From a18aef23f93b8ca70e66ed79f0a336b5ad7cb2ab Mon Sep 17 00:00:00 2001
From: Tom Hvitved <hvitved@github.com>
Date: Thu, 19 May 2022 15:19:41 +0200
Subject: [PATCH] Data flow: Do not discard call context when computing reverse
 lambda flow through jumps

---
 .../dataflow/internal/DataFlowImplCommon.qll  |  5 ++--
 .../call-sensitivity.expected                 | 25 -------------------
 2 files changed, 2 insertions(+), 28 deletions(-)

diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll
index 0079b259260..00b70a66df1 100644
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll
@@ -216,10 +216,9 @@ private module LambdaFlow {
     or
     // jump step
     exists(Node mid, DataFlowType t0 |
-      revLambdaFlow(lambdaCall, kind, mid, t0, _, _, _) and
+      revLambdaFlow(lambdaCall, kind, mid, t0, _, _, lastCall) and
       toReturn = false and
-      toJump = true and
-      lastCall = TDataFlowCallNone()
+      toJump = true
     |
       jumpStepCached(node, mid) and
       t = t0
diff --git a/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected b/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected
index 33451725cde..04b63c7cf4e 100644
--- a/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected
+++ b/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected
@@ -6,26 +6,15 @@ edges
 | call_sensitivity.rb:17:27:17:27 | x :  | call_sensitivity.rb:18:17:18:17 | x :  |
 | call_sensitivity.rb:17:27:17:27 | x :  | call_sensitivity.rb:18:17:18:17 | x :  |
 | call_sensitivity.rb:17:27:17:27 | x :  | call_sensitivity.rb:18:17:18:17 | x :  |
-| call_sensitivity.rb:17:27:17:27 | x :  | call_sensitivity.rb:18:17:18:17 | x :  |
-| call_sensitivity.rb:17:27:17:27 | x :  | call_sensitivity.rb:18:17:18:17 | x :  |
-| call_sensitivity.rb:17:27:17:27 | x :  | call_sensitivity.rb:18:17:18:17 | x :  |
 | call_sensitivity.rb:18:17:18:17 | x :  | call_sensitivity.rb:27:17:27:17 | x :  |
 | call_sensitivity.rb:18:17:18:17 | x :  | call_sensitivity.rb:36:23:36:23 | x :  |
 | call_sensitivity.rb:18:17:18:17 | x :  | call_sensitivity.rb:39:24:39:24 | x :  |
-| call_sensitivity.rb:18:17:18:17 | x :  | call_sensitivity.rb:39:24:39:24 | x :  |
-| call_sensitivity.rb:18:17:18:17 | x :  | call_sensitivity.rb:39:24:39:24 | x :  |
-| call_sensitivity.rb:18:17:18:17 | x :  | call_sensitivity.rb:39:24:39:24 | x :  |
-| call_sensitivity.rb:18:17:18:17 | x :  | call_sensitivity.rb:39:24:39:24 | x :  |
-| call_sensitivity.rb:18:17:18:17 | x :  | call_sensitivity.rb:39:24:39:24 | x :  |
-| call_sensitivity.rb:25:25:25:31 | "taint" :  | call_sensitivity.rb:17:27:17:27 | x :  |
 | call_sensitivity.rb:27:17:27:17 | x :  | call_sensitivity.rb:27:27:27:27 | x |
 | call_sensitivity.rb:28:25:28:31 | "taint" :  | call_sensitivity.rb:17:27:17:27 | x :  |
-| call_sensitivity.rb:34:25:34:31 | "taint" :  | call_sensitivity.rb:17:27:17:27 | x :  |
 | call_sensitivity.rb:36:23:36:23 | x :  | call_sensitivity.rb:36:31:36:31 | x |
 | call_sensitivity.rb:37:25:37:31 | "taint" :  | call_sensitivity.rb:17:27:17:27 | x :  |
 | call_sensitivity.rb:39:24:39:24 | x :  | call_sensitivity.rb:39:32:39:32 | x |
 | call_sensitivity.rb:40:26:40:32 | "taint" :  | call_sensitivity.rb:17:27:17:27 | x :  |
-| call_sensitivity.rb:43:26:43:32 | "taint" :  | call_sensitivity.rb:17:27:17:27 | x :  |
 nodes
 | call_sensitivity.rb:5:6:5:12 | "taint" | semmle.label | "taint" |
 | call_sensitivity.rb:7:13:7:13 | x :  | semmle.label | x :  |
@@ -36,36 +25,22 @@ nodes
 | call_sensitivity.rb:17:27:17:27 | x :  | semmle.label | x :  |
