hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 00:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: No fieldFlowBranchLimit for SummarizedCallables

Browse Source
This commit is contained in:
Tom Hvitved
2024-02-22 10:26:24 +01:00
parent 8bbfb82f8e
commit ebee35b385
3 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplSpecific.qll
View File

@@ -31,4 +31,6 @@ module RubyDataFlow implements InputSig {
predicate mayBenefitFromCallContext = Private::mayBenefitFromCallContext/1;
predicate viableImplInCallContext = Private::viableImplInCallContext/2;
predicate ignoreFieldFlowBranchLimit(DataFlowCallable c) { exists(c.asLibraryCallable()) }
}

3
shared/dataflow/codeql/dataflow/DataFlow.qll
View File

@@ -273,6 +273,9 @@ signature module InputSig {
) {
any()
}
/** Holds if `fieldFlowBranchLimit` should be ignored for flow going into/out of `c`. */
default predicate ignoreFieldFlowBranchLimit(DataFlowCallable c) { none() }
}
module Configs<InputSig Lang> {

8
shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll
View File

@@ -1117,7 +1117,9 @@ module MakeImpl<InputSig Lang> {
exists(int b, int j |
b = branch(ret) and
j = join(out) and
if b.minimum(j) <= Config::fieldFlowBranchLimit()
if
b.minimum(j) <= Config::fieldFlowBranchLimit() or
ignoreFieldFlowBranchLimit(ret.getEnclosingCallable())
then allowsFieldFlow = true
else allowsFieldFlow = false
)
@@ -1136,7 +1138,9 @@ module MakeImpl<InputSig Lang> {
exists(int b, int j |
b = branch(arg) and
j = join(p) and
if b.minimum(j) <= Config::fieldFlowBranchLimit()
if
b.minimum(j) <= Config::fieldFlowBranchLimit() or
ignoreFieldFlowBranchLimit(p.getEnclosingCallable())
then allowsFieldFlow = true
else allowsFieldFlow = false
)