hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 13:11:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: Adapt to changes in FlowSummaryImpl

Browse Source
This commit is contained in:
Tom Hvitved
2025-12-16 13:49:04 +01:00
parent c4e0dda178
commit c975ae5231
30 changed files with 282 additions and 272 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ruby/ql/docs/flow_summaries.md
View File

@@ -19,7 +19,7 @@ to be tainted in the call to `system`.
have no source code, so we include a flow summary for it:
```ql
private class ChompSummary extends SimpleSummarizedCallable {
private class ChompSummary extends SummarizedCallable::RangeSimple {
ChompSummary() { this = "chomp" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {

114
ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll
View File

@@ -15,65 +15,64 @@ private module Summaries {
private import codeql.ruby.frameworks.data.ModelsAsData
}
deprecated class SummaryComponent = Impl::Private::SummaryComponent;
class Provenance = Impl::Public::Provenance;
deprecated module SummaryComponent = Impl::Private::SummaryComponent;
/** Provides the `Range` class used to define the extent of `SummarizedCallable`. */
module SummarizedCallable {
/** A callable with a flow summary, identified by a unique string. */
abstract class Range extends LibraryCallable, Impl::Public::SummarizedCallable {
bindingset[this]
Range() { any() }
deprecated class SummaryComponentStack = Impl::Private::SummaryComponentStack;
override predicate propagatesFlow(
string input, string output, boolean preservesValue, Provenance p, boolean isExact,
string model
) {
this.propagatesFlow(input, output, preservesValue) and
p = "manual" and
isExact = true and
model = ""
}
deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack;
/**
* Holds if data may flow from `input` to `output` through this callable.
*
* `preservesValue` indicates whether this is a value-preserving step or a taint-step.
*/
predicate propagatesFlow(string input, string output, boolean preservesValue) { none() }
/**
* Gets the synthesized parameter that results from an input specification
* that starts with `Argument[s]` for this library callable.
*/
DataFlow::ParameterNode getParameter(string s) {
exists(ParameterPosition pos |
DataFlowImplCommon::parameterNode(result, TLibraryCallable(this), pos) and
s = Impl::Input::encodeParameterPosition(pos)
)
}
}
/**
* A callable with a flow summary, identified by a unique string, where all
* calls to a method with the same name are considered relevant.
*/
abstract class RangeSimple extends Range {
MethodCall mc;
bindingset[this]
RangeSimple() { mc.getMethodName() = this }
final override MethodCall getACallSimple() { result = mc }
}
}
final private class SummarizedCallableFinal = SummarizedCallable::Range;
/** A callable with a flow summary, identified by a unique string. */
abstract class SummarizedCallable extends LibraryCallable, Impl::Public::SummarizedCallable {
bindingset[this]
SummarizedCallable() { any() }
/**
* DEPRECATED: Use `propagatesFlow` instead.
*/
deprecated predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
this.propagatesFlow(input, output, preservesValue, _)
}
override predicate propagatesFlow(
string input, string output, boolean preservesValue, string model
) {
this.propagatesFlow(input, output, preservesValue) and model = ""
}
/**
* Holds if data may flow from `input` to `output` through this callable.
*
* `preservesValue` indicates whether this is a value-preserving step or a taint-step.
*/
predicate propagatesFlow(string input, string output, boolean preservesValue) { none() }
/**
* Gets the synthesized parameter that results from an input specification
* that starts with `Argument[s]` for this library callable.
*/
DataFlow::ParameterNode getParameter(string s) {
exists(ParameterPosition pos |
DataFlowImplCommon::parameterNode(result, TLibraryCallable(this), pos) and
s = Impl::Input::encodeParameterPosition(pos)
)
}
}
/**
* A callable with a flow summary, identified by a unique string, where all
* calls to a method with the same name are considered relevant.
*/
abstract class SimpleSummarizedCallable extends SummarizedCallable {
MethodCall mc;
bindingset[this]
SimpleSummarizedCallable() { mc.getMethodName() = this }
final override MethodCall getACallSimple() { result = mc }
}
deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack;
final class SummarizedCallable extends SummarizedCallableFinal,
Impl::Public::RelevantSummarizedCallable
{ }
/**
* Provides a set of special flow summaries to ensure that callbacks passed into
@@ -103,7 +102,7 @@ private module LibraryCallbackSummaries {
)
}
private class LibraryLambdaMethod extends SummarizedCallable {
private class LibraryLambdaMethod extends SummarizedCallable::Range {
LibraryLambdaMethod() { this = "<library method accepting a callback>" }
final override MethodCall getACall() {
@@ -114,7 +113,8 @@ private module LibraryCallbackSummaries {
}
override predicate propagatesFlow(
string input, string output, boolean preservesValue, string model
string input, string output, boolean preservesValue, Provenance p, boolean isExact,
string model
) {
(
input = "Argument[block]" and
@@ -127,6 +127,8 @@ private module LibraryCallbackSummaries {
)
) and
preservesValue = true and
p = "hq-generated" and
isExact = true and
model = "heuristic-callback"
}
}

4
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
View File

@@ -240,7 +240,9 @@ class NormalCall extends DataFlowCall, TNormalCall {
module ViewComponentRenderModeling {
private import codeql.ruby.frameworks.ViewComponent
private class RenderMethod extends SummarizedCallable, LibraryCallableToIncludeInTypeTracking {
private class RenderMethod extends SummarizedCallable::Range,
LibraryCallableToIncludeInTypeTracking
{
RenderMethod() { this = "render view component" }
override MethodCall getACallSimple() { result.getMethodName() = "render" }

2
ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -18,6 +18,8 @@ module Input implements InputSig<Location, DataFlowImplSpecific::RubyDataFlow> {
class SinkBase = Void;
predicate callableFromSource(SummarizedCallableBase c) { none() }
ArgumentPosition callbackSelfParameterPosition() { result.isLambdaSelf() }
ReturnKind getStandardReturnValueKind() { result instanceof NormalReturnKind }

10
ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
View File

@@ -545,7 +545,7 @@ private module ParamsSummaries {
* A flow summary for methods on `ActionController::Parameters` which
* propagate taint from receiver to return value.
*/
private class MethodsReturningParamsInstanceSummary extends SummarizedCallable {
private class MethodsReturningParamsInstanceSummary extends SummarizedCallable::Range {
MethodsReturningParamsInstanceSummary() { this = "ActionController::Parameters#<various>" }
override MethodCall getACall() {
@@ -566,7 +566,7 @@ private module ParamsSummaries {
* `#with_defaults`
* Returns a new ActionController::Parameters with all keys from current hash merged into other_hash.
*/
private class MergeSummary extends SummarizedCallable {
private class MergeSummary extends SummarizedCallable::Range {
MergeSummary() { this = "ActionController::Parameters#merge" }
override MethodCall getACall() {
@@ -590,7 +590,7 @@ private module ParamsSummaries {
* `#reverse_update`
* Returns a new ActionController::Parameters with all keys from current hash merged into other_hash.
*/
private class MergeBangSummary extends SummarizedCallable {
private class MergeBangSummary extends SummarizedCallable::Range {
MergeBangSummary() { this = "ActionController::Parameters#merge!" }
override MethodCall getACall() {
@@ -609,7 +609,7 @@ private module ParamsSummaries {
/** Flow summaries for `ActiveDispatch::Http::UploadedFile`, which can be an field of `ActionController::Parameters`. */
module UploadedFileSummaries {
/** Flow summary for various string attributes of `UploadedFile`, including `original_filename`, `content_type`, and `headers`. */
private class UploadedFileStringAttributeSummary extends SummarizedCallable {
private class UploadedFileStringAttributeSummary extends SummarizedCallable::Range {
UploadedFileStringAttributeSummary() {
this = "ActionDispatch::Http::UploadedFile#[original_filename,content_type,headers]"
}
@@ -632,7 +632,7 @@ private module ParamsSummaries {
* Flow summary for `ActiveDispatch::Http::UploadedFile#read`,
* which propagates taint from the receiver to the return value or to the second (out string) argument
*/
private class UploadedFileReadSummary extends SummarizedCallable {
private class UploadedFileReadSummary extends SummarizedCallable::Range {
UploadedFileReadSummary() { this = "ActionDispatch::Http::UploadedFile#read" }
override MethodCall getACall() {

38
ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
View File

@@ -45,7 +45,7 @@ module ActiveSupport {
/**
* Flow summary for methods which transform the receiver in some way, possibly preserving taint.
*/
private class StringTransformSummary extends SummarizedCallable {
private class StringTransformSummary extends SummarizedCallable::Range {
// We're modeling a lot of different methods, so we make up a name for this summary.
