 |
| calls.rb:444:18:444:48 | "ConditionalInstanceMethods#m3" | calls.rb:443:9:449:11 | m3 |
| calls.rb:444:19:444:47 | ConditionalInstanceMethods#m3 | calls.rb:443:9:449:11 | m3 |
| calls.rb:446:13:448:15 | m4 | calls.rb:443:9:449:11 | m3 |
| calls.rb:447:17:447:52 | call to puts | calls.rb:446:13:448:15 | m4 |
| calls.rb:447:17:447:52 | self | calls.rb:446:13:448:15 | m4 |
| calls.rb:447:22:447:52 | "ConditionalInstanceMethods#m4" | calls.rb:446:13:448:15 | m4 |
| calls.rb:447:23:447:51 | ConditionalInstanceMethods#m4 | calls.rb:446:13:448:15 | m4 |
| calls.rb:451:9:451:10 | call to m3 | calls.rb:440:5:452:7 | m2 |
| calls.rb:451:9:451:10 | self | calls.rb:440:5:452:7 | m2 |
| calls.rb:457:17:457:40 | call to puts | calls.rb:456:13:458:15 | m5 |
| calls.rb:457:17:457:40 | self | calls.rb:456:13:458:15 | m5 |
| calls.rb:457:22:457:40 | "AnonymousClass#m5" | calls.rb:456:13:458:15 | m5 |
| calls.rb:457:23:457:39 | AnonymousClass#m5 | calls.rb:456:13:458:15 | m5 |
| calls.rb:473:13:473:22 | call to puts | calls.rb:472:9:474:11 | foo |
| calls.rb:473:13:473:22 | self | calls.rb:472:9:474:11 | foo |
| calls.rb:473:18:473:22 | "foo" | calls.rb:472:9:474:11 | foo |
| calls.rb:473:19:473:21 | foo | calls.rb:472:9:474:11 | foo |
| calls.rb:479:13:479:22 | call to puts | calls.rb:478:9:480:11 | bar |
| calls.rb:479:13:479:22 | self | calls.rb:478:9:480:11 | bar |
| calls.rb:479:18:479:22 | "bar" | calls.rb:478:9:480:11 | bar |
| calls.rb:479:19:479:21 | bar | calls.rb:478:9:480:11 | bar |
| calls.rb:498:9:498:46 | call to puts | calls.rb:497:5:499:7 | singleton |
| calls.rb:498:9:498:46 | self | calls.rb:497:5:499:7 | singleton |
| calls.rb:498:14:498:46 | "ExtendSingletonMethod#singleton" | calls.rb:497:5:499:7 | singleton |
| calls.rb:498:15:498:45 | ExtendSingletonMethod#singleton | calls.rb:497:5:499:7 | singleton |
| calls.rb:527:9:527:42 | call to puts | calls.rb:526:15:528:7 | foo |
| calls.rb:527:9:527:42 | self | calls.rb:526:15:528:7 | foo |
| calls.rb:527:14:527:42 | "ProtectedMethodInModule#foo" | calls.rb:526:15:528:7 | foo |
| calls.rb:527:15:527:41 | ProtectedMethodInModule#foo | calls.rb:526:15:528:7 | foo |
| calls.rb:535:9:535:35 | call to puts | calls.rb:534:15:536:7 | bar |
| calls.rb:535:9:535:35 | self | calls.rb:534:15:536:7 | bar |
| calls.rb:535:14:535:35 | "ProtectedMethods#bar" | calls.rb:534:15:536:7 | bar |
| calls.rb:535:15:535:34 | ProtectedMethods#bar | calls.rb:534:15:536:7 | bar |
| calls.rb:539:9:539:11 | call to foo | calls.rb:538:5:543:7 | baz |
| calls.rb:539:9:539:11 | self | calls.rb:538:5:543:7 | baz |
| calls.rb:540:9:540:11 | call to bar | calls.rb:538:5:543:7 | baz |
| calls.rb:540:9:540:11 | self | calls.rb:538:5:543:7 | baz |
| calls.rb:541:9:541:24 | ProtectedMethods | calls.rb:538:5:543:7 | baz |
| calls.rb:541:9:541:28 | call to new | calls.rb:538:5:543:7 | baz |
| calls.rb:541:9:541:32 | call to foo | calls.rb:538:5:543:7 | baz |
| calls.rb:542:9:542:24 | ProtectedMethods | calls.rb:538:5:543:7 | baz |
| calls.rb:542:9:542:28 | call to new | calls.rb:538:5:543:7 | baz |
| calls.rb:542:9:542:32 | call to bar | calls.rb:538:5:543:7 | baz |
| calls.rb:552:9:552:11 | call to foo | calls.rb:551:5:554:7 | baz |
| calls.rb:552:9:552:11 | self | calls.rb:551:5:554:7 | baz |
| calls.rb:553:9:553:27 | ProtectedMethodsSub | calls.rb:551:5:554:7 | baz |
| calls.rb:553:9:553:31 | call to new | calls.rb:551:5:554:7 | baz |
| calls.rb:553:9:553:35 | call to foo | calls.rb:551:5:554:7 | baz |
| calls.rb:572:9:572:17 | call to singleton | calls.rb:571:5:574:7 | mid_method |
| calls.rb:572:9:572:17 | self | calls.rb:571:5:574:7 | mid_method |
| calls.rb:573:9:573:18 | call to singleton2 | calls.rb:571:5:574:7 | mid_method |
| calls.rb:573:9:573:18 | self | calls.rb:571:5:574:7 | mid_method |
| calls.rb:588:9:588:18 | call to singleton1 | calls.rb:587:5:589:7 | call_singleton1 |
| calls.rb:588:9:588:18 | self | calls.rb:587:5:589:7 | call_singleton1 |
| calls.rb:592:9:592:23 | call to call_singleton1 | calls.rb:591:5:593:7 | call_call_singleton1 |
| calls.rb:592:9:592:23 | self | calls.rb:591:5:593:7 | call_call_singleton1 |
| calls.rb:601:9:601:18 | call to singleton1 | calls.rb:600:5:602:7 | call_singleton1 |
| calls.rb:601:9:601:18 | self | calls.rb:600:5:602:7 | call_singleton1 |
| calls.rb:610:9:610:18 | call to singleton1 | calls.rb:609:5:611:7 | call_singleton1 |
| calls.rb:610:9:610:18 | self | calls.rb:609:5:611:7 | call_singleton1 |
| hello.rb:3:9:3:22 | return | hello.rb:2:5:4:7 | hello |
| hello.rb:3:16:3:22 | "hello" | hello.rb:2:5:4:7 | hello |
| hello.rb:3:17:3:21 | hello | hello.rb:2:5:4:7 | hello |

