hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9969 from hvitved/ruby/kwargs-missing-flow

Browse Source 
Ruby: Support more flow through keyword arguments
This commit is contained in:
Tom Hvitved
2022-08-09 09:59:57 +02:00
committed by GitHub
parent b90a404658 9268437a58
commit 975edac34e
7 changed files with 329 additions and 203 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ruby/ql/consistency-queries/DataFlowConsistency.ql
View File

@@ -10,6 +10,6 @@ private class MyConsistencyConfiguration extends ConsistencyConfiguration {
or
n instanceof SummaryNode
or
n instanceof HashSplatArgumentsNode
n instanceof SynthHashSplatArgumentNode
}
}

7
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
View File

@@ -65,7 +65,12 @@ class DataFlowCallable extends TDataFlowCallable {
string toString() { result = [this.asCallable().toString(), this.asLibraryCallable()] }
/** Gets the location of this callable. */
Location getLocation() { result = this.asCallable().getLocation() }
Location getLocation() {
result = this.asCallable().getLocation()
or
this instanceof TLibraryCallable and
result instanceof EmptyLocation
}
}
/**

167
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll
View File

@@ -227,6 +227,9 @@ private module Cached {
} or
TSelfParameterNode(MethodBase m) or
TBlockParameterNode(MethodBase m) or
TSynthHashSplatParameterNode(DataFlowCallable c) {
isParameterNode(_, c, any(ParameterPosition p | p.isKeyword(_)))
} or
TExprPostUpdateNode(CfgNodes::ExprCfgNode n) {
n instanceof Argument or
n = any(CfgNodes::ExprNodes::InstanceVariableAccessCfgNode v).getReceiver()
@@ -240,12 +243,13 @@ private module Cached {
TSummaryParameterNode(FlowSummaryImpl::Public::SummarizedCallable c, ParameterPosition pos) {
FlowSummaryImpl::Private::summaryParameterNodeRange(c, pos)
} or
THashSplatArgumentsNode(CfgNodes::ExprNodes::CallCfgNode c) {
TSynthHashSplatArgumentNode(CfgNodes::ExprNodes::CallCfgNode c) {
exists(Argument arg | arg.isArgumentOf(c, any(ArgumentPosition pos | pos.isKeyword(_))))
}
class TParameterNode =
TNormalParameterNode or TBlockParameterNode or TSelfParameterNode or TSummaryParameterNode;
TNormalParameterNode or TBlockParameterNode or TSelfParameterNode or
TSynthHashSplatParameterNode or TSummaryParameterNode;
private predicate defaultValueFlow(NamedParameter p, ExprNode e) {
p.(OptionalParameter).getDefaultValue() = e.getExprNode().getExpr()
@@ -328,18 +332,21 @@ private module Cached {
cached
predicate isLocalSourceNode(Node n) {
n instanceof ParameterNode
or
n instanceof PostUpdateNodes::ExprPostUpdateNode
or
// Nodes that can't be reached from another entry definition or expression.
not reachedFromExprOrEntrySsaDef(n)
or
// Ensure all entry SSA definitions are local sources -- for parameters, this
// is needed by type tracking. Note that when the parameter has a default value,
// it will be reachable from an expression (the default value) and therefore
// won't be caught by the rule above.
entrySsaDefinition(n)
not n instanceof SynthHashSplatParameterNode and
(
n instanceof ParameterNode
or
n instanceof PostUpdateNodes::ExprPostUpdateNode
or
// Nodes that can't be reached from another entry definition or expression.
not reachedFromExprOrEntrySsaDef(n)
or
// Ensure all entry SSA definitions are local sources -- for parameters, this
// is needed by type tracking. Note that when the parameter has a default value,
// it will be reachable from an expression (the default value) and therefore
// won't be caught by the rule above.
entrySsaDefinition(n)
)
}
cached
@@ -415,7 +422,9 @@ predicate nodeIsHidden(Node n) {
or
n instanceof SynthReturnNode
or
n instanceof HashSplatArgumentsNode
n instanceof SynthHashSplatParameterNode
or
n instanceof SynthHashSplatArgumentNode
}
/** An SSA definition, viewed as a node in a data flow graph. */
@@ -470,10 +479,13 @@ private module ParameterNodes {
abstract class ParameterNodeImpl extends NodeImpl {
abstract Parameter getParameter();
abstract predicate isSourceParameterOf(Callable c, ParameterPosition pos);
abstract predicate isParameterOf(DataFlowCallable c, ParameterPosition pos);
predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) {
this.isSourceParameterOf(c.asCallable(), pos)
final predicate isSourceParameterOf(Callable c, ParameterPosition pos) {
exists(DataFlowCallable callable |
this.isParameterOf(callable, pos) and
c = callable.asCallable()
)
}
}
@@ -488,21 +500,23 @@ private module ParameterNodes {
override Parameter getParameter() { result = parameter }
override predicate isSourceParameterOf(Callable c, ParameterPosition pos) {
exists(int i | pos.isPositional(i) and c.getParameter(i) = parameter |
parameter instanceof SimpleParameter
or
parameter instanceof OptionalParameter
)
or
parameter =
any(KeywordParameter kp |
c.getAParameter() = kp and
pos.isKeyword(kp.getName())
override predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) {
exists(Callable callable | callable = c.asCallable() |
exists(int i | pos.isPositional(i) and callable.getParameter(i) = parameter |
parameter instanceof SimpleParameter
or
parameter instanceof OptionalParameter
)
or
parameter = c.getAParameter().(HashSplatParameter) and
pos.isHashSplat()
or
parameter =
any(KeywordParameter kp |
callable.getAParameter() = kp and
pos.isKeyword(kp.getName())
)
or
parameter = callable.getAParameter().(HashSplatParameter) and
pos.isHashSplat()
)
}
override CfgScope getCfgScope() { result = parameter.getCallable() }
@@ -525,8 +539,8 @@ private module ParameterNodes {
override Parameter getParameter() { none() }
override predicate isSourceParameterOf(Callable c, ParameterPosition pos) {
method = c and pos.isSelf()
override predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) {
method = c.asCallable() and pos.isSelf()
}
override CfgScope getCfgScope() { result = method }
@@ -551,8 +565,8 @@ private module ParameterNodes {
result = method.getAParameter() and result instanceof BlockParameter
}
override predicate isSourceParameterOf(Callable c, ParameterPosition pos) {
c = method and pos.isBlock()
override predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) {
c.asCallable() = method and pos.isBlock()
}
override CfgScope getCfgScope() { result = method }
@@ -570,6 +584,73 @@ private module ParameterNodes {
}
}
/**
* For all methods containing keyword parameters, we construct a synthesized
* (hidden) parameter node to contain all keyword arguments. This allows us
* to handle cases like
*
* ```rb
* def foo(p1:, p2:)
* sink(p1)
* sink(p2)
* end
*
* args = {:p1 => taint(1), :p2 => taint(2) }
* foo(**args)
* ```
*
* by adding read steps out of the synthesized parameter node to the relevant
* keyword parameters.