StringTransformSummary() { this = "ActiveSupportStringTransform" }
@@ -72,7 +72,7 @@ module ActiveSupport {
*/
module Object {
/** Flow summary for methods which can return the receiver. */
private class IdentitySummary extends SimpleSummarizedCallable {
private class IdentitySummary extends SummarizedCallable::RangeSimple {
IdentitySummary() { this = ["presence", "deep_dup"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -106,7 +106,7 @@ module ActiveSupport {
}
/** Flow summary for `Object#to_json`, which serializes the receiver as a JSON string. */
private class ToJsonSummary extends SimpleSummarizedCallable {
private class ToJsonSummary extends SummarizedCallable::RangeSimple {
ToJsonSummary() { this = "to_json" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -124,7 +124,7 @@ module ActiveSupport {
/**
* Flow summary for `reverse_merge`, and its alias `with_defaults`.
*/
private class ReverseMergeSummary extends SimpleSummarizedCallable {
private class ReverseMergeSummary extends SummarizedCallable::RangeSimple {
ReverseMergeSummary() { this = ["reverse_merge", "with_defaults"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -137,7 +137,7 @@ module ActiveSupport {
/**
* Flow summary for `reverse_merge!`, and its aliases `with_defaults!` and `reverse_update`.
*/
private class ReverseMergeBangSummary extends SimpleSummarizedCallable {
private class ReverseMergeBangSummary extends SummarizedCallable::RangeSimple {
ReverseMergeBangSummary() { this = ["reverse_merge!", "with_defaults!", "reverse_update"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -147,7 +147,7 @@ module ActiveSupport {
}
}
private class TransformSummary extends SimpleSummarizedCallable {
private class TransformSummary extends SummarizedCallable::RangeSimple {
TransformSummary() {
this =
[
@@ -188,7 +188,7 @@ module ActiveSupport {
* mentioned in the arguments to an element in `self`, including elements
* at unknown keys.
*/
private class ExtractSummary extends SummarizedCallable {
private class ExtractSummary extends SummarizedCallable::Range {
MethodCall mc;
ExtractSummary() {
@@ -232,7 +232,7 @@ module ActiveSupport {
ArrayIndex() { this = any(DataFlow::Content::KnownElementContent c).getIndex().getInt() }
}
private class CompactBlankSummary extends SimpleSummarizedCallable {
private class CompactBlankSummary extends SummarizedCallable::RangeSimple {
CompactBlankSummary() { this = "compact_blank" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -242,7 +242,7 @@ module ActiveSupport {
}
}
private class ExcludingSummary extends SimpleSummarizedCallable {
private class ExcludingSummary extends SummarizedCallable::RangeSimple {
ExcludingSummary() { this = ["excluding", "without"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -252,7 +252,7 @@ module ActiveSupport {
}
}
private class InOrderOfSummary extends SimpleSummarizedCallable {
private class InOrderOfSummary extends SummarizedCallable::RangeSimple {
InOrderOfSummary() { this = "in_order_of" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -265,7 +265,7 @@ module ActiveSupport {
/**
* Like `Array#push` but doesn't update the receiver.
*/
private class IncludingSummary extends SimpleSummarizedCallable {
private class IncludingSummary extends SummarizedCallable::RangeSimple {
IncludingSummary() { this = "including" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -287,7 +287,7 @@ module ActiveSupport {
}
}
private class IndexBySummary extends SimpleSummarizedCallable {
private class IndexBySummary extends SummarizedCallable::RangeSimple {
IndexBySummary() { this = "index_by" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -297,7 +297,7 @@ module ActiveSupport {
}
}
private class IndexWithSummary extends SimpleSummarizedCallable {
private class IndexWithSummary extends SummarizedCallable::RangeSimple {
IndexWithSummary() { this = "index_with" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -316,7 +316,7 @@ module ActiveSupport {
result = DataFlow::Content::getKnownElementIndex(mc.getArgument(i)).serialize()
}
private class PickSingleSummary extends SummarizedCallable {
private class PickSingleSummary extends SummarizedCallable::Range {
private MethodCall mc;
private string key;
@@ -336,7 +336,7 @@ module ActiveSupport {
}
}
private class PickMultipleSummary extends SummarizedCallable {
private class PickMultipleSummary extends SummarizedCallable::Range {
private MethodCall mc;
PickMultipleSummary() {
@@ -370,7 +370,7 @@ module ActiveSupport {
}
}
private class PluckSingleSummary extends SummarizedCallable {
private class PluckSingleSummary extends SummarizedCallable::Range {
private MethodCall mc;
private string key;
@@ -390,7 +390,7 @@ module ActiveSupport {
}
}
private class PluckMultipleSummary extends SummarizedCallable {
private class PluckMultipleSummary extends SummarizedCallable::Range {
private MethodCall mc;
PluckMultipleSummary() {
@@ -424,7 +424,7 @@ module ActiveSupport {
}
}
private class SoleSummary extends SimpleSummarizedCallable {
private class SoleSummary extends SummarizedCallable::RangeSimple {
SoleSummary() { this = "sole" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -458,7 +458,7 @@ module ActiveSupport {
* `ActiveSupport::ERB::Util`
*/
module Util {
private class JsonEscapeSummary extends SimpleSummarizedCallable {
private class JsonEscapeSummary extends SummarizedCallable::RangeSimple {
JsonEscapeSummary() { this = "json_escape" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {

4
ruby/ql/lib/codeql/ruby/frameworks/Arel.qll
View File

@@ -18,7 +18,7 @@ module Arel {
* Flow summary for `Arel.sql`. This method wraps a SQL string, marking it as
* safe.
*/
private class SqlSummary extends SummarizedCallable {
private class SqlSummary extends SummarizedCallable::Range {
SqlSummary() { this = "Arel.sql" }
override MethodCall getACall() {
@@ -44,7 +44,7 @@ module Arel {
* Flow summary for `Arel::Nodes::SqlLiteral.new`. This method wraps a SQL string, marking it as
* safe.
*/
private class SqlLiteralNewSummary extends SummarizedCallable {
private class SqlLiteralNewSummary extends SummarizedCallable::Range {
SqlLiteralNewSummary() { this = "Arel::Nodes::SqlLiteral.new" }
override MethodCall getACall() {

4
ruby/ql/lib/codeql/ruby/frameworks/Core.qll
View File

@@ -57,7 +57,7 @@ class SubshellHeredocExecution extends SystemCommandExecution::Range {
override predicate isShellInterpreted(DataFlow::Node arg) { arg = this.getAnArgument() }
}
private class SplatSummary extends SummarizedCallable {
private class SplatSummary extends SummarizedCallable::Range {
SplatSummary() { this = "*(splat)" }
override SplatExpr getACallSimple() { any() }
@@ -76,7 +76,7 @@ private class SplatSummary extends SummarizedCallable {
}
}
private class HashSplatSummary extends SummarizedCallable {
private class HashSplatSummary extends SummarizedCallable::Range {
HashSplatSummary() { this = "**(hash-splat)" }
override HashSplatExpr getACallSimple() { any() }

2
ruby/ql/lib/codeql/ruby/frameworks/Erb.qll
View File

@@ -13,7 +13,7 @@ module Erb {
/**
* Flow summary for `ERB.new`. This method wraps a template string, compiling it.
*/
private class TemplateSummary extends SummarizedCallable {
private class TemplateSummary extends SummarizedCallable::Range {
TemplateSummary() { this = "ERB.new" }
override MethodCall getACall() { result = any(ErbTemplateNewCall c).asExpr().getExpr() }

4
ruby/ql/lib/codeql/ruby/frameworks/Files.qll
View File

@@ -103,7 +103,7 @@ module File {
* A flow summary for several methods on the `File` class that propagate taint
* from their first argument to the return value.
*/
class FilePathConversionSummary extends SummarizedCallable {
class FilePathConversionSummary extends SummarizedCallable::Range {
string methodName;
FilePathConversionSummary() {
@@ -126,7 +126,7 @@ module File {
* A flow summary for `File.join`, which propagates taint from every argument to
* its return value.
*/
class FileJoinSummary extends SummarizedCallable {
class FileJoinSummary extends SummarizedCallable::Range {
FileJoinSummary() { this = "File.join" }
override MethodCall getACall() {

4
ruby/ql/lib/codeql/ruby/frameworks/Ldap.qll
View File

@@ -14,7 +14,7 @@ module NetLdap {
/**
* Flow summary for `Net::LDAP.new`. This method establishes a connection to a LDAP server.