1740
ruby/ql/test/library-tests/modules/modules.expected
View File

File diff suppressed because it is too large Load Diff

52
ruby/ql/test/library-tests/modules/superclasses.expected
View File

@@ -1,6 +1,14 @@
#-----| Class
#-----| -> Module
#-----| EsotericInstanceMethods
#-----| MyStruct
#-----| Struct
#-----| UnresolvedNamespace
#-----| BasicObject
#-----| Complex
@@ -85,35 +93,44 @@ calls.rb:
# 377| SingletonOverride1
#-----| -> Object
# 404| SingletonOverride2
# 412| SingletonOverride2
#-----| -> SingletonOverride1
# 421| ConditionalInstanceMethods
# 433| ConditionalInstanceMethods
#-----| -> Object
# 484| ExtendSingletonMethod
# 496| ExtendSingletonMethod
# 494| ExtendSingletonMethod2
# 506| ExtendSingletonMethod2
# 500| ExtendSingletonMethod3
# 512| ExtendSingletonMethod3
# 513| ProtectedMethodInModule
# 525| ProtectedMethodInModule
# 519| ProtectedMethods
# 531| ProtectedMethods
#-----| -> Object
# 538| ProtectedMethodsSub
# 550| ProtectedMethodsSub
#-----| -> ProtectedMethods
# 552| SingletonUpCall_Base
# 564| SingletonUpCall_Base
#-----| -> Object
# 556| SingletonUpCall_Sub
# 568| SingletonUpCall_Sub
#-----| -> SingletonUpCall_Base
# 564| SingletonUpCall_SubSub
# 576| SingletonUpCall_SubSub
#-----| -> SingletonUpCall_Sub
# 583| SingletonA
#-----| -> Object
# 596| SingletonB
#-----| -> SingletonA
# 605| SingletonC
#-----| -> SingletonA
hello.rb:
# 1| EnglishWords
@@ -221,3 +238,16 @@ toplevel_self_singleton.rb:
#-----| -> Object
# 24| Good
unresolved_subclass.rb:
# 1| ResolvableBaseClass
#-----| -> Object
# 4| UnresolvedNamespace::Subclass1
#-----| -> ResolvableBaseClass
# 7| UnresolvedNamespace::Subclass2
#-----| -> UnresolvedNamespace::Subclass1
# 11| UnresolvedNamespace::A
#-----| -> Object

