hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: add test for example splat arg/param matches

Browse Source
This commit is contained in:
Harry Maclean
2023-08-08 09:13:42 +01:00
parent 72356d1515
commit c0baa5116f
2 changed files with 41 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
ruby/ql/test/library-tests/dataflow/params/params-flow.expected
View File

@@ -72,8 +72,12 @@ edges
| params_flow.rb:67:13:67:16 | args | params_flow.rb:67:12:67:16 | * ... [element 0] |
| params_flow.rb:69:14:69:14 | x | params_flow.rb:70:10:70:10 | x |
| params_flow.rb:69:17:69:17 | y | params_flow.rb:71:10:71:10 | y |
| params_flow.rb:69:20:69:21 | *z [element 0] | params_flow.rb:72:10:72:10 | z [element 0] |
| params_flow.rb:69:20:69:21 | *z [element 1] | params_flow.rb:73:10:73:10 | z [element 1] |
| params_flow.rb:69:24:69:24 | w | params_flow.rb:74:10:74:10 | w |
| params_flow.rb:69:27:69:27 | r | params_flow.rb:75:10:75:10 | r |
| params_flow.rb:72:10:72:10 | z [element 0] | params_flow.rb:72:10:72:13 | ...[...] |
| params_flow.rb:73:10:73:10 | z [element 1] | params_flow.rb:73:10:73:13 | ...[...] |
| params_flow.rb:78:10:78:18 | call to taint | params_flow.rb:69:14:69:14 | x |
| params_flow.rb:78:21:78:29 | call to taint | params_flow.rb:69:17:69:17 | y |
| params_flow.rb:78:43:78:51 | call to taint | params_flow.rb:69:24:69:24 | w |
@@ -85,6 +89,14 @@ edges
| params_flow.rb:94:10:94:18 | call to taint | params_flow.rb:83:14:83:14 | t |
| params_flow.rb:94:21:94:29 | call to taint | params_flow.rb:83:17:83:17 | u |
| params_flow.rb:94:39:94:47 | call to taint | params_flow.rb:83:23:83:23 | w |
| params_flow.rb:96:10:96:18 | call to taint | params_flow.rb:69:14:69:14 | x |
| params_flow.rb:96:21:96:29 | call to taint | params_flow.rb:69:17:69:17 | y |
| params_flow.rb:96:32:96:65 | * ... [element 0] | params_flow.rb:69:20:69:21 | *z [element 0] |
| params_flow.rb:96:32:96:65 | * ... [element 1] | params_flow.rb:69:20:69:21 | *z [element 1] |
| params_flow.rb:96:34:96:42 | call to taint | params_flow.rb:96:32:96:65 | * ... [element 0] |
| params_flow.rb:96:45:96:53 | call to taint | params_flow.rb:96:32:96:65 | * ... [element 1] |
| params_flow.rb:96:68:96:76 | call to taint | params_flow.rb:69:24:69:24 | w |
| params_flow.rb:96:79:96:87 | call to taint | params_flow.rb:69:27:69:27 | r |
nodes
| params_flow.rb:9:16:9:17 | p1 | semmle.label | p1 |
| params_flow.rb:9:20:9:21 | p2 | semmle.label | p2 |
@@ -167,10 +179,16 @@ nodes
| params_flow.rb:67:13:67:16 | args | semmle.label | args |
| params_flow.rb:69:14:69:14 | x | semmle.label | x |
| params_flow.rb:69:17:69:17 | y | semmle.label | y |
| params_flow.rb:69:20:69:21 | *z [element 0] | semmle.label | *z [element 0] |
| params_flow.rb:69:20:69:21 | *z [element 1] | semmle.label | *z [element 1] |
| params_flow.rb:69:24:69:24 | w | semmle.label | w |
| params_flow.rb:69:27:69:27 | r | semmle.label | r |
| params_flow.rb:70:10:70:10 | x | semmle.label | x |
| params_flow.rb:71:10:71:10 | y | semmle.label | y |
| params_flow.rb:72:10:72:10 | z [element 0] | semmle.label | z [element 0] |
| params_flow.rb:72:10:72:13 | ...[...] | semmle.label | ...[...] |
| params_flow.rb:73:10:73:10 | z [element 1] | semmle.label | z [element 1] |
| params_flow.rb:73:10:73:13 | ...[...] | semmle.label | ...[...] |
| params_flow.rb:74:10:74:10 | w | semmle.label | w |
| params_flow.rb:75:10:75:10 | r | semmle.label | r |
| params_flow.rb:78:10:78:18 | call to taint | semmle.label | call to taint |
@@ -187,6 +205,14 @@ nodes
| params_flow.rb:94:10:94:18 | call to taint | semmle.label | call to taint |
| params_flow.rb:94:21:94:29 | call to taint | semmle.label | call to taint |
| params_flow.rb:94:39:94:47 | call to taint | semmle.label | call to taint |
| params_flow.rb:96:10:96:18 | call to taint | semmle.label | call to taint |
| params_flow.rb:96:21:96:29 | call to taint | semmle.label | call to taint |
| params_flow.rb:96:32:96:65 | * ... [element 0] | semmle.label | * ... [element 0] |
| params_flow.rb:96:32:96:65 | * ... [element 1] | semmle.label | * ... [element 1] |
| params_flow.rb:96:34:96:42 | call to taint | semmle.label | call to taint |
| params_flow.rb:96:45:96:53 | call to taint | semmle.label | call to taint |
| params_flow.rb:96:68:96:76 | call to taint | semmle.label | call to taint |
| params_flow.rb:96:79:96:87 | call to taint | semmle.label | call to taint |
subpaths
#select
| params_flow.rb:10:10:10:11 | p1 | params_flow.rb:14:12:14:19 | call to taint | params_flow.rb:10:10:10:11 | p1 | $@ | params_flow.rb:14:12:14:19 | call to taint | call to taint |
@@ -216,9 +242,15 @@ subpaths
| params_flow.rb:65:10:65:13 | ...[...] | params_flow.rb:63:8:63:16 | call to taint | params_flow.rb:65:10:65:13 | ...[...] | $@ | params_flow.rb:63:8:63:16 | call to taint | call to taint |
| params_flow.rb:70:10:70:10 | x | params_flow.rb:78:10:78:18 | call to taint | params_flow.rb:70:10:70:10 | x | $@ | params_flow.rb:78:10:78:18 | call to taint | call to taint |
| params_flow.rb:70:10:70:10 | x | params_flow.rb:81:10:81:18 | call to taint | params_flow.rb:70:10:70:10 | x | $@ | params_flow.rb:81:10:81:18 | call to taint | call to taint |
| params_flow.rb:70:10:70:10 | x | params_flow.rb:96:10:96:18 | call to taint | params_flow.rb:70:10:70:10 | x | $@ | params_flow.rb:96:10:96:18 | call to taint | call to taint |
| params_flow.rb:71:10:71:10 | y | params_flow.rb:78:21:78:29 | call to taint | params_flow.rb:71:10:71:10 | y | $@ | params_flow.rb:78:21:78:29 | call to taint | call to taint |
| params_flow.rb:71:10:71:10 | y | params_flow.rb:96:21:96:29 | call to taint | params_flow.rb:71:10:71:10 | y | $@ | params_flow.rb:96:21:96:29 | call to taint | call to taint |
| params_flow.rb:72:10:72:13 | ...[...] | params_flow.rb:96:34:96:42 | call to taint | params_flow.rb:72:10:72:13 | ...[...] | $@ | params_flow.rb:96:34:96:42 | call to taint | call to taint |
| params_flow.rb:73:10:73:13 | ...[...] | params_flow.rb:96:45:96:53 | call to taint | params_flow.rb:73:10:73:13 | ...[...] | $@ | params_flow.rb:96:45:96:53 | call to taint | call to taint |
| params_flow.rb:74:10:74:10 | w | params_flow.rb:78:43:78:51 | call to taint | params_flow.rb:74:10:74:10 | w | $@ | params_flow.rb:78:43:78:51 | call to taint | call to taint |
| params_flow.rb:74:10:74:10 | w | params_flow.rb:96:68:96:76 | call to taint | params_flow.rb:74:10:74:10 | w | $@ | params_flow.rb:96:68:96:76 | call to taint | call to taint |
| params_flow.rb:75:10:75:10 | r | params_flow.rb:78:54:78:62 | call to taint | params_flow.rb:75:10:75:10 | r | $@ | params_flow.rb:78:54:78:62 | call to taint | call to taint |
| params_flow.rb:75:10:75:10 | r | params_flow.rb:96:79:96:87 | call to taint | params_flow.rb:75:10:75:10 | r | $@ | params_flow.rb:96:79:96:87 | call to taint | call to taint |
| params_flow.rb:84:10:84:10 | t | params_flow.rb:94:10:94:18 | call to taint | params_flow.rb:84:10:84:10 | t | $@ | params_flow.rb:94:10:94:18 | call to taint | call to taint |
| params_flow.rb:85:10:85:10 | u | params_flow.rb:94:21:94:29 | call to taint | params_flow.rb:85:10:85:10 | u | $@ | params_flow.rb:94:21:94:29 | call to taint | call to taint |
| params_flow.rb:87:10:87:10 | w | params_flow.rb:94:39:94:47 | call to taint | params_flow.rb:87:10:87:10 | w | $@ | params_flow.rb:94:39:94:47 | call to taint | call to taint |

