hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-21 06:55:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: modgen - use FeatureEqualSourceSinkCallContext feature rather than late filtering for method context

Browse Source
This commit is contained in:
Alex Ford
2023-10-27 14:48:50 +01:00
parent 0818354ad7
commit f6ac63b259
1 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
ruby/ql/src/queries/modeling/internal/Summaries.qll
View File

@@ -19,19 +19,22 @@ module Summaries {
}
predicate isSink(DataFlow::Node sink) { sink = any(DataFlow::MethodNode m).getAReturnNode() }
DataFlow::FlowFeature getAFeature() {
result instanceof DataFlow::FeatureEqualSourceSinkCallContext
}
}
private module ValueFlow {
import DataFlow::Global<Config>
predicate summaryModel(string type, string path, string input, string output) {
exists(DataFlow::MethodNode methodNode, API::Node paramNode |
exists(DataFlow::MethodNode methodNode, DataFlow::ParameterNode paramNode |
methodNode.getLocation().getFile() instanceof Util::RelevantFile and
flow(paramNode.asSource(), methodNode.getAReturnNode()) and
paramNode.asSource() = Util::getAnyParameter(methodNode)
flow(paramNode, methodNode.getAReturnNode())
|
Util::pathToMethod(methodNode, type, path) and
input = Util::getArgumentPath(paramNode.asSource()) and
input = Util::getArgumentPath(paramNode) and
output = "ReturnValue"
)
}
@@ -42,13 +45,12 @@ module Summaries {
predicate summaryModel(string type, string path, string input, string output) {
not ValueFlow::summaryModel(type, path, input, output) and
exists(DataFlow::MethodNode methodNode, API::Node paramNode |
exists(DataFlow::MethodNode methodNode, DataFlow::ParameterNode paramNode |
methodNode.getLocation().getFile() instanceof Util::RelevantFile and
flow(paramNode.asSource(), methodNode.getAReturnNode()) and
paramNode.asSource() = Util::getAnyParameter(methodNode)
flow(paramNode, methodNode.getAReturnNode())
|
Util::pathToMethod(methodNode, type, path) and
input = Util::getArgumentPath(paramNode.asSource()) and
input = Util::getArgumentPath(paramNode) and
output = "ReturnValue"
)
}