12
ruby/ql/test/library-tests/modules/unresolved_subclass.rb Normal file
View File

@@ -0,0 +1,12 @@
class ResolvableBaseClass
end
class UnresolvedNamespace::Subclass1 < ResolvableBaseClass
end
class UnresolvedNamespace::Subclass2 < UnresolvedNamespace::Subclass1
end
# Ensure Object is a transitive superclass of this
class UnresolvedNamespace::A < UnresolvedNamespace::B
end

4
ruby/ql/test/qlpack.lock.yml
View File

@@ -1,6 +1,4 @@
---
dependencies:
codeql/suite-helpers:
version: 0.0.2
dependencies: {}
compiled: false
lockVersion: 1.0.0

2
ruby/ql/test/query-tests/experimental/improper-memoization/ImproperMemoization.ql
View File

@@ -5,7 +5,7 @@ import codeql.ruby.security.ImproperMemoizationQuery
class ImproperMemoizationTest extends InlineExpectationsTest {
ImproperMemoizationTest() { this = "ImproperMemoizationTest" }
override string getARelevantTag() { result = "BAD" }
override string getARelevantTag() { result = "result" }
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "result" and

11
ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected
View File

@@ -39,6 +39,10 @@ edges
| tainted_path.rb:71:12:71:53 | call to new : | tainted_path.rb:72:15:72:18 | path |
| tainted_path.rb:71:40:71:45 | call to params : | tainted_path.rb:71:40:71:52 | ...[...] : |
| tainted_path.rb:71:40:71:52 | ...[...] : | tainted_path.rb:71:12:71:53 | call to new : |
| tainted_path.rb:77:12:77:53 | call to new : | tainted_path.rb:78:19:78:22 | path |
| tainted_path.rb:77:12:77:53 | call to new : | tainted_path.rb:79:14:79:17 | path |
| tainted_path.rb:77:40:77:45 | call to params : | tainted_path.rb:77:40:77:52 | ...[...] : |
| tainted_path.rb:77:40:77:52 | ...[...] : | tainted_path.rb:77:12:77:53 | call to new : |
nodes
| ArchiveApiPathTraversal.rb:5:26:5:31 | call to params : | semmle.label | call to params : |
| ArchiveApiPathTraversal.rb:5:26:5:42 | ...[...] : | semmle.label | ...[...] : |
@@ -93,6 +97,11 @@ nodes
| tainted_path.rb:71:40:71:45 | call to params : | semmle.label | call to params : |
| tainted_path.rb:71:40:71:52 | ...[...] : | semmle.label | ...[...] : |
| tainted_path.rb:72:15:72:18 | path | semmle.label | path |
| tainted_path.rb:77:12:77:53 | call to new : | semmle.label | call to new : |
| tainted_path.rb:77:40:77:45 | call to params : | semmle.label | call to params : |
| tainted_path.rb:77:40:77:52 | ...[...] : | semmle.label | ...[...] : |
| tainted_path.rb:78:19:78:22 | path | semmle.label | path |
| tainted_path.rb:79:14:79:17 | path | semmle.label | path |
subpaths
#select
| ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file | ArchiveApiPathTraversal.rb:5:26:5:31 | call to params : | ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file | This path depends on a $@. | ArchiveApiPathTraversal.rb:5:26:5:31 | call to params | user-provided value |
@@ -108,3 +117,5 @@ subpaths
| tainted_path.rb:48:26:48:29 | path | tainted_path.rb:47:43:47:48 | call to params : | tainted_path.rb:48:26:48:29 | path | This path depends on a $@. | tainted_path.rb:47:43:47:48 | call to params | user-provided value |
| tainted_path.rb:60:26:60:29 | path | tainted_path.rb:59:40:59:45 | call to params : | tainted_path.rb:60:26:60:29 | path | This path depends on a $@. | tainted_path.rb:59:40:59:45 | call to params | user-provided value |
| tainted_path.rb:72:15:72:18 | path | tainted_path.rb:71:40:71:45 | call to params : | tainted_path.rb:72:15:72:18 | path | This path depends on a $@. | tainted_path.rb:71:40:71:45 | call to params | user-provided value |
| tainted_path.rb:78:19:78:22 | path | tainted_path.rb:77:40:77:45 | call to params : | tainted_path.rb:78:19:78:22 | path | This path depends on a $@. | tainted_path.rb:77:40:77:45 | call to params | user-provided value |
| tainted_path.rb:79:14:79:17 | path | tainted_path.rb:77:40:77:45 | call to params : | tainted_path.rb:79:14:79:17 | path | This path depends on a $@. | tainted_path.rb:77:40:77:45 | call to params | user-provided value |