*
* Note that this will introduce a bit of redundancy in cases like
*
* ```rb
* foo(p1: taint(1), p2: taint(2))
* ```
*
* where direct keyword matching is possible, since we construct a synthesized hash
* splat argument (`SynthHashSplatArgumentNode`) at the call site, which means that
* `taint(1)` will flow into `p1` both via normal keyword matching and via the synthesized
* nodes (and similarly for `p2`). However, this redunancy is OK since
* (a) it means that type-tracking through keyword arguments also works in most cases,
* (b) read/store steps can be avoided when direct keyword matching is possible, and
* hence access path limits are not a concern, and
* (c) since the synthesized nodes are hidden, the reported data-flow paths will be
* collapsed anyway.
*/
class SynthHashSplatParameterNode extends ParameterNodeImpl, TSynthHashSplatParameterNode {
private DataFlowCallable callable;
SynthHashSplatParameterNode() { this = TSynthHashSplatParameterNode(callable) }
/**
* Gets a keyword parameter that will be the result of reading `c` out of this
* synthesized node.
*/
ParameterNode getAKeywordParameter(ContentSet c) {
exists(string name |
isParameterNode(result, callable, any(ParameterPosition p | p.isKeyword(name)))
|
c = getKeywordContent(name) or
c.isSingleton(TUnknownElementContent())
)
}
final override Parameter getParameter() { none() }
final override predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) {
c = callable and pos.isHashSplat()
}
final override CfgScope getCfgScope() { result = callable.asCallable() }
final override DataFlowCallable getEnclosingCallable() { result = callable }
final override Location getLocationImpl() { result = callable.getLocation() }
final override string toStringImpl() { result = "**kwargs" }
}
/** A parameter for a library callable with a flow summary. */
class SummaryParameterNode extends ParameterNodeImpl, TSummaryParameterNode {
private FlowSummaryImpl::Public::SummarizedCallable sc;
@@ -579,8 +660,6 @@ private module ParameterNodes {
override Parameter getParameter() { none() }
override predicate isSourceParameterOf(Callable c, ParameterPosition pos) { none() }
override predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) {
sc = c.asLibraryCallable() and pos = pos_
}
@@ -689,10 +768,10 @@ private module ArgumentNodes {
* part of the method signature, such that those cannot end up in the hash-splat
* parameter.
*/
class HashSplatArgumentsNode extends ArgumentNode, THashSplatArgumentsNode {
class SynthHashSplatArgumentNode extends ArgumentNode, TSynthHashSplatArgumentNode {
CfgNodes::ExprNodes::CallCfgNode c;
HashSplatArgumentsNode() { this = THashSplatArgumentsNode(c) }
SynthHashSplatArgumentNode() { this = TSynthHashSplatArgumentNode(c) }
override predicate argumentOf(DataFlowCall call, ArgumentPosition pos) {
this.sourceArgumentOf(call.asCall(), pos)
@@ -704,10 +783,10 @@ private module ArgumentNodes {
}
}
private class HashSplatArgumentsNodeImpl extends NodeImpl, THashSplatArgumentsNode {
private class SynthHashSplatArgumentNodeImpl extends NodeImpl, TSynthHashSplatArgumentNode {
CfgNodes::ExprNodes::CallCfgNode c;
HashSplatArgumentsNodeImpl() { this = THashSplatArgumentsNode(c) }
SynthHashSplatArgumentNodeImpl() { this = TSynthHashSplatArgumentNode(c) }
override CfgScope getCfgScope() { result = c.getExpr().getCfgScope() }
@@ -929,7 +1008,7 @@ predicate storeStep(Node node1, ContentSet c, Node node2) {
or
// Wrap all keyword arguments in a synthesized hash-splat argument node
exists(CfgNodes::ExprNodes::CallCfgNode call, ArgumentPosition keywordPos, string name |
node2 = THashSplatArgumentsNode(call) and
node2 = TSynthHashSplatArgumentNode(call) and
node1.asExpr().(Argument).isArgumentOf(call, keywordPos) and
keywordPos.isKeyword(name) and
c = getKeywordContent(name)
@@ -962,6 +1041,8 @@ predicate readStep(Node node1, ContentSet c, Node node2) {
))
)
or
node2 = node1.(SynthHashSplatParameterNode).getAKeywordParameter(c)
or
FlowSummaryImpl::Private::Steps::summaryReadStep(node1, c, node2)
}

24
ruby/ql/test/library-tests/dataflow/params/params-flow.expected
View File

@@ -26,6 +26,16 @@ edges
| params_flow.rb:35:12:35:20 | call to taint : | params_flow.rb:25:12:25:13 | p1 : |
| params_flow.rb:35:23:35:28 | ** ... [element :p3] : | params_flow.rb:25:17:25:24 | **kwargs [element :p3] : |
| params_flow.rb:35:25:35:28 | args [element :p3] : | params_flow.rb:35:23:35:28 | ** ... [element :p3] : |
| params_flow.rb:37:16:37:24 | call to taint : | params_flow.rb:38:10:38:13 | args [element :p1] : |
| params_flow.rb:37:34:37:42 | call to taint : | params_flow.rb:38:10:38:13 | args [element :p2] : |
| params_flow.rb:38:8:38:13 | ** ... [element :p1] : | params_flow.rb:25:12:25:13 | p1 : |
| params_flow.rb:38:8:38:13 | ** ... [element :p2] : | params_flow.rb:25:17:25:24 | **kwargs [element :p2] : |
| params_flow.rb:38:10:38:13 | args [element :p1] : | params_flow.rb:38:8:38:13 | ** ... [element :p1] : |
| params_flow.rb:38:10:38:13 | args [element :p2] : | params_flow.rb:38:8:38:13 | ** ... [element :p2] : |
| params_flow.rb:40:16:40:24 | call to taint : | params_flow.rb:41:26:41:29 | args [element :p1] : |
| params_flow.rb:41:13:41:21 | call to taint : | params_flow.rb:16:18:16:19 | p2 : |
| params_flow.rb:41:24:41:29 | ** ... [element :p1] : | params_flow.rb:16:13:16:14 | p1 : |
| params_flow.rb:41:26:41:29 | args [element :p1] : | params_flow.rb:41:24:41:29 | ** ... [element :p1] : |
nodes
| params_flow.rb:9:16:9:17 | p1 : | semmle.label | p1 : |
| params_flow.rb:9:20:9:21 | p2 : | semmle.label | p2 : |
@@ -60,6 +70,16 @@ nodes
| params_flow.rb:35:12:35:20 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:35:23:35:28 | ** ... [element :p3] : | semmle.label | ** ... [element :p3] : |
| params_flow.rb:35:25:35:28 | args [element :p3] : | semmle.label | args [element :p3] : |
| params_flow.rb:37:16:37:24 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:37:34:37:42 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:38:8:38:13 | ** ... [element :p1] : | semmle.label | ** ... [element :p1] : |
| params_flow.rb:38:8:38:13 | ** ... [element :p2] : | semmle.label | ** ... [element :p2] : |
| params_flow.rb:38:10:38:13 | args [element :p1] : | semmle.label | args [element :p1] : |
