hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: Handle alternative gemspec names

Browse Source 
Gemspecs are sometimes named via the first argument to
`Gem::Specification.new`:

```rb
Gem::Specification.new 'sinatra' do |s|
  # ...
end
```
This commit is contained in:
Harry Maclean
2023-11-22 12:29:23 +00:00
parent 9b998a39b4
commit ad608341ab
2 changed files with 18 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ruby/ql/lib/codeql/ruby/frameworks/core/Gem.qll
View File

@@ -57,7 +57,10 @@ module Gem {
}
/** Gets the name of the gem */
string getName() { result = this.getSpecProperty("name").getConstantValue().getString() }
string getName() {
result = this.getSpecProperty("name").getConstantValue().getString() or
result = specCall.getArgument(0).getAValueReachingSink().getConstantValue().getString()
}
/** Gets a path that is loaded when the gem is required */
private string getARequirePath() {

26
ruby/ql/src/utils/modeleditor/ModelEditor.qll
View File

@@ -15,14 +15,14 @@ private predicate isUninteresting(DataFlow::MethodNode c) {
c.getLocation().getFile() instanceof TestFile
}
private predicate fileStep(Folder folder, File file, int n) {
n = 0 and folder.getAFile() = file
private predicate gemFileStep(Gem::GemSpec gem, Folder folder, int n) {
n = 0 and folder.getAFile() = gem.(File)
or
exists(int m | fileStep(folder.getAFolder(), file, m) | n = m + 1)
}
private predicate gemFileStep(Gem::GemSpec gem, File file, int n) {
fileStep(any(Folder f | f.getAFile() = gem.(File)), file, n)
exists(Folder parent, int m |
gemFileStep(gem, parent, m) and
parent.getAFolder() = folder and
n = m + 1
)
}
/**
@@ -40,11 +40,13 @@ class Endpoint extends DataFlow::MethodNode {
*/
bindingset[this]
string getNamespace() {
// The nearest gemspec to this endpoint, if one exists
result = min(Gem::GemSpec g, int n | gemFileStep(g, this.getFile(), n) | g order by n).getName()
or
not exists(Gem::GemSpec g) and
result = ""
exists(Folder folder | folder = this.getFile().getParentContainer() |
// The nearest gemspec to this endpoint, if one exists
result = min(Gem::GemSpec g, int n | gemFileStep(g, folder, n) | g order by n).getName()
or
not exists(Gem::GemSpec g | gemFileStep(g, folder, _)) and
result = ""
)
}
/**