*/
private class LdapConnSummary extends SummarizedCallable {
private class LdapConnSummary extends SummarizedCallable::Range {
LdapConnSummary() { this = "Net::LDAP.new" }
override MethodCall getACall() { result = any(NetLdapConnection l).asExpr().getExpr() }
@@ -27,7 +27,7 @@ module NetLdap {
/**
* Flow summary for `Net::LDAP.Filter`.
*/
private class LdapFilterSummary extends SummarizedCallable {
private class LdapFilterSummary extends SummarizedCallable::Range {
LdapFilterSummary() { this = "Net::LDAP::Filter" }
override MethodCall getACall() { result = any(NetLdapFilter l).asExpr().getExpr() }

4
ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll
View File

@@ -13,7 +13,7 @@ module Mysql2 {
/**
* Flow summary for `Mysql2::Client.new()`.
*/
private class SqlSummary extends SummarizedCallable {
private class SqlSummary extends SummarizedCallable::Range {
SqlSummary() { this = "Mysql2::Client.new()" }
override MethodCall getACall() { result = any(Mysql2Connection c).asExpr().getExpr() }
@@ -61,7 +61,7 @@ module Mysql2 {
/**
* Flow summary for `Mysql2::Client.escape()`.
*/
private class EscapeSummary extends SummarizedCallable {
private class EscapeSummary extends SummarizedCallable::Range {
EscapeSummary() { this = "Mysql2::Client.escape()" }
override MethodCall getACall() { result = any(Mysql2EscapeSanitization c).asExpr().getExpr() }

2
ruby/ql/lib/codeql/ruby/frameworks/Pg.qll
View File

@@ -13,7 +13,7 @@ module Pg {
/**
* Flow summary for `PG.new()`. This method initializes a database connection.
*/
private class SqlSummary extends SummarizedCallable {
private class SqlSummary extends SummarizedCallable::Range {
SqlSummary() { this = "PG.new()" }
override MethodCall getACall() { result = any(PgConnection c).asExpr().getExpr() }

6
ruby/ql/lib/codeql/ruby/frameworks/Rails.qll
View File

@@ -330,7 +330,7 @@ private class LocalAssignsHashSyntheticGlobal extends string {
}
/** A summary for `render` calls linked to some specific ERB file. */
private class RenderLocalsSummary extends SummarizedCallable {
private class RenderLocalsSummary extends SummarizedCallable::Range {
private LocalAssignsHashSyntheticGlobal glob;
RenderLocalsSummary() { this = "rails_render_locals()" + glob.getId() }
@@ -345,7 +345,7 @@ private class RenderLocalsSummary extends SummarizedCallable {
}
/** A summary for calls to `local_assigns` in a view to access a `render` call `locals` hash. */
private class AccessLocalsSummary extends SummarizedCallable {
private class AccessLocalsSummary extends SummarizedCallable::Range {
private LocalAssignsHashSyntheticGlobal glob;
AccessLocalsSummary() { this = "rails_local_assigns()" + glob.getId() }
@@ -366,7 +366,7 @@ private string getAMethodNameFromErbFile(ErbFile f) {
result = any(MethodCall c | c.getLocation().getFile() = f).getMethodName()
}
private class AccessLocalsKeySummary extends SummarizedCallable {
private class AccessLocalsKeySummary extends SummarizedCallable::Range {
private LocalAssignsHashSyntheticGlobal glob;
private string methodName;

2
ruby/ql/lib/codeql/ruby/frameworks/Sequel.qll
View File

@@ -14,7 +14,7 @@ private import codeql.ruby.Concepts
*/
module Sequel {
/** Flow Summary for `Sequel`. */
private class SqlSummary extends SummarizedCallable {
private class SqlSummary extends SummarizedCallable::Range {
SqlSummary() { this = "Sequel.connect" }
override MethodCall getACall() { result = any(SequelConnection c).asExpr().getExpr() }

4
ruby/ql/lib/codeql/ruby/frameworks/Sinatra.qll
View File

@@ -167,7 +167,7 @@ module Sinatra {
* from the `locals` keyword argument to variables in the ERB template. The
* second half is modeled by `ErbLocalsAccessSummary`.
*/
private class ErbLocalsSummary extends SummarizedCallable {
private class ErbLocalsSummary extends SummarizedCallable::Range {
ErbLocalsSummary() { this = "Sinatra::Base#erb" }
override MethodCall getACall() { result = any(ErbCall c).asExpr().getExpr() }
@@ -191,7 +191,7 @@ module Sinatra {
* keyword argument to variables in the ERB template.
* The first half is modeled by `ErbLocalsSummary`.
*/
private class ErbLocalsAccessSummary extends SummarizedCallable {
private class ErbLocalsAccessSummary extends SummarizedCallable::Range {
private ErbLocalsHashSyntheticGlobal global;
private string local;

2
ruby/ql/lib/codeql/ruby/frameworks/Sqlite3.qll
View File

@@ -89,7 +89,7 @@ module Sqlite3 {
/**
* Flow summary for `SQLite3::Database.quote()`.
*/
private class QuoteSummary extends SummarizedCallable {
private class QuoteSummary extends SummarizedCallable::Range {
QuoteSummary() { this = "SQLite3::Database.quote()" }
override MethodCall getACall() { result = any(SQLite3QuoteSanitization c).asExpr().getExpr() }

2
ruby/ql/lib/codeql/ruby/frameworks/Translation.qll
View File

@@ -35,7 +35,7 @@ private MethodCall getControllerHelperTranslateCall() {
}
/** Flow summary for translation methods. */
private class TranslateSummary extends SummarizedCallable {
private class TranslateSummary extends SummarizedCallable::Range {
TranslateSummary() { this = "I18n.translate" }
override MethodCall getACall() {

200
ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll
View File

@@ -41,7 +41,7 @@ module Array {
not e instanceof RangeLiteral
}
private class ArrayLiteralSummary extends SummarizedCallable {
private class ArrayLiteralSummary extends SummarizedCallable::Range {
ArrayLiteralSummary() { this = "Array.[]" }
override MethodCall getACallSimple() { result = getAStaticArrayCall("[]") }
@@ -55,7 +55,7 @@ module Array {
}
}
private class NewSummary extends SummarizedCallable {
private class NewSummary extends SummarizedCallable::Range {
NewSummary() { this = "Array.new" }
override MethodCall getACallSimple() { result = getAStaticArrayCall("new") }
@@ -75,7 +75,7 @@ module Array {
}
}
private class TryConvertSummary extends SummarizedCallable {
private class TryConvertSummary extends SummarizedCallable::Range {
TryConvertSummary() { this = "Array.try_convert" }
override MethodCall getACallSimple() { result = getAStaticArrayCall("try_convert") }
@@ -87,7 +87,7 @@ module Array {
}
}
private class SetIntersectionSummary extends SummarizedCallable {
private class SetIntersectionSummary extends SummarizedCallable::Range {
SetIntersectionSummary() { this = "&" }
override BitwiseAndExpr getACallSimple() { any() }
@@ -99,7 +99,7 @@ module Array {
}
}
private class SetUnionSummary extends SummarizedCallable {
private class SetUnionSummary extends SummarizedCallable::Range {
SetUnionSummary() { this = "|" }
override BitwiseOrExpr getACallSimple() { any() }
@@ -111,7 +111,7 @@ module Array {
}
}
private class RepetitionSummary extends SummarizedCallable {
private class RepetitionSummary extends SummarizedCallable::Range {
RepetitionSummary() { this = "*" }
override MulExpr getACallSimple() { any() }
@@ -123,7 +123,7 @@ module Array {
}
}
private class ConcatenationSummary extends SummarizedCallable {
private class ConcatenationSummary extends SummarizedCallable::Range {
ConcatenationSummary() { this = "+" }
override AddExpr getACallSimple() { any() }
@@ -140,7 +140,7 @@ module Array {
}
}
abstract private class DifferenceSummaryShared extends SummarizedCallable {
abstract private class DifferenceSummaryShared extends SummarizedCallable::Range {
bindingset[this]
DifferenceSummaryShared() { any() }
@@ -158,7 +158,7 @@ module Array {
}
/** Flow summary for `Array#<<`. For `Array#append`, see `PushSummary`. */
private class AppendOperatorSummary extends SummarizedCallable {
private class AppendOperatorSummary extends SummarizedCallable::Range {
AppendOperatorSummary() { this = "<<" }
override LShiftExpr getACallSimple() { any() }
@@ -180,7 +180,7 @@ module Array {
}
/** A call to `[]`, or its alias, `slice`. */
abstract private class ElementReferenceReadSummary extends SummarizedCallable {
abstract private class ElementReferenceReadSummary extends SummarizedCallable::Range {
MethodCall mc;
ElementReferenceReadMethodName methodName; // adding this as a field helps give a better join order
@@ -306,7 +306,7 @@ module Array {
}
/** A call to `[]=`. */
abstract private class ElementReferenceStoreSummary extends SummarizedCallable {
abstract private class ElementReferenceStoreSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -381,7 +381,7 @@ module Array {
}
}
private class AssocSummary extends SimpleSummarizedCallable {
private class AssocSummary extends SummarizedCallable::RangeSimple {
AssocSummary() { this = ["assoc", "rassoc"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -391,7 +391,7 @@ module Array {
}
}
abstract private class AtSummary extends SummarizedCallable {
abstract private class AtSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -430,7 +430,7 @@ module Array {
}
}
private class BSearchSummary extends SimpleSummarizedCallable {
private class BSearchSummary extends SummarizedCallable::RangeSimple {
BSearchSummary() { this = "bsearch" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -440,7 +440,7 @@ module Array {
}
}
private class BSearchIndexSummary extends SimpleSummarizedCallable {
private class BSearchIndexSummary extends SummarizedCallable::RangeSimple {
BSearchIndexSummary() { this = "bsearch_index" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -450,7 +450,7 @@ module Array {
}
}
private class ClearSummary extends SimpleSummarizedCallable {
private class ClearSummary extends SummarizedCallable::RangeSimple {
ClearSummary() { this = "clear" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -460,7 +460,7 @@ module Array {
}
}
private class CollectBangSummary extends SimpleSummarizedCallable {
private class CollectBangSummary extends SummarizedCallable::RangeSimple {
// `map!` is an alias of `collect!`.
