Merge pull request #8533 from asgerf/mad-receiver-token

JS/Ruby: Represent non-positional arguments with Argument/Parameter tokens
2026-05-02 20:25:13 +02:00 · 2022-03-28 15:28:52 +02:00
parent af1d949d06 0b30ecf36a
commit f22df765ed
15 changed files with 704 additions and 483 deletions
--- a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected
+++ b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected
@@ -1,23 +1,42 @@
+failures
 edges
-| summaries.rb:1:11:1:26 | call to identity :  | summaries.rb:2:6:2:12 | tainted |
-| summaries.rb:1:11:1:26 | call to identity :  | summaries.rb:4:24:4:30 | tainted :  |
-| summaries.rb:1:11:1:26 | call to identity :  | summaries.rb:16:36:16:42 | tainted :  |
-| summaries.rb:1:11:1:26 | call to identity :  | summaries.rb:20:25:20:31 | tainted :  |
-| summaries.rb:1:11:1:26 | call to identity :  | summaries.rb:26:31:26:37 | tainted :  |
-| summaries.rb:1:11:1:26 | call to identity :  | summaries.rb:30:24:30:30 | tainted :  |
-| summaries.rb:1:11:1:26 | call to identity :  | summaries.rb:31:27:31:33 | tainted :  |
-| summaries.rb:1:11:1:26 | call to identity :  | summaries.rb:34:16:34:22 | tainted |
-| summaries.rb:1:11:1:26 | call to identity :  | summaries.rb:35:16:35:22 | tainted |
-| summaries.rb:1:11:1:26 | call to identity :  | summaries.rb:36:21:36:27 | tainted |
-| summaries.rb:1:11:1:26 | call to identity :  | summaries.rb:37:36:37:42 | tainted |
-| summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:1:11:1:26 | call to identity :  |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:2:6:2:12 | tainted |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:2:6:2:12 | tainted |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:4:24:4:30 | tainted :  |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:4:24:4:30 | tainted :  |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:16:36:16:42 | tainted :  |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:16:36:16:42 | tainted :  |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:20:25:20:31 | tainted :  |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:26:31:26:37 | tainted :  |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:30:24:30:30 | tainted :  |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:31:27:31:33 | tainted :  |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:34:16:34:22 | tainted |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:34:16:34:22 | tainted |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:35:16:35:22 | tainted |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:35:16:35:22 | tainted |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:36:21:36:27 | tainted |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:36:21:36:27 | tainted |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:37:36:37:42 | tainted |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:37:36:37:42 | tainted |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:51:24:51:30 | tainted :  |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:54:23:54:29 | tainted :  |
+| summaries.rb:1:20:1:36 | call to source :  | summaries.rb:1:11:1:36 | call to identity :  |
+| summaries.rb:1:20:1:36 | call to source :  | summaries.rb:1:11:1:36 | call to identity :  |
+| summaries.rb:4:12:7:3 | call to apply_block :  | summaries.rb:9:6:9:13 | tainted2 |
 | summaries.rb:4:12:7:3 | call to apply_block :  | summaries.rb:9:6:9:13 | tainted2 |
 | summaries.rb:4:24:4:30 | tainted :  | summaries.rb:4:12:7:3 | call to apply_block :  |
+| summaries.rb:4:24:4:30 | tainted :  | summaries.rb:4:12:7:3 | call to apply_block :  |
+| summaries.rb:4:24:4:30 | tainted :  | summaries.rb:4:36:4:36 | x :  |
 | summaries.rb:4:24:4:30 | tainted :  | summaries.rb:4:36:4:36 | x :  |
 | summaries.rb:4:36:4:36 | x :  | summaries.rb:5:8:5:8 | x |
+| summaries.rb:4:36:4:36 | x :  | summaries.rb:5:8:5:8 | x |