| params_flow.rb:38:10:38:13 | args [element :p2] : | semmle.label | args [element :p2] : |
| params_flow.rb:40:16:40:24 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:41:13:41:21 | call to taint : | semmle.label | call to taint : |
| params_flow.rb:41:24:41:29 | ** ... [element :p1] : | semmle.label | ** ... [element :p1] : |
| params_flow.rb:41:26:41:29 | args [element :p1] : | semmle.label | args [element :p1] : |
subpaths
#select
| params_flow.rb:10:10:10:11 | p1 | params_flow.rb:14:12:14:19 | call to taint : | params_flow.rb:10:10:10:11 | p1 | $@ | params_flow.rb:14:12:14:19 | call to taint : | call to taint : |
@@ -67,11 +87,15 @@ subpaths
| params_flow.rb:17:10:17:11 | p1 | params_flow.rb:21:13:21:20 | call to taint : | params_flow.rb:17:10:17:11 | p1 | $@ | params_flow.rb:21:13:21:20 | call to taint : | call to taint : |
| params_flow.rb:17:10:17:11 | p1 | params_flow.rb:22:27:22:34 | call to taint : | params_flow.rb:17:10:17:11 | p1 | $@ | params_flow.rb:22:27:22:34 | call to taint : | call to taint : |
| params_flow.rb:17:10:17:11 | p1 | params_flow.rb:23:33:23:40 | call to taint : | params_flow.rb:17:10:17:11 | p1 | $@ | params_flow.rb:23:33:23:40 | call to taint : | call to taint : |
| params_flow.rb:17:10:17:11 | p1 | params_flow.rb:40:16:40:24 | call to taint : | params_flow.rb:17:10:17:11 | p1 | $@ | params_flow.rb:40:16:40:24 | call to taint : | call to taint : |
| params_flow.rb:18:10:18:11 | p2 | params_flow.rb:21:27:21:34 | call to taint : | params_flow.rb:18:10:18:11 | p2 | $@ | params_flow.rb:21:27:21:34 | call to taint : | call to taint : |
| params_flow.rb:18:10:18:11 | p2 | params_flow.rb:22:13:22:20 | call to taint : | params_flow.rb:18:10:18:11 | p2 | $@ | params_flow.rb:22:13:22:20 | call to taint : | call to taint : |
| params_flow.rb:18:10:18:11 | p2 | params_flow.rb:23:16:23:23 | call to taint : | params_flow.rb:18:10:18:11 | p2 | $@ | params_flow.rb:23:16:23:23 | call to taint : | call to taint : |
| params_flow.rb:18:10:18:11 | p2 | params_flow.rb:41:13:41:21 | call to taint : | params_flow.rb:18:10:18:11 | p2 | $@ | params_flow.rb:41:13:41:21 | call to taint : | call to taint : |
| params_flow.rb:26:10:26:11 | p1 | params_flow.rb:33:12:33:19 | call to taint : | params_flow.rb:26:10:26:11 | p1 | $@ | params_flow.rb:33:12:33:19 | call to taint : | call to taint : |
| params_flow.rb:26:10:26:11 | p1 | params_flow.rb:35:12:35:20 | call to taint : | params_flow.rb:26:10:26:11 | p1 | $@ | params_flow.rb:35:12:35:20 | call to taint : | call to taint : |
| params_flow.rb:26:10:26:11 | p1 | params_flow.rb:37:16:37:24 | call to taint : | params_flow.rb:26:10:26:11 | p1 | $@ | params_flow.rb:37:16:37:24 | call to taint : | call to taint : |
| params_flow.rb:28:10:28:22 | ( ... ) | params_flow.rb:33:26:33:34 | call to taint : | params_flow.rb:28:10:28:22 | ( ... ) | $@ | params_flow.rb:33:26:33:34 | call to taint : | call to taint : |
| params_flow.rb:28:10:28:22 | ( ... ) | params_flow.rb:37:34:37:42 | call to taint : | params_flow.rb:28:10:28:22 | ( ... ) | $@ | params_flow.rb:37:34:37:42 | call to taint : | call to taint : |
| params_flow.rb:29:10:29:22 | ( ... ) | params_flow.rb:33:41:33:49 | call to taint : | params_flow.rb:29:10:29:22 | ( ... ) | $@ | params_flow.rb:33:41:33:49 | call to taint : | call to taint : |
| params_flow.rb:29:10:29:22 | ( ... ) | params_flow.rb:34:14:34:22 | call to taint : | params_flow.rb:29:10:29:22 | ( ... ) | $@ | params_flow.rb:34:14:34:22 | call to taint : | call to taint : |

14
ruby/ql/test/library-tests/dataflow/params/params_flow.rb
View File

@@ -14,8 +14,8 @@ end
positional(taint(1), taint(2))
def keyword(p1:, p2:)
sink p1 # $ hasValueFlow=3 $ hasValueFlow=6 $ hasValueFlow=8
sink p2 # $ hasValueFlow=4 $ hasValueFlow=5 $ hasValueFlow=7
sink p1 # $ hasValueFlow=3 $ hasValueFlow=6 $ hasValueFlow=8 $ hasValueFlow=16
sink p2 # $ hasValueFlow=4 $ hasValueFlow=5 $ hasValueFlow=7 $ hasValueFlow=17
end
keyword(p1: taint(3), p2: taint(4))
@@ -23,9 +23,9 @@ keyword(p2: taint(5), p1: taint(6))
keyword(:p2 => taint(7), :p1 => taint(8))
def kwargs(p1:, **kwargs)
sink p1 # $ hasValueFlow=9 $ hasValueFlow=13
sink p1 # $ hasValueFlow=9 $ hasValueFlow=13 $ hasValueFlow=14
sink (kwargs[:p1])
sink (kwargs[:p2]) # $ hasValueFlow=10
sink (kwargs[:p2]) # $ hasValueFlow=10 $ hasValueFlow=15
sink (kwargs[:p3]) # $ hasValueFlow=11 $ hasValueFlow=12
sink (kwargs[:p4])
end
@@ -33,3 +33,9 @@ end
kwargs(p1: taint(9), p2: taint(10), p3: taint(11), p4: "")
args = { p3: taint(12), p4: "" }
kwargs(p1: taint(13), **args)
args = {:p1 => taint(14), :p2 => taint(15) }
kwargs(**args)
args = {:p1 => taint(16) }
keyword(p2: taint(17), **args)

316
ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected
View File

@@ -19,19 +19,19 @@ edges
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:37:36:37:42 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:37:36:37:42 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:51:24:51:30 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:54:22:54:28 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:55:17:55:23 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:57:27:57:33 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:61:32:61:38 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:63:23:63:29 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:102:16:102:22 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:108:14:108:20 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:111:16:111:22 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:111:16:111:22 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:112:21:112:27 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:112:21:112:27 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:115:26:115:32 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:115:26:115:32 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:56:22:56:28 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:57:17:57:23 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:59:27:59:33 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:63:32:63:38 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:65:23:65:29 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:104:16:104:22 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:110:14:110:20 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:113:16:113:22 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:113:16:113:22 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:114:21:114:27 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:114:21:114:27 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:117:26:117:32 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:117:26:117:32 | tainted |
