Ruby: Add summaries for Hash#deep_merge(!)

2026-04-29 10:45:15 +02:00 · 2022-10-06 14:29:18 +13:00
parent 3dea1d6a60
commit cb37a0e835
2 changed files with 69 additions and 2 deletions
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/Hash.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Hash.qll
@@ -337,7 +337,11 @@ private class FetchValuesUnknownSummary extends FetchValuesSummary {
 }

 private class MergeSummary extends SimpleSummarizedCallable {
-  MergeSummary() { this = "merge" }
+  MergeSummary() {
+    // deep_merge is an ActiveSupport extension
+    // https://api.rubyonrails.org/classes/Hash.html#method-i-deep_merge
+    this = ["merge", "deep_merge"]
+  }

  override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
    (
@@ -352,7 +356,11 @@ private class MergeSummary extends SimpleSummarizedCallable {
 }

 private class MergeBangSummary extends SimpleSummarizedCallable {
-  MergeBangSummary() { this = ["merge!", "update"] }
+  MergeBangSummary() {
+    // deep_merge! is an ActiveSupport extension
+    // https://api.rubyonrails.org/classes/Hash.html#method-i-deep_merge-21
+    this = ["merge!", "deep_merge!", "update"]
+  }

  override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
    (
--- a/ruby/ql/test/library-tests/dataflow/hash-flow/hash_flow.rb
+++ b/ruby/ql/test/library-tests/dataflow/hash-flow/hash_flow.rb
@@ -783,3 +783,62 @@ def m46(x)
 end

 m46(:c)
+
+def m47()
+    hash1 = {
+        :a => taint(47.1),
+        :b => 1,
+        :c => taint(47.2)
+    }
+    hash2 = {
+        :d => taint(47.3),
+        :e => 1,
+        :f => taint(47.4)
+    }
+    hash = hash1.deep_merge(hash2) do |key, old_value, new_value|
+        sink key
+        sink old_value # $ hasValueFlow=47.1 $ hasValueFlow=47.2 $ hasValueFlow=47.3 $ hasValueFlow=47.4
+        sink new_value # $ hasValueFlow=47.1 $ hasValueFlow=47.2 $ hasValueFlow=47.3 $ hasValueFlow=47.4
+    end
+    sink (hash[:a]) # $ hasValueFlow=47.1
+    sink (hash[:b])
+    sink (hash[:c]) # $ hasValueFlow=47.2
+    sink (hash[:d]) # $ hasValueFlow=47.3
+    sink (hash[:e])
+    sink (hash[:f]) # $ hasValueFlow=47.4
+end
+
+m47()
+
+def m48()
+    hash1 = {
+        :a => taint(48.1),
+        :b => 1,
+        :c => taint(48.2)
+    }
+    hash2 = {
+        :d => taint(48.3),
+        :e => 1,
+        :f => taint(48.4)
+    }
+    hash = hash1.deep_merge!(hash2) do |key, old_value, new_value|
+        sink key
+        sink old_value # $ hasValueFlow=48.1 $ hasValueFlow=48.2 $ hasValueFlow=48.3 $ hasValueFlow=48.4
+        sink new_value # $ hasValueFlow=48.1 $ hasValueFlow=48.2 $ hasValueFlow=48.3 $ hasValueFlow=48.4
+    end
+    sink (hash[:a]) # $ hasValueFlow=48.1
+    sink (hash[:b])
+    sink (hash[:c]) # $ hasValueFlow=48.2
+    sink (hash[:d]) # $ hasValueFlow=48.3
+    sink (hash[:e])
+    sink (hash[:f]) # $ hasValueFlow=48.4
+
+    sink (hash1[:a]) # $ hasValueFlow=48.1
+    sink (hash1[:b])
+    sink (hash1[:c]) # $ hasValueFlow=48.2
+    sink (hash1[:d]) # $ hasValueFlow=48.3
+    sink (hash1[:e])
+    sink (hash1[:f]) # $ hasValueFlow=48.4
+end
+
+m48()