hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: Add another dataflow test

Browse Source
This commit is contained in:
Tom Hvitved
2024-01-30 13:30:09 +01:00
parent 2d95ac9d5f
commit 792f302bd4
2 changed files with 35 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected
View File

@@ -92,6 +92,11 @@ edges
| call_sensitivity.rb:199:16:199:23 | call to taint | call_sensitivity.rb:199:15:199:24 | ( ... ) | | call_sensitivity.rb:199:16:199:23 | call to taint | call_sensitivity.rb:199:15:199:24 | ( ... ) |
| call_sensitivity.rb:199:30:199:30 | x | call_sensitivity.rb:200:8:200:8 | x | | call_sensitivity.rb:199:30:199:30 | x | call_sensitivity.rb:200:8:200:8 | x |
| call_sensitivity.rb:203:26:203:26 | x | call_sensitivity.rb:204:8:204:8 | x | | call_sensitivity.rb:203:26:203:26 | x | call_sensitivity.rb:204:8:204:8 | x |
| call_sensitivity.rb:207:16:207:16 | y | call_sensitivity.rb:209:9:209:9 | y |
| call_sensitivity.rb:209:9:209:9 | y | call_sensitivity.rb:214:9:214:9 | x |
| call_sensitivity.rb:214:9:214:9 | x | call_sensitivity.rb:215:10:215:10 | x |
| call_sensitivity.rb:222:15:222:24 | ( ... ) | call_sensitivity.rb:207:16:207:16 | y |
| call_sensitivity.rb:222:16:222:23 | call to taint | call_sensitivity.rb:222:15:222:24 | ( ... ) |
nodes nodes
| call_sensitivity.rb:9:6:9:14 | ( ... ) | semmle.label | ( ... ) | | call_sensitivity.rb:9:6:9:14 | ( ... ) | semmle.label | ( ... ) |
| call_sensitivity.rb:9:7:9:13 | call to taint | semmle.label | call to taint | | call_sensitivity.rb:9:7:9:13 | call to taint | semmle.label | call to taint |
@@ -191,6 +196,12 @@ nodes
| call_sensitivity.rb:200:8:200:8 | x | semmle.label | x | | call_sensitivity.rb:200:8:200:8 | x | semmle.label | x |
| call_sensitivity.rb:203:26:203:26 | x | semmle.label | x | | call_sensitivity.rb:203:26:203:26 | x | semmle.label | x |
| call_sensitivity.rb:204:8:204:8 | x | semmle.label | x | | call_sensitivity.rb:204:8:204:8 | x | semmle.label | x |
| call_sensitivity.rb:207:16:207:16 | y | semmle.label | y |
| call_sensitivity.rb:209:9:209:9 | y | semmle.label | y |
| call_sensitivity.rb:214:9:214:9 | x | semmle.label | x |
| call_sensitivity.rb:215:10:215:10 | x | semmle.label | x |
| call_sensitivity.rb:222:15:222:24 | ( ... ) | semmle.label | ( ... ) |
| call_sensitivity.rb:222:16:222:23 | call to taint | semmle.label | call to taint |
subpaths subpaths
#select #select
| call_sensitivity.rb:9:6:9:14 | ( ... ) | call_sensitivity.rb:9:7:9:13 | call to taint | call_sensitivity.rb:9:6:9:14 | ( ... ) | $@ | call_sensitivity.rb:9:7:9:13 | call to taint | call to taint | | call_sensitivity.rb:9:6:9:14 | ( ... ) | call_sensitivity.rb:9:7:9:13 | call to taint | call_sensitivity.rb:9:6:9:14 | ( ... ) | $@ | call_sensitivity.rb:9:7:9:13 | call to taint | call to taint |
@@ -218,6 +229,7 @@ subpaths
| call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:187:12:187:19 | call to taint | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:187:12:187:19 | call to taint | call to taint | | call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:187:12:187:19 | call to taint | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:187:12:187:19 | call to taint | call to taint |
| call_sensitivity.rb:200:8:200:8 | x | call_sensitivity.rb:199:16:199:23 | call to taint | call_sensitivity.rb:200:8:200:8 | x | $@ | call_sensitivity.rb:199:16:199:23 | call to taint | call to taint | | call_sensitivity.rb:200:8:200:8 | x | call_sensitivity.rb:199:16:199:23 | call to taint | call_sensitivity.rb:200:8:200:8 | x | $@ | call_sensitivity.rb:199:16:199:23 | call to taint | call to taint |