| summaries.rb:1:20:1:36 | call to source : | summaries.rb:1:11:1:36 | call to identity : |
| summaries.rb:1:20:1:36 | call to source : | summaries.rb:1:11:1:36 | call to identity : |
| summaries.rb:4:12:7:3 | call to apply_block : | summaries.rb:9:6:9:13 | tainted2 |
@@ -64,55 +64,58 @@ edges
| summaries.rb:44:8:44:8 | t : | summaries.rb:44:8:44:27 | call to matchedByNameRcv |
| summaries.rb:48:24:48:41 | call to source : | summaries.rb:48:8:48:42 | call to preserveTaint |
| summaries.rb:51:24:51:30 | tainted : | summaries.rb:51:6:51:31 | call to namedArg |
| summaries.rb:54:22:54:28 | tainted : | summaries.rb:54:6:54:29 | call to anyArg |
| summaries.rb:55:17:55:23 | tainted : | summaries.rb:55:6:55:24 | call to anyArg |
| summaries.rb:57:27:57:33 | tainted : | summaries.rb:57:6:57:34 | call to anyNamedArg |
| summaries.rb:61:32:61:38 | tainted : | summaries.rb:61:6:61:39 | call to anyPositionFromOne |
| summaries.rb:63:23:63:29 | tainted : | summaries.rb:63:40:63:40 | x : |
| summaries.rb:63:40:63:40 | x : | summaries.rb:64:8:64:8 | x |
| summaries.rb:71:24:71:53 | call to source : | summaries.rb:71:8:71:54 | call to preserveTaint |
| summaries.rb:74:26:74:56 | call to source : | summaries.rb:74:8:74:57 | call to preserveTaint |
| summaries.rb:77:15:77:29 | call to source : | summaries.rb:79:6:79:6 | a [element 1] : |
| summaries.rb:77:15:77:29 | call to source : | summaries.rb:79:6:79:6 | a [element 1] : |
| summaries.rb:77:15:77:29 | call to source : | summaries.rb:81:5:81:5 | a [element 1] : |
| summaries.rb:77:15:77:29 | call to source : | summaries.rb:81:5:81:5 | a [element 1] : |
| summaries.rb:77:32:77:46 | call to source : | summaries.rb:80:6:80:6 | a [element 2] : |
| summaries.rb:77:32:77:46 | call to source : | summaries.rb:80:6:80:6 | a [element 2] : |
| summaries.rb:77:32:77:46 | call to source : | summaries.rb:85:1:85:1 | a [element 2] : |
| summaries.rb:77:32:77:46 | call to source : | summaries.rb:85:1:85:1 | a [element 2] : |
| summaries.rb:79:6:79:6 | a [element 1] : | summaries.rb:79:6:79:9 | ...[...] |
| summaries.rb:79:6:79:6 | a [element 1] : | summaries.rb:79:6:79:9 | ...[...] |
| summaries.rb:80:6:80:6 | a [element 2] : | summaries.rb:80:6:80:9 | ...[...] |
| summaries.rb:80:6:80:6 | a [element 2] : | summaries.rb:80:6:80:9 | ...[...] |
| summaries.rb:81:5:81:5 | a [element 1] : | summaries.rb:81:5:81:22 | call to withElementOne [element 1] : |
| summaries.rb:81:5:81:5 | a [element 1] : | summaries.rb:81:5:81:22 | call to withElementOne [element 1] : |
| summaries.rb:81:5:81:22 | call to withElementOne [element 1] : | summaries.rb:83:6:83:6 | b [element 1] : |
| summaries.rb:81:5:81:22 | call to withElementOne [element 1] : | summaries.rb:83:6:83:6 | b [element 1] : |
| summaries.rb:83:6:83:6 | b [element 1] : | summaries.rb:83:6:83:9 | ...[...] |
| summaries.rb:83:6:83:6 | b [element 1] : | summaries.rb:83:6:83:9 | ...[...] |
| summaries.rb:85:1:85:1 | [post] a [element 2] : | summaries.rb:88:6:88:6 | a [element 2] : |
| summaries.rb:85:1:85:1 | [post] a [element 2] : | summaries.rb:88:6:88:6 | a [element 2] : |
| summaries.rb:85:1:85:1 | a [element 2] : | summaries.rb:85:1:85:1 | [post] a [element 2] : |
| summaries.rb:85:1:85:1 | a [element 2] : | summaries.rb:85:1:85:1 | [post] a [element 2] : |
| summaries.rb:88:6:88:6 | a [element 2] : | summaries.rb:88:6:88:9 | ...[...] |
| summaries.rb:88:6:88:6 | a [element 2] : | summaries.rb:88:6:88:9 | ...[...] |
| summaries.rb:91:1:91:1 | [post] x [@value] : | summaries.rb:92:6:92:6 | x [@value] : |
| summaries.rb:91:1:91:1 | [post] x [@value] : | summaries.rb:92:6:92:6 | x [@value] : |
| summaries.rb:91:13:91:26 | call to source : | summaries.rb:91:1:91:1 | [post] x [@value] : |
| summaries.rb:91:13:91:26 | call to source : | summaries.rb:91:1:91:1 | [post] x [@value] : |
| summaries.rb:92:6:92:6 | x [@value] : | summaries.rb:92:6:92:16 | call to get_value |
| summaries.rb:92:6:92:6 | x [@value] : | summaries.rb:92:6:92:16 | call to get_value |
| summaries.rb:102:16:102:22 | [post] tainted : | summaries.rb:108:14:108:20 | tainted : |
| summaries.rb:102:16:102:22 | [post] tainted : | summaries.rb:111:16:111:22 | tainted |
| summaries.rb:102:16:102:22 | [post] tainted : | summaries.rb:112:21:112:27 | tainted |
| summaries.rb:102:16:102:22 | [post] tainted : | summaries.rb:115:26:115:32 | tainted |
| summaries.rb:102:16:102:22 | tainted : | summaries.rb:102:16:102:22 | [post] tainted : |
| summaries.rb:102:16:102:22 | tainted : | summaries.rb:102:25:102:25 | [post] y : |
| summaries.rb:102:16:102:22 | tainted : | summaries.rb:102:33:102:33 | [post] z : |
| summaries.rb:102:25:102:25 | [post] y : | summaries.rb:104:6:104:6 | y |
| summaries.rb:102:33:102:33 | [post] z : | summaries.rb:105:6:105:6 | z |
| summaries.rb:108:1:108:1 | [post] x : | summaries.rb:109:6:109:6 | x |
| summaries.rb:108:14:108:20 | tainted : | summaries.rb:108:1:108:1 | [post] x : |
| summaries.rb:53:15:53:31 | call to source : | summaries.rb:54:21:54:24 | args [element :foo] : |
| summaries.rb:54:19:54:24 | ** ... [element :foo] : | summaries.rb:54:6:54:25 | call to namedArg |
| summaries.rb:54:21:54:24 | args [element :foo] : | summaries.rb:54:19:54:24 | ** ... [element :foo] : |
| summaries.rb:56:22:56:28 | tainted : | summaries.rb:56:6:56:29 | call to anyArg |
| summaries.rb:57:17:57:23 | tainted : | summaries.rb:57:6:57:24 | call to anyArg |
| summaries.rb:59:27:59:33 | tainted : | summaries.rb:59:6:59:34 | call to anyNamedArg |
| summaries.rb:63:32:63:38 | tainted : | summaries.rb:63:6:63:39 | call to anyPositionFromOne |
| summaries.rb:65:23:65:29 | tainted : | summaries.rb:65:40:65:40 | x : |
| summaries.rb:65:40:65:40 | x : | summaries.rb:66:8:66:8 | x |
| summaries.rb:73:24:73:53 | call to source : | summaries.rb:73:8:73:54 | call to preserveTaint |
