hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: Fix value/taint flow in String summaries

Browse Source
This commit is contained in:
Harry Maclean
2022-02-22 16:35:15 +13:00
parent f07ae35b87
commit d180a55b3a
3 changed files with 283 additions and 408 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
ruby/ql/lib/codeql/ruby/frameworks/core/String.qll
View File

@@ -6,12 +6,6 @@ private import codeql.ruby.DataFlow
private import codeql.ruby.dataflow.FlowSummary
private import codeql.ruby.dataflow.internal.DataFlowDispatch
// TODO: the way we interpret `preservesValue` in this module may not be
// correct: we assume that if the input string appears intact in the output,
// then value is preserves. This means that we consider appending or prepending
// characters to the string to be value-preserving.
// We may want to be stricter here, and define value-preserving as when the
// output string exactly matches the input string.
/**
* Provides flow summaries for the `String` class.
*
@@ -79,7 +73,7 @@ module String {
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = ["Receiver", "Argument[0]", "ArrayElement of Argument[0]"] and
output = "ReturnValue" and
preservesValue = true
preservesValue = false
}
}
@@ -110,7 +104,7 @@ module String {
override MethodCall getACall() { result = mc }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
valueIdentityFlow(input, output, preservesValue)
taintIdentityFlow(input, output, preservesValue)
}
}
@@ -138,13 +132,10 @@ module String {
CenterSummary() { this = ["center", "ljust", "rjust"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
(
input = "Receiver" and
output = "ReturnValue"
or
input = "Argument[1]" and
output = "ReturnValue"
) and
taintIdentityFlow(input, output, preservesValue)
or
input = "Argument[1]" and
output = "ReturnValue" and
preservesValue = false
}
}
@@ -160,13 +151,12 @@ module String {
override MethodCall getACall() { result = mc }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
or
this = ["chomp!", "chop!"] and
input = "Receiver" and
preservesValue = false and
(
output = "ReturnValue"
or
this = ["chomp!", "chop!"] and output = "Receiver"
)
output = "Receiver"
}
}
@@ -185,7 +175,7 @@ module String {
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = ["Receiver", "Argument[_]"] and
output = ["ReturnValue", "Receiver"] and
preservesValue = true
preservesValue = false
}
}
@@ -279,9 +269,7 @@ module String {
ForceEncodingSummary() { this = "force_encoding" }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Receiver" and
output = "ReturnValue" and
preservesValue = false
taintIdentityFlow(input, output, preservesValue)
}
}
@@ -309,13 +297,9 @@ module String {
// receiver -> return value
// replacement -> return value
// block return -> return value
(
input = ["Receiver", "Argument[1]"] and
preservesValue = false
or
input = "ReturnValue of BlockArgument" and preservesValue = true
) and
output = "ReturnValue"
preservesValue = false and
output = "ReturnValue" and
input = ["Receiver", "Argument[1]", "ReturnValue of BlockArgument"]
}
}
@@ -330,12 +314,9 @@ module String {
}
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
(
input = "Receiver" and preservesValue = false
or
input = "Argument[1]" and preservesValue = true
) and
output = "ReturnValue"
taintIdentityFlow(input, output, preservesValue)
or
input = "Argument[1]" and output = "ReturnValue" and preservesValue = false
}
}
@@ -357,7 +338,7 @@ module String {
StripSummary() { this = ["strip", "lstrip", "rstrip"] + ["", "!"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
valueIdentityFlow(input, output, preservesValue)
taintIdentityFlow(input, output, preservesValue)
}
}
@@ -427,14 +408,14 @@ module String {
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Receiver" and
(
// Parameter[_] doesn't seem to work
output = "Parameter[" + [0 .. 10] + "] of BlockArgument" and preservesValue = false
or
// scan(pattern) -> array
output = "ReturnValue" and
preservesValue = true
)
preservesValue = false and
output =
[
// scan(pattern) -> array
"ReturnValue",
// Parameter[_] doesn't seem to work
"Parameter[" + [0 .. 10] + "] of BlockArgument"
]
}
}
@@ -443,14 +424,14 @@ module String {
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Receiver" and
(
// scan(pattern) {|match, ...| block } -> str
output = "ArrayElement[?] of ReturnValue" and
preservesValue = false
or
// Parameter[_] doesn't seem to work
output = "Parameter[" + [0 .. 10] + "] of BlockArgument" and preservesValue = false
)
preservesValue = false and
output =
[
// scan(pattern) {|match, ...| block } -> str
"ArrayElement[?] of ReturnValue",
// Parameter[_] doesn't seem to work
"Parameter[" + [0 .. 10] + "] of BlockArgument"
]
}
}
@@ -470,17 +451,18 @@ module String {
ScrubBlockSummary() { this = "scrub_block" and exists(mc.getBlock()) }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Receiver" and
output = "Parameter[0] of BlockArgument" and
preservesValue = true
or
input = "Argument[0]" and output = "ReturnValue" and preservesValue = true
or
input = "ReturnValue of BlockArgument" and
output = "ReturnValue" and
preservesValue = true
or
taintIdentityFlow(input, output, preservesValue)
or
preservesValue = false and
(
input = "Receiver" and
output = "Parameter[0] of BlockArgument"
or
input = "Argument[0]" and output = "ReturnValue"
or
input = "ReturnValue of BlockArgument" and
output = "ReturnValue"
)
}
}
@@ -488,17 +470,29 @@ module String {
ScrubNoBlockSummary() { this = "scrub_no_block" and not exists(mc.getBlock()) }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = "Receiver" and
output = "Parameter[0] of BlockArgument" and
preservesValue = true
or
input = "Argument[0]" and output = "ReturnValue" and preservesValue = true
taintIdentityFlow(input, output, preservesValue)
or
preservesValue = false and
(
input = "Receiver" and
output = "Parameter[0] of BlockArgument"
or
input = "Argument[0]" and output = "ReturnValue"
)
}
}
/**
* A flow summary for `String#shellescape`.
*/
private class ShellescapeSummary extends SimpleSummarizedCallable {
ShellescapeSummary() { this = "shellescape" }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
taintIdentityFlow(input, output, preservesValue)
}
}
// TODO: what do we do about `String#shellescape`?
/**
* A flow summary for `String#shellsplit`.
*/
@@ -552,7 +546,9 @@ module String {
TrSummary() { this = ["tr", "tr_s"] + ["", "!"] }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = ["Receiver", "Argument[1]"] and output = "ReturnValue" and preservesValue = false
taintIdentityFlow(input, output, preservesValue)
or
input = "Argument[1]" and output = "ReturnValue" and preservesValue = false
}
}
@@ -604,7 +600,7 @@ module String {
}
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
input = ["Receiver"] and
input = "Receiver" and
output = "Parameter[0] of BlockArgument" and
preservesValue = true
or

500
ruby/ql/test/library-tests/dataflow/string-flow/string-flow.expected
View File

@@ -12,17 +12,11 @@ edges
| string_flow.rb:8:29:8:29 | a : | string_flow.rb:8:10:8:30 | call to try_convert |
| string_flow.rb:12:9:12:18 | call to source : | string_flow.rb:13:10:13:17 | ... % ... |
| string_flow.rb:12:9:12:18 | call to source : | string_flow.rb:13:17:13:17 | a : |
| string_flow.rb:12:9:12:18 | call to source : | string_flow.rb:13:17:13:17 | a : |
| string_flow.rb:12:9:12:18 | call to source : | string_flow.rb:14:28:14:28 | a : |
| string_flow.rb:12:9:12:18 | call to source : | string_flow.rb:14:28:14:28 | a : |
| string_flow.rb:12:9:12:18 | call to source : | string_flow.rb:15:10:15:10 | a : |
| string_flow.rb:12:9:12:18 | call to source : | string_flow.rb:15:10:15:10 | a : |
| string_flow.rb:12:9:12:18 | call to source : | string_flow.rb:15:10:15:18 | ... % ... |
| string_flow.rb:13:17:13:17 | a : | string_flow.rb:13:10:13:17 | ... % ... |
| string_flow.rb:13:17:13:17 | a : | string_flow.rb:13:10:13:17 | ... % ... |
| string_flow.rb:14:28:14:28 | a : | string_flow.rb:14:10:14:29 | ... % ... |
| string_flow.rb:14:28:14:28 | a : | string_flow.rb:14:10:14:29 | ... % ... |
| string_flow.rb:15:10:15:10 | a : | string_flow.rb:15:10:15:18 | ... % ... |
| string_flow.rb:15:10:15:10 | a : | string_flow.rb:15:10:15:18 | ... % ... |
| string_flow.rb:19:9:19:18 | call to source : | string_flow.rb:21:10:21:10 | b |
| string_flow.rb:25:9:25:18 | call to source : | string_flow.rb:27:10:27:10 | b |
@@ -33,16 +27,10 @@ edges
| string_flow.rb:40:10:40:10 | a : | string_flow.rb:40:10:40:12 | call to b |
| string_flow.rb:40:10:40:10 | a : | string_flow.rb:40:10:40:12 | call to b |
| string_flow.rb:44:9:44:18 | call to source : | string_flow.rb:45:10:45:10 | a : |
| string_flow.rb:44:9:44:18 | call to source : | string_flow.rb:45:10:45:10 | a : |
| string_flow.rb:44:9:44:18 | call to source : | string_flow.rb:46:10:46:10 | a : |
