hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: block API graph nodes from tracking through self-argument passing

Browse Source
This commit is contained in:
Asger F
2022-10-10 19:20:39 +02:00
parent 125761755a
commit b6e07c0cd5
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ruby/ql/lib/codeql/ruby/ApiGraphs.qll
View File

@@ -639,7 +639,10 @@ module API {
isUse(src) and
t.start()
or
exists(TypeTracker t2 | result = trackUseNode(src, t2).track(t2, t))
exists(TypeTracker t2 |
result = trackUseNode(src, t2).track(t2, t) and
not result instanceof DataFlowPrivate::SelfParameterNode
)
}
/**
@@ -658,7 +661,11 @@ module API {
isDef(rhs) and
result = rhs.getALocalSource()
or
exists(TypeBackTracker t2 | result = trackDefNode(rhs, t2).backtrack(t2, t))
exists(TypeBackTracker t2, DataFlow::LocalSourceNode mid |
mid = trackDefNode(rhs, t2) and
not mid instanceof DataFlowPrivate::SelfParameterNode and
result = mid.backtrack(t2, t)
)
}
/** Gets a data flow node reaching the RHS of the given def node. */