| summaries.rb:76:26:76:56 | call to source : | summaries.rb:76:8:76:57 | call to preserveTaint |
| summaries.rb:79:15:79:29 | call to source : | summaries.rb:81:6:81:6 | a [element 1] : |
| summaries.rb:79:15:79:29 | call to source : | summaries.rb:81:6:81:6 | a [element 1] : |
| summaries.rb:79:15:79:29 | call to source : | summaries.rb:83:5:83:5 | a [element 1] : |
| summaries.rb:79:15:79:29 | call to source : | summaries.rb:83:5:83:5 | a [element 1] : |
| summaries.rb:79:32:79:46 | call to source : | summaries.rb:82:6:82:6 | a [element 2] : |
| summaries.rb:79:32:79:46 | call to source : | summaries.rb:82:6:82:6 | a [element 2] : |
| summaries.rb:79:32:79:46 | call to source : | summaries.rb:87:1:87:1 | a [element 2] : |
| summaries.rb:79:32:79:46 | call to source : | summaries.rb:87:1:87:1 | a [element 2] : |
| summaries.rb:81:6:81:6 | a [element 1] : | summaries.rb:81:6:81:9 | ...[...] |
| summaries.rb:81:6:81:6 | a [element 1] : | summaries.rb:81:6:81:9 | ...[...] |
| summaries.rb:82:6:82:6 | a [element 2] : | summaries.rb:82:6:82:9 | ...[...] |
| summaries.rb:82:6:82:6 | a [element 2] : | summaries.rb:82:6:82:9 | ...[...] |
| summaries.rb:83:5:83:5 | a [element 1] : | summaries.rb:83:5:83:22 | call to withElementOne [element 1] : |
| summaries.rb:83:5:83:5 | a [element 1] : | summaries.rb:83:5:83:22 | call to withElementOne [element 1] : |
| summaries.rb:83:5:83:22 | call to withElementOne [element 1] : | summaries.rb:85:6:85:6 | b [element 1] : |
| summaries.rb:83:5:83:22 | call to withElementOne [element 1] : | summaries.rb:85:6:85:6 | b [element 1] : |
| summaries.rb:85:6:85:6 | b [element 1] : | summaries.rb:85:6:85:9 | ...[...] |
| summaries.rb:85:6:85:6 | b [element 1] : | summaries.rb:85:6:85:9 | ...[...] |
| summaries.rb:87:1:87:1 | [post] a [element 2] : | summaries.rb:90:6:90:6 | a [element 2] : |
| summaries.rb:87:1:87:1 | [post] a [element 2] : | summaries.rb:90:6:90:6 | a [element 2] : |
| summaries.rb:87:1:87:1 | a [element 2] : | summaries.rb:87:1:87:1 | [post] a [element 2] : |
| summaries.rb:87:1:87:1 | a [element 2] : | summaries.rb:87:1:87:1 | [post] a [element 2] : |
| summaries.rb:90:6:90:6 | a [element 2] : | summaries.rb:90:6:90:9 | ...[...] |
| summaries.rb:90:6:90:6 | a [element 2] : | summaries.rb:90:6:90:9 | ...[...] |
| summaries.rb:93:1:93:1 | [post] x [@value] : | summaries.rb:94:6:94:6 | x [@value] : |
| summaries.rb:93:1:93:1 | [post] x [@value] : | summaries.rb:94:6:94:6 | x [@value] : |
| summaries.rb:93:13:93:26 | call to source : | summaries.rb:93:1:93:1 | [post] x [@value] : |
| summaries.rb:93:13:93:26 | call to source : | summaries.rb:93:1:93:1 | [post] x [@value] : |
| summaries.rb:94:6:94:6 | x [@value] : | summaries.rb:94:6:94:16 | call to get_value |
| summaries.rb:94:6:94:6 | x [@value] : | summaries.rb:94:6:94:16 | call to get_value |
| summaries.rb:104:16:104:22 | [post] tainted : | summaries.rb:110:14:110:20 | tainted : |
| summaries.rb:104:16:104:22 | [post] tainted : | summaries.rb:113:16:113:22 | tainted |
| summaries.rb:104:16:104:22 | [post] tainted : | summaries.rb:114:21:114:27 | tainted |
| summaries.rb:104:16:104:22 | [post] tainted : | summaries.rb:117:26:117:32 | tainted |
| summaries.rb:104:16:104:22 | tainted : | summaries.rb:104:16:104:22 | [post] tainted : |
| summaries.rb:104:16:104:22 | tainted : | summaries.rb:104:25:104:25 | [post] y : |
| summaries.rb:104:16:104:22 | tainted : | summaries.rb:104:33:104:33 | [post] z : |
| summaries.rb:104:25:104:25 | [post] y : | summaries.rb:106:6:106:6 | y |
| summaries.rb:104:33:104:33 | [post] z : | summaries.rb:107:6:107:6 | z |
| summaries.rb:110:1:110:1 | [post] x : | summaries.rb:111:6:111:6 | x |
| summaries.rb:110:14:110:20 | tainted : | summaries.rb:110:1:110:1 | [post] x : |
nodes
| summaries.rb:1:11:1:36 | call to identity : | semmle.label | call to identity : |
| summaries.rb:1:11:1:36 | call to identity : | semmle.label | call to identity : |
@@ -169,72 +172,76 @@ nodes
| summaries.rb:48:24:48:41 | call to source : | semmle.label | call to source : |
| summaries.rb:51:6:51:31 | call to namedArg | semmle.label | call to namedArg |
| summaries.rb:51:24:51:30 | tainted : | semmle.label | tainted : |
| summaries.rb:54:6:54:29 | call to anyArg | semmle.label | call to anyArg |
| summaries.rb:54:22:54:28 | tainted : | semmle.label | tainted : |
| summaries.rb:55:6:55:24 | call to anyArg | semmle.label | call to anyArg |
| summaries.rb:55:17:55:23 | tainted : | semmle.label | tainted : |
| summaries.rb:57:6:57:34 | call to anyNamedArg | semmle.label | call to anyNamedArg |
| summaries.rb:57:27:57:33 | tainted : | semmle.label | tainted : |
| summaries.rb:61:6:61:39 | call to anyPositionFromOne | semmle.label | call to anyPositionFromOne |
| summaries.rb:61:32:61:38 | tainted : | semmle.label | tainted : |
| summaries.rb:63:23:63:29 | tainted : | semmle.label | tainted : |
| summaries.rb:63:40:63:40 | x : | semmle.label | x : |
| summaries.rb:64:8:64:8 | x | semmle.label | x |
| summaries.rb:71:8:71:54 | call to preserveTaint | semmle.label | call to preserveTaint |
| summaries.rb:71:24:71:53 | call to source : | semmle.label | call to source : |
| summaries.rb:74:8:74:57 | call to preserveTaint | semmle.label | call to preserveTaint |
| summaries.rb:74:26:74:56 | call to source : | semmle.label | call to source : |
| summaries.rb:77:15:77:29 | call to source : | semmle.label | call to source : |
| summaries.rb:77:15:77:29 | call to source : | semmle.label | call to source : |
| summaries.rb:77:32:77:46 | call to source : | semmle.label | call to source : |
| summaries.rb:77:32:77:46 | call to source : | semmle.label | call to source : |
| summaries.rb:79:6:79:6 | a [element 1] : | semmle.label | a [element 1] : |
| summaries.rb:79:6:79:6 | a [element 1] : | semmle.label | a [element 1] : |
| summaries.rb:79:6:79:9 | ...[...] | semmle.label | ...[...] |
| summaries.rb:79:6:79:9 | ...[...] | semmle.label | ...[...] |
| summaries.rb:80:6:80:6 | a [element 2] : | semmle.label | a [element 2] : |
| summaries.rb:80:6:80:6 | a [element 2] : | semmle.label | a [element 2] : |
| summaries.rb:80:6:80:9 | ...[...] | semmle.label | ...[...] |
| summaries.rb:80:6:80:9 | ...[...] | semmle.label | ...[...] |