| string_flow.rb:44:9:44:18 | call to source : | string_flow.rb:46:10:46:10 | a : |
| string_flow.rb:44:9:44:18 | call to source : | string_flow.rb:47:10:47:10 | a : |
| string_flow.rb:44:9:44:18 | call to source : | string_flow.rb:47:10:47:10 | a : |
| string_flow.rb:45:10:45:10 | a : | string_flow.rb:45:10:45:23 | call to byteslice |
| string_flow.rb:45:10:45:10 | a : | string_flow.rb:45:10:45:23 | call to byteslice |
| string_flow.rb:46:10:46:10 | a : | string_flow.rb:46:10:46:26 | call to byteslice |
| string_flow.rb:46:10:46:10 | a : | string_flow.rb:46:10:46:26 | call to byteslice |
| string_flow.rb:47:10:47:10 | a : | string_flow.rb:47:10:47:26 | call to byteslice |
| string_flow.rb:47:10:47:10 | a : | string_flow.rb:47:10:47:26 | call to byteslice |
| string_flow.rb:51:9:51:18 | call to source : | string_flow.rb:52:10:52:10 | a : |
| string_flow.rb:51:9:51:18 | call to source : | string_flow.rb:53:10:53:10 | a : |
@@ -143,10 +131,8 @@ edges
| string_flow.rb:167:23:167:23 | c : | string_flow.rb:167:10:167:24 | call to gsub! |
| string_flow.rb:168:10:168:10 | a : | string_flow.rb:168:10:168:43 | call to gsub |
| string_flow.rb:168:32:168:41 | call to source : | string_flow.rb:168:10:168:43 | call to gsub |
| string_flow.rb:168:32:168:41 | call to source : | string_flow.rb:168:10:168:43 | call to gsub |
| string_flow.rb:169:10:169:10 | a : | string_flow.rb:169:10:169:44 | call to gsub! |
| string_flow.rb:169:33:169:42 | call to source : | string_flow.rb:169:10:169:44 | call to gsub! |
| string_flow.rb:169:33:169:42 | call to source : | string_flow.rb:169:10:169:44 | call to gsub! |
| string_flow.rb:173:9:173:18 | call to source : | string_flow.rb:175:10:175:10 | a : |
| string_flow.rb:173:9:173:18 | call to source : | string_flow.rb:176:10:176:10 | a : |
| string_flow.rb:173:9:173:18 | call to source : | string_flow.rb:177:10:177:10 | a : |
@@ -159,35 +145,21 @@ edges
| string_flow.rb:176:22:176:22 | c : | string_flow.rb:176:10:176:23 | call to sub! |
| string_flow.rb:177:10:177:10 | a : | string_flow.rb:177:10:177:42 | call to sub |
| string_flow.rb:177:31:177:40 | call to source : | string_flow.rb:177:10:177:42 | call to sub |
| string_flow.rb:177:31:177:40 | call to source : | string_flow.rb:177:10:177:42 | call to sub |
| string_flow.rb:178:10:178:10 | a : | string_flow.rb:178:10:178:43 | call to sub! |
| string_flow.rb:178:32:178:41 | call to source : | string_flow.rb:178:10:178:43 | call to sub! |
| string_flow.rb:178:32:178:41 | call to source : | string_flow.rb:178:10:178:43 | call to sub! |
| string_flow.rb:189:9:189:18 | call to source : | string_flow.rb:190:10:190:10 | a : |
| string_flow.rb:190:10:190:10 | a : | string_flow.rb:190:10:190:18 | call to inspect |
| string_flow.rb:194:9:194:18 | call to source : | string_flow.rb:195:10:195:10 | a : |
| string_flow.rb:194:9:194:18 | call to source : | string_flow.rb:195:10:195:10 | a : |
| string_flow.rb:194:9:194:18 | call to source : | string_flow.rb:196:10:196:10 | a : |
| string_flow.rb:194:9:194:18 | call to source : | string_flow.rb:196:10:196:10 | a : |
| string_flow.rb:194:9:194:18 | call to source : | string_flow.rb:197:10:197:10 | a : |
| string_flow.rb:194:9:194:18 | call to source : | string_flow.rb:197:10:197:10 | a : |
| string_flow.rb:194:9:194:18 | call to source : | string_flow.rb:198:10:198:10 | a : |
| string_flow.rb:194:9:194:18 | call to source : | string_flow.rb:198:10:198:10 | a : |
| string_flow.rb:194:9:194:18 | call to source : | string_flow.rb:199:10:199:10 | a : |
| string_flow.rb:194:9:194:18 | call to source : | string_flow.rb:199:10:199:10 | a : |
| string_flow.rb:194:9:194:18 | call to source : | string_flow.rb:200:10:200:10 | a : |
| string_flow.rb:194:9:194:18 | call to source : | string_flow.rb:200:10:200:10 | a : |
| string_flow.rb:195:10:195:10 | a : | string_flow.rb:195:10:195:16 | call to strip |
| string_flow.rb:195:10:195:10 | a : | string_flow.rb:195:10:195:16 | call to strip |
| string_flow.rb:196:10:196:10 | a : | string_flow.rb:196:10:196:17 | call to strip! |
| string_flow.rb:196:10:196:10 | a : | string_flow.rb:196:10:196:17 | call to strip! |
| string_flow.rb:197:10:197:10 | a : | string_flow.rb:197:10:197:17 | call to lstrip |
| string_flow.rb:197:10:197:10 | a : | string_flow.rb:197:10:197:17 | call to lstrip |
| string_flow.rb:198:10:198:10 | a : | string_flow.rb:198:10:198:18 | call to lstrip! |
| string_flow.rb:198:10:198:10 | a : | string_flow.rb:198:10:198:18 | call to lstrip! |
| string_flow.rb:199:10:199:10 | a : | string_flow.rb:199:10:199:17 | call to rstrip |
| string_flow.rb:199:10:199:10 | a : | string_flow.rb:199:10:199:17 | call to rstrip |
| string_flow.rb:200:10:200:10 | a : | string_flow.rb:200:10:200:18 | call to rstrip! |
| string_flow.rb:200:10:200:10 | a : | string_flow.rb:200:10:200:18 | call to rstrip! |
| string_flow.rb:204:9:204:18 | call to source : | string_flow.rb:205:10:205:10 | a : |
| string_flow.rb:204:9:204:18 | call to source : | string_flow.rb:206:10:206:10 | a : |
@@ -223,15 +195,12 @@ edges
| string_flow.rb:230:10:230:10 | a : | string_flow.rb:230:10:230:18 | call to reverse |
| string_flow.rb:234:9:234:18 | call to source : | string_flow.rb:235:9:235:9 | a : |
| string_flow.rb:234:9:234:18 | call to source : | string_flow.rb:236:9:236:9 | a : |
| string_flow.rb:234:9:234:18 | call to source : | string_flow.rb:236:9:236:9 | a : |
| string_flow.rb:234:9:234:18 | call to source : | string_flow.rb:238:9:238:9 | a : |
| string_flow.rb:235:9:235:9 | a : | string_flow.rb:235:24:235:24 | x : |
| string_flow.rb:235:24:235:24 | x : | string_flow.rb:235:35:235:35 | x |
| string_flow.rb:236:9:236:9 | a : | string_flow.rb:236:9:236:37 | call to scan : |
| string_flow.rb:236:9:236:9 | a : | string_flow.rb:236:9:236:37 | call to scan : |
| string_flow.rb:236:9:236:9 | a : | string_flow.rb:236:27:236:27 | y : |
| string_flow.rb:236:9:236:37 | call to scan : | string_flow.rb:237:10:237:10 | b |
| string_flow.rb:236:9:236:37 | call to scan : | string_flow.rb:237:10:237:10 | b |
| string_flow.rb:236:27:236:27 | y : | string_flow.rb:236:35:236:35 | y |
| string_flow.rb:238:9:238:9 | a : | string_flow.rb:238:9:238:19 | call to scan [array element] : |
| string_flow.rb:238:9:238:19 | call to scan [array element] : | string_flow.rb:239:10:239:10 | b [array element] : |
@@ -239,134 +208,118 @@ edges
| string_flow.rb:239:10:239:10 | b [array element] : | string_flow.rb:239:10:239:13 | ...[...] |
| string_flow.rb:240:10:240:10 | b [array element] : | string_flow.rb:240:10:240:13 | ...[...] |
| string_flow.rb:244:5:244:18 | ... = ... : | string_flow.rb:248:26:248:26 | a : |
| string_flow.rb:244:5:244:18 | ... = ... : | string_flow.rb:248:26:248:26 | a : |
| string_flow.rb:244:5:244:18 | ... = ... : | string_flow.rb:256:27:256:27 | a : |
| string_flow.rb:244:5:244:18 | ... = ... : | string_flow.rb:256:27:256:27 | a : |
| string_flow.rb:244:9:244:18 | call to source : | string_flow.rb:244:5:244:18 | ... = ... : |
| string_flow.rb:244:9:244:18 | call to source : | string_flow.rb:244:5:244:18 | ... = ... : |
| string_flow.rb:244:9:244:18 | call to source : | string_flow.rb:245:10:245:10 | a : |
| string_flow.rb:244:9:244:18 | call to source : | string_flow.rb:246:20:246:20 | a : |
| string_flow.rb:244:9:244:18 | call to source : | string_flow.rb:246:20:246:20 | a : |
| string_flow.rb:244:9:244:18 | call to source : | string_flow.rb:247:5:247:5 | a : |
| string_flow.rb:244:9:244:18 | call to source : | string_flow.rb:247:5:247:5 | a : |
| string_flow.rb:244:9:244:18 | call to source : | string_flow.rb:250:10:250:10 | a : |
| string_flow.rb:244:9:244:18 | call to source : | string_flow.rb:251:21:251:21 | a : |
| string_flow.rb:244:9:244:18 | call to source : | string_flow.rb:251:21:251:21 | a : |
| string_flow.rb:245:10:245:10 | a : | string_flow.rb:245:10:245:21 | call to scrub |
| string_flow.rb:246:20:246:20 | a : | string_flow.rb:246:10:246:21 | call to scrub |
| string_flow.rb:246:20:246:20 | a : | string_flow.rb:246:10:246:21 | call to scrub |
| string_flow.rb:247:5:247:5 | a : | string_flow.rb:247:16:247:16 | x : |
| string_flow.rb:247:5:247:5 | a : | string_flow.rb:247:16:247:16 | x : |
| string_flow.rb:247:16:247:16 | x : | string_flow.rb:247:24:247:24 | x |
| string_flow.rb:247:16:247:16 | x : | string_flow.rb:247:24:247:24 | x |
| string_flow.rb:248:26:248:26 | a : | string_flow.rb:248:10:248:28 | call to scrub |
| string_flow.rb:248:26:248:26 | a : | string_flow.rb:248:10:248:28 | call to scrub |
| string_flow.rb:250:10:250:10 | a : | string_flow.rb:250:10:250:22 | call to scrub! |
| string_flow.rb:251:21:251:21 | a : | string_flow.rb:251:10:251:22 | call to scrub! |
| string_flow.rb:251:21:251:21 | a : | string_flow.rb:251:10:251:22 | call to scrub! |
| string_flow.rb:253:5:253:18 | ... = ... : | string_flow.rb:248:26:248:26 | a : |
