hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: Expand flowToAnyArg test

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2022-05-19 16:27:04 +02:00
parent 0879b6ae12
commit e810ba4ef6
2 changed files with 48 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected
View File

@@ -24,14 +24,14 @@ edges
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:57:27:57:33 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:61:32:61:38 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:63:23:63:29 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:93:16:93:22 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:99:14:99:20 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:102:16:102:22 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:102:16:102:22 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:103:21:103:27 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:103:21:103:27 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:106:26:106:32 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:106:26:106:32 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:98:16:98:22 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:104:14:104:20 | tainted : |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:107:16:107:22 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:107:16:107:22 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:108:21:108:27 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:108:21:108:27 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:111:26:111:32 | tainted |
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:111:26:111:32 | tainted |
| summaries.rb:1:20:1:36 | call to source : | summaries.rb:1:11:1:36 | call to identity : |
| summaries.rb:1:20:1:36 | call to source : | summaries.rb:1:11:1:36 | call to identity : |
| summaries.rb:4:12:7:3 | call to apply_block : | summaries.rb:9:6:9:13 | tainted2 |
@@ -96,17 +96,17 @@ edges
| summaries.rb:85:1:85:1 | a [element 2] : | summaries.rb:85:1:85:1 | [post] a [element 2] : |
| summaries.rb:88:6:88:6 | a [element 2] : | summaries.rb:88:6:88:9 | ...[...] |
| summaries.rb:88:6:88:6 | a [element 2] : | summaries.rb:88:6:88:9 | ...[...] |
| summaries.rb:93:16:93:22 | [post] tainted : | summaries.rb:99:14:99:20 | tainted : |
| summaries.rb:93:16:93:22 | [post] tainted : | summaries.rb:102:16:102:22 | tainted |
| summaries.rb:93:16:93:22 | [post] tainted : | summaries.rb:103:21:103:27 | tainted |
| summaries.rb:93:16:93:22 | [post] tainted : | summaries.rb:106:26:106:32 | tainted |
| summaries.rb:93:16:93:22 | tainted : | summaries.rb:93:16:93:22 | [post] tainted : |
| summaries.rb:93:16:93:22 | tainted : | summaries.rb:93:25:93:25 | [post] y : |
| summaries.rb:93:16:93:22 | tainted : | summaries.rb:93:33:93:33 | [post] z : |
| summaries.rb:93:25:93:25 | [post] y : | summaries.rb:95:6:95:6 | y |
| summaries.rb:93:33:93:33 | [post] z : | summaries.rb:96:6:96:6 | z |
| summaries.rb:99:1:99:1 | [post] x : | summaries.rb:100:6:100:6 | x |
| summaries.rb:99:14:99:20 | tainted : | summaries.rb:99:1:99:1 | [post] x : |
| summaries.rb:98:16:98:22 | [post] tainted : | summaries.rb:104:14:104:20 | tainted : |
| summaries.rb:98:16:98:22 | [post] tainted : | summaries.rb:107:16:107:22 | tainted |
| summaries.rb:98:16:98:22 | [post] tainted : | summaries.rb:108:21:108:27 | tainted |
| summaries.rb:98:16:98:22 | [post] tainted : | summaries.rb:111:26:111:32 | tainted |
| summaries.rb:98:16:98:22 | tainted : | summaries.rb:98:16:98:22 | [post] tainted : |
| summaries.rb:98:16:98:22 | tainted : | summaries.rb:98:25:98:25 | [post] y : |
| summaries.rb:98:16:98:22 | tainted : | summaries.rb:98:33:98:33 | [post] z : |
| summaries.rb:98:25:98:25 | [post] y : | summaries.rb:100:6:100:6 | y |
| summaries.rb:98:33:98:33 | [post] z : | summaries.rb:101:6:101:6 | z |
| summaries.rb:104:1:104:1 | [post] x : | summaries.rb:105:6:105:6 | x |
| summaries.rb:104:14:104:20 | tainted : | summaries.rb:104:1:104:1 | [post] x : |
nodes
| summaries.rb:1:11:1:36 | call to identity : | semmle.label | call to identity : |
| summaries.rb:1:11:1:36 | call to identity : | semmle.label | call to identity : |
@@ -206,21 +206,21 @@ nodes
| summaries.rb:88:6:88:6 | a [element 2] : | semmle.label | a [element 2] : |
| summaries.rb:88:6:88:9 | ...[...] | semmle.label | ...[...] |
| summaries.rb:88:6:88:9 | ...[...] | semmle.label | ...[...] |
| summaries.rb:93:16:93:22 | [post] tainted : | semmle.label | [post] tainted : |
| summaries.rb:93:16:93:22 | tainted : | semmle.label | tainted : |
| summaries.rb:93:25:93:25 | [post] y : | semmle.label | [post] y : |
| summaries.rb:93:33:93:33 | [post] z : | semmle.label | [post] z : |
| summaries.rb:95:6:95:6 | y | semmle.label | y |
| summaries.rb:96:6:96:6 | z | semmle.label | z |
| summaries.rb:99:1:99:1 | [post] x : | semmle.label | [post] x : |
| summaries.rb:99:14:99:20 | tainted : | semmle.label | tainted : |
| summaries.rb:100:6:100:6 | x | semmle.label | x |
| summaries.rb:102:16:102:22 | tainted | semmle.label | tainted |