 | call_sensitivity.rb:17:27:17:27 | x :  | semmle.label | x :  |
 | call_sensitivity.rb:17:27:17:27 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:17:27:17:27 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:17:27:17:27 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:17:27:17:27 | x :  | semmle.label | x :  |
 | call_sensitivity.rb:18:17:18:17 | x :  | semmle.label | x :  |
 | call_sensitivity.rb:18:17:18:17 | x :  | semmle.label | x :  |
 | call_sensitivity.rb:18:17:18:17 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:18:17:18:17 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:18:17:18:17 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:18:17:18:17 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:25:25:25:31 | "taint" :  | semmle.label | "taint" :  |
 | call_sensitivity.rb:27:17:27:17 | x :  | semmle.label | x :  |
 | call_sensitivity.rb:27:27:27:27 | x | semmle.label | x |
 | call_sensitivity.rb:28:25:28:31 | "taint" :  | semmle.label | "taint" :  |
-| call_sensitivity.rb:34:25:34:31 | "taint" :  | semmle.label | "taint" :  |
 | call_sensitivity.rb:36:23:36:23 | x :  | semmle.label | x :  |
 | call_sensitivity.rb:36:31:36:31 | x | semmle.label | x |
 | call_sensitivity.rb:37:25:37:31 | "taint" :  | semmle.label | "taint" :  |
 | call_sensitivity.rb:39:24:39:24 | x :  | semmle.label | x :  |
 | call_sensitivity.rb:39:32:39:32 | x | semmle.label | x |
 | call_sensitivity.rb:40:26:40:32 | "taint" :  | semmle.label | "taint" :  |
-| call_sensitivity.rb:43:26:43:32 | "taint" :  | semmle.label | "taint" :  |
 subpaths
 #select
 | call_sensitivity.rb:5:6:5:12 | "taint" | call_sensitivity.rb:5:6:5:12 | "taint" | call_sensitivity.rb:5:6:5:12 | "taint" | $@ | call_sensitivity.rb:5:6:5:12 | "taint" | "taint" |
 | call_sensitivity.rb:15:28:15:28 | x | call_sensitivity.rb:15:9:15:15 | "taint" :  | call_sensitivity.rb:15:28:15:28 | x | $@ | call_sensitivity.rb:15:9:15:15 | "taint" :  | "taint" :  |
 | call_sensitivity.rb:27:27:27:27 | x | call_sensitivity.rb:28:25:28:31 | "taint" :  | call_sensitivity.rb:27:27:27:27 | x | $@ | call_sensitivity.rb:28:25:28:31 | "taint" :  | "taint" :  |
 | call_sensitivity.rb:36:31:36:31 | x | call_sensitivity.rb:37:25:37:31 | "taint" :  | call_sensitivity.rb:36:31:36:31 | x | $@ | call_sensitivity.rb:37:25:37:31 | "taint" :  | "taint" :  |
-| call_sensitivity.rb:39:32:39:32 | x | call_sensitivity.rb:25:25:25:31 | "taint" :  | call_sensitivity.rb:39:32:39:32 | x | $@ | call_sensitivity.rb:25:25:25:31 | "taint" :  | "taint" :  |
-| call_sensitivity.rb:39:32:39:32 | x | call_sensitivity.rb:28:25:28:31 | "taint" :  | call_sensitivity.rb:39:32:39:32 | x | $@ | call_sensitivity.rb:28:25:28:31 | "taint" :  | "taint" :  |
-| call_sensitivity.rb:39:32:39:32 | x | call_sensitivity.rb:34:25:34:31 | "taint" :  | call_sensitivity.rb:39:32:39:32 | x | $@ | call_sensitivity.rb:34:25:34:31 | "taint" :  | "taint" :  |
-| call_sensitivity.rb:39:32:39:32 | x | call_sensitivity.rb:37:25:37:31 | "taint" :  | call_sensitivity.rb:39:32:39:32 | x | $@ | call_sensitivity.rb:37:25:37:31 | "taint" :  | "taint" :  |
 | call_sensitivity.rb:39:32:39:32 | x | call_sensitivity.rb:40:26:40:32 | "taint" :  | call_sensitivity.rb:39:32:39:32 | x | $@ | call_sensitivity.rb:40:26:40:32 | "taint" :  | "taint" :  |
-| call_sensitivity.rb:39:32:39:32 | x | call_sensitivity.rb:43:26:43:32 | "taint" :  | call_sensitivity.rb:39:32:39:32 | x | $@ | call_sensitivity.rb:43:26:43:32 | "taint" :  | "taint" :  |