+| summaries.rb:11:17:11:17 | x :  | summaries.rb:12:8:12:8 | x |
 | summaries.rb:11:17:11:17 | x :  | summaries.rb:12:8:12:8 | x |
 | summaries.rb:16:12:16:43 | call to apply_lambda :  | summaries.rb:18:6:18:13 | tainted3 |
+| summaries.rb:16:12:16:43 | call to apply_lambda :  | summaries.rb:18:6:18:13 | tainted3 |
 | summaries.rb:16:36:16:42 | tainted :  | summaries.rb:11:17:11:17 | x :  |
+| summaries.rb:16:36:16:42 | tainted :  | summaries.rb:11:17:11:17 | x :  |
+| summaries.rb:16:36:16:42 | tainted :  | summaries.rb:16:12:16:43 | call to apply_lambda :  |
 | summaries.rb:16:36:16:42 | tainted :  | summaries.rb:16:12:16:43 | call to apply_lambda :  |
 | summaries.rb:20:12:20:32 | call to firstArg :  | summaries.rb:21:6:21:13 | tainted4 |
 | summaries.rb:20:25:20:31 | tainted :  | summaries.rb:20:12:20:32 | call to firstArg :  |
@@ -25,26 +44,44 @@ edges
 | summaries.rb:26:31:26:37 | tainted :  | summaries.rb:26:12:26:38 | call to secondArg :  |
 | summaries.rb:30:24:30:30 | tainted :  | summaries.rb:30:6:30:42 | call to onlyWithBlock |
 | summaries.rb:31:27:31:33 | tainted :  | summaries.rb:31:6:31:34 | call to onlyWithoutBlock |
-| summaries.rb:40:7:40:13 | "taint" :  | summaries.rb:41:24:41:24 | t :  |
-| summaries.rb:40:7:40:13 | "taint" :  | summaries.rb:42:24:42:24 | t :  |
-| summaries.rb:40:7:40:13 | "taint" :  | summaries.rb:44:8:44:8 | t :  |
+| summaries.rb:40:7:40:17 | call to source :  | summaries.rb:41:24:41:24 | t :  |
+| summaries.rb:40:7:40:17 | call to source :  | summaries.rb:42:24:42:24 | t :  |
+| summaries.rb:40:7:40:17 | call to source :  | summaries.rb:44:8:44:8 | t :  |
 | summaries.rb:41:24:41:24 | t :  | summaries.rb:41:8:41:25 | call to matchedByName |
 | summaries.rb:42:24:42:24 | t :  | summaries.rb:42:8:42:25 | call to matchedByName |
 | summaries.rb:44:8:44:8 | t :  | summaries.rb:44:8:44:27 | call to matchedByNameRcv |
-| summaries.rb:48:24:48:30 | "taint" :  | summaries.rb:48:8:48:31 | call to preserveTaint |
+| summaries.rb:48:24:48:41 | call to source :  | summaries.rb:48:8:48:42 | call to preserveTaint |
+| summaries.rb:51:24:51:30 | tainted :  | summaries.rb:51:6:51:31 | call to namedArg |
+| summaries.rb:54:23:54:29 | tainted :  | summaries.rb:54:40:54:40 | x :  |
+| summaries.rb:54:40:54:40 | x :  | summaries.rb:55:8:55:8 | x |
+| summaries.rb:62:24:62:53 | call to source :  | summaries.rb:62:8:62:54 | call to preserveTaint |
+| summaries.rb:65:26:65:56 | call to source :  | summaries.rb:65:8:65:57 | call to preserveTaint |
 nodes
-| summaries.rb:1:11:1:26 | call to identity :  | semmle.label | call to identity :  |
-| summaries.rb:1:20:1:26 | "taint" :  | semmle.label | "taint" :  |
+| summaries.rb:1:11:1:36 | call to identity :  | semmle.label | call to identity :  |
+| summaries.rb:1:11:1:36 | call to identity :  | semmle.label | call to identity :  |
+| summaries.rb:1:20:1:36 | call to source :  | semmle.label | call to source :  |
+| summaries.rb:1:20:1:36 | call to source :  | semmle.label | call to source :  |
+| summaries.rb:2:6:2:12 | tainted | semmle.label | tainted |
 | summaries.rb:2:6:2:12 | tainted | semmle.label | tainted |
 | summaries.rb:4:12:7:3 | call to apply_block :  | semmle.label | call to apply_block :  |
+| summaries.rb:4:12:7:3 | call to apply_block :  | semmle.label | call to apply_block :  |
+| summaries.rb:4:24:4:30 | tainted :  | semmle.label | tainted :  |
 | summaries.rb:4:24:4:30 | tainted :  | semmle.label | tainted :  |
 | summaries.rb:4:36:4:36 | x :  | semmle.label | x :  |
+| summaries.rb:4:36:4:36 | x :  | semmle.label | x :  |
+| summaries.rb:5:8:5:8 | x | semmle.label | x |
 | summaries.rb:5:8:5:8 | x | semmle.label | x |
 | summaries.rb:9:6:9:13 | tainted2 | semmle.label | tainted2 |
+| summaries.rb:9:6:9:13 | tainted2 | semmle.label | tainted2 |
+| summaries.rb:11:17:11:17 | x :  | semmle.label | x :  |