7
ruby/ql/test/query-tests/security/cwe-022/tainted_path.rb
View File

@@ -71,4 +71,11 @@ class FooController < ActionController::Base
path = ActiveStorage::Filename.new(params[:path])
send_file path
end
# BAD
def route12
path = ActiveStorage::Filename.new(params[:path])
bla (Dir.glob path)
bla (Dir[path])
end
end

34
ruby/ql/test/query-tests/security/cwe-094/CodeInjection.expected
View File

@@ -1,25 +1,55 @@
edges
| CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:5:12:5:24 | ...[...] : |
| CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:5:12:5:24 | ...[...] : |
| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:8:10:8:13 | code |
| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:8:10:8:13 | code |
| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:20:20:20:23 | code |
| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:20:20:20:23 | code |
| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:23:21:23:24 | code |
| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:23:21:23:24 | code |
| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:29:15:29:18 | code |
| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:32:19:32:22 | code |
| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:38:24:38:27 | code : |
| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:38:24:38:27 | code : |
| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:41:40:41:43 | code |
| CodeInjection.rb:38:24:38:27 | code : | CodeInjection.rb:38:10:38:28 | call to escape |
| CodeInjection.rb:38:24:38:27 | code : | CodeInjection.rb:38:10:38:28 | call to escape |
| CodeInjection.rb:78:12:78:17 | call to params : | CodeInjection.rb:78:12:78:24 | ...[...] : |
| CodeInjection.rb:78:12:78:17 | call to params : | CodeInjection.rb:78:12:78:24 | ...[...] : |
| CodeInjection.rb:78:12:78:24 | ...[...] : | CodeInjection.rb:80:16:80:19 | code |
| CodeInjection.rb:78:12:78:24 | ...[...] : | CodeInjection.rb:86:10:86:37 | ... + ... |
| CodeInjection.rb:78:12:78:24 | ...[...] : | CodeInjection.rb:88:10:88:32 | "prefix_#{...}_suffix" |
| CodeInjection.rb:78:12:78:24 | ...[...] : | CodeInjection.rb:90:10:90:13 | code |
| CodeInjection.rb:78:12:78:24 | ...[...] : | CodeInjection.rb:90:10:90:13 | code |
nodes
| CodeInjection.rb:5:12:5:17 | call to params : | semmle.label | call to params : |
| CodeInjection.rb:5:12:5:17 | call to params : | semmle.label | call to params : |
| CodeInjection.rb:5:12:5:24 | ...[...] : | semmle.label | ...[...] : |
| CodeInjection.rb:5:12:5:24 | ...[...] : | semmle.label | ...[...] : |
| CodeInjection.rb:8:10:8:13 | code | semmle.label | code |
| CodeInjection.rb:8:10:8:13 | code | semmle.label | code |
| CodeInjection.rb:11:10:11:15 | call to params | semmle.label | call to params |
| CodeInjection.rb:11:10:11:15 | call to params | semmle.label | call to params |
| CodeInjection.rb:20:20:20:23 | code | semmle.label | code |
| CodeInjection.rb:20:20:20:23 | code | semmle.label | code |
| CodeInjection.rb:23:21:23:24 | code | semmle.label | code |
| CodeInjection.rb:23:21:23:24 | code | semmle.label | code |
| CodeInjection.rb:29:15:29:18 | code | semmle.label | code |
| CodeInjection.rb:32:19:32:22 | code | semmle.label | code |
| CodeInjection.rb:38:10:38:28 | call to escape | semmle.label | call to escape |
| CodeInjection.rb:38:10:38:28 | call to escape | semmle.label | call to escape |
| CodeInjection.rb:38:24:38:27 | code : | semmle.label | code : |
