drive-by: use instanceof KernelMethodCall such that override getAnArgument cannot be mistaken for a method in CallNode

2026-04-28 02:05:14 +02:00 · 2022-12-06 14:21:48 +01:00
parent 5849b2c98a
commit e24f041661
1 changed files with 9 additions and 9 deletions
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
@@ -92,14 +92,14 @@ module Kernel {
   * ```
   * Ruby documentation: https://docs.ruby-lang.org/en/3.0.0/Kernel.html#method-i-system
   */
-  class KernelSystemCall extends SystemCommandExecution::Range, KernelMethodCall {
+  class KernelSystemCall extends SystemCommandExecution::Range instanceof KernelMethodCall {
    KernelSystemCall() { this.getMethodName() = "system" }

-    override DataFlow::Node getAnArgument() { result = this.getArgument(_) }
+    override DataFlow::Node getAnArgument() { result = super.getArgument(_) }

    override predicate isShellInterpreted(DataFlow::Node arg) {
      // Kernel.system invokes a subshell if you provide a single string as argument
-      this.getNumberOfArguments() = 1 and arg = this.getAnArgument()
+      super.getNumberOfArguments() = 1 and arg = this.getAnArgument()
    }
  }

@@ -108,14 +108,14 @@ module Kernel {
   * `Kernel.exec` takes the same argument forms as `Kernel.system`. See `KernelSystemCall` for details.
   * Ruby documentation: https://docs.ruby-lang.org/en/3.0.0/Kernel.html#method-i-exec
   */
-  class KernelExecCall extends SystemCommandExecution::Range, KernelMethodCall {
+  class KernelExecCall extends SystemCommandExecution::Range instanceof KernelMethodCall {
    KernelExecCall() { this.getMethodName() = "exec" }

-    override DataFlow::Node getAnArgument() { result = this.getArgument(_) }
+    override DataFlow::Node getAnArgument() { result = super.getArgument(_) }

    override predicate isShellInterpreted(DataFlow::Node arg) {
      // Kernel.exec invokes a subshell if you provide a single string as argument
-      this.getNumberOfArguments() = 1 and arg = this.getAnArgument()
+      super.getNumberOfArguments() = 1 and arg = this.getAnArgument()
    }
  }

@@ -129,14 +129,14 @@ module Kernel {
   * spawn([env,] command... [,options]) -> pid
   * ```
   */
-  class KernelSpawnCall extends SystemCommandExecution::Range, KernelMethodCall {
+  class KernelSpawnCall extends SystemCommandExecution::Range instanceof KernelMethodCall {
    KernelSpawnCall() { this.getMethodName() = "spawn" }

-    override DataFlow::Node getAnArgument() { result = this.getArgument(_) }
+    override DataFlow::Node getAnArgument() { result = super.getArgument(_) }

    override predicate isShellInterpreted(DataFlow::Node arg) {
      // Kernel.spawn invokes a subshell if you provide a single string as argument
-      this.getNumberOfArguments() = 1 and arg = this.getAnArgument()
+      super.getNumberOfArguments() = 1 and arg = this.getAnArgument()
    }
  }