 | summaries.rb:11:17:11:17 | x :  | semmle.label | x :  |
 | summaries.rb:12:8:12:8 | x | semmle.label | x |
+| summaries.rb:12:8:12:8 | x | semmle.label | x |
+| summaries.rb:16:12:16:43 | call to apply_lambda :  | semmle.label | call to apply_lambda :  |
 | summaries.rb:16:12:16:43 | call to apply_lambda :  | semmle.label | call to apply_lambda :  |
 | summaries.rb:16:36:16:42 | tainted :  | semmle.label | tainted :  |
+| summaries.rb:16:36:16:42 | tainted :  | semmle.label | tainted :  |
+| summaries.rb:18:6:18:13 | tainted3 | semmle.label | tainted3 |
 | summaries.rb:18:6:18:13 | tainted3 | semmle.label | tainted3 |
 | summaries.rb:20:12:20:32 | call to firstArg :  | semmle.label | call to firstArg :  |
 | summaries.rb:20:25:20:31 | tainted :  | semmle.label | tainted :  |
@@ -57,39 +94,65 @@ nodes
 | summaries.rb:31:6:31:34 | call to onlyWithoutBlock | semmle.label | call to onlyWithoutBlock |
 | summaries.rb:31:27:31:33 | tainted :  | semmle.label | tainted :  |
 | summaries.rb:34:16:34:22 | tainted | semmle.label | tainted |
+| summaries.rb:34:16:34:22 | tainted | semmle.label | tainted |
+| summaries.rb:35:16:35:22 | tainted | semmle.label | tainted |
 | summaries.rb:35:16:35:22 | tainted | semmle.label | tainted |
 | summaries.rb:36:21:36:27 | tainted | semmle.label | tainted |
+| summaries.rb:36:21:36:27 | tainted | semmle.label | tainted |
 | summaries.rb:37:36:37:42 | tainted | semmle.label | tainted |
-| summaries.rb:40:7:40:13 | "taint" :  | semmle.label | "taint" :  |
+| summaries.rb:37:36:37:42 | tainted | semmle.label | tainted |
+| summaries.rb:40:7:40:17 | call to source :  | semmle.label | call to source :  |
 | summaries.rb:41:8:41:25 | call to matchedByName | semmle.label | call to matchedByName |
 | summaries.rb:41:24:41:24 | t :  | semmle.label | t :  |
 | summaries.rb:42:8:42:25 | call to matchedByName | semmle.label | call to matchedByName |
 | summaries.rb:42:24:42:24 | t :  | semmle.label | t :  |
 | summaries.rb:44:8:44:8 | t :  | semmle.label | t :  |
 | summaries.rb:44:8:44:27 | call to matchedByNameRcv | semmle.label | call to matchedByNameRcv |
-| summaries.rb:48:8:48:31 | call to preserveTaint | semmle.label | call to preserveTaint |
-| summaries.rb:48:24:48:30 | "taint" :  | semmle.label | "taint" :  |
+| summaries.rb:48:8:48:42 | call to preserveTaint | semmle.label | call to preserveTaint |
+| summaries.rb:48:24:48:41 | call to source :  | semmle.label | call to source :  |
+| summaries.rb:51:6:51:31 | call to namedArg | semmle.label | call to namedArg |
+| summaries.rb:51:24:51:30 | tainted :  | semmle.label | tainted :  |
+| summaries.rb:54:23:54:29 | tainted :  | semmle.label | tainted :  |
+| summaries.rb:54:40:54:40 | x :  | semmle.label | x :  |
+| summaries.rb:55:8:55:8 | x | semmle.label | x |
+| summaries.rb:62:8:62:54 | call to preserveTaint | semmle.label | call to preserveTaint |
+| summaries.rb:62:24:62:53 | call to source :  | semmle.label | call to source :  |
+| summaries.rb:65:8:65:57 | call to preserveTaint | semmle.label | call to preserveTaint |
+| summaries.rb:65:26:65:56 | call to source :  | semmle.label | call to source :  |
 subpaths
 invalidSpecComponent
 invalidOutputSpecComponent
 #select
-| summaries.rb:2:6:2:12 | tainted | summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:2:6:2:12 | tainted | $@ | summaries.rb:1:20:1:26 | "taint" :  | "taint" :  |
-| summaries.rb:5:8:5:8 | x | summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:5:8:5:8 | x | $@ | summaries.rb:1:20:1:26 | "taint" :  | "taint" :  |
-| summaries.rb:9:6:9:13 | tainted2 | summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:9:6:9:13 | tainted2 | $@ | summaries.rb:1:20:1:26 | "taint" :  | "taint" :  |
-| summaries.rb:12:8:12:8 | x | summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:12:8:12:8 | x | $@ | summaries.rb:1:20:1:26 | "taint" :  | "taint" :  |