| string_flow.rb:253:5:253:18 | ... = ... : | string_flow.rb:248:26:248:26 | a : |
| string_flow.rb:253:5:253:18 | ... = ... : | string_flow.rb:256:27:256:27 | a : |
| string_flow.rb:253:5:253:18 | ... = ... : | string_flow.rb:256:27:256:27 | a : |
| string_flow.rb:253:9:253:18 | call to source : | string_flow.rb:253:5:253:18 | ... = ... : |
| string_flow.rb:253:9:253:18 | call to source : | string_flow.rb:253:5:253:18 | ... = ... : |
| string_flow.rb:253:9:253:18 | call to source : | string_flow.rb:254:5:254:5 | a : |
| string_flow.rb:253:9:253:18 | call to source : | string_flow.rb:254:5:254:5 | a : |
| string_flow.rb:254:5:254:5 | a : | string_flow.rb:254:17:254:17 | x : |
| string_flow.rb:254:5:254:5 | a : | string_flow.rb:254:17:254:17 | x : |
| string_flow.rb:254:17:254:17 | x : | string_flow.rb:254:25:254:25 | x |
| string_flow.rb:254:17:254:17 | x : | string_flow.rb:254:25:254:25 | x |
| string_flow.rb:256:27:256:27 | a : | string_flow.rb:256:10:256:29 | call to scrub! |
| string_flow.rb:256:27:256:27 | a : | string_flow.rb:256:10:256:29 | call to scrub! |
| string_flow.rb:260:9:260:18 | call to source : | string_flow.rb:261:9:261:9 | a : |
| string_flow.rb:261:9:261:9 | a : | string_flow.rb:261:9:261:20 | call to shellsplit [array element] : |
| string_flow.rb:261:9:261:20 | call to shellsplit [array element] : | string_flow.rb:262:10:262:10 | b [array element] : |
| string_flow.rb:262:10:262:10 | b [array element] : | string_flow.rb:262:10:262:13 | ...[...] |
| string_flow.rb:266:9:266:18 | call to source : | string_flow.rb:267:9:267:9 | a : |
| string_flow.rb:266:9:266:18 | call to source : | string_flow.rb:270:9:270:9 | a : |
| string_flow.rb:267:9:267:9 | a : | string_flow.rb:267:9:267:18 | call to slice : |
| string_flow.rb:267:9:267:18 | call to slice : | string_flow.rb:268:10:268:10 | b : |
| string_flow.rb:268:10:268:10 | b : | string_flow.rb:268:10:268:13 | ...[...] |
| string_flow.rb:270:9:270:9 | [post] a : | string_flow.rb:273:9:273:9 | a : |
| string_flow.rb:270:9:270:9 | [post] a : | string_flow.rb:276:9:276:9 | a : |
| string_flow.rb:270:9:270:9 | [post] a [array element 1] : | string_flow.rb:276:9:276:9 | a [array element 1] : |
| string_flow.rb:270:9:270:9 | [post] a [array element 2] : | string_flow.rb:276:9:276:9 | a [array element 2] : |
| string_flow.rb:270:9:270:9 | [post] a [array element] : | string_flow.rb:276:9:276:9 | a [array element] : |
| string_flow.rb:270:9:270:9 | a : | string_flow.rb:270:9:270:9 | [post] a : |
| string_flow.rb:270:9:270:9 | a : | string_flow.rb:270:9:270:9 | [post] a [array element 1] : |
| string_flow.rb:270:9:270:9 | a : | string_flow.rb:270:9:270:9 | [post] a [array element 2] : |
| string_flow.rb:270:9:270:9 | a : | string_flow.rb:270:9:270:9 | [post] a [array element] : |
| string_flow.rb:270:9:270:9 | a : | string_flow.rb:270:9:270:19 | call to slice! : |
| string_flow.rb:270:9:270:19 | call to slice! : | string_flow.rb:271:10:271:10 | b : |
| string_flow.rb:271:10:271:10 | b : | string_flow.rb:271:10:271:13 | ...[...] |
| string_flow.rb:273:9:273:9 | a : | string_flow.rb:273:9:273:20 | call to split : |
| string_flow.rb:273:9:273:20 | call to split : | string_flow.rb:274:10:274:10 | b : |
| string_flow.rb:274:10:274:10 | b : | string_flow.rb:274:10:274:13 | ...[...] |
| string_flow.rb:276:9:276:9 | a : | string_flow.rb:276:9:276:14 | ...[...] : |
| string_flow.rb:276:9:276:9 | a : | string_flow.rb:276:9:276:14 | ...[...] [array element 0] : |
| string_flow.rb:276:9:276:9 | a : | string_flow.rb:276:9:276:14 | ...[...] [array element 1] : |
| string_flow.rb:276:9:276:9 | a : | string_flow.rb:276:9:276:14 | ...[...] [array element] : |
| string_flow.rb:276:9:276:9 | a [array element 1] : | string_flow.rb:276:9:276:14 | ...[...] [array element 0] : |
| string_flow.rb:276:9:276:9 | a [array element 2] : | string_flow.rb:276:9:276:14 | ...[...] [array element 1] : |
| string_flow.rb:276:9:276:9 | a [array element] : | string_flow.rb:276:9:276:14 | ...[...] [array element] : |
| string_flow.rb:276:9:276:14 | ...[...] : | string_flow.rb:277:10:277:10 | b : |
| string_flow.rb:276:9:276:14 | ...[...] [array element 0] : | string_flow.rb:277:10:277:10 | b [array element 0] : |
| string_flow.rb:276:9:276:14 | ...[...] [array element 1] : | string_flow.rb:277:10:277:10 | b [array element 1] : |
| string_flow.rb:276:9:276:14 | ...[...] [array element] : | string_flow.rb:277:10:277:10 | b [array element] : |
| string_flow.rb:277:10:277:10 | b : | string_flow.rb:277:10:277:13 | ...[...] |
| string_flow.rb:277:10:277:10 | b [array element 0] : | string_flow.rb:277:10:277:13 | ...[...] |
| string_flow.rb:277:10:277:10 | b [array element 1] : | string_flow.rb:277:10:277:13 | ...[...] |
| string_flow.rb:277:10:277:10 | b [array element] : | string_flow.rb:277:10:277:13 | ...[...] |
| string_flow.rb:281:9:281:18 | call to source : | string_flow.rb:282:10:282:10 | a : |
| string_flow.rb:281:9:281:18 | call to source : | string_flow.rb:283:10:283:10 | a : |
| string_flow.rb:281:9:281:18 | call to source : | string_flow.rb:284:10:284:10 | a : |
| string_flow.rb:281:9:281:18 | call to source : | string_flow.rb:285:10:285:10 | a : |
| string_flow.rb:282:10:282:10 | a : | string_flow.rb:282:10:282:18 | call to squeeze |
| string_flow.rb:283:10:283:10 | a : | string_flow.rb:283:10:283:23 | call to squeeze |
| string_flow.rb:284:10:284:10 | a : | string_flow.rb:284:10:284:19 | call to squeeze! |
| string_flow.rb:285:10:285:10 | a : | string_flow.rb:285:10:285:24 | call to squeeze! |
| string_flow.rb:289:9:289:18 | call to source : | string_flow.rb:290:10:290:10 | a : |
| string_flow.rb:289:9:289:18 | call to source : | string_flow.rb:290:10:290:10 | a : |
| string_flow.rb:289:9:289:18 | call to source : | string_flow.rb:291:10:291:10 | a : |
| string_flow.rb:289:9:289:18 | call to source : | string_flow.rb:291:10:291:10 | a : |
| string_flow.rb:290:10:290:10 | a : | string_flow.rb:290:10:290:17 | call to to_str |
| string_flow.rb:290:10:290:10 | a : | string_flow.rb:290:10:290:17 | call to to_str |
| string_flow.rb:291:10:291:10 | a : | string_flow.rb:291:10:291:15 | call to to_s |
| string_flow.rb:291:10:291:10 | a : | string_flow.rb:291:10:291:15 | call to to_s |
| string_flow.rb:295:9:295:18 | call to source : | string_flow.rb:296:10:296:10 | a : |
| string_flow.rb:295:9:295:18 | call to source : | string_flow.rb:297:22:297:22 | a : |
| string_flow.rb:295:9:295:18 | call to source : | string_flow.rb:298:10:298:10 | a : |
| string_flow.rb:295:9:295:18 | call to source : | string_flow.rb:299:23:299:23 | a : |
| string_flow.rb:295:9:295:18 | call to source : | string_flow.rb:300:10:300:10 | a : |
| string_flow.rb:295:9:295:18 | call to source : | string_flow.rb:301:24:301:24 | a : |
| string_flow.rb:295:9:295:18 | call to source : | string_flow.rb:302:10:302:10 | a : |
| string_flow.rb:295:9:295:18 | call to source : | string_flow.rb:303:25:303:25 | a : |
| string_flow.rb:296:10:296:10 | a : | string_flow.rb:296:10:296:23 | call to tr |
| string_flow.rb:297:22:297:22 | a : | string_flow.rb:297:10:297:23 | call to tr |
| string_flow.rb:298:10:298:10 | a : | string_flow.rb:298:10:298:24 | call to tr! |
| string_flow.rb:299:23:299:23 | a : | string_flow.rb:299:10:299:24 | call to tr! |
| string_flow.rb:300:10:300:10 | a : | string_flow.rb:300:10:300:25 | call to tr_s |
| string_flow.rb:301:24:301:24 | a : | string_flow.rb:301:10:301:25 | call to tr_s |
| string_flow.rb:302:10:302:10 | a : | string_flow.rb:302:10:302:26 | call to tr_s! |
| string_flow.rb:303:25:303:25 | a : | string_flow.rb:303:10:303:26 | call to tr_s! |
| string_flow.rb:307:9:307:18 | call to source : | string_flow.rb:308:5:308:5 | a : |
| string_flow.rb:307:9:307:18 | call to source : | string_flow.rb:308:5:308:5 | a : |
| string_flow.rb:307:9:307:18 | call to source : | string_flow.rb:309:5:309:5 | a : |
| string_flow.rb:307:9:307:18 | call to source : | string_flow.rb:309:5:309:5 | a : |
| string_flow.rb:307:9:307:18 | call to source : | string_flow.rb:310:14:310:14 | a : |
| string_flow.rb:307:9:307:18 | call to source : | string_flow.rb:310:14:310:14 | a : |
| string_flow.rb:308:5:308:5 | a : | string_flow.rb:308:20:308:20 | x : |
| string_flow.rb:308:5:308:5 | a : | string_flow.rb:308:20:308:20 | x : |
| string_flow.rb:308:20:308:20 | x : | string_flow.rb:308:28:308:28 | x |
| string_flow.rb:308:20:308:20 | x : | string_flow.rb:308:28:308:28 | x |
| string_flow.rb:309:5:309:5 | a : | string_flow.rb:309:26:309:26 | x : |
| string_flow.rb:309:5:309:5 | a : | string_flow.rb:309:26:309:26 | x : |
| string_flow.rb:309:26:309:26 | x : | string_flow.rb:309:34:309:34 | x |
| string_flow.rb:309:26:309:26 | x : | string_flow.rb:309:34:309:34 | x |
| string_flow.rb:310:14:310:14 | a : | string_flow.rb:310:20:310:20 | x : |
| string_flow.rb:310:14:310:14 | a : | string_flow.rb:310:20:310:20 | x : |