CollectBangSummary() { this = ["collect!", "map!"] }
@@ -475,7 +475,7 @@ module Array {
}
}
private class CombinationSummary extends SimpleSummarizedCallable {
private class CombinationSummary extends SummarizedCallable::RangeSimple {
CombinationSummary() { this = "combination" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -489,7 +489,7 @@ module Array {
}
}
private class CompactBangSummary extends SimpleSummarizedCallable {
private class CompactBangSummary extends SummarizedCallable::RangeSimple {
CompactBangSummary() { this = "compact!" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -499,7 +499,7 @@ module Array {
}
}
private class ConcatSummary extends SimpleSummarizedCallable {
private class ConcatSummary extends SummarizedCallable::RangeSimple {
ConcatSummary() { this = "concat" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -509,7 +509,7 @@ module Array {
}
}
private class DeconstructSummary extends SimpleSummarizedCallable {
private class DeconstructSummary extends SummarizedCallable::RangeSimple {
DeconstructSummary() { this = "deconstruct" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -522,7 +522,7 @@ module Array {
}
}
abstract private class DeleteSummary extends SummarizedCallable {
abstract private class DeleteSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -604,7 +604,7 @@ module Array {
}
}
abstract private class DeleteAtSummary extends SummarizedCallable {
abstract private class DeleteAtSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -667,7 +667,7 @@ module Array {
}
}
private class DeleteIfSummary extends SummarizedCallable {
private class DeleteIfSummary extends SummarizedCallable::Range {
MethodCall mc;
int lastBlockParam;
@@ -691,7 +691,7 @@ module Array {
}
}
private class DifferenceSummary extends DifferenceSummaryShared, SimpleSummarizedCallable {
private class DifferenceSummary extends DifferenceSummaryShared, SummarizedCallable::RangeSimple {
DifferenceSummary() { this = "difference" }
}
@@ -728,7 +728,7 @@ module Array {
)
}
private class DigSummary extends SummarizedCallable {
private class DigSummary extends SummarizedCallable::Range {
private RelevantDigMethodCall dig;
DigSummary() {
@@ -750,7 +750,7 @@ module Array {
}
}
private class EachSummary extends SummarizedCallable {
private class EachSummary extends SummarizedCallable::Range {
MethodCall mc;
int lastBlockParam;
@@ -776,7 +776,7 @@ module Array {
}
}
private class EachIndexSummary extends SimpleSummarizedCallable {
private class EachIndexSummary extends SummarizedCallable::RangeSimple {
EachIndexSummary() { this = ["each_index", "each_key"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -786,7 +786,7 @@ module Array {
}
}
abstract private class FetchSummary extends SummarizedCallable {
abstract private class FetchSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -839,7 +839,7 @@ module Array {
}
}
abstract private class FillSummary extends SummarizedCallable {
abstract private class FillSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -882,7 +882,7 @@ module Array {
* Note that we model flow from elements up to 3 levels of nesting
* (`[[[1],[2]]]`), but not beyond that.
*/
private class FlattenSummary extends SimpleSummarizedCallable {
private class FlattenSummary extends SummarizedCallable::RangeSimple {
FlattenSummary() { this = "flatten" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -898,7 +898,7 @@ module Array {
}
}
private class FlattenBangSummary extends SimpleSummarizedCallable {
private class FlattenBangSummary extends SummarizedCallable::RangeSimple {
FlattenBangSummary() { this = "flatten!" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -917,7 +917,7 @@ module Array {
}
}
private class IndexSummary extends SimpleSummarizedCallable {
private class IndexSummary extends SummarizedCallable::RangeSimple {
IndexSummary() { this = ["index", "rindex"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -927,7 +927,7 @@ module Array {
}
}
abstract private class InsertSummary extends SummarizedCallable {
abstract private class InsertSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -995,7 +995,7 @@ module Array {
}
}
private class IntersectionSummary extends SummarizedCallable {
private class IntersectionSummary extends SummarizedCallable::Range {
MethodCall mc;
IntersectionSummary() { this = "intersection" and mc.getMethodName() = this }
@@ -1015,7 +1015,7 @@ module Array {
override MethodCall getACallSimple() { result = mc }
}
private class KeepIfSummary extends SummarizedCallable {
private class KeepIfSummary extends SummarizedCallable::Range {
MethodCall mc;
int lastBlockParam;
@@ -1042,7 +1042,7 @@ module Array {
}
}
abstract private class LastSummary extends SummarizedCallable {
abstract private class LastSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -1071,7 +1071,7 @@ module Array {
}
}
private class PackSummary extends SimpleSummarizedCallable {
private class PackSummary extends SummarizedCallable::RangeSimple {
PackSummary() { this = "pack" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1081,7 +1081,7 @@ module Array {
}
}
private class PermutationSummary extends SimpleSummarizedCallable {
private class PermutationSummary extends SummarizedCallable::RangeSimple {
PermutationSummary() { this = ["permutation", "repeated_combination", "repeated_permutation"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1096,7 +1096,7 @@ module Array {
}
}
abstract private class PopSummary extends SummarizedCallable {
abstract private class PopSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -1131,7 +1131,7 @@ module Array {
}
}
private class PrependSummary extends SummarizedCallable {
private class PrependSummary extends SummarizedCallable::Range {
private MethodCall mc;
// `unshift` is an alias for `prepend`
@@ -1169,7 +1169,7 @@ module Array {
}
}
private class ProductSummary extends SimpleSummarizedCallable {
private class ProductSummary extends SummarizedCallable::RangeSimple {
ProductSummary() { this = "product" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1185,7 +1185,7 @@ module Array {
}
}
private class JoinSummary extends SimpleSummarizedCallable {
private class JoinSummary extends SummarizedCallable::RangeSimple {
JoinSummary() { this = ["join"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1195,7 +1195,7 @@ module Array {
}
}
private class PushSummary extends SimpleSummarizedCallable {
private class PushSummary extends SummarizedCallable::RangeSimple {
// `append` is an alias for `push`
PushSummary() { this = ["push", "append"] }
@@ -1213,7 +1213,7 @@ module Array {
}
}
private class RejectBangSummary extends SummarizedCallable {
private class RejectBangSummary extends SummarizedCallable::Range {
MethodCall mc;
int lastBlockParam;
@@ -1237,7 +1237,7 @@ module Array {
}
}
private class ReplaceSummary extends SimpleSummarizedCallable {
private class ReplaceSummary extends SummarizedCallable::RangeSimple {
ReplaceSummary() { this = "replace" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1251,7 +1251,7 @@ module Array {
}
}
private class ReverseSummary extends SimpleSummarizedCallable {
private class ReverseSummary extends SummarizedCallable::RangeSimple {
ReverseSummary() { this = "reverse" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1261,7 +1261,7 @@ module Array {
}
}
private class ReverseBangSummary extends SimpleSummarizedCallable {
private class ReverseBangSummary extends SummarizedCallable::RangeSimple {
ReverseBangSummary() { this = "reverse!" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1271,7 +1271,7 @@ module Array {
}
}
abstract private class RotateSummary extends SummarizedCallable {
abstract private class RotateSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -1322,7 +1322,7 @@ module Array {
}
}
abstract private class RotateBangSummary extends SummarizedCallable {
abstract private class RotateBangSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -1382,7 +1382,7 @@ module Array {
}
}
private class SelectBangSummary extends SummarizedCallable {
private class SelectBangSummary extends SummarizedCallable::Range {
MethodCall mc;
int lastBlockParam;
@@ -1414,7 +1414,7 @@ module Array {
}
}
abstract private class ShiftSummary extends SummarizedCallable {
abstract private class ShiftSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -1502,7 +1502,7 @@ module Array {
}
}
private class ShuffleSummary extends SimpleSummarizedCallable {
private class ShuffleSummary extends SummarizedCallable::RangeSimple {
ShuffleSummary() { this = "shuffle" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1512,7 +1512,7 @@ module Array {
}
}
private class ShuffleBangSummary extends SimpleSummarizedCallable {