-| summaries.rb:18:6:18:13 | tainted3 | summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:18:6:18:13 | tainted3 | $@ | summaries.rb:1:20:1:26 | "taint" :  | "taint" :  |
-| summaries.rb:21:6:21:13 | tainted4 | summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:21:6:21:13 | tainted4 | $@ | summaries.rb:1:20:1:26 | "taint" :  | "taint" :  |
-| summaries.rb:27:6:27:13 | tainted5 | summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:27:6:27:13 | tainted5 | $@ | summaries.rb:1:20:1:26 | "taint" :  | "taint" :  |
-| summaries.rb:30:6:30:42 | call to onlyWithBlock | summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:30:6:30:42 | call to onlyWithBlock | $@ | summaries.rb:1:20:1:26 | "taint" :  | "taint" :  |
-| summaries.rb:31:6:31:34 | call to onlyWithoutBlock | summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:31:6:31:34 | call to onlyWithoutBlock | $@ | summaries.rb:1:20:1:26 | "taint" :  | "taint" :  |
-| summaries.rb:34:16:34:22 | tainted | summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:34:16:34:22 | tainted | $@ | summaries.rb:1:20:1:26 | "taint" :  | "taint" :  |
-| summaries.rb:35:16:35:22 | tainted | summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:35:16:35:22 | tainted | $@ | summaries.rb:1:20:1:26 | "taint" :  | "taint" :  |
-| summaries.rb:36:21:36:27 | tainted | summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:36:21:36:27 | tainted | $@ | summaries.rb:1:20:1:26 | "taint" :  | "taint" :  |
-| summaries.rb:37:36:37:42 | tainted | summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:37:36:37:42 | tainted | $@ | summaries.rb:1:20:1:26 | "taint" :  | "taint" :  |
-| summaries.rb:41:8:41:25 | call to matchedByName | summaries.rb:40:7:40:13 | "taint" :  | summaries.rb:41:8:41:25 | call to matchedByName | $@ | summaries.rb:40:7:40:13 | "taint" :  | "taint" :  |
-| summaries.rb:42:8:42:25 | call to matchedByName | summaries.rb:40:7:40:13 | "taint" :  | summaries.rb:42:8:42:25 | call to matchedByName | $@ | summaries.rb:40:7:40:13 | "taint" :  | "taint" :  |
-| summaries.rb:44:8:44:27 | call to matchedByNameRcv | summaries.rb:40:7:40:13 | "taint" :  | summaries.rb:44:8:44:27 | call to matchedByNameRcv | $@ | summaries.rb:40:7:40:13 | "taint" :  | "taint" :  |
-| summaries.rb:48:8:48:31 | call to preserveTaint | summaries.rb:48:24:48:30 | "taint" :  | summaries.rb:48:8:48:31 | call to preserveTaint | $@ | summaries.rb:48:24:48:30 | "taint" :  | "taint" :  |
+| summaries.rb:2:6:2:12 | tainted | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:2:6:2:12 | tainted | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:2:6:2:12 | tainted | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:2:6:2:12 | tainted | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:5:8:5:8 | x | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:5:8:5:8 | x | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:5:8:5:8 | x | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:5:8:5:8 | x | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:9:6:9:13 | tainted2 | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:9:6:9:13 | tainted2 | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:9:6:9:13 | tainted2 | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:9:6:9:13 | tainted2 | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:12:8:12:8 | x | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:12:8:12:8 | x | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:12:8:12:8 | x | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:12:8:12:8 | x | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:18:6:18:13 | tainted3 | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:18:6:18:13 | tainted3 | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:18:6:18:13 | tainted3 | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:18:6:18:13 | tainted3 | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:21:6:21:13 | tainted4 | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:21:6:21:13 | tainted4 | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:27:6:27:13 | tainted5 | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:27:6:27:13 | tainted5 | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:30:6:30:42 | call to onlyWithBlock | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:30:6:30:42 | call to onlyWithBlock | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:31:6:31:34 | call to onlyWithoutBlock | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:31:6:31:34 | call to onlyWithoutBlock | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:34:16:34:22 | tainted | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:34:16:34:22 | tainted | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:34:16:34:22 | tainted | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:34:16:34:22 | tainted | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:35:16:35:22 | tainted | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:35:16:35:22 | tainted | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:35:16:35:22 | tainted | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:35:16:35:22 | tainted | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:36:21:36:27 | tainted | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:36:21:36:27 | tainted | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:36:21:36:27 | tainted | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:36:21:36:27 | tainted | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:37:36:37:42 | tainted | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:37:36:37:42 | tainted | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:37:36:37:42 | tainted | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:37:36:37:42 | tainted | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:41:8:41:25 | call to matchedByName | summaries.rb:40:7:40:17 | call to source :  | summaries.rb:41:8:41:25 | call to matchedByName | $@ | summaries.rb:40:7:40:17 | call to source :  | call to source :  |
+| summaries.rb:42:8:42:25 | call to matchedByName | summaries.rb:40:7:40:17 | call to source :  | summaries.rb:42:8:42:25 | call to matchedByName | $@ | summaries.rb:40:7:40:17 | call to source :  | call to source :  |
+| summaries.rb:44:8:44:27 | call to matchedByNameRcv | summaries.rb:40:7:40:17 | call to source :  | summaries.rb:44:8:44:27 | call to matchedByNameRcv | $@ | summaries.rb:40:7:40:17 | call to source :  | call to source :  |
+| summaries.rb:48:8:48:42 | call to preserveTaint | summaries.rb:48:24:48:41 | call to source :  | summaries.rb:48:8:48:42 | call to preserveTaint | $@ | summaries.rb:48:24:48:41 | call to source :  | call to source :  |
+| summaries.rb:51:6:51:31 | call to namedArg | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:51:6:51:31 | call to namedArg | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:55:8:55:8 | x | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:55:8:55:8 | x | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:62:8:62:54 | call to preserveTaint | summaries.rb:62:24:62:53 | call to source :  | summaries.rb:62:8:62:54 | call to preserveTaint | $@ | summaries.rb:62:24:62:53 | call to source :  | call to source :  |
+| summaries.rb:65:8:65:57 | call to preserveTaint | summaries.rb:65:26:65:56 | call to source :  | summaries.rb:65:8:65:57 | call to preserveTaint | $@ | summaries.rb:65:26:65:56 | call to source :  | call to source :  |
 warning
 | CSV type row should have 5 columns but has 2: test;TooFewColumns |
 | CSV type row should have 5 columns but has 8: test;TooManyColumns;;;Member[Foo].Instance;too;many;columns |
--- a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql
+++ b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql
@@ -4,11 +4,12 @@