| string_flow.rb:310:20:310:20 | x : | string_flow.rb:310:28:310:28 | x |
| string_flow.rb:310:20:310:20 | x : | string_flow.rb:310:28:310:28 | x |
| string_flow.rb:260:9:260:18 | call to source : | string_flow.rb:261:10:261:10 | a : |
| string_flow.rb:261:10:261:10 | a : | string_flow.rb:261:10:261:22 | call to shellescape |
| string_flow.rb:265:9:265:18 | call to source : | string_flow.rb:266:9:266:9 | a : |
| string_flow.rb:266:9:266:9 | a : | string_flow.rb:266:9:266:20 | call to shellsplit [array element] : |
| string_flow.rb:266:9:266:20 | call to shellsplit [array element] : | string_flow.rb:267:10:267:10 | b [array element] : |
| string_flow.rb:267:10:267:10 | b [array element] : | string_flow.rb:267:10:267:13 | ...[...] |
| string_flow.rb:271:9:271:18 | call to source : | string_flow.rb:272:9:272:9 | a : |
| string_flow.rb:271:9:271:18 | call to source : | string_flow.rb:275:9:275:9 | a : |
| string_flow.rb:272:9:272:9 | a : | string_flow.rb:272:9:272:18 | call to slice : |
| string_flow.rb:272:9:272:18 | call to slice : | string_flow.rb:273:10:273:10 | b : |
| string_flow.rb:273:10:273:10 | b : | string_flow.rb:273:10:273:13 | ...[...] |
| string_flow.rb:275:9:275:9 | [post] a : | string_flow.rb:278:9:278:9 | a : |
| string_flow.rb:275:9:275:9 | [post] a : | string_flow.rb:281:9:281:9 | a : |
| string_flow.rb:275:9:275:9 | [post] a [array element 1] : | string_flow.rb:281:9:281:9 | a [array element 1] : |
| string_flow.rb:275:9:275:9 | [post] a [array element 2] : | string_flow.rb:281:9:281:9 | a [array element 2] : |
| string_flow.rb:275:9:275:9 | [post] a [array element] : | string_flow.rb:281:9:281:9 | a [array element] : |
| string_flow.rb:275:9:275:9 | a : | string_flow.rb:275:9:275:9 | [post] a : |
| string_flow.rb:275:9:275:9 | a : | string_flow.rb:275:9:275:9 | [post] a [array element 1] : |
| string_flow.rb:275:9:275:9 | a : | string_flow.rb:275:9:275:9 | [post] a [array element 2] : |
| string_flow.rb:275:9:275:9 | a : | string_flow.rb:275:9:275:9 | [post] a [array element] : |
| string_flow.rb:275:9:275:9 | a : | string_flow.rb:275:9:275:19 | call to slice! : |
| string_flow.rb:275:9:275:19 | call to slice! : | string_flow.rb:276:10:276:10 | b : |
| string_flow.rb:276:10:276:10 | b : | string_flow.rb:276:10:276:13 | ...[...] |
| string_flow.rb:278:9:278:9 | a : | string_flow.rb:278:9:278:20 | call to split : |
| string_flow.rb:278:9:278:20 | call to split : | string_flow.rb:279:10:279:10 | b : |
| string_flow.rb:279:10:279:10 | b : | string_flow.rb:279:10:279:13 | ...[...] |
| string_flow.rb:281:9:281:9 | a : | string_flow.rb:281:9:281:14 | ...[...] : |
| string_flow.rb:281:9:281:9 | a : | string_flow.rb:281:9:281:14 | ...[...] [array element 0] : |
| string_flow.rb:281:9:281:9 | a : | string_flow.rb:281:9:281:14 | ...[...] [array element 1] : |
| string_flow.rb:281:9:281:9 | a : | string_flow.rb:281:9:281:14 | ...[...] [array element] : |
| string_flow.rb:281:9:281:9 | a [array element 1] : | string_flow.rb:281:9:281:14 | ...[...] [array element 0] : |
| string_flow.rb:281:9:281:9 | a [array element 2] : | string_flow.rb:281:9:281:14 | ...[...] [array element 1] : |
| string_flow.rb:281:9:281:9 | a [array element] : | string_flow.rb:281:9:281:14 | ...[...] [array element] : |
| string_flow.rb:281:9:281:14 | ...[...] : | string_flow.rb:282:10:282:10 | b : |
| string_flow.rb:281:9:281:14 | ...[...] [array element 0] : | string_flow.rb:282:10:282:10 | b [array element 0] : |
| string_flow.rb:281:9:281:14 | ...[...] [array element 1] : | string_flow.rb:282:10:282:10 | b [array element 1] : |
| string_flow.rb:281:9:281:14 | ...[...] [array element] : | string_flow.rb:282:10:282:10 | b [array element] : |
| string_flow.rb:282:10:282:10 | b : | string_flow.rb:282:10:282:13 | ...[...] |
| string_flow.rb:282:10:282:10 | b [array element 0] : | string_flow.rb:282:10:282:13 | ...[...] |
| string_flow.rb:282:10:282:10 | b [array element 1] : | string_flow.rb:282:10:282:13 | ...[...] |
| string_flow.rb:282:10:282:10 | b [array element] : | string_flow.rb:282:10:282:13 | ...[...] |
| string_flow.rb:286:9:286:18 | call to source : | string_flow.rb:287:10:287:10 | a : |
| string_flow.rb:286:9:286:18 | call to source : | string_flow.rb:288:10:288:10 | a : |
| string_flow.rb:286:9:286:18 | call to source : | string_flow.rb:289:10:289:10 | a : |
| string_flow.rb:286:9:286:18 | call to source : | string_flow.rb:290:10:290:10 | a : |
| string_flow.rb:287:10:287:10 | a : | string_flow.rb:287:10:287:18 | call to squeeze |
| string_flow.rb:288:10:288:10 | a : | string_flow.rb:288:10:288:23 | call to squeeze |
| string_flow.rb:289:10:289:10 | a : | string_flow.rb:289:10:289:19 | call to squeeze! |
| string_flow.rb:290:10:290:10 | a : | string_flow.rb:290:10:290:24 | call to squeeze! |
| string_flow.rb:294:9:294:18 | call to source : | string_flow.rb:295:10:295:10 | a : |
| string_flow.rb:294:9:294:18 | call to source : | string_flow.rb:295:10:295:10 | a : |
| string_flow.rb:294:9:294:18 | call to source : | string_flow.rb:296:10:296:10 | a : |
| string_flow.rb:294:9:294:18 | call to source : | string_flow.rb:296:10:296:10 | a : |
| string_flow.rb:295:10:295:10 | a : | string_flow.rb:295:10:295:17 | call to to_str |
| string_flow.rb:295:10:295:10 | a : | string_flow.rb:295:10:295:17 | call to to_str |
| string_flow.rb:296:10:296:10 | a : | string_flow.rb:296:10:296:15 | call to to_s |
| string_flow.rb:296:10:296:10 | a : | string_flow.rb:296:10:296:15 | call to to_s |
| string_flow.rb:300:9:300:18 | call to source : | string_flow.rb:301:10:301:10 | a : |
| string_flow.rb:300:9:300:18 | call to source : | string_flow.rb:302:22:302:22 | a : |
| string_flow.rb:300:9:300:18 | call to source : | string_flow.rb:303:10:303:10 | a : |
| string_flow.rb:300:9:300:18 | call to source : | string_flow.rb:304:23:304:23 | a : |
| string_flow.rb:300:9:300:18 | call to source : | string_flow.rb:305:10:305:10 | a : |
| string_flow.rb:300:9:300:18 | call to source : | string_flow.rb:306:24:306:24 | a : |
| string_flow.rb:300:9:300:18 | call to source : | string_flow.rb:307:10:307:10 | a : |
| string_flow.rb:300:9:300:18 | call to source : | string_flow.rb:308:25:308:25 | a : |
| string_flow.rb:301:10:301:10 | a : | string_flow.rb:301:10:301:23 | call to tr |
| string_flow.rb:302:22:302:22 | a : | string_flow.rb:302:10:302:23 | call to tr |
| string_flow.rb:303:10:303:10 | a : | string_flow.rb:303:10:303:24 | call to tr! |
| string_flow.rb:304:23:304:23 | a : | string_flow.rb:304:10:304:24 | call to tr! |
| string_flow.rb:305:10:305:10 | a : | string_flow.rb:305:10:305:25 | call to tr_s |
| string_flow.rb:306:24:306:24 | a : | string_flow.rb:306:10:306:25 | call to tr_s |
| string_flow.rb:307:10:307:10 | a : | string_flow.rb:307:10:307:26 | call to tr_s! |
| string_flow.rb:308:25:308:25 | a : | string_flow.rb:308:10:308:26 | call to tr_s! |
| string_flow.rb:312:9:312:18 | call to source : | string_flow.rb:313:5:313:5 | a : |
| string_flow.rb:312:9:312:18 | call to source : | string_flow.rb:313:5:313:5 | a : |
| string_flow.rb:312:9:312:18 | call to source : | string_flow.rb:314:5:314:5 | a : |
| string_flow.rb:312:9:312:18 | call to source : | string_flow.rb:314:5:314:5 | a : |
| string_flow.rb:312:9:312:18 | call to source : | string_flow.rb:315:14:315:14 | a : |
| string_flow.rb:312:9:312:18 | call to source : | string_flow.rb:315:14:315:14 | a : |
| string_flow.rb:313:5:313:5 | a : | string_flow.rb:313:20:313:20 | x : |
| string_flow.rb:313:5:313:5 | a : | string_flow.rb:313:20:313:20 | x : |
| string_flow.rb:313:20:313:20 | x : | string_flow.rb:313:28:313:28 | x |
| string_flow.rb:313:20:313:20 | x : | string_flow.rb:313:28:313:28 | x |
| string_flow.rb:314:5:314:5 | a : | string_flow.rb:314:26:314:26 | x : |
| string_flow.rb:314:5:314:5 | a : | string_flow.rb:314:26:314:26 | x : |
| string_flow.rb:314:26:314:26 | x : | string_flow.rb:314:34:314:34 | x |
| string_flow.rb:314:26:314:26 | x : | string_flow.rb:314:34:314:34 | x |
| string_flow.rb:315:14:315:14 | a : | string_flow.rb:315:20:315:20 | x : |
| string_flow.rb:315:14:315:14 | a : | string_flow.rb:315:20:315:20 | x : |
| string_flow.rb:315:20:315:20 | x : | string_flow.rb:315:28:315:28 | x |
| string_flow.rb:315:20:315:20 | x : | string_flow.rb:315:28:315:28 | x |
nodes
| string_flow.rb:2:9:2:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:2:9:2:18 | call to source : | semmle.label | call to source : |
@@ -381,18 +334,11 @@ nodes
| string_flow.rb:8:29:8:29 | a : | semmle.label | a : |
| string_flow.rb:8:29:8:29 | a : | semmle.label | a : |
| string_flow.rb:12:9:12:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:12:9:12:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:13:10:13:17 | ... % ... | semmle.label | ... % ... |
| string_flow.rb:13:10:13:17 | ... % ... | semmle.label | ... % ... |