| summaries.rb:81:5:81:5 | a [element 1] : | semmle.label | a [element 1] : |
| summaries.rb:81:5:81:5 | a [element 1] : | semmle.label | a [element 1] : |
| summaries.rb:81:5:81:22 | call to withElementOne [element 1] : | semmle.label | call to withElementOne [element 1] : |
| summaries.rb:81:5:81:22 | call to withElementOne [element 1] : | semmle.label | call to withElementOne [element 1] : |
| summaries.rb:83:6:83:6 | b [element 1] : | semmle.label | b [element 1] : |
| summaries.rb:83:6:83:6 | b [element 1] : | semmle.label | b [element 1] : |
| summaries.rb:83:6:83:9 | ...[...] | semmle.label | ...[...] |
| summaries.rb:83:6:83:9 | ...[...] | semmle.label | ...[...] |
| summaries.rb:85:1:85:1 | [post] a [element 2] : | semmle.label | [post] a [element 2] : |
| summaries.rb:85:1:85:1 | [post] a [element 2] : | semmle.label | [post] a [element 2] : |
| summaries.rb:85:1:85:1 | a [element 2] : | semmle.label | a [element 2] : |
| summaries.rb:85:1:85:1 | a [element 2] : | semmle.label | a [element 2] : |
| summaries.rb:88:6:88:6 | a [element 2] : | semmle.label | a [element 2] : |
| summaries.rb:88:6:88:6 | a [element 2] : | semmle.label | a [element 2] : |
| summaries.rb:88:6:88:9 | ...[...] | semmle.label | ...[...] |
| summaries.rb:88:6:88:9 | ...[...] | semmle.label | ...[...] |
| summaries.rb:91:1:91:1 | [post] x [@value] : | semmle.label | [post] x [@value] : |
| summaries.rb:91:1:91:1 | [post] x [@value] : | semmle.label | [post] x [@value] : |
| summaries.rb:91:13:91:26 | call to source : | semmle.label | call to source : |
| summaries.rb:91:13:91:26 | call to source : | semmle.label | call to source : |
| summaries.rb:92:6:92:6 | x [@value] : | semmle.label | x [@value] : |
| summaries.rb:92:6:92:6 | x [@value] : | semmle.label | x [@value] : |
| summaries.rb:92:6:92:16 | call to get_value | semmle.label | call to get_value |
| summaries.rb:92:6:92:16 | call to get_value | semmle.label | call to get_value |
| summaries.rb:102:16:102:22 | [post] tainted : | semmle.label | [post] tainted : |
| summaries.rb:102:16:102:22 | tainted : | semmle.label | tainted : |
| summaries.rb:102:25:102:25 | [post] y : | semmle.label | [post] y : |
| summaries.rb:102:33:102:33 | [post] z : | semmle.label | [post] z : |
| summaries.rb:104:6:104:6 | y | semmle.label | y |
| summaries.rb:105:6:105:6 | z | semmle.label | z |
| summaries.rb:108:1:108:1 | [post] x : | semmle.label | [post] x : |
| summaries.rb:108:14:108:20 | tainted : | semmle.label | tainted : |
| summaries.rb:109:6:109:6 | x | semmle.label | x |
| summaries.rb:111:16:111:22 | tainted | semmle.label | tainted |
| summaries.rb:111:16:111:22 | tainted | semmle.label | tainted |
| summaries.rb:112:21:112:27 | tainted | semmle.label | tainted |
| summaries.rb:112:21:112:27 | tainted | semmle.label | tainted |
| summaries.rb:115:26:115:32 | tainted | semmle.label | tainted |
| summaries.rb:115:26:115:32 | tainted | semmle.label | tainted |
| summaries.rb:53:15:53:31 | call to source : | semmle.label | call to source : |
| summaries.rb:54:6:54:25 | call to namedArg | semmle.label | call to namedArg |
| summaries.rb:54:19:54:24 | ** ... [element :foo] : | semmle.label | ** ... [element :foo] : |
| summaries.rb:54:21:54:24 | args [element :foo] : | semmle.label | args [element :foo] : |
| summaries.rb:56:6:56:29 | call to anyArg | semmle.label | call to anyArg |
| summaries.rb:56:22:56:28 | tainted : | semmle.label | tainted : |
| summaries.rb:57:6:57:24 | call to anyArg | semmle.label | call to anyArg |
| summaries.rb:57:17:57:23 | tainted : | semmle.label | tainted : |
| summaries.rb:59:6:59:34 | call to anyNamedArg | semmle.label | call to anyNamedArg |
| summaries.rb:59:27:59:33 | tainted : | semmle.label | tainted : |
| summaries.rb:63:6:63:39 | call to anyPositionFromOne | semmle.label | call to anyPositionFromOne |
| summaries.rb:63:32:63:38 | tainted : | semmle.label | tainted : |
| summaries.rb:65:23:65:29 | tainted : | semmle.label | tainted : |
| summaries.rb:65:40:65:40 | x : | semmle.label | x : |
| summaries.rb:66:8:66:8 | x | semmle.label | x |
| summaries.rb:73:8:73:54 | call to preserveTaint | semmle.label | call to preserveTaint |
| summaries.rb:73:24:73:53 | call to source : | semmle.label | call to source : |
| summaries.rb:76:8:76:57 | call to preserveTaint | semmle.label | call to preserveTaint |
| summaries.rb:76:26:76:56 | call to source : | semmle.label | call to source : |
| summaries.rb:79:15:79:29 | call to source : | semmle.label | call to source : |
| summaries.rb:79:15:79:29 | call to source : | semmle.label | call to source : |
| summaries.rb:79:32:79:46 | call to source : | semmle.label | call to source : |
| summaries.rb:79:32:79:46 | call to source : | semmle.label | call to source : |
| summaries.rb:81:6:81:6 | a [element 1] : | semmle.label | a [element 1] : |
| summaries.rb:81:6:81:6 | a [element 1] : | semmle.label | a [element 1] : |
| summaries.rb:81:6:81:9 | ...[...] | semmle.label | ...[...] |
| summaries.rb:81:6:81:9 | ...[...] | semmle.label | ...[...] |
| summaries.rb:82:6:82:6 | a [element 2] : | semmle.label | a [element 2] : |
| summaries.rb:82:6:82:6 | a [element 2] : | semmle.label | a [element 2] : |
| summaries.rb:82:6:82:9 | ...[...] | semmle.label | ...[...] |
| summaries.rb:82:6:82:9 | ...[...] | semmle.label | ...[...] |
| summaries.rb:83:5:83:5 | a [element 1] : | semmle.label | a [element 1] : |
| summaries.rb:83:5:83:5 | a [element 1] : | semmle.label | a [element 1] : |
| summaries.rb:83:5:83:22 | call to withElementOne [element 1] : | semmle.label | call to withElementOne [element 1] : |
| summaries.rb:83:5:83:22 | call to withElementOne [element 1] : | semmle.label | call to withElementOne [element 1] : |
| summaries.rb:85:6:85:6 | b [element 1] : | semmle.label | b [element 1] : |
| summaries.rb:85:6:85:6 | b [element 1] : | semmle.label | b [element 1] : |
| summaries.rb:85:6:85:9 | ...[...] | semmle.label | ...[...] |
| summaries.rb:85:6:85:9 | ...[...] | semmle.label | ...[...] |
| summaries.rb:87:1:87:1 | [post] a [element 2] : | semmle.label | [post] a [element 2] : |
| summaries.rb:87:1:87:1 | [post] a [element 2] : | semmle.label | [post] a [element 2] : |
