hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14859 from hvitved/ruby/missing-flow-tests

Browse Source 
Ruby: Add tests illustrating missing flow
This commit is contained in:
Tom Hvitved
2023-11-24 14:57:15 +01:00
committed by GitHub
parent d239a30866 8ccce5891d
commit 9eaebfcf60
3 changed files with 1785 additions and 179 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1864
ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected
View File

File diff suppressed because it is too large Load Diff

30
ruby/ql/test/library-tests/dataflow/params/params-flow.expected
View File

@@ -157,6 +157,18 @@ edges
| params_flow.rb:134:10:134:13 | args [element 1] | params_flow.rb:134:10:134:16 | ...[...] |
| params_flow.rb:137:10:137:43 | * ... [element 1] | params_flow.rb:133:14:133:18 | *args [element 1] |
| params_flow.rb:137:23:137:31 | call to taint | params_flow.rb:137:10:137:43 | * ... [element 1] |
| params_flow.rb:153:28:153:29 | p2 | params_flow.rb:154:18:154:19 | p2 |
| params_flow.rb:154:18:154:19 | p2 | params_flow.rb:154:5:154:6 | [post] p1 [element 0] |
| params_flow.rb:164:23:164:24 | [post] p1 [element 0] | params_flow.rb:165:6:165:7 | p1 [element 0] |
| params_flow.rb:164:31:164:39 | call to taint | params_flow.rb:153:28:153:29 | p2 |
| params_flow.rb:164:31:164:39 | call to taint | params_flow.rb:164:23:164:24 | [post] p1 [element 0] |
| params_flow.rb:165:6:165:7 | p1 [element 0] | params_flow.rb:165:6:165:10 | ...[...] |
| params_flow.rb:181:28:181:29 | p2 | params_flow.rb:182:18:182:19 | p2 |
| params_flow.rb:182:18:182:19 | p2 | params_flow.rb:182:5:182:6 | [post] p1 [element 0] |
| params_flow.rb:192:20:192:21 | [post] p1 [element 0] | params_flow.rb:193:6:193:7 | p1 [element 0] |
| params_flow.rb:192:24:192:32 | call to taint | params_flow.rb:181:28:181:29 | p2 |
| params_flow.rb:192:24:192:32 | call to taint | params_flow.rb:192:20:192:21 | [post] p1 [element 0] |
| params_flow.rb:193:6:193:7 | p1 [element 0] | params_flow.rb:193:6:193:10 | ...[...] |
nodes
| params_flow.rb:9:16:9:17 | p1 | semmle.label | p1 |
| params_flow.rb:9:20:9:21 | p2 | semmle.label | p2 |
@@ -339,7 +351,23 @@ nodes
| params_flow.rb:134:10:134:16 | ...[...] | semmle.label | ...[...] |
| params_flow.rb:137:10:137:43 | * ... [element 1] | semmle.label | * ... [element 1] |
| params_flow.rb:137:23:137:31 | call to taint | semmle.label | call to taint |
| params_flow.rb:153:28:153:29 | p2 | semmle.label | p2 |
| params_flow.rb:154:5:154:6 | [post] p1 [element 0] | semmle.label | [post] p1 [element 0] |
| params_flow.rb:154:18:154:19 | p2 | semmle.label | p2 |
| params_flow.rb:164:23:164:24 | [post] p1 [element 0] | semmle.label | [post] p1 [element 0] |
| params_flow.rb:164:31:164:39 | call to taint | semmle.label | call to taint |
| params_flow.rb:165:6:165:7 | p1 [element 0] | semmle.label | p1 [element 0] |
| params_flow.rb:165:6:165:10 | ...[...] | semmle.label | ...[...] |
| params_flow.rb:181:28:181:29 | p2 | semmle.label | p2 |
| params_flow.rb:182:5:182:6 | [post] p1 [element 0] | semmle.label | [post] p1 [element 0] |
| params_flow.rb:182:18:182:19 | p2 | semmle.label | p2 |
| params_flow.rb:192:20:192:21 | [post] p1 [element 0] | semmle.label | [post] p1 [element 0] |
| params_flow.rb:192:24:192:32 | call to taint | semmle.label | call to taint |
| params_flow.rb:193:6:193:7 | p1 [element 0] | semmle.label | p1 [element 0] |
| params_flow.rb:193:6:193:10 | ...[...] | semmle.label | ...[...] |
subpaths
| params_flow.rb:164:31:164:39 | call to taint | params_flow.rb:153:28:153:29 | p2 | params_flow.rb:154:5:154:6 | [post] p1 [element 0] | params_flow.rb:164:23:164:24 | [post] p1 [element 0] |
| params_flow.rb:192:24:192:32 | call to taint | params_flow.rb:181:28:181:29 | p2 | params_flow.rb:182:5:182:6 | [post] p1 [element 0] | params_flow.rb:192:20:192:21 | [post] p1 [element 0] |
#select
| params_flow.rb:10:10:10:11 | p1 | params_flow.rb:14:12:14:19 | call to taint | params_flow.rb:10:10:10:11 | p1 | $@ | params_flow.rb:14:12:14:19 | call to taint | call to taint |
| params_flow.rb:10:10:10:11 | p1 | params_flow.rb:44:12:44:20 | call to taint | params_flow.rb:10:10:10:11 | p1 | $@ | params_flow.rb:44:12:44:20 | call to taint | call to taint |
@@ -398,3 +426,5 @@ subpaths
| params_flow.rb:110:10:110:13 | ...[...] | params_flow.rb:114:44:114:52 | call to taint | params_flow.rb:110:10:110:13 | ...[...] | $@ | params_flow.rb:114:44:114:52 | call to taint | call to taint |
| params_flow.rb:111:10:111:10 | c | params_flow.rb:114:58:114:66 | call to taint | params_flow.rb:111:10:111:10 | c | $@ | params_flow.rb:114:58:114:66 | call to taint | call to taint |
| params_flow.rb:134:10:134:16 | ...[...] | params_flow.rb:137:23:137:31 | call to taint | params_flow.rb:134:10:134:16 | ...[...] | $@ | params_flow.rb:137:23:137:31 | call to taint | call to taint |
| params_flow.rb:165:6:165:10 | ...[...] | params_flow.rb:164:31:164:39 | call to taint | params_flow.rb:165:6:165:10 | ...[...] | $@ | params_flow.rb:164:31:164:39 | call to taint | call to taint |
| params_flow.rb:193:6:193:10 | ...[...] | params_flow.rb:192:24:192:32 | call to taint | params_flow.rb:193:6:193:10 | ...[...] | $@ | params_flow.rb:192:24:192:32 | call to taint | call to taint |