| string_flow.rb:13:17:13:17 | a : | semmle.label | a : |
| string_flow.rb:13:17:13:17 | a : | semmle.label | a : |
| string_flow.rb:14:10:14:29 | ... % ... | semmle.label | ... % ... |
| string_flow.rb:14:10:14:29 | ... % ... | semmle.label | ... % ... |
| string_flow.rb:14:28:14:28 | a : | semmle.label | a : |
| string_flow.rb:14:28:14:28 | a : | semmle.label | a : |
| string_flow.rb:15:10:15:10 | a : | semmle.label | a : |
| string_flow.rb:15:10:15:10 | a : | semmle.label | a : |
| string_flow.rb:15:10:15:18 | ... % ... | semmle.label | ... % ... |
| string_flow.rb:15:10:15:18 | ... % ... | semmle.label | ... % ... |
| string_flow.rb:19:9:19:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:21:10:21:10 | b | semmle.label | b |
@@ -408,18 +354,11 @@ nodes
| string_flow.rb:40:10:40:12 | call to b | semmle.label | call to b |
| string_flow.rb:40:10:40:12 | call to b | semmle.label | call to b |
| string_flow.rb:44:9:44:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:44:9:44:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:45:10:45:10 | a : | semmle.label | a : |
| string_flow.rb:45:10:45:10 | a : | semmle.label | a : |
| string_flow.rb:45:10:45:23 | call to byteslice | semmle.label | call to byteslice |
| string_flow.rb:45:10:45:23 | call to byteslice | semmle.label | call to byteslice |
| string_flow.rb:46:10:46:10 | a : | semmle.label | a : |
| string_flow.rb:46:10:46:10 | a : | semmle.label | a : |
| string_flow.rb:46:10:46:26 | call to byteslice | semmle.label | call to byteslice |
| string_flow.rb:46:10:46:26 | call to byteslice | semmle.label | call to byteslice |
| string_flow.rb:47:10:47:10 | a : | semmle.label | a : |
| string_flow.rb:47:10:47:10 | a : | semmle.label | a : |
| string_flow.rb:47:10:47:26 | call to byteslice | semmle.label | call to byteslice |
| string_flow.rb:47:10:47:26 | call to byteslice | semmle.label | call to byteslice |
| string_flow.rb:51:9:51:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:52:10:52:10 | a : | semmle.label | a : |
@@ -533,13 +472,9 @@ nodes
| string_flow.rb:167:23:167:23 | c : | semmle.label | c : |
| string_flow.rb:168:10:168:10 | a : | semmle.label | a : |
| string_flow.rb:168:10:168:43 | call to gsub | semmle.label | call to gsub |
| string_flow.rb:168:10:168:43 | call to gsub | semmle.label | call to gsub |
| string_flow.rb:168:32:168:41 | call to source : | semmle.label | call to source : |
| string_flow.rb:168:32:168:41 | call to source : | semmle.label | call to source : |
| string_flow.rb:169:10:169:10 | a : | semmle.label | a : |
| string_flow.rb:169:10:169:44 | call to gsub! | semmle.label | call to gsub! |
| string_flow.rb:169:10:169:44 | call to gsub! | semmle.label | call to gsub! |
| string_flow.rb:169:33:169:42 | call to source : | semmle.label | call to source : |
| string_flow.rb:169:33:169:42 | call to source : | semmle.label | call to source : |
| string_flow.rb:173:9:173:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:174:9:174:18 | call to source : | semmle.label | call to source : |
@@ -551,42 +486,25 @@ nodes
| string_flow.rb:176:22:176:22 | c : | semmle.label | c : |
| string_flow.rb:177:10:177:10 | a : | semmle.label | a : |
| string_flow.rb:177:10:177:42 | call to sub | semmle.label | call to sub |
| string_flow.rb:177:10:177:42 | call to sub | semmle.label | call to sub |
| string_flow.rb:177:31:177:40 | call to source : | semmle.label | call to source : |
| string_flow.rb:177:31:177:40 | call to source : | semmle.label | call to source : |
| string_flow.rb:178:10:178:10 | a : | semmle.label | a : |
| string_flow.rb:178:10:178:43 | call to sub! | semmle.label | call to sub! |
| string_flow.rb:178:10:178:43 | call to sub! | semmle.label | call to sub! |
| string_flow.rb:178:32:178:41 | call to source : | semmle.label | call to source : |
| string_flow.rb:178:32:178:41 | call to source : | semmle.label | call to source : |
| string_flow.rb:189:9:189:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:190:10:190:10 | a : | semmle.label | a : |
| string_flow.rb:190:10:190:18 | call to inspect | semmle.label | call to inspect |
| string_flow.rb:194:9:194:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:194:9:194:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:195:10:195:10 | a : | semmle.label | a : |
| string_flow.rb:195:10:195:10 | a : | semmle.label | a : |
| string_flow.rb:195:10:195:16 | call to strip | semmle.label | call to strip |
| string_flow.rb:195:10:195:16 | call to strip | semmle.label | call to strip |
| string_flow.rb:196:10:196:10 | a : | semmle.label | a : |
| string_flow.rb:196:10:196:10 | a : | semmle.label | a : |
| string_flow.rb:196:10:196:17 | call to strip! | semmle.label | call to strip! |
| string_flow.rb:196:10:196:17 | call to strip! | semmle.label | call to strip! |
| string_flow.rb:197:10:197:10 | a : | semmle.label | a : |
| string_flow.rb:197:10:197:10 | a : | semmle.label | a : |
| string_flow.rb:197:10:197:17 | call to lstrip | semmle.label | call to lstrip |
| string_flow.rb:197:10:197:17 | call to lstrip | semmle.label | call to lstrip |
| string_flow.rb:198:10:198:10 | a : | semmle.label | a : |
| string_flow.rb:198:10:198:10 | a : | semmle.label | a : |
| string_flow.rb:198:10:198:18 | call to lstrip! | semmle.label | call to lstrip! |
| string_flow.rb:198:10:198:18 | call to lstrip! | semmle.label | call to lstrip! |
| string_flow.rb:199:10:199:10 | a : | semmle.label | a : |
| string_flow.rb:199:10:199:10 | a : | semmle.label | a : |
| string_flow.rb:199:10:199:17 | call to rstrip | semmle.label | call to rstrip |
| string_flow.rb:199:10:199:17 | call to rstrip | semmle.label | call to rstrip |
| string_flow.rb:200:10:200:10 | a : | semmle.label | a : |
| string_flow.rb:200:10:200:10 | a : | semmle.label | a : |
| string_flow.rb:200:10:200:18 | call to rstrip! | semmle.label | call to rstrip! |
| string_flow.rb:200:10:200:18 | call to rstrip! | semmle.label | call to rstrip! |
| string_flow.rb:204:9:204:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:205:10:205:10 | a : | semmle.label | a : |
@@ -626,18 +544,14 @@ nodes
| string_flow.rb:230:10:230:10 | a : | semmle.label | a : |
| string_flow.rb:230:10:230:18 | call to reverse | semmle.label | call to reverse |
| string_flow.rb:234:9:234:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:234:9:234:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:235:9:235:9 | a : | semmle.label | a : |
| string_flow.rb:235:24:235:24 | x : | semmle.label | x : |
| string_flow.rb:235:35:235:35 | x | semmle.label | x |
| string_flow.rb:236:9:236:9 | a : | semmle.label | a : |
| string_flow.rb:236:9:236:9 | a : | semmle.label | a : |
| string_flow.rb:236:9:236:37 | call to scan : | semmle.label | call to scan : |
| string_flow.rb:236:9:236:37 | call to scan : | semmle.label | call to scan : |
| string_flow.rb:236:27:236:27 | y : | semmle.label | y : |
| string_flow.rb:236:35:236:35 | y | semmle.label | y |
| string_flow.rb:237:10:237:10 | b | semmle.label | b |
| string_flow.rb:237:10:237:10 | b | semmle.label | b |
| string_flow.rb:238:9:238:9 | a : | semmle.label | a : |
| string_flow.rb:238:9:238:19 | call to scan [array element] : | semmle.label | call to scan [array element] : |
| string_flow.rb:239:10:239:10 | b [array element] : | semmle.label | b [array element] : |
@@ -645,173 +559,133 @@ nodes
| string_flow.rb:240:10:240:10 | b [array element] : | semmle.label | b [array element] : |
| string_flow.rb:240:10:240:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:244:5:244:18 | ... = ... : | semmle.label | ... = ... : |
| string_flow.rb:244:5:244:18 | ... = ... : | semmle.label | ... = ... : |
| string_flow.rb:244:9:244:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:244:9:244:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:245:10:245:10 | a : | semmle.label | a : |
| string_flow.rb:245:10:245:21 | call to scrub | semmle.label | call to scrub |
| string_flow.rb:246:10:246:21 | call to scrub | semmle.label | call to scrub |
| string_flow.rb:246:10:246:21 | call to scrub | semmle.label | call to scrub |
| string_flow.rb:246:20:246:20 | a : | semmle.label | a : |
| string_flow.rb:246:20:246:20 | a : | semmle.label | a : |
| string_flow.rb:247:5:247:5 | a : | semmle.label | a : |
| string_flow.rb:247:5:247:5 | a : | semmle.label | a : |
| string_flow.rb:247:16:247:16 | x : | semmle.label | x : |
| string_flow.rb:247:16:247:16 | x : | semmle.label | x : |
| string_flow.rb:247:24:247:24 | x | semmle.label | x |
| string_flow.rb:247:24:247:24 | x | semmle.label | x |
| string_flow.rb:248:10:248:28 | call to scrub | semmle.label | call to scrub |
| string_flow.rb:248:10:248:28 | call to scrub | semmle.label | call to scrub |
| string_flow.rb:248:26:248:26 | a : | semmle.label | a : |
| string_flow.rb:248:26:248:26 | a : | semmle.label | a : |