| summaries.rb:87:1:87:1 | a [element 2] : | semmle.label | a [element 2] : |
| summaries.rb:87:1:87:1 | a [element 2] : | semmle.label | a [element 2] : |
| summaries.rb:90:6:90:6 | a [element 2] : | semmle.label | a [element 2] : |
| summaries.rb:90:6:90:6 | a [element 2] : | semmle.label | a [element 2] : |
| summaries.rb:90:6:90:9 | ...[...] | semmle.label | ...[...] |
| summaries.rb:90:6:90:9 | ...[...] | semmle.label | ...[...] |
| summaries.rb:93:1:93:1 | [post] x [@value] : | semmle.label | [post] x [@value] : |
| summaries.rb:93:1:93:1 | [post] x [@value] : | semmle.label | [post] x [@value] : |
| summaries.rb:93:13:93:26 | call to source : | semmle.label | call to source : |
| summaries.rb:93:13:93:26 | call to source : | semmle.label | call to source : |
| summaries.rb:94:6:94:6 | x [@value] : | semmle.label | x [@value] : |
| summaries.rb:94:6:94:6 | x [@value] : | semmle.label | x [@value] : |
| summaries.rb:94:6:94:16 | call to get_value | semmle.label | call to get_value |
| summaries.rb:94:6:94:16 | call to get_value | semmle.label | call to get_value |
| summaries.rb:104:16:104:22 | [post] tainted : | semmle.label | [post] tainted : |
| summaries.rb:104:16:104:22 | tainted : | semmle.label | tainted : |
| summaries.rb:104:25:104:25 | [post] y : | semmle.label | [post] y : |
| summaries.rb:104:33:104:33 | [post] z : | semmle.label | [post] z : |
| summaries.rb:106:6:106:6 | y | semmle.label | y |
| summaries.rb:107:6:107:6 | z | semmle.label | z |
| summaries.rb:110:1:110:1 | [post] x : | semmle.label | [post] x : |
| summaries.rb:110:14:110:20 | tainted : | semmle.label | tainted : |
| summaries.rb:111:6:111:6 | x | semmle.label | x |
| summaries.rb:113:16:113:22 | tainted | semmle.label | tainted |
| summaries.rb:113:16:113:22 | tainted | semmle.label | tainted |
| summaries.rb:114:21:114:27 | tainted | semmle.label | tainted |
| summaries.rb:114:21:114:27 | tainted | semmle.label | tainted |
| summaries.rb:117:26:117:32 | tainted | semmle.label | tainted |
| summaries.rb:117:26:117:32 | tainted | semmle.label | tainted |
subpaths
invalidSpecComponent
#select
@@ -265,32 +272,33 @@ invalidSpecComponent
| summaries.rb:44:8:44:27 | call to matchedByNameRcv | summaries.rb:40:7:40:17 | call to source : | summaries.rb:44:8:44:27 | call to matchedByNameRcv | $@ | summaries.rb:40:7:40:17 | call to source : | call to source : |
| summaries.rb:48:8:48:42 | call to preserveTaint | summaries.rb:48:24:48:41 | call to source : | summaries.rb:48:8:48:42 | call to preserveTaint | $@ | summaries.rb:48:24:48:41 | call to source : | call to source : |
| summaries.rb:51:6:51:31 | call to namedArg | summaries.rb:1:20:1:36 | call to source : | summaries.rb:51:6:51:31 | call to namedArg | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:54:6:54:29 | call to anyArg | summaries.rb:1:20:1:36 | call to source : | summaries.rb:54:6:54:29 | call to anyArg | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:55:6:55:24 | call to anyArg | summaries.rb:1:20:1:36 | call to source : | summaries.rb:55:6:55:24 | call to anyArg | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:57:6:57:34 | call to anyNamedArg | summaries.rb:1:20:1:36 | call to source : | summaries.rb:57:6:57:34 | call to anyNamedArg | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:61:6:61:39 | call to anyPositionFromOne | summaries.rb:1:20:1:36 | call to source : | summaries.rb:61:6:61:39 | call to anyPositionFromOne | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:64:8:64:8 | x | summaries.rb:1:20:1:36 | call to source : | summaries.rb:64:8:64:8 | x | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:71:8:71:54 | call to preserveTaint | summaries.rb:71:24:71:53 | call to source : | summaries.rb:71:8:71:54 | call to preserveTaint | $@ | summaries.rb:71:24:71:53 | call to source : | call to source : |
| summaries.rb:74:8:74:57 | call to preserveTaint | summaries.rb:74:26:74:56 | call to source : | summaries.rb:74:8:74:57 | call to preserveTaint | $@ | summaries.rb:74:26:74:56 | call to source : | call to source : |
| summaries.rb:79:6:79:9 | ...[...] | summaries.rb:77:15:77:29 | call to source : | summaries.rb:79:6:79:9 | ...[...] | $@ | summaries.rb:77:15:77:29 | call to source : | call to source : |
| summaries.rb:79:6:79:9 | ...[...] | summaries.rb:77:15:77:29 | call to source : | summaries.rb:79:6:79:9 | ...[...] | $@ | summaries.rb:77:15:77:29 | call to source : | call to source : |
| summaries.rb:80:6:80:9 | ...[...] | summaries.rb:77:32:77:46 | call to source : | summaries.rb:80:6:80:9 | ...[...] | $@ | summaries.rb:77:32:77:46 | call to source : | call to source : |
| summaries.rb:80:6:80:9 | ...[...] | summaries.rb:77:32:77:46 | call to source : | summaries.rb:80:6:80:9 | ...[...] | $@ | summaries.rb:77:32:77:46 | call to source : | call to source : |
| summaries.rb:83:6:83:9 | ...[...] | summaries.rb:77:15:77:29 | call to source : | summaries.rb:83:6:83:9 | ...[...] | $@ | summaries.rb:77:15:77:29 | call to source : | call to source : |
| summaries.rb:83:6:83:9 | ...[...] | summaries.rb:77:15:77:29 | call to source : | summaries.rb:83:6:83:9 | ...[...] | $@ | summaries.rb:77:15:77:29 | call to source : | call to source : |
| summaries.rb:88:6:88:9 | ...[...] | summaries.rb:77:32:77:46 | call to source : | summaries.rb:88:6:88:9 | ...[...] | $@ | summaries.rb:77:32:77:46 | call to source : | call to source : |
| summaries.rb:88:6:88:9 | ...[...] | summaries.rb:77:32:77:46 | call to source : | summaries.rb:88:6:88:9 | ...[...] | $@ | summaries.rb:77:32:77:46 | call to source : | call to source : |
| summaries.rb:92:6:92:16 | call to get_value | summaries.rb:91:13:91:26 | call to source : | summaries.rb:92:6:92:16 | call to get_value | $@ | summaries.rb:91:13:91:26 | call to source : | call to source : |
| summaries.rb:92:6:92:16 | call to get_value | summaries.rb:91:13:91:26 | call to source : | summaries.rb:92:6:92:16 | call to get_value | $@ | summaries.rb:91:13:91:26 | call to source : | call to source : |
