hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: fix some more spurious call edges

Browse Source
This commit is contained in:
Asger F
2022-10-14 09:45:17 +02:00
parent b1dadc224c
commit a06cc30f05
2 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
View File

@@ -413,8 +413,17 @@ private module Cached {
// end
// end
// ```
selfInMethod(sourceNode.(SsaSelfDefinitionNode).getVariable(), any(SingletonMethod sm),
m.getSuperClass*())
exists(Module target |
target = m.getSuperClass*() and
selfInMethod(sourceNode.(SsaSelfDefinitionNode).getVariable(), any(SingletonMethod sm),
target) and
// Singleton methods declared in a block in the top-level may spuriously end up being seen as singleton
// methods on Object, if the block is actually evaluated in the context of another class.
// The 'self' inside such a singleton method could then be any class, leading to self-calls
// being resolved to arbitrary singleton methods.
// To remedy this, we do not allow following super-classes all the way to Object.
not (m != target and target = TResolved("Object"))
)
)
)
or

4
ruby/ql/test/library-tests/modules/callgraph.expected
View File

@@ -265,8 +265,6 @@ getTarget
| private.rb:104:1:104:20 | call to new | calls.rb:117:5:117:16 | new |
| private.rb:104:1:104:28 | call to call_m1 | private.rb:91:3:93:5 | call_m1 |
| private.rb:105:1:105:20 | call to new | calls.rb:117:5:117:16 | new |
| toplevel_self_singleton.rb:13:9:13:27 | call to ab_singleton_method | toplevel_self_singleton.rb:3:9:4:11 | ab_singleton_method |
| toplevel_self_singleton.rb:19:9:19:27 | call to ab_singleton_method | toplevel_self_singleton.rb:3:9:4:11 | ab_singleton_method |
unresolvedCall
| calls.rb:23:9:23:19 | call to singleton_m |
| calls.rb:26:9:26:18 | call to instance_m |
@@ -355,7 +353,9 @@ unresolvedCall
| private.rb:105:1:105:23 | call to m1 |
| toplevel_self_singleton.rb:8:1:15:3 | call to do_something |
| toplevel_self_singleton.rb:10:9:10:27 | call to ab_singleton_method |
| toplevel_self_singleton.rb:13:9:13:27 | call to ab_singleton_method |
| toplevel_self_singleton.rb:17:12:21:1 | call to new |
| toplevel_self_singleton.rb:19:9:19:27 | call to ab_singleton_method |
privateMethod
| calls.rb:1:1:3:3 | foo |
| calls.rb:39:1:41:3 | call_instance_m |