| summaries.rb:102:16:102:22 | tainted | semmle.label | tainted |
| summaries.rb:103:21:103:27 | tainted | semmle.label | tainted |
| summaries.rb:103:21:103:27 | tainted | semmle.label | tainted |
| summaries.rb:106:26:106:32 | tainted | semmle.label | tainted |
| summaries.rb:106:26:106:32 | tainted | semmle.label | tainted |
| summaries.rb:98:16:98:22 | [post] tainted : | semmle.label | [post] tainted : |
| summaries.rb:98:16:98:22 | tainted : | semmle.label | tainted : |
| summaries.rb:98:25:98:25 | [post] y : | semmle.label | [post] y : |
| summaries.rb:98:33:98:33 | [post] z : | semmle.label | [post] z : |
| summaries.rb:100:6:100:6 | y | semmle.label | y |
| summaries.rb:101:6:101:6 | z | semmle.label | z |
| summaries.rb:104:1:104:1 | [post] x : | semmle.label | [post] x : |
| summaries.rb:104:14:104:20 | tainted : | semmle.label | tainted : |
| summaries.rb:105:6:105:6 | x | semmle.label | x |
| summaries.rb:107:16:107:22 | tainted | semmle.label | tainted |
| summaries.rb:107:16:107:22 | tainted | semmle.label | tainted |
| summaries.rb:108:21:108:27 | tainted | semmle.label | tainted |
| summaries.rb:108:21:108:27 | tainted | semmle.label | tainted |
| summaries.rb:111:26:111:32 | tainted | semmle.label | tainted |
| summaries.rb:111:26:111:32 | tainted | semmle.label | tainted |
subpaths
invalidSpecComponent
#select
@@ -266,15 +266,15 @@ invalidSpecComponent
| summaries.rb:83:6:83:9 | ...[...] | summaries.rb:77:15:77:29 | call to source : | summaries.rb:83:6:83:9 | ...[...] | $@ | summaries.rb:77:15:77:29 | call to source : | call to source : |
| summaries.rb:88:6:88:9 | ...[...] | summaries.rb:77:32:77:46 | call to source : | summaries.rb:88:6:88:9 | ...[...] | $@ | summaries.rb:77:32:77:46 | call to source : | call to source : |
| summaries.rb:88:6:88:9 | ...[...] | summaries.rb:77:32:77:46 | call to source : | summaries.rb:88:6:88:9 | ...[...] | $@ | summaries.rb:77:32:77:46 | call to source : | call to source : |
| summaries.rb:95:6:95:6 | y | summaries.rb:1:20:1:36 | call to source : | summaries.rb:95:6:95:6 | y | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:96:6:96:6 | z | summaries.rb:1:20:1:36 | call to source : | summaries.rb:96:6:96:6 | z | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:100:6:100:6 | x | summaries.rb:1:20:1:36 | call to source : | summaries.rb:100:6:100:6 | x | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:102:16:102:22 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:102:16:102:22 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:102:16:102:22 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:102:16:102:22 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:103:21:103:27 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:103:21:103:27 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:103:21:103:27 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:103:21:103:27 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:106:26:106:32 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:106:26:106:32 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:106:26:106:32 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:106:26:106:32 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:100:6:100:6 | y | summaries.rb:1:20:1:36 | call to source : | summaries.rb:100:6:100:6 | y | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:101:6:101:6 | z | summaries.rb:1:20:1:36 | call to source : | summaries.rb:101:6:101:6 | z | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:105:6:105:6 | x | summaries.rb:1:20:1:36 | call to source : | summaries.rb:105:6:105:6 | x | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:107:16:107:22 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:107:16:107:22 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:107:16:107:22 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:107:16:107:22 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:108:21:108:27 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:108:21:108:27 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:108:21:108:27 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:108:21:108:27 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:111:26:111:32 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:111:26:111:32 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
| summaries.rb:111:26:111:32 | tainted | summaries.rb:1:20:1:36 | call to source : | summaries.rb:111:26:111:32 | tainted | $@ | summaries.rb:1:20:1:36 | call to source : | call to source : |
warning
| CSV type row should have 5 columns but has 2: test;TooFewColumns |
| CSV type row should have 5 columns but has 8: test;TooManyColumns;;;Member[Foo].Instance;too;many;columns |

5
ruby/ql/test/library-tests/dataflow/summaries/summaries.rb
View File

@@ -90,6 +90,11 @@ sink(a[2]) # $ hasValueFlow=elem2
x = Foo.new
y = []
z = []
# This just highlights that none of x,y,z was tainted before
sink(x)
sink(y)
sink(z)
x.flowToAnyArg(tainted, y, key: z)
sink(x)
sink(y) # $ hasTaintFlow=tainted