Address comments

2026-05-02 12:15:17 +02:00 · 2022-05-25 15:57:51 +02:00
parent b0a97f9b01
commit af428a1ac2
2 changed files with 19 additions and 11 deletions
--- a/ruby/ql/lib/codeql/ruby/ast/Call.qll
+++ b/ruby/ql/lib/codeql/ruby/ast/Call.qll
@@ -145,6 +145,21 @@ class SetterMethodCall extends MethodCall, TMethodCallSynth {
  SetterMethodCall() { this = TMethodCallSynth(_, _, _, true, _) }

  final override string getAPrimaryQlClass() { result = "SetterMethodCall" }
+
+  /**
+   * Gets the name of the method being called without the trailing `=`. For example, in the following
+   * two statements the target name is `value`:
+   * ```rb
+   * foo.value=(1)
+   * foo.value = 1
+   * ```
+   */
+  final string getTargetName() {
+    exists(string methodName |
+      methodName = this.getMethodName() and
+      result = methodName.prefix(methodName.length() - 1)
+    )
+  }
 }

 /**
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll
@@ -352,10 +352,7 @@ private module Cached {
    TFieldContent(string name) {
      name = any(InstanceVariable v).getName()
      or
-      exists(SetterMethodCall c, string methodName |
-        methodName = c.getMethodName() and
-        name = "@" + methodName.prefix(methodName.length() - 1)
-      )
+      name = "@" + any(SetterMethodCall c).getTargetName()
    }

  /**
@@ -835,14 +832,10 @@ predicate storeStep(Node node1, ContentSet c, Node node2) {
  // Attribute assignment, `receiver.property = value`
  node2.(PostUpdateNode).getPreUpdateNode().asExpr() =
    any(CfgNodes::ExprNodes::MethodCallCfgNode call |
-      call.getExpr() instanceof SetterMethodCall and
      node1.asExpr() = call.getArgument(0) and
      call.getNumberOfArguments() = 1 and
-      c.isSingleton(any(Content::FieldContent ct, string methodName |
-          methodName = call.getExpr().getMethodName() and
-          ct.getName() = "@" + methodName.prefix(methodName.length() - 1)
-        |
-          ct
+      c.isSingleton(any(Content::FieldContent ct |
+          ct.getName() = "@" + call.getExpr().(SetterMethodCall).getTargetName()
        ))
    ).getReceiver()
  or
@@ -884,7 +877,7 @@ predicate readStep(Node node1, ContentSet c, Node node2) {
  // Attribute read, `receiver.field`. Note that we do not check whether
  // the `field` method is really an attribute reader. This is probably fine
  // because the read step has only effect if there exists a matching store step
-  // (instance variable assignmentor setter method call).
+  // (instance variable assignment or setter method call).
  node2.asExpr() =
    any(CfgNodes::ExprNodes::MethodCallCfgNode call |
      node1.asExpr() = call.getReceiver() and