 import ruby
 import codeql.ruby.dataflow.FlowSummary
-import DataFlow::PathGraph
 import codeql.ruby.TaintTracking
 import codeql.ruby.dataflow.internal.FlowSummaryImpl
 import codeql.ruby.dataflow.internal.AccessPathSyntax
 import codeql.ruby.frameworks.data.ModelsAsData
+import TestUtilities.InlineFlowTest
+import DataFlow::PathGraph

 query predicate invalidSpecComponent(SummarizedCallable sc, string s, string c) {
  (sc.propagatesFlowExt(s, _, _) or sc.propagatesFlowExt(_, s, _)) and
@@ -42,10 +43,10 @@ private class SummarizedCallableApplyBlock extends SummarizedCallable {

  override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
    input = "Argument[0]" and
-    output = "BlockArgument.Parameter[0]" and
+    output = "Argument[block].Parameter[0]" and
    preservesValue = true
    or
-    input = "BlockArgument.ReturnValue" and
+    input = "Argument[block].ReturnValue" and
    output = "ReturnValue" and
    preservesValue = true
  }
@@ -75,9 +76,14 @@ private class StepsFromModel extends ModelInput::SummaryModelCsv {
        ";;Member[Foo].Method[secondArg];Argument[1];ReturnValue;taint",
        ";;Member[Foo].Method[onlyWithoutBlock].WithoutBlock;Argument[0];ReturnValue;taint",
        ";;Member[Foo].Method[onlyWithBlock].WithBlock;Argument[0];ReturnValue;taint",
-        ";;Member[Foo].Method[blockArg].BlockArgument.Parameter[0].Method[preserveTaint];Argument[0];ReturnValue;taint",
+        ";;Member[Foo].Method[blockArg].Argument[block].Parameter[0].Method[preserveTaint];Argument[0];ReturnValue;taint",
+        ";;Member[Foo].Method[namedArg];Argument[foo:];ReturnValue;taint",
+        ";;Member[Foo].Method[intoNamedCallback];Argument[0];Argument[foo:].Parameter[0];taint",
+        ";;Member[Foo].Method[intoNamedParameter];Argument[0];Argument[0].Parameter[foo:];taint",
+        ";;Member[Foo].Method[startInNamedCallback].Argument[foo:].Parameter[0].Method[preserveTaint];Argument[0];ReturnValue;taint",
+        ";;Member[Foo].Method[startInNamedParameter].Argument[0].Parameter[foo:].Method[preserveTaint];Argument[0];ReturnValue;taint",
        ";any;Method[matchedByName];Argument[0];ReturnValue;taint",
-        ";any;Method[matchedByNameRcv];Receiver;ReturnValue;taint",
+        ";any;Method[matchedByNameRcv];Argument[self];ReturnValue;taint",
      ]
  }
 }
@@ -112,23 +118,22 @@ private class SinkFromModel extends ModelInput::SinkModelCsv {
  override predicate row(string row) { row = "test;FooOrBar;Method[method].Argument[0];test-sink" }
 }

-class Conf extends TaintTracking::Configuration {
-  Conf() { this = "FlowSummaries" }
-
-  override predicate isSource(DataFlow::Node src) {
-    src.asExpr().getExpr().(StringLiteral).getConstantValue().isString("taint")
-  }
-
+class CustomValueSink extends DefaultValueFlowConf {
  override predicate isSink(DataFlow::Node sink) {
-    exists(MethodCall mc |
-      mc.getMethodName() = "sink" and
-      mc.getAnArgument() = sink.asExpr().getExpr()
-    )
+    super.isSink(sink)
    or
    sink = ModelOutput::getASinkNode("test-sink").getARhs()
  }
 }

