Ruby: Use InclusionTests library in barrier guards

2026-04-27 09:45:15 +02:00 · 2022-07-13 18:01:06 +12:00
parent b9fc82a741
commit ea95e2e1d0
3 changed files with 25 additions and 8 deletions
--- a/ruby/ql/lib/codeql/ruby/dataflow/BarrierGuards.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/BarrierGuards.qll
@@ -6,6 +6,7 @@ private import codeql.ruby.CFG
 private import codeql.ruby.controlflow.CfgNodes
 private import codeql.ruby.dataflow.SSA
 private import codeql.ruby.ast.internal.Constant
+private import codeql.ruby.InclusionTests

 private predicate stringConstCompare(CfgNodes::ExprCfgNode g, CfgNode e, boolean branch) {
  exists(CfgNodes::ExprNodes::ComparisonOperationCfgNode c |
@@ -72,18 +73,19 @@ deprecated class StringConstCompare extends DataFlow::BarrierGuard,
 }

 private predicate stringConstArrayInclusionCall(CfgNodes::ExprCfgNode g, CfgNode e, boolean branch) {
-  exists(CfgNodes::ExprNodes::MethodCallCfgNode mc |
-    mc = g and
-    mc.getExpr().getMethodName() = "include?" and
-    mc.getArgument(0) = e
+  exists(InclusionTest t |
+    t.asExpr() = g and
+    e = t.getContainedNode().asExpr() and
+    branch = t.getPolarity()
  |
-    exists(ExprNodes::ArrayLiteralCfgNode arr | isArrayConstant(mc.getReceiver(), arr) |
+    exists(ExprNodes::ArrayLiteralCfgNode arr |
+      isArrayConstant(t.getContainerNode().asExpr(), arr)
+    |
      forall(ExprCfgNode elem | elem = arr.getAnArgument() |
        elem instanceof ExprNodes::StringLiteralCfgNode
      )
    )
-  ) and
-  branch = true
+  )
 }

 /**
@@ -126,7 +128,7 @@ deprecated class StringConstArrayInclusionCall extends DataFlow::BarrierGuard,
  CfgNodes::ExprNodes::MethodCallCfgNode {
  private CfgNode checkedNode;

-  StringConstArrayInclusionCall() { stringConstArrayInclusionCall(this, checkedNode, _) }
+  StringConstArrayInclusionCall() { stringConstArrayInclusionCall(this, checkedNode, true) }

  override predicate checks(CfgNode expr, boolean branch) { expr = checkedNode and branch = true }
 }
--- a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.expected
+++ b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.expected
@@ -8,6 +8,7 @@ oldStyleBarrierGuards
 | barrier-guards.rb:37:4:37:20 | call to include? | barrier-guards.rb:38:5:38:7 | foo | barrier-guards.rb:37:17:37:19 | foo | true |
 | barrier-guards.rb:43:4:43:15 | ... == ... | barrier-guards.rb:45:9:45:11 | foo | barrier-guards.rb:43:4:43:6 | foo | true |
 | barrier-guards.rb:70:4:70:21 | call to include? | barrier-guards.rb:71:5:71:7 | foo | barrier-guards.rb:70:18:70:20 | foo | true |
+| barrier-guards.rb:82:4:82:25 | ... != ... | barrier-guards.rb:83:5:83:7 | foo | barrier-guards.rb:82:15:82:17 | foo | true |
 newStyleBarrierGuards
 | barrier-guards.rb:4:5:4:7 | foo |
 | barrier-guards.rb:10:5:10:7 | foo |
@@ -17,3 +18,5 @@ newStyleBarrierGuards
 | barrier-guards.rb:38:5:38:7 | foo |
 | barrier-guards.rb:45:9:45:11 | foo |
 | barrier-guards.rb:71:5:71:7 | foo |
+| barrier-guards.rb:83:5:83:7 | foo |
+| barrier-guards.rb:91:5:91:7 | foo |
--- a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.rb
+++ b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.rb
@@ -79,6 +79,18 @@ else
    foo
 end

+if foos.index(foo) != nil
+    foo
+else
+    foo
+end
+
+if foos.index(foo)r == nil
+    foo
+else
+    foo
+end
+
 bars = ["bar"]

 if condition