| string_flow.rb:250:10:250:10 | a : | semmle.label | a : |
| string_flow.rb:250:10:250:22 | call to scrub! | semmle.label | call to scrub! |
| string_flow.rb:251:10:251:22 | call to scrub! | semmle.label | call to scrub! |
| string_flow.rb:251:10:251:22 | call to scrub! | semmle.label | call to scrub! |
| string_flow.rb:251:21:251:21 | a : | semmle.label | a : |
| string_flow.rb:251:21:251:21 | a : | semmle.label | a : |
| string_flow.rb:253:5:253:18 | ... = ... : | semmle.label | ... = ... : |
| string_flow.rb:253:5:253:18 | ... = ... : | semmle.label | ... = ... : |
| string_flow.rb:253:9:253:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:253:9:253:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:254:5:254:5 | a : | semmle.label | a : |
| string_flow.rb:254:5:254:5 | a : | semmle.label | a : |
| string_flow.rb:254:17:254:17 | x : | semmle.label | x : |
| string_flow.rb:254:17:254:17 | x : | semmle.label | x : |
| string_flow.rb:254:25:254:25 | x | semmle.label | x |
| string_flow.rb:254:25:254:25 | x | semmle.label | x |
| string_flow.rb:256:10:256:29 | call to scrub! | semmle.label | call to scrub! |
| string_flow.rb:256:10:256:29 | call to scrub! | semmle.label | call to scrub! |
| string_flow.rb:256:27:256:27 | a : | semmle.label | a : |
| string_flow.rb:256:27:256:27 | a : | semmle.label | a : |
| string_flow.rb:260:9:260:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:261:9:261:9 | a : | semmle.label | a : |
| string_flow.rb:261:9:261:20 | call to shellsplit [array element] : | semmle.label | call to shellsplit [array element] : |
| string_flow.rb:262:10:262:10 | b [array element] : | semmle.label | b [array element] : |
| string_flow.rb:262:10:262:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:266:9:266:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:267:9:267:9 | a : | semmle.label | a : |
| string_flow.rb:267:9:267:18 | call to slice : | semmle.label | call to slice : |
| string_flow.rb:268:10:268:10 | b : | semmle.label | b : |
| string_flow.rb:268:10:268:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:270:9:270:9 | [post] a : | semmle.label | [post] a : |
| string_flow.rb:270:9:270:9 | [post] a [array element 1] : | semmle.label | [post] a [array element 1] : |
| string_flow.rb:270:9:270:9 | [post] a [array element 2] : | semmle.label | [post] a [array element 2] : |
| string_flow.rb:270:9:270:9 | [post] a [array element] : | semmle.label | [post] a [array element] : |
| string_flow.rb:270:9:270:9 | a : | semmle.label | a : |
| string_flow.rb:270:9:270:19 | call to slice! : | semmle.label | call to slice! : |
| string_flow.rb:271:10:271:10 | b : | semmle.label | b : |
| string_flow.rb:271:10:271:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:273:9:273:9 | a : | semmle.label | a : |
| string_flow.rb:273:9:273:20 | call to split : | semmle.label | call to split : |
| string_flow.rb:274:10:274:10 | b : | semmle.label | b : |
| string_flow.rb:274:10:274:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:276:9:276:9 | a : | semmle.label | a : |
| string_flow.rb:276:9:276:9 | a [array element 1] : | semmle.label | a [array element 1] : |
| string_flow.rb:276:9:276:9 | a [array element 2] : | semmle.label | a [array element 2] : |
| string_flow.rb:276:9:276:9 | a [array element] : | semmle.label | a [array element] : |
| string_flow.rb:276:9:276:14 | ...[...] : | semmle.label | ...[...] : |
| string_flow.rb:276:9:276:14 | ...[...] [array element 0] : | semmle.label | ...[...] [array element 0] : |
| string_flow.rb:276:9:276:14 | ...[...] [array element 1] : | semmle.label | ...[...] [array element 1] : |
| string_flow.rb:276:9:276:14 | ...[...] [array element] : | semmle.label | ...[...] [array element] : |
| string_flow.rb:277:10:277:10 | b : | semmle.label | b : |
| string_flow.rb:277:10:277:10 | b [array element 0] : | semmle.label | b [array element 0] : |
| string_flow.rb:277:10:277:10 | b [array element 1] : | semmle.label | b [array element 1] : |
| string_flow.rb:277:10:277:10 | b [array element] : | semmle.label | b [array element] : |
| string_flow.rb:277:10:277:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:281:9:281:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:282:10:282:10 | a : | semmle.label | a : |
| string_flow.rb:282:10:282:18 | call to squeeze | semmle.label | call to squeeze |
| string_flow.rb:283:10:283:10 | a : | semmle.label | a : |
| string_flow.rb:283:10:283:23 | call to squeeze | semmle.label | call to squeeze |
| string_flow.rb:284:10:284:10 | a : | semmle.label | a : |
| string_flow.rb:284:10:284:19 | call to squeeze! | semmle.label | call to squeeze! |
| string_flow.rb:285:10:285:10 | a : | semmle.label | a : |
| string_flow.rb:285:10:285:24 | call to squeeze! | semmle.label | call to squeeze! |
| string_flow.rb:289:9:289:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:289:9:289:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:261:10:261:10 | a : | semmle.label | a : |
| string_flow.rb:261:10:261:22 | call to shellescape | semmle.label | call to shellescape |
| string_flow.rb:265:9:265:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:266:9:266:9 | a : | semmle.label | a : |
| string_flow.rb:266:9:266:20 | call to shellsplit [array element] : | semmle.label | call to shellsplit [array element] : |
| string_flow.rb:267:10:267:10 | b [array element] : | semmle.label | b [array element] : |
| string_flow.rb:267:10:267:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:271:9:271:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:272:9:272:9 | a : | semmle.label | a : |
| string_flow.rb:272:9:272:18 | call to slice : | semmle.label | call to slice : |
| string_flow.rb:273:10:273:10 | b : | semmle.label | b : |
| string_flow.rb:273:10:273:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:275:9:275:9 | [post] a : | semmle.label | [post] a : |
| string_flow.rb:275:9:275:9 | [post] a [array element 1] : | semmle.label | [post] a [array element 1] : |
| string_flow.rb:275:9:275:9 | [post] a [array element 2] : | semmle.label | [post] a [array element 2] : |
| string_flow.rb:275:9:275:9 | [post] a [array element] : | semmle.label | [post] a [array element] : |
| string_flow.rb:275:9:275:9 | a : | semmle.label | a : |
| string_flow.rb:275:9:275:19 | call to slice! : | semmle.label | call to slice! : |
| string_flow.rb:276:10:276:10 | b : | semmle.label | b : |
| string_flow.rb:276:10:276:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:278:9:278:9 | a : | semmle.label | a : |
| string_flow.rb:278:9:278:20 | call to split : | semmle.label | call to split : |
| string_flow.rb:279:10:279:10 | b : | semmle.label | b : |
| string_flow.rb:279:10:279:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:281:9:281:9 | a : | semmle.label | a : |
| string_flow.rb:281:9:281:9 | a [array element 1] : | semmle.label | a [array element 1] : |
| string_flow.rb:281:9:281:9 | a [array element 2] : | semmle.label | a [array element 2] : |
| string_flow.rb:281:9:281:9 | a [array element] : | semmle.label | a [array element] : |
| string_flow.rb:281:9:281:14 | ...[...] : | semmle.label | ...[...] : |
| string_flow.rb:281:9:281:14 | ...[...] [array element 0] : | semmle.label | ...[...] [array element 0] : |
| string_flow.rb:281:9:281:14 | ...[...] [array element 1] : | semmle.label | ...[...] [array element 1] : |
| string_flow.rb:281:9:281:14 | ...[...] [array element] : | semmle.label | ...[...] [array element] : |
| string_flow.rb:282:10:282:10 | b : | semmle.label | b : |
| string_flow.rb:282:10:282:10 | b [array element 0] : | semmle.label | b [array element 0] : |
| string_flow.rb:282:10:282:10 | b [array element 1] : | semmle.label | b [array element 1] : |
| string_flow.rb:282:10:282:10 | b [array element] : | semmle.label | b [array element] : |
| string_flow.rb:282:10:282:13 | ...[...] | semmle.label | ...[...] |
| string_flow.rb:286:9:286:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:287:10:287:10 | a : | semmle.label | a : |
| string_flow.rb:287:10:287:18 | call to squeeze | semmle.label | call to squeeze |
| string_flow.rb:288:10:288:10 | a : | semmle.label | a : |
| string_flow.rb:288:10:288:23 | call to squeeze | semmle.label | call to squeeze |
| string_flow.rb:289:10:289:10 | a : | semmle.label | a : |
| string_flow.rb:289:10:289:19 | call to squeeze! | semmle.label | call to squeeze! |
| string_flow.rb:290:10:290:10 | a : | semmle.label | a : |
| string_flow.rb:290:10:290:10 | a : | semmle.label | a : |
| string_flow.rb:290:10:290:17 | call to to_str | semmle.label | call to to_str |
| string_flow.rb:290:10:290:17 | call to to_str | semmle.label | call to to_str |
| string_flow.rb:291:10:291:10 | a : | semmle.label | a : |
| string_flow.rb:291:10:291:10 | a : | semmle.label | a : |
| string_flow.rb:291:10:291:15 | call to to_s | semmle.label | call to to_s |