-from DataFlow::PathNode source, DataFlow::PathNode sink, Conf conf
+class CustomTaintSink extends DefaultTaintFlowConf {
+  override predicate isSink(DataFlow::Node sink) {
+    super.isSink(sink)
+    or
+    sink = ModelOutput::getASinkNode("test-sink").getARhs()
+  }
+}
+
+from DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Configuration conf
 where conf.hasFlowPath(source, sink)
 select sink, source, sink, "$@", source, source.toString()
--- a/ruby/ql/test/library-tests/dataflow/summaries/summaries.rb
+++ b/ruby/ql/test/library-tests/dataflow/summaries/summaries.rb
@@ -1,49 +1,66 @@
-tainted = identity "taint"
-sink tainted
+tainted = identity source("tainted")
+sink tainted # $ hasValueFlow=tainted

 tainted2 = apply_block tainted do |x|
-  sink x
+  sink x # $ hasValueFlow=tainted
  x
 end

-sink tainted2
+sink tainted2 # $ hasValueFlow=tainted

 my_lambda = -> (x) {
-  sink x
+  sink x # $ hasValueFlow=tainted
  x
 }

 tainted3 = apply_lambda(my_lambda, tainted)

-sink(tainted3)
+sink(tainted3) # $ hasValueFlow=tainted

 tainted4 = Foo.firstArg(tainted)
-sink(tainted4)
+sink(tainted4) # $ hasTaintFlow=tainted

 notTainted = Foo.firstArg(nil, tainted))
 sink(notTainted)

 tainted5 = Foo.secondArg(nil, tainted)
-sink(tainted5)
+sink(tainted5) # $ hasTaintFlow=tainted

 sink(Foo.onlyWithBlock(tainted))
-sink(Foo.onlyWithBlock(tainted) do |x| end)
-sink(Foo.onlyWithoutBlock(tainted))
+sink(Foo.onlyWithBlock(tainted) do |x| end) # $ hasTaintFlow=tainted
+sink(Foo.onlyWithoutBlock(tainted)) # $ hasTaintFlow=tainted
 sink(Foo.onlyWithoutBlock(tainted) do |x| end)

-Foo.new.method(tainted)
-Bar.new.method(tainted)
-Bar.new.next.method(tainted)
-Bar.new.next.next.next.next.method(tainted)
+Foo.new.method(tainted) # $ hasValueFlow=tainted
+Bar.new.method(tainted) # $ hasValueFlow=tainted
+Bar.new.next.method(tainted) # $ hasValueFlow=tainted
+Bar.new.next.next.next.next.method(tainted) # $ hasValueFlow=tainted

 def userDefinedFunction(x, y)
-  t = "taint"
-  sink(x.matchedByName(t))
-  sink(y.matchedByName(t))
+  t = source("t")
+  sink(x.matchedByName(t)) # $ hasTaintFlow=t
+  sink(y.matchedByName(t)) # $ hasTaintFlow=t
  sink(x.unmatchedName(t))
-  sink(t.matchedByNameRcv())
+  sink(t.matchedByNameRcv()) # $ hasTaintFlow=t
 end

 Foo.blockArg do |x|
-  sink(x.preserveTaint("taint"))
+  sink(x.preserveTaint(source("blockArg"))) # $ hasTaintFlow=blockArg
 end
+
+sink(Foo.namedArg(foo: tainted)) # $ hasTaintFlow=tainted
+sink(Foo.namedArg(tainted))
+
+Foo.intoNamedCallback(tainted, foo: ->(x) {
+  sink(x) # $ hasTaintFlow=tainted
+})
+Foo.intoNamedParameter(tainted, ->(foo:) {
+  sink(foo) # $ MISSING: hasTaintFlow=tainted
+})
+
+Foo.startInNamedCallback(foo: ->(x) {
+  sink(x.preserveTaint(source("startInNamedCallback"))) # $ hasTaintFlow=startInNamedCallback
+})
+Foo.startInNamedParameter(->(foo:) {
+  sink(foo.preserveTaint(source("startInNamedParameter"))) # $ hasTaintFlow=startInNamedParameter
+})