private class ShuffleBangSummary extends SummarizedCallable::RangeSimple {
ShuffleBangSummary() { this = "shuffle!" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1522,7 +1522,7 @@ module Array {
}
}
abstract private class SliceBangSummary extends SummarizedCallable {
abstract private class SliceBangSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -1684,7 +1684,7 @@ module Array {
}
}
private class SortBangSummary extends SimpleSummarizedCallable {
private class SortBangSummary extends SummarizedCallable::RangeSimple {
SortBangSummary() { this = "sort!" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1702,7 +1702,7 @@ module Array {
}
}
private class SortByBangSummary extends SimpleSummarizedCallable {
private class SortByBangSummary extends SummarizedCallable::RangeSimple {
SortByBangSummary() { this = "sort_by!" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1717,7 +1717,7 @@ module Array {
}
}
private class TransposeSummary extends SimpleSummarizedCallable {
private class TransposeSummary extends SummarizedCallable::RangeSimple {
TransposeSummary() { this = "transpose" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1742,7 +1742,7 @@ module Array {
}
}
private class UniqBangSummary extends SimpleSummarizedCallable {
private class UniqBangSummary extends SummarizedCallable::RangeSimple {
UniqBangSummary() { this = "uniq!" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1757,7 +1757,7 @@ module Array {
}
}
private class UnionSummary extends SimpleSummarizedCallable {
private class UnionSummary extends SummarizedCallable::RangeSimple {
UnionSummary() { this = "union" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1773,7 +1773,7 @@ module Array {
}
}
abstract private class ValuesAtSummary extends SummarizedCallable {
abstract private class ValuesAtSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -1829,7 +1829,7 @@ module Array {
* https://docs.ruby-lang.org/en/3.1/Enumerable.html
*/
module Enumerable {
private class ChunkSummary extends SimpleSummarizedCallable {
private class ChunkSummary extends SummarizedCallable::RangeSimple {
ChunkSummary() { this = "chunk" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1839,7 +1839,7 @@ module Enumerable {
}
}
private class ChunkWhileSummary extends SimpleSummarizedCallable {
private class ChunkWhileSummary extends SummarizedCallable::RangeSimple {
ChunkWhileSummary() { this = "chunk_while" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1849,7 +1849,7 @@ module Enumerable {
}
}
private class CollectSummary extends SimpleSummarizedCallable {
private class CollectSummary extends SummarizedCallable::RangeSimple {
// `map` is an alias of `collect`.
CollectSummary() { this = ["collect", "map"] }
@@ -1865,7 +1865,7 @@ module Enumerable {
}
}
private class CollectConcatSummary extends SimpleSummarizedCallable {
private class CollectConcatSummary extends SummarizedCallable::RangeSimple {
// `flat_map` is an alias of `collect_concat`.
CollectConcatSummary() { this = ["collect_concat", "flat_map"] }
@@ -1880,7 +1880,7 @@ module Enumerable {
}
}
private class CompactSummary extends SimpleSummarizedCallable {
private class CompactSummary extends SummarizedCallable::RangeSimple {
CompactSummary() { this = "compact" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1897,7 +1897,7 @@ module Enumerable {
}
}
private class CountSummary extends SimpleSummarizedCallable {
private class CountSummary extends SummarizedCallable::RangeSimple {
CountSummary() { this = "count" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1907,7 +1907,7 @@ module Enumerable {
}
}
private class CycleSummary extends SimpleSummarizedCallable {
private class CycleSummary extends SummarizedCallable::RangeSimple {
CycleSummary() { this = "cycle" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1917,7 +1917,7 @@ module Enumerable {
}
}
private class DetectSummary extends SimpleSummarizedCallable {
private class DetectSummary extends SummarizedCallable::RangeSimple {
// `find` is an alias of `detect`.
DetectSummary() { this = ["detect", "find"] }
@@ -1933,7 +1933,7 @@ module Enumerable {
}
}
abstract private class DropSummary extends SummarizedCallable {
abstract private class DropSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -1978,7 +1978,7 @@ module Enumerable {
}
}
private class DropWhileSummary extends SimpleSummarizedCallable {
private class DropWhileSummary extends SummarizedCallable::RangeSimple {
DropWhileSummary() { this = "drop_while" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1988,7 +1988,7 @@ module Enumerable {
}
}
private class EachConsSummary extends SimpleSummarizedCallable {
private class EachConsSummary extends SummarizedCallable::RangeSimple {
EachConsSummary() { this = "each_cons" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1998,7 +1998,7 @@ module Enumerable {
}
}
private class EachEntrySummary extends SimpleSummarizedCallable {
private class EachEntrySummary extends SummarizedCallable::RangeSimple {
EachEntrySummary() { this = "each_entry" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2013,7 +2013,7 @@ module Enumerable {
}
}
private class EachSliceSummary extends SimpleSummarizedCallable {
private class EachSliceSummary extends SummarizedCallable::RangeSimple {
EachSliceSummary() { this = "each_slice" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2028,7 +2028,7 @@ module Enumerable {
}
}
private class EachWithIndexSummary extends SimpleSummarizedCallable {
private class EachWithIndexSummary extends SummarizedCallable::RangeSimple {
EachWithIndexSummary() { this = "each_with_index" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2043,7 +2043,7 @@ module Enumerable {
}
}
private class EachWithObjectSummary extends SimpleSummarizedCallable {
private class EachWithObjectSummary extends SummarizedCallable::RangeSimple {
EachWithObjectSummary() { this = "each_with_object" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2058,7 +2058,7 @@ module Enumerable {
}
}
private class FilterMapSummary extends SimpleSummarizedCallable {
private class FilterMapSummary extends SummarizedCallable::RangeSimple {
FilterMapSummary() { this = "filter_map" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2072,7 +2072,7 @@ module Enumerable {
}
}
private class FindIndexSummary extends SimpleSummarizedCallable {
private class FindIndexSummary extends SummarizedCallable::RangeSimple {
FindIndexSummary() { this = "find_index" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2082,7 +2082,7 @@ module Enumerable {
}
}
abstract private class FirstSummary extends SummarizedCallable {
abstract private class FirstSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -2141,7 +2141,7 @@ module Enumerable {
GrepMethodName() { this = ["grep", "grep_v"] }
}
abstract private class GrepSummary extends SummarizedCallable {
abstract private class GrepSummary extends SummarizedCallable::Range {
MethodCall mc;
GrepMethodName methodName; // adding this as a field helps give a better join order
@@ -2176,7 +2176,7 @@ module Enumerable {
}
}
private class GroupBySummary extends SimpleSummarizedCallable {
private class GroupBySummary extends SummarizedCallable::RangeSimple {
GroupBySummary() { this = "group_by" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2192,7 +2192,7 @@ module Enumerable {
InjectMethodName() { this = ["inject", "reduce"] }
}
abstract private class InjectSummary extends SummarizedCallable {
abstract private class InjectSummary extends SummarizedCallable::Range {
MethodCall mc;
InjectMethodName methodName; // adding this as a field helps give a better join order
@@ -2245,7 +2245,7 @@ module Enumerable {
MinOrMaxByMethodName() { this = ["min_by", "max_by"] }
}
abstract private class MinOrMaxBySummary extends SummarizedCallable {
abstract private class MinOrMaxBySummary extends SummarizedCallable::Range {
MethodCall mc;
MinOrMaxByMethodName methodName; // adding this as a field helps give a better join order
@@ -2285,7 +2285,7 @@ module Enumerable {
MinOrMaxMethodName() { this = ["min", "max"] }
}
abstract private class MinOrMaxSummary extends SummarizedCallable {
abstract private class MinOrMaxSummary extends SummarizedCallable::Range {
MethodCall mc;
MinOrMaxMethodName methodName; // adding this as a field helps give a better join order
@@ -2352,7 +2352,7 @@ module Enumerable {
}
}
abstract private class MinmaxSummary extends SummarizedCallable {
abstract private class MinmaxSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -2388,7 +2388,7 @@ module Enumerable {
}
}
private class MinmaxBySummary extends SimpleSummarizedCallable {
private class MinmaxBySummary extends SummarizedCallable::RangeSimple {