| CodeInjection.rb:38:24:38:27 | code : | semmle.label | code : |
| CodeInjection.rb:41:40:41:43 | code | semmle.label | code |
| CodeInjection.rb:78:12:78:17 | call to params : | semmle.label | call to params : |
| CodeInjection.rb:78:12:78:17 | call to params : | semmle.label | call to params : |
| CodeInjection.rb:78:12:78:24 | ...[...] : | semmle.label | ...[...] : |
| CodeInjection.rb:78:12:78:24 | ...[...] : | semmle.label | ...[...] : |
| CodeInjection.rb:80:16:80:19 | code | semmle.label | code |
| CodeInjection.rb:86:10:86:37 | ... + ... | semmle.label | ... + ... |
| CodeInjection.rb:88:10:88:32 | "prefix_#{...}_suffix" | semmle.label | "prefix_#{...}_suffix" |
| CodeInjection.rb:90:10:90:13 | code | semmle.label | code |
| CodeInjection.rb:90:10:90:13 | code | semmle.label | code |
subpaths
#select
| CodeInjection.rb:8:10:8:13 | code | CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:8:10:8:13 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
@@ -30,3 +60,7 @@ subpaths
| CodeInjection.rb:32:19:32:22 | code | CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:32:19:32:22 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
| CodeInjection.rb:38:10:38:28 | call to escape | CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:38:10:38:28 | call to escape | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
| CodeInjection.rb:41:40:41:43 | code | CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:41:40:41:43 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
| CodeInjection.rb:80:16:80:19 | code | CodeInjection.rb:78:12:78:17 | call to params : | CodeInjection.rb:80:16:80:19 | code | This code execution depends on a $@. | CodeInjection.rb:78:12:78:17 | call to params | user-provided value |
| CodeInjection.rb:86:10:86:37 | ... + ... | CodeInjection.rb:78:12:78:17 | call to params : | CodeInjection.rb:86:10:86:37 | ... + ... | This code execution depends on a $@. | CodeInjection.rb:78:12:78:17 | call to params | user-provided value |
| CodeInjection.rb:88:10:88:32 | "prefix_#{...}_suffix" | CodeInjection.rb:78:12:78:17 | call to params : | CodeInjection.rb:88:10:88:32 | "prefix_#{...}_suffix" | This code execution depends on a $@. | CodeInjection.rb:78:12:78:17 | call to params | user-provided value |
| CodeInjection.rb:90:10:90:13 | code | CodeInjection.rb:78:12:78:17 | call to params : | CodeInjection.rb:90:10:90:13 | code | This code execution depends on a $@. | CodeInjection.rb:78:12:78:17 | call to params | user-provided value |

18
ruby/ql/test/query-tests/security/cwe-094/CodeInjection.rb
View File

@@ -72,3 +72,21 @@ class Bar
true
end
end
class UsersController < ActionController::Base
def create
code = params[:code]
obj().send(code, "foo"); # BAD
obj().send("prefix_" + code + "_suffix", "foo"); # GOOD
obj().send("prefix_#{code}_suffix", "foo"); # GOOD
eval("prefix_" + code + "_suffix"); # BAD
eval("prefix_#{code}_suffix"); # BAD
eval(code); # BAD
end
end

2
ruby/ql/test/query-tests/security/cwe-300/InsecureDependency.ql
View File

@@ -5,7 +5,7 @@ import codeql.ruby.security.InsecureDependencyQuery
class InsecureDependencyTest extends InlineExpectationsTest {
InsecureDependencyTest() { this = "InsecureDependencyTest" }
override string getARelevantTag() { result = "BAD" }
override string getARelevantTag() { result = "result" }
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "result" and

20
ruby/ql/test/query-tests/security/cwe-918/ServerSideRequestForgery.expected
View File