| string_flow.rb:291:10:291:15 | call to to_s | semmle.label | call to to_s |
| string_flow.rb:295:9:295:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:290:10:290:24 | call to squeeze! | semmle.label | call to squeeze! |
| string_flow.rb:294:9:294:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:294:9:294:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:295:10:295:10 | a : | semmle.label | a : |
| string_flow.rb:295:10:295:10 | a : | semmle.label | a : |
| string_flow.rb:295:10:295:17 | call to to_str | semmle.label | call to to_str |
| string_flow.rb:295:10:295:17 | call to to_str | semmle.label | call to to_str |
| string_flow.rb:296:10:296:10 | a : | semmle.label | a : |
| string_flow.rb:296:10:296:23 | call to tr | semmle.label | call to tr |
| string_flow.rb:297:10:297:23 | call to tr | semmle.label | call to tr |
| string_flow.rb:297:22:297:22 | a : | semmle.label | a : |
| string_flow.rb:298:10:298:10 | a : | semmle.label | a : |
| string_flow.rb:298:10:298:24 | call to tr! | semmle.label | call to tr! |
| string_flow.rb:299:10:299:24 | call to tr! | semmle.label | call to tr! |
| string_flow.rb:299:23:299:23 | a : | semmle.label | a : |
| string_flow.rb:300:10:300:10 | a : | semmle.label | a : |
| string_flow.rb:300:10:300:25 | call to tr_s | semmle.label | call to tr_s |
| string_flow.rb:301:10:301:25 | call to tr_s | semmle.label | call to tr_s |
| string_flow.rb:301:24:301:24 | a : | semmle.label | a : |
| string_flow.rb:302:10:302:10 | a : | semmle.label | a : |
| string_flow.rb:302:10:302:26 | call to tr_s! | semmle.label | call to tr_s! |
| string_flow.rb:303:10:303:26 | call to tr_s! | semmle.label | call to tr_s! |
| string_flow.rb:303:25:303:25 | a : | semmle.label | a : |
| string_flow.rb:307:9:307:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:307:9:307:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:308:5:308:5 | a : | semmle.label | a : |
| string_flow.rb:308:5:308:5 | a : | semmle.label | a : |
| string_flow.rb:308:20:308:20 | x : | semmle.label | x : |
| string_flow.rb:308:20:308:20 | x : | semmle.label | x : |
| string_flow.rb:308:28:308:28 | x | semmle.label | x |
| string_flow.rb:308:28:308:28 | x | semmle.label | x |
| string_flow.rb:309:5:309:5 | a : | semmle.label | a : |
| string_flow.rb:309:5:309:5 | a : | semmle.label | a : |
| string_flow.rb:309:26:309:26 | x : | semmle.label | x : |
| string_flow.rb:309:26:309:26 | x : | semmle.label | x : |
| string_flow.rb:309:34:309:34 | x | semmle.label | x |
| string_flow.rb:309:34:309:34 | x | semmle.label | x |
| string_flow.rb:310:14:310:14 | a : | semmle.label | a : |
| string_flow.rb:310:14:310:14 | a : | semmle.label | a : |
| string_flow.rb:310:20:310:20 | x : | semmle.label | x : |
| string_flow.rb:310:20:310:20 | x : | semmle.label | x : |
| string_flow.rb:310:28:310:28 | x | semmle.label | x |
| string_flow.rb:310:28:310:28 | x | semmle.label | x |
| string_flow.rb:296:10:296:10 | a : | semmle.label | a : |
| string_flow.rb:296:10:296:15 | call to to_s | semmle.label | call to to_s |
| string_flow.rb:296:10:296:15 | call to to_s | semmle.label | call to to_s |
| string_flow.rb:300:9:300:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:301:10:301:10 | a : | semmle.label | a : |
| string_flow.rb:301:10:301:23 | call to tr | semmle.label | call to tr |
| string_flow.rb:302:10:302:23 | call to tr | semmle.label | call to tr |
| string_flow.rb:302:22:302:22 | a : | semmle.label | a : |
| string_flow.rb:303:10:303:10 | a : | semmle.label | a : |
| string_flow.rb:303:10:303:24 | call to tr! | semmle.label | call to tr! |
| string_flow.rb:304:10:304:24 | call to tr! | semmle.label | call to tr! |
| string_flow.rb:304:23:304:23 | a : | semmle.label | a : |
| string_flow.rb:305:10:305:10 | a : | semmle.label | a : |
| string_flow.rb:305:10:305:25 | call to tr_s | semmle.label | call to tr_s |
| string_flow.rb:306:10:306:25 | call to tr_s | semmle.label | call to tr_s |
| string_flow.rb:306:24:306:24 | a : | semmle.label | a : |
| string_flow.rb:307:10:307:10 | a : | semmle.label | a : |
| string_flow.rb:307:10:307:26 | call to tr_s! | semmle.label | call to tr_s! |
| string_flow.rb:308:10:308:26 | call to tr_s! | semmle.label | call to tr_s! |
| string_flow.rb:308:25:308:25 | a : | semmle.label | a : |
| string_flow.rb:312:9:312:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:312:9:312:18 | call to source : | semmle.label | call to source : |
| string_flow.rb:313:5:313:5 | a : | semmle.label | a : |
| string_flow.rb:313:5:313:5 | a : | semmle.label | a : |
| string_flow.rb:313:20:313:20 | x : | semmle.label | x : |
| string_flow.rb:313:20:313:20 | x : | semmle.label | x : |
| string_flow.rb:313:28:313:28 | x | semmle.label | x |
| string_flow.rb:313:28:313:28 | x | semmle.label | x |
| string_flow.rb:314:5:314:5 | a : | semmle.label | a : |
| string_flow.rb:314:5:314:5 | a : | semmle.label | a : |
| string_flow.rb:314:26:314:26 | x : | semmle.label | x : |
| string_flow.rb:314:26:314:26 | x : | semmle.label | x : |
| string_flow.rb:314:34:314:34 | x | semmle.label | x |
| string_flow.rb:314:34:314:34 | x | semmle.label | x |
| string_flow.rb:315:14:315:14 | a : | semmle.label | a : |
| string_flow.rb:315:14:315:14 | a : | semmle.label | a : |
| string_flow.rb:315:20:315:20 | x : | semmle.label | x : |
| string_flow.rb:315:20:315:20 | x : | semmle.label | x : |
| string_flow.rb:315:28:315:28 | x | semmle.label | x |
| string_flow.rb:315:28:315:28 | x | semmle.label | x |
subpaths
#select
| string_flow.rb:3:10:3:22 | call to new | string_flow.rb:2:9:2:18 | call to source : | string_flow.rb:3:10:3:22 | call to new | $@ | string_flow.rb:2:9:2:18 | call to source : | call to source : |
| string_flow.rb:8:10:8:30 | call to try_convert | string_flow.rb:7:9:7:18 | call to source : | string_flow.rb:8:10:8:30 | call to try_convert | $@ | string_flow.rb:7:9:7:18 | call to source : | call to source : |
| string_flow.rb:13:10:13:17 | ... % ... | string_flow.rb:12:9:12:18 | call to source : | string_flow.rb:13:10:13:17 | ... % ... | $@ | string_flow.rb:12:9:12:18 | call to source : | call to source : |
| string_flow.rb:14:10:14:29 | ... % ... | string_flow.rb:12:9:12:18 | call to source : | string_flow.rb:14:10:14:29 | ... % ... | $@ | string_flow.rb:12:9:12:18 | call to source : | call to source : |
| string_flow.rb:15:10:15:18 | ... % ... | string_flow.rb:12:9:12:18 | call to source : | string_flow.rb:15:10:15:18 | ... % ... | $@ | string_flow.rb:12:9:12:18 | call to source : | call to source : |
| string_flow.rb:40:10:40:12 | call to b | string_flow.rb:39:9:39:18 | call to source : | string_flow.rb:40:10:40:12 | call to b | $@ | string_flow.rb:39:9:39:18 | call to source : | call to source : |
| string_flow.rb:45:10:45:23 | call to byteslice | string_flow.rb:44:9:44:18 | call to source : | string_flow.rb:45:10:45:23 | call to byteslice | $@ | string_flow.rb:44:9:44:18 | call to source : | call to source : |
| string_flow.rb:46:10:46:26 | call to byteslice | string_flow.rb:44:9:44:18 | call to source : | string_flow.rb:46:10:46:26 | call to byteslice | $@ | string_flow.rb:44:9:44:18 | call to source : | call to source : |
| string_flow.rb:47:10:47:26 | call to byteslice | string_flow.rb:44:9:44:18 | call to source : | string_flow.rb:47:10:47:26 | call to byteslice | $@ | string_flow.rb:44:9:44:18 | call to source : | call to source : |
| string_flow.rb:83:10:83:10 | a | string_flow.rb:81:9:81:18 | call to source : | string_flow.rb:83:10:83:10 | a | $@ | string_flow.rb:81:9:81:18 | call to source : | call to source : |
| string_flow.rb:160:10:160:17 | call to freeze | string_flow.rb:159:9:159:18 | call to source : | string_flow.rb:160:10:160:17 | call to freeze | $@ | string_flow.rb:159:9:159:18 | call to source : | call to source : |
| string_flow.rb:168:10:168:43 | call to gsub | string_flow.rb:168:32:168:41 | call to source : | string_flow.rb:168:10:168:43 | call to gsub | $@ | string_flow.rb:168:32:168:41 | call to source : | call to source : |
| string_flow.rb:169:10:169:44 | call to gsub! | string_flow.rb:169:33:169:42 | call to source : | string_flow.rb:169:10:169:44 | call to gsub! | $@ | string_flow.rb:169:33:169:42 | call to source : | call to source : |
| string_flow.rb:177:10:177:42 | call to sub | string_flow.rb:177:31:177:40 | call to source : | string_flow.rb:177:10:177:42 | call to sub | $@ | string_flow.rb:177:31:177:40 | call to source : | call to source : |
| string_flow.rb:178:10:178:43 | call to sub! | string_flow.rb:178:32:178:41 | call to source : | string_flow.rb:178:10:178:43 | call to sub! | $@ | string_flow.rb:178:32:178:41 | call to source : | call to source : |
| string_flow.rb:195:10:195:16 | call to strip | string_flow.rb:194:9:194:18 | call to source : | string_flow.rb:195:10:195:16 | call to strip | $@ | string_flow.rb:194:9:194:18 | call to source : | call to source : |