| call_sensitivity.rb:204:8:204:8 | x | call_sensitivity.rb:199:16:199:23 | call to taint | call_sensitivity.rb:204:8:204:8 | x | $@ | call_sensitivity.rb:199:16:199:23 | call to taint | call to taint | | call_sensitivity.rb:204:8:204:8 | x | call_sensitivity.rb:199:16:199:23 | call to taint | call_sensitivity.rb:204:8:204:8 | x | $@ | call_sensitivity.rb:199:16:199:23 | call to taint | call to taint |
| call_sensitivity.rb:215:10:215:10 | x | call_sensitivity.rb:222:16:222:23 | call to taint | call_sensitivity.rb:215:10:215:10 | x | $@ | call_sensitivity.rb:222:16:222:23 | call to taint | call to taint |
mayBenefitFromCallContext mayBenefitFromCallContext
| call_sensitivity.rb:6:5:6:21 | call to puts | | call_sensitivity.rb:6:5:6:21 | call to puts |
| call_sensitivity.rb:22:5:22:18 | call to call | | call_sensitivity.rb:22:5:22:18 | call to call |
@@ -245,6 +257,9 @@ mayBenefitFromCallContext
| call_sensitivity.rb:175:3:175:12 | call to new | | call_sensitivity.rb:175:3:175:12 | call to new |
| call_sensitivity.rb:183:5:183:25 | call to puts | | call_sensitivity.rb:183:5:183:25 | call to puts |
| call_sensitivity.rb:194:3:196:5 | call to invoke_block1 | | call_sensitivity.rb:194:3:196:5 | call to invoke_block1 |
| call_sensitivity.rb:208:6:208:21 | call to respond_to? |
| call_sensitivity.rb:209:5:209:9 | call to m |
| call_sensitivity.rb:215:5:215:10 | call to sink |
viableImplInCallContext viableImplInCallContext
| call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:5:1:7:3 | sink | | call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:5:1:7:3 | sink |
| call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:5:1:7:3 | sink | | call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:5:1:7:3 | sink |
@@ -302,3 +317,5 @@ viableImplInCallContext
| call_sensitivity.rb:175:3:175:12 | call to new | call_sensitivity.rb:179:1:179:20 | call to create | call_sensitivity.rb:156:3:158:5 | initialize | | call_sensitivity.rb:175:3:175:12 | call to new | call_sensitivity.rb:179:1:179:20 | call to create | call_sensitivity.rb:156:3:158:5 | initialize |
| call_sensitivity.rb:194:3:196:5 | call to invoke_block1 | call_sensitivity.rb:199:1:201:3 | call to invoke_block2 | call_sensitivity.rb:189:1:191:3 | invoke_block1 | | call_sensitivity.rb:194:3:196:5 | call to invoke_block1 | call_sensitivity.rb:199:1:201:3 | call to invoke_block2 | call_sensitivity.rb:189:1:191:3 | invoke_block1 |
| call_sensitivity.rb:194:3:196:5 | call to invoke_block1 | call_sensitivity.rb:203:1:205:3 | call to invoke_block2 | call_sensitivity.rb:189:1:191:3 | invoke_block1 | | call_sensitivity.rb:194:3:196:5 | call to invoke_block1 | call_sensitivity.rb:203:1:205:3 | call to invoke_block2 | call_sensitivity.rb:189:1:191:3 | invoke_block1 |
| call_sensitivity.rb:209:5:209:9 | call to m | call_sensitivity.rb:222:1:222:25 | call to call_m | call_sensitivity.rb:214:3:216:5 | m |
| call_sensitivity.rb:215:5:215:10 | call to sink | call_sensitivity.rb:209:5:209:9 | call to m | call_sensitivity.rb:5:1:7:3 | sink |

18
ruby/ql/test/library-tests/dataflow/call-sensitivity/call_sensitivity.rb
View File

@@ -203,3 +203,21 @@ end
invoke_block2 "safe" do |x| invoke_block2 "safe" do |x|
sink x # $ SPURIOUS hasValueFlow=37 sink x # $ SPURIOUS hasValueFlow=37
end end
def call_m (x, y)
if x.respond_to? :m
x.m y
end
end
class D
def m x
sink x # $ hasValueFlow=38
end
end
class E
end
call_m(D.new, (taint 38))
call_m(E.new, (taint 39))