mirror of
https://github.com/github/codeql.git
synced 2026-05-01 19:55:15 +02:00
Ruby: add the inline test expectations
This commit is contained in:
Asger Feldthaus
@@ -1,25 +1,4 @@
|
||||
failures
|
||||
| summaries.rb:2:6:2:12 | tainted | Unexpected result: hasValueFlow=tainted |
|
||||
| summaries.rb:5:8:5:8 | x | Unexpected result: hasValueFlow=tainted |
|
||||
| summaries.rb:9:6:9:13 | tainted2 | Unexpected result: hasValueFlow=tainted |
|
||||
| summaries.rb:12:8:12:8 | x | Unexpected result: hasValueFlow=tainted |
|
||||
| summaries.rb:18:6:18:13 | tainted3 | Unexpected result: hasValueFlow=tainted |
|
||||
| summaries.rb:21:6:21:13 | tainted4 | Unexpected result: hasTaintFlow=tainted |
|
||||
| summaries.rb:27:6:27:13 | tainted5 | Unexpected result: hasTaintFlow=tainted |
|
||||
| summaries.rb:30:6:30:42 | call to onlyWithBlock | Unexpected result: hasTaintFlow=tainted |
|
||||
| summaries.rb:31:6:31:34 | call to onlyWithoutBlock | Unexpected result: hasTaintFlow=tainted |
|
||||
| summaries.rb:34:16:34:22 | tainted | Unexpected result: hasValueFlow=tainted |
|
||||
| summaries.rb:35:16:35:22 | tainted | Unexpected result: hasValueFlow=tainted |
|
||||
| summaries.rb:36:21:36:27 | tainted | Unexpected result: hasValueFlow=tainted |
|
||||
| summaries.rb:37:36:37:42 | tainted | Unexpected result: hasValueFlow=tainted |
|
||||
| summaries.rb:41:8:41:25 | call to matchedByName | Unexpected result: hasTaintFlow=t |
|
||||
| summaries.rb:42:8:42:25 | call to matchedByName | Unexpected result: hasTaintFlow=t |
|
||||
| summaries.rb:44:8:44:27 | call to matchedByNameRcv | Unexpected result: hasTaintFlow=t |
|
||||
| summaries.rb:48:8:48:42 | call to preserveTaint | Unexpected result: hasTaintFlow=blockArg |
|
||||
| summaries.rb:51:6:51:31 | call to namedArg | Unexpected result: hasTaintFlow=tainted |
|
||||
| summaries.rb:55:8:55:8 | x | Unexpected result: hasTaintFlow=tainted |
|
||||
| summaries.rb:62:8:62:54 | call to preserveTaint | Unexpected result: hasTaintFlow=startInNamedCallback |
|
||||
| summaries.rb:65:8:65:57 | call to preserveTaint | Unexpected result: hasTaintFlow=startInNamedParameter |
|
||||
invalidSpecComponent
|
||||
invalidOutputSpecComponent
|
||||
warning
|
||||
|
||||
@@ -1,66 +1,66 @@
|
||||
tainted = identity source("tainted")
|
||||
sink tainted
|
||||
sink tainted # $ hasValueFlow=tainted
|
||||
|
||||
tainted2 = apply_block tainted do |x|
|
||||
sink x
|
||||
sink x # $ hasValueFlow=tainted
|
||||
x
|
||||
end
|
||||
|
||||
sink tainted2
|
||||
sink tainted2 # $ hasValueFlow=tainted
|
||||
|
||||
my_lambda = -> (x) {
|
||||
sink x
|
||||
sink x # $ hasValueFlow=tainted
|
||||
x
|
||||
}
|
||||
|
||||
tainted3 = apply_lambda(my_lambda, tainted)
|
||||
|
||||
sink(tainted3)
|
||||
sink(tainted3) # $ hasValueFlow=tainted
|
||||
|
||||
tainted4 = Foo.firstArg(tainted)
|
||||
sink(tainted4)
|
||||
sink(tainted4) # $ hasTaintFlow=tainted
|
||||
|
||||
notTainted = Foo.firstArg(nil, tainted))
|
||||
sink(notTainted)
|
||||
|
||||
tainted5 = Foo.secondArg(nil, tainted)
|
||||
sink(tainted5)
|
||||
sink(tainted5) # $ hasTaintFlow=tainted
|
||||
|
||||
sink(Foo.onlyWithBlock(tainted))
|
||||
sink(Foo.onlyWithBlock(tainted) do |x| end)
|
||||
sink(Foo.onlyWithoutBlock(tainted))
|
||||
sink(Foo.onlyWithBlock(tainted) do |x| end) # $ hasTaintFlow=tainted
|
||||
sink(Foo.onlyWithoutBlock(tainted)) # $ hasTaintFlow=tainted
|
||||
sink(Foo.onlyWithoutBlock(tainted) do |x| end)
|
||||
|
||||
Foo.new.method(tainted)
|
||||
Bar.new.method(tainted)
|
||||
Bar.new.next.method(tainted)
|
||||
Bar.new.next.next.next.next.method(tainted)
|
||||
Foo.new.method(tainted) # $ hasValueFlow=tainted
|
||||
Bar.new.method(tainted) # $ hasValueFlow=tainted
|
||||
Bar.new.next.method(tainted) # $ hasValueFlow=tainted
|
||||
Bar.new.next.next.next.next.method(tainted) # $ hasValueFlow=tainted
|
||||
|
||||
def userDefinedFunction(x, y)
|
||||
t = source("t")
|
||||
sink(x.matchedByName(t))
|
||||
sink(y.matchedByName(t))
|
||||
sink(x.matchedByName(t)) # $ hasTaintFlow=t
|
||||
sink(y.matchedByName(t)) # $ hasTaintFlow=t
|
||||
sink(x.unmatchedName(t))
|
||||
sink(t.matchedByNameRcv())
|
||||
sink(t.matchedByNameRcv()) # $ hasTaintFlow=t
|
||||
end
|
||||
|
||||
Foo.blockArg do |x|
|
||||
sink(x.preserveTaint(source("blockArg")))
|
||||
sink(x.preserveTaint(source("blockArg"))) # $ hasTaintFlow=blockArg
|
||||
end
|
||||
|
||||
sink(Foo.namedArg(foo: tainted))
|
||||
sink(Foo.namedArg(foo: tainted)) # $ hasTaintFlow=tainted
|
||||
sink(Foo.namedArg(tainted))
|
||||
|
||||
Foo.intoNamedCallback(tainted, foo: ->(x) {
|
||||
sink(x)
|
||||
sink(x) # $ hasTaintFlow=tainted
|
||||
})
|
||||
Foo.intoNamedParameter(tainted, ->(foo:) {
|
||||
sink(foo)
|
||||
sink(foo) # $ MISSING: hasTaintFlow=tainted
|
||||
})
|
||||
|
||||
Foo.startInNamedCallback(foo: ->(x) {
|
||||
sink(x.preserveTaint(source("startInNamedCallback")))
|
||||
sink(x.preserveTaint(source("startInNamedCallback"))) # $ hasTaintFlow=startInNamedCallback
|
||||
})
|
||||
Foo.startInNamedParameter(->(foo:) {
|
||||
sink(foo.preserveTaint(source("startInNamedParameter")))
|
||||
sink(foo.preserveTaint(source("startInNamedParameter"))) # $ hasTaintFlow=startInNamedParameter
|
||||
})
|
||||
|
||||
Reference in New Issue
Block a user