| string_flow.rb:196:10:196:17 | call to strip! | string_flow.rb:194:9:194:18 | call to source : | string_flow.rb:196:10:196:17 | call to strip! | $@ | string_flow.rb:194:9:194:18 | call to source : | call to source : |
| string_flow.rb:197:10:197:17 | call to lstrip | string_flow.rb:194:9:194:18 | call to source : | string_flow.rb:197:10:197:17 | call to lstrip | $@ | string_flow.rb:194:9:194:18 | call to source : | call to source : |
| string_flow.rb:198:10:198:18 | call to lstrip! | string_flow.rb:194:9:194:18 | call to source : | string_flow.rb:198:10:198:18 | call to lstrip! | $@ | string_flow.rb:194:9:194:18 | call to source : | call to source : |
| string_flow.rb:199:10:199:17 | call to rstrip | string_flow.rb:194:9:194:18 | call to source : | string_flow.rb:199:10:199:17 | call to rstrip | $@ | string_flow.rb:194:9:194:18 | call to source : | call to source : |
| string_flow.rb:200:10:200:18 | call to rstrip! | string_flow.rb:194:9:194:18 | call to source : | string_flow.rb:200:10:200:18 | call to rstrip! | $@ | string_flow.rb:194:9:194:18 | call to source : | call to source : |
| string_flow.rb:223:10:223:21 | call to replace | string_flow.rb:222:9:222:18 | call to source : | string_flow.rb:223:10:223:21 | call to replace | $@ | string_flow.rb:222:9:222:18 | call to source : | call to source : |
| string_flow.rb:225:10:225:10 | a | string_flow.rb:221:9:221:18 | call to source : | string_flow.rb:225:10:225:10 | a | $@ | string_flow.rb:221:9:221:18 | call to source : | call to source : |
| string_flow.rb:225:10:225:10 | a | string_flow.rb:222:9:222:18 | call to source : | string_flow.rb:225:10:225:10 | a | $@ | string_flow.rb:222:9:222:18 | call to source : | call to source : |
| string_flow.rb:237:10:237:10 | b | string_flow.rb:234:9:234:18 | call to source : | string_flow.rb:237:10:237:10 | b | $@ | string_flow.rb:234:9:234:18 | call to source : | call to source : |
| string_flow.rb:246:10:246:21 | call to scrub | string_flow.rb:244:9:244:18 | call to source : | string_flow.rb:246:10:246:21 | call to scrub | $@ | string_flow.rb:244:9:244:18 | call to source : | call to source : |
| string_flow.rb:247:24:247:24 | x | string_flow.rb:244:9:244:18 | call to source : | string_flow.rb:247:24:247:24 | x | $@ | string_flow.rb:244:9:244:18 | call to source : | call to source : |
| string_flow.rb:248:10:248:28 | call to scrub | string_flow.rb:244:9:244:18 | call to source : | string_flow.rb:248:10:248:28 | call to scrub | $@ | string_flow.rb:244:9:244:18 | call to source : | call to source : |
| string_flow.rb:248:10:248:28 | call to scrub | string_flow.rb:253:9:253:18 | call to source : | string_flow.rb:248:10:248:28 | call to scrub | $@ | string_flow.rb:253:9:253:18 | call to source : | call to source : |
| string_flow.rb:251:10:251:22 | call to scrub! | string_flow.rb:244:9:244:18 | call to source : | string_flow.rb:251:10:251:22 | call to scrub! | $@ | string_flow.rb:244:9:244:18 | call to source : | call to source : |
| string_flow.rb:254:25:254:25 | x | string_flow.rb:253:9:253:18 | call to source : | string_flow.rb:254:25:254:25 | x | $@ | string_flow.rb:253:9:253:18 | call to source : | call to source : |
| string_flow.rb:256:10:256:29 | call to scrub! | string_flow.rb:244:9:244:18 | call to source : | string_flow.rb:256:10:256:29 | call to scrub! | $@ | string_flow.rb:244:9:244:18 | call to source : | call to source : |
| string_flow.rb:256:10:256:29 | call to scrub! | string_flow.rb:253:9:253:18 | call to source : | string_flow.rb:256:10:256:29 | call to scrub! | $@ | string_flow.rb:253:9:253:18 | call to source : | call to source : |
| string_flow.rb:290:10:290:17 | call to to_str | string_flow.rb:289:9:289:18 | call to source : | string_flow.rb:290:10:290:17 | call to to_str | $@ | string_flow.rb:289:9:289:18 | call to source : | call to source : |
| string_flow.rb:291:10:291:15 | call to to_s | string_flow.rb:289:9:289:18 | call to source : | string_flow.rb:291:10:291:15 | call to to_s | $@ | string_flow.rb:289:9:289:18 | call to source : | call to source : |
| string_flow.rb:308:28:308:28 | x | string_flow.rb:307:9:307:18 | call to source : | string_flow.rb:308:28:308:28 | x | $@ | string_flow.rb:307:9:307:18 | call to source : | call to source : |
| string_flow.rb:309:34:309:34 | x | string_flow.rb:307:9:307:18 | call to source : | string_flow.rb:309:34:309:34 | x | $@ | string_flow.rb:307:9:307:18 | call to source : | call to source : |
| string_flow.rb:310:28:310:28 | x | string_flow.rb:307:9:307:18 | call to source : | string_flow.rb:310:28:310:28 | x | $@ | string_flow.rb:307:9:307:18 | call to source : | call to source : |
| string_flow.rb:295:10:295:17 | call to to_str | string_flow.rb:294:9:294:18 | call to source : | string_flow.rb:295:10:295:17 | call to to_str | $@ | string_flow.rb:294:9:294:18 | call to source : | call to source : |
| string_flow.rb:296:10:296:15 | call to to_s | string_flow.rb:294:9:294:18 | call to source : | string_flow.rb:296:10:296:15 | call to to_s | $@ | string_flow.rb:294:9:294:18 | call to source : | call to source : |
| string_flow.rb:313:28:313:28 | x | string_flow.rb:312:9:312:18 | call to source : | string_flow.rb:313:28:313:28 | x | $@ | string_flow.rb:312:9:312:18 | call to source : | call to source : |
| string_flow.rb:314:34:314:34 | x | string_flow.rb:312:9:312:18 | call to source : | string_flow.rb:314:34:314:34 | x | $@ | string_flow.rb:312:9:312:18 | call to source : | call to source : |
| string_flow.rb:315:28:315:28 | x | string_flow.rb:312:9:312:18 | call to source : | string_flow.rb:315:28:315:28 | x | $@ | string_flow.rb:312:9:312:18 | call to source : | call to source : |

51
ruby/ql/test/library-tests/dataflow/string-flow/string_flow.rb
View File

@@ -10,9 +10,9 @@ end
def m_format
a = source "a"
sink "%s" % a # $ hasValueFlow=a
sink "%s %s" % ["foo", a] # $ hasValueFlow=a
sink a % "foo" # $ hasValueFlow=a
sink "%s" % a # $ hasTaintFlow=a
sink "%s %s" % ["foo", a] # $ hasTaintFlow=a
sink a % "foo" # $ hasTaintFlow=a
end
def m_plus
@@ -42,9 +42,9 @@ end
def m_byteslice
a = source "a"
sink a.byteslice(1) # $ hasValueFlow=a
sink a.byteslice(1, 2) # $ hasValueFlow=a
sink a.byteslice(1..2) # $ hasValueFlow=a
sink a.byteslice(1) # $ hasTaintFlow=a
sink a.byteslice(1, 2) # $ hasTaintFlow=a
sink a.byteslice(1..2) # $ hasTaintFlow=a
end
def m_capitalize
@@ -165,8 +165,8 @@ def m_gsub
c = source "c"
sink a.gsub("b", c) # $ hasTaintFlow=a hasTaintFlow=c
sink a.gsub!("b", c) # $ hasTaintFlow=a hasTaintFlow=c
sink a.gsub("b") { |match| source "b" } # $ hasTaintFlow=a hasValueFlow=b
sink a.gsub!("b") { |match| source "b" } # $ hasTaintFlow=a hasValueFlow=b
sink a.gsub("b") { |match| source "b" } # $ hasTaintFlow=a hasTaintFlow=b
sink a.gsub!("b") { |match| source "b" } # $ hasTaintFlow=a hasTaintFlow=b
end
def m_sub
@@ -174,8 +174,8 @@ def m_sub
c = source "c"
sink a.sub("b", c) # $ hasTaintFlow=a hasTaintFlow=c
sink a.sub!("b", c) # $ hasTaintFlow=a hasTaintFlow=c
sink a.sub("b") { |match| source "b" } # $ hasTaintFlow=a hasValueFlow=b
sink a.sub!("b") { |match| source "b" } # $ hasTaintFlow=a hasValueFlow=b
sink a.sub("b") { |match| source "b" } # $ hasTaintFlow=a hasTaintFlow=b
sink a.sub!("b") { |match| source "b" } # $ hasTaintFlow=a hasTaintFlow=b
end
# omitted because it clashes with the summary for Array#insert
@@ -192,12 +192,12 @@ end
def m_strip
a = source "a"
sink a.strip # $ hasValueFlow=a
sink a.strip! # $ hasValueFlow=a
sink a.lstrip # $ hasValueFlow=a
sink a.lstrip! # $ hasValueFlow=a
sink a.rstrip # $ hasValueFlow=a
sink a.rstrip! # $ hasValueFlow=a
sink a.strip # $ hasTaintFlow=a
sink a.strip! # $ hasTaintFlow=a
sink a.lstrip # $ hasTaintFlow=a
sink a.lstrip! # $ hasTaintFlow=a
sink a.rstrip # $ hasTaintFlow=a
sink a.rstrip! # $ hasTaintFlow=a
end
def m_next
@@ -234,7 +234,7 @@ def m_scan(i)
a = source "a"
b = a.scan(/b/) { |x, y| sink x } # $ hasTaintFlow=a
b = a.scan(/b/) { |x, y| sink y } # $ hasTaintFlow=a
sink b # $ hasValueFlow=a
sink b # $ hasTaintFlow=a
b = a.scan(/b/)
sink b[0] # $ hasTaintFlow=a
sink b[i] # $ hasTaintFlow=a
@@ -243,17 +243,22 @@ end
def m_scrub
a = source "a"
sink a.scrub("b") # $ hasTaintFlow=a
sink "b".scrub(a) # $ hasValueFlow=a
a.scrub { |x| sink x } # $ hasValueFlow=a
sink("b".scrub { |x| a }) # $ hasValueFlow=a
sink "b".scrub(a) # $ hasTaintFlow=a
a.scrub { |x| sink x } # $ hasTaintFlow=a
sink("b".scrub { |x| a }) # $ hasTaintFlow=a
sink a.scrub!("b") # $ hasTaintFlow=a
sink "b".scrub!(a) # $ hasValueFlow=a
sink "b".scrub!(a) # $ hasTaintFlow=a
a = source "a"
a.scrub! { |x| sink x } # $ hasValueFlow=a
a.scrub! { |x| sink x } # $ hasTaintFlow=a
sink("b".scrub! { |x| a }) # $ hasValueFlow=a
sink("b".scrub! { |x| a }) # $ hasTaintFlow=a
end
def m_shellescape
a = source "a"
sink a.shellescape # $ hasTaintFlow=a
end
def m_shellsplit(i)