@@ -1,10 +1,18 @@
edges
| ServerSideRequestForgery.rb:9:32:9:37 | call to params : | ServerSideRequestForgery.rb:9:32:9:60 | ...[...] : |
| ServerSideRequestForgery.rb:9:32:9:60 | ...[...] : | ServerSideRequestForgery.rb:10:31:10:62 | "#{...}/logins" |
| ServerSideRequestForgery.rb:10:32:10:37 | call to params : | ServerSideRequestForgery.rb:10:32:10:60 | ...[...] : |
| ServerSideRequestForgery.rb:10:32:10:60 | ...[...] : | ServerSideRequestForgery.rb:11:31:11:62 | "#{...}/logins" |
| ServerSideRequestForgery.rb:15:33:15:38 | call to params : | ServerSideRequestForgery.rb:15:33:15:44 | ...[...] |
| ServerSideRequestForgery.rb:20:45:20:50 | call to params : | ServerSideRequestForgery.rb:20:45:20:56 | ...[...] |
nodes
| ServerSideRequestForgery.rb:9:32:9:37 | call to params : | semmle.label | call to params : |
| ServerSideRequestForgery.rb:9:32:9:60 | ...[...] : | semmle.label | ...[...] : |
| ServerSideRequestForgery.rb:10:31:10:62 | "#{...}/logins" | semmle.label | "#{...}/logins" |
| ServerSideRequestForgery.rb:10:32:10:37 | call to params : | semmle.label | call to params : |
| ServerSideRequestForgery.rb:10:32:10:60 | ...[...] : | semmle.label | ...[...] : |
| ServerSideRequestForgery.rb:11:31:11:62 | "#{...}/logins" | semmle.label | "#{...}/logins" |
| ServerSideRequestForgery.rb:15:33:15:38 | call to params : | semmle.label | call to params : |
| ServerSideRequestForgery.rb:15:33:15:44 | ...[...] | semmle.label | ...[...] |
| ServerSideRequestForgery.rb:20:45:20:50 | call to params : | semmle.label | call to params : |
| ServerSideRequestForgery.rb:20:45:20:56 | ...[...] | semmle.label | ...[...] |
subpaths
#select
| ServerSideRequestForgery.rb:10:31:10:62 | "#{...}/logins" | ServerSideRequestForgery.rb:9:32:9:37 | call to params : | ServerSideRequestForgery.rb:10:31:10:62 | "#{...}/logins" | The URL of this request depends on a $@. | ServerSideRequestForgery.rb:9:32:9:37 | call to params | user-provided value |
| ServerSideRequestForgery.rb:11:31:11:62 | "#{...}/logins" | ServerSideRequestForgery.rb:10:32:10:37 | call to params : | ServerSideRequestForgery.rb:11:31:11:62 | "#{...}/logins" | The URL of this request depends on a $@. | ServerSideRequestForgery.rb:10:32:10:37 | call to params | user-provided value |
| ServerSideRequestForgery.rb:15:33:15:44 | ...[...] | ServerSideRequestForgery.rb:15:33:15:38 | call to params : | ServerSideRequestForgery.rb:15:33:15:44 | ...[...] | The URL of this request depends on a $@. | ServerSideRequestForgery.rb:15:33:15:38 | call to params | user-provided value |
| ServerSideRequestForgery.rb:20:45:20:56 | ...[...] | ServerSideRequestForgery.rb:20:45:20:50 | call to params : | ServerSideRequestForgery.rb:20:45:20:56 | ...[...] | The URL of this request depends on a $@. | ServerSideRequestForgery.rb:20:45:20:50 | call to params | user-provided value |

11
ruby/ql/test/query-tests/security/cwe-918/ServerSideRequestForgery.rb
View File

@@ -1,4 +1,5 @@
require "excon"
require "faraday"
require "json"
class PostsController < ActionController::Base
@@ -10,6 +11,16 @@ class PostsController < ActionController::Base
response = Excon.post("#{users_service_domain}/logins", body: {user_id: user}).body
token = JSON.parse(response)["token"]
# BAD - user can control the entire URL for the request using Faraday library
conn = Faraday.new(url: params[:url])
resp = conn.post
token = JSON.parse(resp)["token"]
# BAD - user can control the entire URL for the request using Faraday::Connection library
conn = Faraday::Connection.new(url: params[:url])
resp = conn.post
token = JSON.parse(resp)["token"]
# GOOD - user can only control the suffix of the URL
users_service_path = params[:users_service_path]
response = Excon.post("users-service/#{users_service_path}", body: {user_id: user}).body