MinmaxBySummary() { this = "minmax_by" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2398,7 +2398,7 @@ module Enumerable {
}
}
private class PartitionSummary extends SimpleSummarizedCallable {
private class PartitionSummary extends SummarizedCallable::RangeSimple {
PartitionSummary() { this = "partition" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2408,7 +2408,7 @@ module Enumerable {
}
}
private class QuerySummary extends SummarizedCallable {
private class QuerySummary extends SummarizedCallable::Range {
MethodCall mc;
int lastBlockParam;
@@ -2428,7 +2428,7 @@ module Enumerable {
}
}
private class RejectSummary extends SummarizedCallable {
private class RejectSummary extends SummarizedCallable::Range {
MethodCall mc;
int lastBlockParam;
@@ -2452,7 +2452,7 @@ module Enumerable {
}
}
private class SelectSummary extends SummarizedCallable {
private class SelectSummary extends SummarizedCallable::Range {
MethodCall mc;
int lastBlockParam;
@@ -2481,7 +2481,7 @@ module Enumerable {
}
}
private class SliceBeforeAfterSummary extends SimpleSummarizedCallable {
private class SliceBeforeAfterSummary extends SummarizedCallable::RangeSimple {
SliceBeforeAfterSummary() { this = ["slice_before", "slice_after"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2491,7 +2491,7 @@ module Enumerable {
}
}
private class SliceWhenSummary extends SimpleSummarizedCallable {
private class SliceWhenSummary extends SummarizedCallable::RangeSimple {
SliceWhenSummary() { this = "slice_when" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2501,7 +2501,7 @@ module Enumerable {
}
}
private class SortSummary extends SimpleSummarizedCallable {
private class SortSummary extends SummarizedCallable::RangeSimple {
SortSummary() { this = "sort" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2512,7 +2512,7 @@ module Enumerable {
}
}
private class SortBySummary extends SimpleSummarizedCallable {
private class SortBySummary extends SummarizedCallable::RangeSimple {
SortBySummary() { this = "sort_by" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2522,7 +2522,7 @@ module Enumerable {
}
}
private class SumSummary extends SimpleSummarizedCallable {
private class SumSummary extends SummarizedCallable::RangeSimple {
SumSummary() { this = "sum" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2532,7 +2532,7 @@ module Enumerable {
}
}
abstract private class TakeSummary extends SummarizedCallable {
abstract private class TakeSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -2579,7 +2579,7 @@ module Enumerable {
}
}
private class TakeWhileSummary extends SimpleSummarizedCallable {
private class TakeWhileSummary extends SummarizedCallable::RangeSimple {
TakeWhileSummary() { this = "take_while" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2596,7 +2596,7 @@ module Enumerable {
}
}
private class ToASummary extends SimpleSummarizedCallable {
private class ToASummary extends SummarizedCallable::RangeSimple {
// `entries` is an alias of `to_a`.
// `to_ary` works a bit like `to_a` (close enough for our purposes).
ToASummary() { this = ["to_a", "entries", "to_ary"] }
@@ -2608,7 +2608,7 @@ module Enumerable {
}
}
private class UniqSummary extends SimpleSummarizedCallable {
private class UniqSummary extends SummarizedCallable::RangeSimple {
UniqSummary() { this = "uniq" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2618,7 +2618,7 @@ module Enumerable {
}
}
abstract private class ZipSummary extends SummarizedCallable {
abstract private class ZipSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]

2
ruby/ql/lib/codeql/ruby/frameworks/core/Base64.qll
View File

@@ -6,7 +6,7 @@ private import ruby
private import codeql.ruby.dataflow.FlowSummary
private import codeql.ruby.ApiGraphs
private class Base64Decode extends SummarizedCallable {
private class Base64Decode extends SummarizedCallable::Range {
Base64Decode() { this = "Base64.decode64()" }
override MethodCall getACall() {

48
ruby/ql/lib/codeql/ruby/frameworks/core/Hash.qll
View File

@@ -26,7 +26,7 @@ module Hash {
resolveConstantReadAccess(result.getReceiver()) = TResolved("Hash")
}
private class HashLiteralSummary extends SummarizedCallable {
private class HashLiteralSummary extends SummarizedCallable::Range {
HashLiteralSummary() { this = "Hash.[]" }
final override MethodCall getACallSimple() { result = getAStaticHashCall("[]") }
@@ -54,7 +54,7 @@ module Hash {
* Hash[ [ [:foo, 0], [:bar, 1] ] ] # => {:foo=>0, :bar=>1}
* ```
*/
private class HashNewSummary extends SummarizedCallable {
private class HashNewSummary extends SummarizedCallable::Range {
HashNewSummary() { this = "Hash[]" }
final override MethodCall getACallSimple() {
@@ -83,7 +83,7 @@ module Hash {
* Hash[:foo, 0, :bar, 1] # => {:foo=>0, :bar=>1}
* ```
*/
private class HashNewSuccessivePairsSummary extends SummarizedCallable {
private class HashNewSuccessivePairsSummary extends SummarizedCallable::Range {
private int i;
private ConstantValue key;
@@ -110,7 +110,7 @@ module Hash {
}
}
private class TryConvertSummary extends SummarizedCallable {
private class TryConvertSummary extends SummarizedCallable::Range {
TryConvertSummary() { this = "Hash.try_convert" }
override MethodCall getACallSimple() { result = getAStaticHashCall("try_convert") }
@@ -122,7 +122,7 @@ module Hash {
}
}
abstract private class StoreSummary extends SummarizedCallable {
abstract private class StoreSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -173,7 +173,7 @@ module Hash {
}
}
abstract private class AssocSummary extends SummarizedCallable {
abstract private class AssocSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -199,7 +199,7 @@ module Hash {
}
}
private class AssocUnknownSummary extends SummarizedCallable {
private class AssocUnknownSummary extends SummarizedCallable::Range {
AssocUnknownSummary() { this = "assoc-unknown-arg" }
override MethodCall getACallSimple() {
@@ -215,7 +215,7 @@ module Hash {
}
}
private class EachPairSummary extends SimpleSummarizedCallable {
private class EachPairSummary extends SummarizedCallable::RangeSimple {
EachPairSummary() { this = "each_pair" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -230,7 +230,7 @@ module Hash {
}
}
private class EachValueSummary extends SimpleSummarizedCallable {
private class EachValueSummary extends SummarizedCallable::RangeSimple {
EachValueSummary() { this = "each_value" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -250,7 +250,7 @@ module Hash {
result = DataFlow::Content::getKnownElementIndex(mc.getArgument(i)).serialize()
}
private class ExceptSummary extends SummarizedCallable {
private class ExceptSummary extends SummarizedCallable::Range {
MethodCall mc;
ExceptSummary() {
@@ -282,7 +282,7 @@ module Hash {
}
}
abstract private class FetchValuesSummary extends SummarizedCallable {
abstract private class FetchValuesSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -338,7 +338,7 @@ private class FetchValuesUnknownSummary extends FetchValuesSummary {
}
}
private class MergeSummary extends SimpleSummarizedCallable {
private class MergeSummary extends SummarizedCallable::RangeSimple {
MergeSummary() {
// deep_merge is an ActiveSupport extension
// https://api.rubyonrails.org/classes/Hash.html#method-i-deep_merge
@@ -357,7 +357,7 @@ private class MergeSummary extends SimpleSummarizedCallable {
}
}
private class MergeBangSummary extends SimpleSummarizedCallable {
private class MergeBangSummary extends SummarizedCallable::RangeSimple {
MergeBangSummary() {
// deep_merge! is an ActiveSupport extension
// https://api.rubyonrails.org/classes/Hash.html#method-i-deep_merge-21
@@ -376,7 +376,7 @@ private class MergeBangSummary extends SimpleSummarizedCallable {
}
}
private class RassocSummary extends SimpleSummarizedCallable {
private class RassocSummary extends SummarizedCallable::RangeSimple {
RassocSummary() { this = "rassoc" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -386,7 +386,7 @@ private class RassocSummary extends SimpleSummarizedCallable {
}
}
abstract private class SliceSummary extends SummarizedCallable {
abstract private class SliceSummary extends SummarizedCallable::Range {
MethodCall mc;
bindingset[this]
@@ -424,7 +424,7 @@ private class SliceUnknownSummary extends SliceSummary {
}
}
private class ToASummary extends SimpleSummarizedCallable {
private class ToASummary extends SummarizedCallable::RangeSimple {
ToASummary() { this = "to_a" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -434,7 +434,7 @@ private class ToASummary extends SimpleSummarizedCallable {
}
}
private class ToHWithoutBlockSummary extends SimpleSummarizedCallable {
private class ToHWithoutBlockSummary extends SummarizedCallable::RangeSimple {
