hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Data flow: Do not discard call context when computing reverse lambda flow through jumps

Browse Source
This commit is contained in:
Tom Hvitved
2022-05-19 15:19:41 +02:00
parent ea703bc49a
commit a18aef23f9
2 changed files with 2 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll
View File

@@ -216,10 +216,9 @@ private module LambdaFlow {
or
// jump step
exists(Node mid, DataFlowType t0 |
revLambdaFlow(lambdaCall, kind, mid, t0, _, _, _) and
revLambdaFlow(lambdaCall, kind, mid, t0, _, _, lastCall) and
toReturn = false and
toJump = true and
lastCall = TDataFlowCallNone()
toJump = true
|
jumpStepCached(node, mid) and
t = t0

25
ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected
View File

@@ -6,26 +6,15 @@ edges
| call_sensitivity.rb:17:27:17:27 | x : | call_sensitivity.rb:18:17:18:17 | x : |
| call_sensitivity.rb:17:27:17:27 | x : | call_sensitivity.rb:18:17:18:17 | x : |
| call_sensitivity.rb:17:27:17:27 | x : | call_sensitivity.rb:18:17:18:17 | x : |
| call_sensitivity.rb:17:27:17:27 | x : | call_sensitivity.rb:18:17:18:17 | x : |
| call_sensitivity.rb:17:27:17:27 | x : | call_sensitivity.rb:18:17:18:17 | x : |
| call_sensitivity.rb:17:27:17:27 | x : | call_sensitivity.rb:18:17:18:17 | x : |
| call_sensitivity.rb:18:17:18:17 | x : | call_sensitivity.rb:27:17:27:17 | x : |
| call_sensitivity.rb:18:17:18:17 | x : | call_sensitivity.rb:36:23:36:23 | x : |
| call_sensitivity.rb:18:17:18:17 | x : | call_sensitivity.rb:39:24:39:24 | x : |
| call_sensitivity.rb:18:17:18:17 | x : | call_sensitivity.rb:39:24:39:24 | x : |
| call_sensitivity.rb:18:17:18:17 | x : | call_sensitivity.rb:39:24:39:24 | x : |
| call_sensitivity.rb:18:17:18:17 | x : | call_sensitivity.rb:39:24:39:24 | x : |
| call_sensitivity.rb:18:17:18:17 | x : | call_sensitivity.rb:39:24:39:24 | x : |
| call_sensitivity.rb:18:17:18:17 | x : | call_sensitivity.rb:39:24:39:24 | x : |
| call_sensitivity.rb:25:25:25:31 | "taint" : | call_sensitivity.rb:17:27:17:27 | x : |
| call_sensitivity.rb:27:17:27:17 | x : | call_sensitivity.rb:27:27:27:27 | x |
| call_sensitivity.rb:28:25:28:31 | "taint" : | call_sensitivity.rb:17:27:17:27 | x : |
| call_sensitivity.rb:34:25:34:31 | "taint" : | call_sensitivity.rb:17:27:17:27 | x : |
| call_sensitivity.rb:36:23:36:23 | x : | call_sensitivity.rb:36:31:36:31 | x |
| call_sensitivity.rb:37:25:37:31 | "taint" : | call_sensitivity.rb:17:27:17:27 | x : |
| call_sensitivity.rb:39:24:39:24 | x : | call_sensitivity.rb:39:32:39:32 | x |
| call_sensitivity.rb:40:26:40:32 | "taint" : | call_sensitivity.rb:17:27:17:27 | x : |
| call_sensitivity.rb:43:26:43:32 | "taint" : | call_sensitivity.rb:17:27:17:27 | x : |
nodes
| call_sensitivity.rb:5:6:5:12 | "taint" | semmle.label | "taint" |
| call_sensitivity.rb:7:13:7:13 | x : | semmle.label | x : |
@@ -36,36 +25,22 @@ nodes
| call_sensitivity.rb:17:27:17:27 | x : | semmle.label | x : |
| call_sensitivity.rb:17:27:17:27 | x : | semmle.label | x : |
| call_sensitivity.rb:17:27:17:27 | x : | semmle.label | x : |
| call_sensitivity.rb:17:27:17:27 | x : | semmle.label | x : |
| call_sensitivity.rb:17:27:17:27 | x : | semmle.label | x : |