16
ruby/ql/test/library-tests/dataflow/params/params_flow.rb
View File

@@ -67,12 +67,12 @@ end
splatstuff(*args)
def splatmid(x, y, *z, w, r)
sink x # $ hasValueFlow=27 $ hasValueFlow=32
sink y # $ hasValueFlow=28 $ MISSING: hasValueFlow=33
sink z[0] # $ MISSING: hasValueFlow=29 $ MISSING: hasValueFlow=34
sink z[1] # $ MISSING: hasValueFlow=35
sink w # $ hasValueFlow=30 $ MISSING: hasValueFlow=36
sink r # $ hasValueFlow=31 $ MISSING: hasValueFlow=37
sink x # $ hasValueFlow=27 $ hasValueFlow=32 $ hasValueFlow=45
sink y # $ hasValueFlow=28 $ hasValueFlow=46 $ MISSING: hasValueFlow=33
sink z[0] # $ hasValueFlow=47 $ MISSING: hasValueFlow=29 $ hasValueFlow=34
sink z[1] # $ hasValueFlow=48 $ MISSING: hasValueFlow=35
sink w # $ hasValueFlow=30 $ hasValueFlow=50 $ MISSING: hasValueFlow=36
sink r # $ hasValueFlow=31 $ hasValueFlow=51 $ MISSING: hasValueFlow=37
end
splatmid(taint(27), taint(28), taint(29), taint(30), taint(31))
@@ -91,4 +91,6 @@ def pos_many(t, u, v, w, x, y, z)
end
args = [taint(40), taint(41), taint(42), taint(43)]
pos_many(taint(38), taint(39), *args, taint(44))
pos_many(taint(38), taint(39), *args, taint(44))
splatmid(taint(45), taint(46), *[taint(47), taint(48), taint(49)], taint(50), taint(51))