ToHWithoutBlockSummary() { this = ["to_h", "to_hash"] and not exists(mc.getBlock()) }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -444,7 +444,7 @@ private class ToHWithoutBlockSummary extends SimpleSummarizedCallable {
}
}
private class ToHWithBlockSummary extends SimpleSummarizedCallable {
private class ToHWithBlockSummary extends SummarizedCallable::RangeSimple {
ToHWithBlockSummary() { this = "to_h" and exists(mc.getBlock()) }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -459,7 +459,7 @@ private class ToHWithBlockSummary extends SimpleSummarizedCallable {
}
}
private class TransformKeysSummary extends SimpleSummarizedCallable {
private class TransformKeysSummary extends SummarizedCallable::RangeSimple {
TransformKeysSummary() { this = "transform_keys" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -469,7 +469,7 @@ private class TransformKeysSummary extends SimpleSummarizedCallable {
}
}
private class TransformKeysBangSummary extends SimpleSummarizedCallable {
private class TransformKeysBangSummary extends SummarizedCallable::RangeSimple {
TransformKeysBangSummary() { this = "transform_keys!" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -481,7 +481,7 @@ private class TransformKeysBangSummary extends SimpleSummarizedCallable {
}
}
private class TransformValuesSummary extends SimpleSummarizedCallable {
private class TransformValuesSummary extends SummarizedCallable::RangeSimple {
TransformValuesSummary() { this = "transform_values" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -496,7 +496,7 @@ private class TransformValuesSummary extends SimpleSummarizedCallable {
}
}
private class TransformValuesBangSummary extends SimpleSummarizedCallable {
private class TransformValuesBangSummary extends SummarizedCallable::RangeSimple {
TransformValuesBangSummary() { this = "transform_values!" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -514,7 +514,7 @@ private class TransformValuesBangSummary extends SimpleSummarizedCallable {
}
}
private class ValuesSummary extends SimpleSummarizedCallable {
private class ValuesSummary extends SummarizedCallable::RangeSimple {
ValuesSummary() { this = "values" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -526,7 +526,7 @@ private class ValuesSummary extends SimpleSummarizedCallable {
// We don't (yet) track data flow through hash keys, but this is still useful in cases where a
// whole hash(like) object is tainted, such as `ActionController#params`.
private class KeysSummary extends SimpleSummarizedCallable {
private class KeysSummary extends SummarizedCallable::RangeSimple {
KeysSummary() { this = "keys" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {

4
ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
View File

@@ -195,7 +195,7 @@ module Kernel {
override predicate runsArbitraryCode() { none() }
}
private class TapSummary extends SimpleSummarizedCallable {
private class TapSummary extends SummarizedCallable::RangeSimple {
TapSummary() { this = "tap" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -226,7 +226,7 @@ module Kernel {
* A call to `Array()`, that converts it's singular argument to an array.
* This summary is based on https://ruby-doc.org/3.2.1/Kernel.html#method-i-Array
*/
private class KernelArraySummary extends SummarizedCallable {
private class KernelArraySummary extends SummarizedCallable::Range {
KernelArraySummary() { this = "Array()" }
override MethodCall getACallSimple() {

2
ruby/ql/lib/codeql/ruby/frameworks/core/Object.qll
View File

@@ -33,7 +33,7 @@ module Object {
]
}
private class DupSummary extends SimpleSummarizedCallable {
private class DupSummary extends SummarizedCallable::RangeSimple {
DupSummary() { this = "dup" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {

64
ruby/ql/lib/codeql/ruby/frameworks/core/String.qll
View File

@@ -110,16 +110,16 @@ module String {
}
/** A `String` callable with a flow summary. */
abstract class SummarizedCallable extends FlowSummary::SummarizedCallable {
abstract class SummarizedCallable extends FlowSummary::SummarizedCallable::Range {
bindingset[this]
SummarizedCallable() { any() }
}
abstract private class SimpleSummarizedCallable extends SummarizedCallable,
FlowSummary::SimpleSummarizedCallable
abstract private class SummarizedCallableSimple extends SummarizedCallable,
FlowSummary::SummarizedCallable::RangeSimple
{
bindingset[this]
SimpleSummarizedCallable() { any() }
SummarizedCallableSimple() { any() }
}
private class NewSummary extends SummarizedCallable {
@@ -154,7 +154,7 @@ module String {
/**
* A flow summary for the `String#%` method.
*/
private class FormatSummary extends SimpleSummarizedCallable {
private class FormatSummary extends SummarizedCallableSimple {
FormatSummary() { this = "%" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -168,7 +168,7 @@ module String {
/**
* A flow summary for the `String#b` method.
*/
private class BSummary extends SimpleSummarizedCallable {
private class BSummary extends SummarizedCallableSimple {
BSummary() { this = "b" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -179,7 +179,7 @@ module String {
/**
* A flow summary for the `String#byteslice` method.
*/
private class BytesliceSummary extends SimpleSummarizedCallable {
private class BytesliceSummary extends SummarizedCallableSimple {
BytesliceSummary() { this = "byteslice" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -190,7 +190,7 @@ module String {
/**
* A flow summary for `String#capitalize(!)`.
*/
private class CapitalizeSummary extends SimpleSummarizedCallable {
private class CapitalizeSummary extends SummarizedCallableSimple {
CapitalizeSummary() { this = ["capitalize", "capitalize!"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -203,7 +203,7 @@ module String {
/**
* A flow summary for `String#center`, `String#ljust` and `String#rjust`.
*/
private class CenterSummary extends SimpleSummarizedCallable {
private class CenterSummary extends SummarizedCallableSimple {
CenterSummary() { this = ["center", "ljust", "rjust"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -218,7 +218,7 @@ module String {
/**
* A flow summary for the `String#chomp`, `String#chomp!`, `String#chop` and `String#chop!` methods.
*/
private class ChompSummary extends SimpleSummarizedCallable {
private class ChompSummary extends SummarizedCallableSimple {
ChompSummary() { this = ["chomp", "chomp!", "chop", "chop!"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -236,7 +236,7 @@ module String {
* We can't currently write this summary because there is no `DataFlow::Content` node to refer to (unlike with `Array#clear`).
* We need a `DataFlow::Content` node in order to override `clearsContent`.
*/
private class ClearSummary extends SimpleSummarizedCallable {
private class ClearSummary extends SummarizedCallableSimple {
ClearSummary() { none() }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -247,7 +247,7 @@ module String {
/**
* A flow summary for `String#concat` and `String#prepend`.
*/
private class ConcatSummary extends SimpleSummarizedCallable {
private class ConcatSummary extends SummarizedCallableSimple {
ConcatSummary() {
// `concat` and `prepend` omitted because they clash with the summaries for
// `Array#concat` and `Array#prepend`.
@@ -265,7 +265,7 @@ module String {
/**
* A flow summary for `String#delete(!)`, `String#delete_prefix(!)` and `String#delete_suffix(!)`.
*/
private class DeleteSummary extends SimpleSummarizedCallable {
private class DeleteSummary extends SummarizedCallableSimple {
DeleteSummary() { this = ["delete", "delete_prefix", "delete_suffix"] + ["", "!"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -276,7 +276,7 @@ module String {
/**
* A flow summary for `String#downcase(!)`, `String#upcase` and `String#swapcase(!)`.
*/
private class DowncaseSummary extends SimpleSummarizedCallable {
private class DowncaseSummary extends SummarizedCallableSimple {
DowncaseSummary() { this = ["downcase", "upcase", "swapcase"] + ["", "!"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -287,7 +287,7 @@ module String {
/**
* A flow summary for `String#dump` and `String#undump`.
*/
private class DumpSummary extends SimpleSummarizedCallable {
private class DumpSummary extends SummarizedCallableSimple {
DumpSummary() { this = ["dump", "undump"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -337,7 +337,7 @@ module String {
/**
* A flow summary for `String#encode(!)` and `String#unicode_normalize(!)`.
*/
private class EncodeSummary extends SimpleSummarizedCallable {
private class EncodeSummary extends SummarizedCallableSimple {
EncodeSummary() { this = ["encode", "unicode_normalize"] + ["", "!"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -348,7 +348,7 @@ module String {
/**
* A flow summary for `String#force_encoding`.