| call_sensitivity.rb:17:27:17:27 | x : | semmle.label | x : |
| call_sensitivity.rb:18:17:18:17 | x : | semmle.label | x : |
| call_sensitivity.rb:18:17:18:17 | x : | semmle.label | x : |
| call_sensitivity.rb:18:17:18:17 | x : | semmle.label | x : |
| call_sensitivity.rb:18:17:18:17 | x : | semmle.label | x : |
| call_sensitivity.rb:18:17:18:17 | x : | semmle.label | x : |
| call_sensitivity.rb:18:17:18:17 | x : | semmle.label | x : |
| call_sensitivity.rb:25:25:25:31 | "taint" : | semmle.label | "taint" : |
| call_sensitivity.rb:27:17:27:17 | x : | semmle.label | x : |
| call_sensitivity.rb:27:27:27:27 | x | semmle.label | x |
| call_sensitivity.rb:28:25:28:31 | "taint" : | semmle.label | "taint" : |
| call_sensitivity.rb:34:25:34:31 | "taint" : | semmle.label | "taint" : |
| call_sensitivity.rb:36:23:36:23 | x : | semmle.label | x : |
| call_sensitivity.rb:36:31:36:31 | x | semmle.label | x |
| call_sensitivity.rb:37:25:37:31 | "taint" : | semmle.label | "taint" : |
| call_sensitivity.rb:39:24:39:24 | x : | semmle.label | x : |
| call_sensitivity.rb:39:32:39:32 | x | semmle.label | x |
| call_sensitivity.rb:40:26:40:32 | "taint" : | semmle.label | "taint" : |
| call_sensitivity.rb:43:26:43:32 | "taint" : | semmle.label | "taint" : |
subpaths
#select
| call_sensitivity.rb:5:6:5:12 | "taint" | call_sensitivity.rb:5:6:5:12 | "taint" | call_sensitivity.rb:5:6:5:12 | "taint" | $@ | call_sensitivity.rb:5:6:5:12 | "taint" | "taint" |
| call_sensitivity.rb:15:28:15:28 | x | call_sensitivity.rb:15:9:15:15 | "taint" : | call_sensitivity.rb:15:28:15:28 | x | $@ | call_sensitivity.rb:15:9:15:15 | "taint" : | "taint" : |
| call_sensitivity.rb:27:27:27:27 | x | call_sensitivity.rb:28:25:28:31 | "taint" : | call_sensitivity.rb:27:27:27:27 | x | $@ | call_sensitivity.rb:28:25:28:31 | "taint" : | "taint" : |
| call_sensitivity.rb:36:31:36:31 | x | call_sensitivity.rb:37:25:37:31 | "taint" : | call_sensitivity.rb:36:31:36:31 | x | $@ | call_sensitivity.rb:37:25:37:31 | "taint" : | "taint" : |
| call_sensitivity.rb:39:32:39:32 | x | call_sensitivity.rb:25:25:25:31 | "taint" : | call_sensitivity.rb:39:32:39:32 | x | $@ | call_sensitivity.rb:25:25:25:31 | "taint" : | "taint" : |
| call_sensitivity.rb:39:32:39:32 | x | call_sensitivity.rb:28:25:28:31 | "taint" : | call_sensitivity.rb:39:32:39:32 | x | $@ | call_sensitivity.rb:28:25:28:31 | "taint" : | "taint" : |
| call_sensitivity.rb:39:32:39:32 | x | call_sensitivity.rb:34:25:34:31 | "taint" : | call_sensitivity.rb:39:32:39:32 | x | $@ | call_sensitivity.rb:34:25:34:31 | "taint" : | "taint" : |
| call_sensitivity.rb:39:32:39:32 | x | call_sensitivity.rb:37:25:37:31 | "taint" : | call_sensitivity.rb:39:32:39:32 | x | $@ | call_sensitivity.rb:37:25:37:31 | "taint" : | "taint" : |
| call_sensitivity.rb:39:32:39:32 | x | call_sensitivity.rb:40:26:40:32 | "taint" : | call_sensitivity.rb:39:32:39:32 | x | $@ | call_sensitivity.rb:40:26:40:32 | "taint" : | "taint" : |
| call_sensitivity.rb:39:32:39:32 | x | call_sensitivity.rb:43:26:43:32 | "taint" : | call_sensitivity.rb:39:32:39:32 | x | $@ | call_sensitivity.rb:43:26:43:32 | "taint" : | "taint" : |