Ruby: Allow for implicit array reads at all sinks during taint tracking

2026-05-03 04:39:29 +02:00 · 2023-03-27 13:42:11 +02:00
parent 111227e763
commit e258324960
23 changed files with 1452 additions and 1396 deletions
--- a/ruby/ql/test/library-tests/dataflow/string-flow/string_flow.rb
+++ b/ruby/ql/test/library-tests/dataflow/string-flow/string_flow.rb
@@ -216,7 +216,7 @@ def m_partition
    sink b[0] # $ hasTaintFlow=a
    sink b[1] # $ hasTaintFlow=a
    sink b[2] # $ hasTaintFlow=a
-    sink b[3]
+    sink b[3] # $ hasTaintFlow=a (because of the flow summary for Array#partition)
 end

 def m_replace