70
ruby/ql/test/library-tests/dataflow/params/params_flow.rb
View File

@@ -135,3 +135,73 @@ def splatall(*args)
end
splatall(*[taint(69), taint(70), taint(71)])
def hashSplatSideEffect(**kwargs)
kwargs[:p1].insert(0, kwargs[:p2])
end
kwargs = { p1: [], p2: taint(72) }
sink(kwargs[:p1][0])
hashSplatSideEffect(**kwargs)
sink(kwargs[:p1][0]) # $ MISSING: hasValueFlow=72
p1 = []
sink(p1[0])
hashSplatSideEffect(p1: p1, p2: taint(73))
sink(p1[0]) # $ MISSING: hasValueFlow=73
def keywordSideEffect(p1:, p2:)
p1.insert(0, p2)
end
kwargs = { p1: [], p2: taint(74) }
sink(kwargs[:p1][0])
keywordSideEffect(**kwargs)
sink(kwargs[:p1][0]) # $ MISSING: hasValueFlow=74
p1 = []
sink(p1[0])
keywordSideEffect(p1: p1, p2: taint(75))
sink(p1[0]) # $ hasValueFlow=75
def splatSideEffect(*posargs)
posargs[0].insert(0, posargs[1])
end
posargs = [ [], taint(76) ]
sink(posargs[0][0])
splatSideEffect(*posargs)
sink(posargs[0][0]) # $ MISSING: hasValueFlow=76
p1 = []
sink(p1[0])
splatSideEffect(p1, taint(77))
sink(p1[0]) # $ MISSING: hasValueFlow=77
def positionSideEffect(p1, p2)
p1.insert(0, p2)
end
args = [ [], taint(78) ]
sink(args[0][0])
positionSideEffect(*args)
sink(args[0][0]) # $ MISSING: hasValueFlow=78
p1 = []
sink(p1[0])
positionSideEffect(p1, taint(79))
sink(p1[0]) # $ hasValueFlow=79
int_hash = {
0 => taint(80),
1 => "B"
}
def foo(x, y)
sink (x[0])
sink (x[1]) # $ MISSING: hasValueFlow=80
sink (y[0])
sink (y[1])
end
foo(*int_hash)