*/
private class ForceEncodingSummary extends SimpleSummarizedCallable {
private class ForceEncodingSummary extends SummarizedCallableSimple {
ForceEncodingSummary() { this = "force_encoding" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -359,7 +359,7 @@ module String {
/**
* A flow summary for `String#freeze`.
*/
private class FreezeSummary extends SimpleSummarizedCallable {
private class FreezeSummary extends SummarizedCallableSimple {
FreezeSummary() { this = "freeze" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -370,7 +370,7 @@ module String {
/**
* A flow summary for `String#gsub(!)` and `String#sub(!)`.
*/
private class GsubSummary extends SimpleSummarizedCallable {
private class GsubSummary extends SummarizedCallableSimple {
GsubSummary() { this = ["sub", "gsub"] + ["", "!"] }
// str.gsub(pattern, replacement) -> new_str
@@ -389,7 +389,7 @@ module String {
/**
* A flow summary for `String#insert`.
*/
private class InsertSummary extends SimpleSummarizedCallable {
private class InsertSummary extends SummarizedCallableSimple {
InsertSummary() {
this = "insert" and
// Disabled because it clashes with the summary for Array#insert.
@@ -406,7 +406,7 @@ module String {
/**
* A flow summary for `String#inspect`.
*/
private class InspectSummary extends SimpleSummarizedCallable {
private class InspectSummary extends SummarizedCallableSimple {
InspectSummary() { this = "inspect" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -417,7 +417,7 @@ module String {
/**
* A flow summary for `String#strip(!)`, `String#lstrip(!)` and `String#rstrip(!)`.
*/
private class StripSummary extends SimpleSummarizedCallable {
private class StripSummary extends SummarizedCallableSimple {
StripSummary() { this = ["strip", "lstrip", "rstrip"] + ["", "!"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -428,7 +428,7 @@ module String {
/**
* A flow summary for `String#next(!)` and `String#succ(!)`.
*/
private class NextSummary extends SimpleSummarizedCallable {
private class NextSummary extends SummarizedCallableSimple {
NextSummary() { this = ["next", "succ"] + ["", "!"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -439,7 +439,7 @@ module String {
/**
* A flow summary for `String#partition` and `String#rpartition`.
*/
private class PartitionSummary extends SimpleSummarizedCallable {
private class PartitionSummary extends SummarizedCallableSimple {
PartitionSummary() { this = ["partition", "rpartition"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -452,7 +452,7 @@ module String {
/**
* A flow summary for `String#replace`.
*/
private class ReplaceSummary extends SimpleSummarizedCallable {
private class ReplaceSummary extends SummarizedCallableSimple {
ReplaceSummary() { this = "replace" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -466,7 +466,7 @@ module String {
/**
* A flow summary for `String#reverse(!)`.
*/
private class ReverseSummary extends SimpleSummarizedCallable {
private class ReverseSummary extends SummarizedCallableSimple {
ReverseSummary() { this = ["reverse", "reverse!"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -560,7 +560,7 @@ module String {
/**
* A flow summary for `String#shellescape`.
*/
private class ShellescapeSummary extends SimpleSummarizedCallable {
private class ShellescapeSummary extends SummarizedCallableSimple {
ShellescapeSummary() { this = "shellescape" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -571,7 +571,7 @@ module String {
/**
* A flow summary for `String#shellsplit`.
*/
private class ShellSplitSummary extends SimpleSummarizedCallable {
private class ShellSplitSummary extends SummarizedCallableSimple {
ShellSplitSummary() { this = "shellsplit" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -584,7 +584,7 @@ module String {
/**
* A flow summary for `String#slice(!)`, `String#split` and `String#[]`.
*/
private class SliceSummary extends SimpleSummarizedCallable {
private class SliceSummary extends SummarizedCallableSimple {
SliceSummary() { this = ["slice", "slice!", "split", "[]"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -595,7 +595,7 @@ module String {
/**
* A flow summary for `String#squeeze(!)`.
*/
private class SqueezeSummary extends SimpleSummarizedCallable {
private class SqueezeSummary extends SummarizedCallableSimple {
SqueezeSummary() { this = ["squeeze", "squeeze!"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -606,7 +606,7 @@ module String {
/**
* A flow summary for `String#to_s` and `String.to_str`.
*/
private class ToStrSummary extends SimpleSummarizedCallable {
private class ToStrSummary extends SummarizedCallableSimple {
ToStrSummary() { this = ["to_str", "to_s"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -617,7 +617,7 @@ module String {
/**
* A flow summary for `String#tr`.
*/
private class TrSummary extends SimpleSummarizedCallable {
private class TrSummary extends SummarizedCallableSimple {
TrSummary() { this = ["tr", "tr_s"] + ["", "!"] }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {

10
ruby/ql/lib/codeql/ruby/frameworks/data/ModelsAsData.qll
View File

@@ -32,7 +32,7 @@ private class RemoteFlowSourceFromCsv extends RemoteFlowSource::Range {
override string getSourceType() { result = "Remote flow (from model)" }
}
private class SummarizedCallableFromModel extends SummarizedCallable {
private class SummarizedCallableFromModel extends SummarizedCallable::Range {
string type;
string path;
@@ -49,9 +49,13 @@ private class SummarizedCallableFromModel extends SummarizedCallable {
}
override predicate propagatesFlow(
string input, string output, boolean preservesValue, string model
string input, string output, boolean preservesValue, Provenance p, boolean isExact, string model
) {
exists(string kind | ModelOutput::relevantSummaryModel(type, path, input, output, kind, model) |
exists(string kind |
ModelOutput::relevantSummaryModel(type, path, input, output, kind, model) and
p = "manual" and
isExact = true
|
kind = "value" and
preservesValue = true
or

2
ruby/ql/lib/codeql/ruby/frameworks/rack/internal/Utils.qll
View File

@@ -10,7 +10,7 @@ private import codeql.ruby.dataflow.FlowSummary
*/
module Utils {
/** Flow summary for `Rack::Utils.parse_query`, which parses a query string. */
private class ParseQuerySummary extends SummarizedCallable {
private class ParseQuerySummary extends SummarizedCallable::Range {
ParseQuerySummary() { this = "Rack::Utils.parse_query" }
override MethodCall getACall() {

2
ruby/ql/lib/codeql/ruby/typetracking/internal/TypeTrackingImpl.qll
View File

@@ -223,7 +223,7 @@ private module SummaryTypeTrackerInput implements SummaryTypeTracker::Input {
predicate propagatesFlow(
SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue
) {
super.propagatesFlow(input, output, preservesValue, _)
super.propagatesFlow(input, output, preservesValue, _, _, _)
}
}

2
ruby/ql/test/library-tests/dataflow/flow-summaries/semantics.ql
View File

@@ -12,7 +12,7 @@ private import codeql.ruby.dataflow.FlowSummary
/**
* A convenience class for defining value (c.f. taint) flow summaries.
*/
abstract private class Summary extends SimpleSummarizedCallable {
abstract private class Summary extends SummarizedCallable::RangeSimple {
bindingset[this]
Summary() { any() }

2
ruby/ql/test/library-tests/dataflow/regressions/Regressions.ql
View File

@@ -1,6 +1,6 @@
private import codeql.ruby.dataflow.FlowSummary
private class ReverseSummary extends SimpleSummarizedCallable {
private class ReverseSummary extends SummarizedCallable::RangeSimple {
ReverseSummary() { this = "reverse" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {

6
ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql
View File

@@ -18,7 +18,7 @@ query predicate invalidSpecComponent(SummarizedCallable sc, string s, string c)
query predicate warning = ModelOutput::getAWarning/0;
private class SummarizedCallableIdentity extends SummarizedCallable {
private class SummarizedCallableIdentity extends SummarizedCallable::Range {
SummarizedCallableIdentity() { this = "identity" }
override MethodCall getACall() { result.getMethodName() = this }
@@ -30,7 +30,7 @@ private class SummarizedCallableIdentity extends SummarizedCallable {
}
}
private class SummarizedCallableApplyBlock extends SummarizedCallable {
private class SummarizedCallableApplyBlock extends SummarizedCallable::Range {
SummarizedCallableApplyBlock() { this = "apply_block" }
override MethodCall getACall() { result.getMethodName() = this }
@@ -46,7 +46,7 @@ private class SummarizedCallableApplyBlock extends SummarizedCallable {
}
}
private class SummarizedCallableApplyLambda extends SummarizedCallable {
private class SummarizedCallableApplyLambda extends SummarizedCallable::Range {
SummarizedCallableApplyLambda() { this = "apply_lambda" }
override MethodCall getACall() { result.getMethodName() = this }