| summaries.rb:104:6:104:6 | y | summaries.rb:1:20:1:36 | call to source : | summaries.rb:104:6:104:6 | y | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:105:6:105:6 | z | summaries.rb:1:20:1:36 | call to source : | summaries.rb:105:6:105:6 | z | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:109:6:109:6 | x | summaries.rb:1:20:1:36 | call to source : | summaries.rb:109:6:109:6 | x | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:111:16:111:22 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:111:16:111:22 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:111:16:111:22 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:111:16:111:22 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:112:21:112:27 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:112:21:112:27 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:112:21:112:27 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:112:21:112:27 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:115:26:115:32 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:115:26:115:32 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:115:26:115:32 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:115:26:115:32 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:54:6:54:25 | call to namedArg | summaries.rb:53:15:53:31 | call to source : | summaries.rb:54:6:54:25 | call to namedArg | $@ | summaries.rb:53:15:53:31 | call to source : | call to source : |
| summaries.rb:56:6:56:29 | call to anyArg | summaries.rb:1:20:1:36 | call to source : | summaries.rb:56:6:56:29 | call to anyArg | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:57:6:57:24 | call to anyArg | summaries.rb:1:20:1:36 | call to source : | summaries.rb:57:6:57:24 | call to anyArg | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:59:6:59:34 | call to anyNamedArg | summaries.rb:1:20:1:36 | call to source : | summaries.rb:59:6:59:34 | call to anyNamedArg | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:63:6:63:39 | call to anyPositionFromOne | summaries.rb:1:20:1:36 | call to source : | summaries.rb:63:6:63:39 | call to anyPositionFromOne | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:66:8:66:8 | x | summaries.rb:1:20:1:36 | call to source : | summaries.rb:66:8:66:8 | x | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:73:8:73:54 | call to preserveTaint | summaries.rb:73:24:73:53 | call to source : | summaries.rb:73:8:73:54 | call to preserveTaint | $@ | summaries.rb:73:24:73:53 | call to source : | call to source : |
| summaries.rb:76:8:76:57 | call to preserveTaint | summaries.rb:76:26:76:56 | call to source : | summaries.rb:76:8:76:57 | call to preserveTaint | $@ | summaries.rb:76:26:76:56 | call to source : | call to source : |
| summaries.rb:81:6:81:9 | ...[...] | summaries.rb:79:15:79:29 | call to source : | summaries.rb:81:6:81:9 | ...[...] | $@ | summaries.rb:79:15:79:29 | call to source : | call to source : |
| summaries.rb:81:6:81:9 | ...[...] | summaries.rb:79:15:79:29 | call to source : | summaries.rb:81:6:81:9 | ...[...] | $@ | summaries.rb:79:15:79:29 | call to source : | call to source : |
| summaries.rb:82:6:82:9 | ...[...] | summaries.rb:79:32:79:46 | call to source : | summaries.rb:82:6:82:9 | ...[...] | $@ | summaries.rb:79:32:79:46 | call to source : | call to source : |
| summaries.rb:82:6:82:9 | ...[...] | summaries.rb:79:32:79:46 | call to source : | summaries.rb:82:6:82:9 | ...[...] | $@ | summaries.rb:79:32:79:46 | call to source : | call to source : |
| summaries.rb:85:6:85:9 | ...[...] | summaries.rb:79:15:79:29 | call to source : | summaries.rb:85:6:85:9 | ...[...] | $@ | summaries.rb:79:15:79:29 | call to source : | call to source : |
| summaries.rb:85:6:85:9 | ...[...] | summaries.rb:79:15:79:29 | call to source : | summaries.rb:85:6:85:9 | ...[...] | $@ | summaries.rb:79:15:79:29 | call to source : | call to source : |
| summaries.rb:90:6:90:9 | ...[...] | summaries.rb:79:32:79:46 | call to source : | summaries.rb:90:6:90:9 | ...[...] | $@ | summaries.rb:79:32:79:46 | call to source : | call to source : |
| summaries.rb:90:6:90:9 | ...[...] | summaries.rb:79:32:79:46 | call to source : | summaries.rb:90:6:90:9 | ...[...] | $@ | summaries.rb:79:32:79:46 | call to source : | call to source : |
| summaries.rb:94:6:94:16 | call to get_value | summaries.rb:93:13:93:26 | call to source : | summaries.rb:94:6:94:16 | call to get_value | $@ | summaries.rb:93:13:93:26 | call to source : | call to source : |
| summaries.rb:94:6:94:16 | call to get_value | summaries.rb:93:13:93:26 | call to source : | summaries.rb:94:6:94:16 | call to get_value | $@ | summaries.rb:93:13:93:26 | call to source : | call to source : |
| summaries.rb:106:6:106:6 | y | summaries.rb:1:20:1:36 | call to source : | summaries.rb:106:6:106:6 | y | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:107:6:107:6 | z | summaries.rb:1:20:1:36 | call to source : | summaries.rb:107:6:107:6 | z | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:111:6:111:6 | x | summaries.rb:1:20:1:36 | call to source : | summaries.rb:111:6:111:6 | x | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:113:16:113:22 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:113:16:113:22 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:113:16:113:22 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:113:16:113:22 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:114:21:114:27 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:114:21:114:27 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:114:21:114:27 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:114:21:114:27 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:117:26:117:32 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:117:26:117:32 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:117:26:117:32 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:117:26:117:32 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
warning
| CSV type row should have 5 columns but has 2: test;TooFewColumns |
| CSV type row should have 5 columns but has 8: test;TooManyColumns;;;Member[Foo].Instance;too;many;columns |

2
ruby/ql/test/library-tests/dataflow/summaries/summaries.rb
View File

@@ -50,6 +50,8 @@ end
sink(Foo.namedArg(foo: tainted)) # $ hasTaintFlow=tainted
sink(Foo.namedArg(tainted))
args = { foo: source("tainted") }
sink(Foo.namedArg(**args)) # $ hasTaintFlow=tainted
sink(Foo.anyArg(foo: tainted)) # $ hasTaintFlow=tainted
sink(Foo.anyArg(tainted)) # $ hasTaintFlow=tainted