From fff5dad702e7f21661a864acf648c7915e400d7d Mon Sep 17 00:00:00 2001
From: Nick Rolfe <nickrolfe@github.com>
Date: Tue, 16 Feb 2021 16:11:41 +0000
Subject: [PATCH] Truncate long strings in StringlikeLiteral::toString()

---
 ql/src/codeql_ruby/ast/internal/Literal.qll   | 14 ++++++++++---
 .../ast/literals/literals.expected            | 20 +++++++++++++++++++
 .../library-tests/ast/literals/literals.rb    |  7 ++++++-
 3 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/ql/src/codeql_ruby/ast/internal/Literal.qll b/ql/src/codeql_ruby/ast/internal/Literal.qll
index 6c37beca1bb..4baf27e1627 100644
--- a/ql/src/codeql_ruby/ast/internal/Literal.qll
+++ b/ql/src/codeql_ruby/ast/internal/Literal.qll
@@ -156,8 +156,8 @@ module StringlikeLiteral {
     }
 
     override string toString() {
-      result =
-        this.getStartDelimiter() +
+      exists(string full, string summary |
+        full =
           concat(StringComponent::Range c, int i, string s |
             c = this.getComponent(i) and
             if c instanceof Generated::Token
@@ -165,7 +165,15 @@ module StringlikeLiteral {
             else s = "#{...}"
           |
             s order by i
-          ) + this.getEndDelimiter()
+          ) and
+        (
+          // summary should be 32 chars max (incl. ellipsis)
+          full.length() > 32 and summary = full.substring(0, 29) + "..."
+          or
+          full.length() <= 32 and summary = full
+        ) and
+        result = this.getStartDelimiter() + summary + this.getEndDelimiter()
+      )
     }
   }
 }
diff --git a/ql/test/library-tests/ast/literals/literals.expected b/ql/test/library-tests/ast/literals/literals.expected
index c95298af6ef..9a15510b0cb 100644
--- a/ql/test/library-tests/ast/literals/literals.expected
+++ b/ql/test/library-tests/ast/literals/literals.expected
@@ -192,6 +192,9 @@ allLiterals
 | literals.rb:141:10:141:10 | 1 | IntegerLiteral | 1 |
 | literals.rb:141:14:141:14 | 1 | IntegerLiteral | 1 |
 | literals.rb:142:1:142:10 | /foo/ | RegexLiteral | foo |
+| literals.rb:145:1:145:34 | "abcdefghijklmnopqrstuvwxyzabcdef" | StringLiteral | abcdefghijklmnopqrstuvwxyzabcdef |
+| literals.rb:146:1:146:35 | "foobarfoobarfoobarfoobarfooba..." | StringLiteral | foobarfoobarfoobarfoobarfoobarfoo |
+| literals.rb:147:1:147:40 | "foobar\\\\foobar\\\\foobar\\\\fooba..." | StringLiteral | foobar\\\\foobar\\\\foobar\\\\foobar\\\\foobar |
 stringlikeLiterals
 | literals.rb:46:1:46:2 | "" |  |
 | literals.rb:47:1:47:2 | "" |  |
@@ -279,6 +282,9 @@ stringlikeLiterals
 | literals.rb:140:1:140:15 | /foo+\\sbar\\S/ | foo+\\sbar\\S |
 | literals.rb:141:1:141:20 | /foo#{...}bar/ | <none> |
 | literals.rb:142:1:142:10 | /foo/ | foo |
+| literals.rb:145:1:145:34 | "abcdefghijklmnopqrstuvwxyzabcdef" | abcdefghijklmnopqrstuvwxyzabcdef |
+| literals.rb:146:1:146:35 | "foobarfoobarfoobarfoobarfooba..." | foobarfoobarfoobarfoobarfoobarfoo |
+| literals.rb:147:1:147:40 | "foobar\\\\foobar\\\\foobar\\\\fooba..." | foobar\\\\foobar\\\\foobar\\\\foobar\\\\foobar |
 stringLiterals
 | literals.rb:46:1:46:2 | "" |  |
 | literals.rb:47:1:47:2 | "" |  |
@@ -321,6 +327,9 @@ stringLiterals
 | literals.rb:101:8:101:16 | "bar#{1+1}" | bar#{1+1} |
 | literals.rb:101:18:101:20 | "baz" | baz |
 | literals.rb:112:22:112:26 | "baz" | baz |
+| literals.rb:145:1:145:34 | "abcdefghijklmnopqrstuvwxyzabcdef" | abcdefghijklmnopqrstuvwxyzabcdef |
+| literals.rb:146:1:146:35 | "foobarfoobarfoobarfoobarfooba..." | foobarfoobarfoobarfoobarfoobarfoo |
+| literals.rb:147:1:147:40 | "foobar\\\\foobar\\\\foobar\\\\fooba..." | foobar\\\\foobar\\\\foobar\\\\foobar\\\\foobar |
 regexLiterals
 | literals.rb:131:1:131:2 | // |  |  |
 | literals.rb:132:1:132:5 | /foo/ | foo |  |
@@ -472,6 +481,17 @@ stringComponents
 | literals.rb:141:1:141:20 | /foo#{...}bar/ | RegexLiteral | 1 | literals.rb:141:7:141:16 | #{...} | StringInterpolationComponent |
 | literals.rb:141:1:141:20 | /foo#{...}bar/ | RegexLiteral | 2 | literals.rb:141:17:141:19 | bar | StringTextComponent |
 | literals.rb:142:1:142:10 | /foo/ | RegexLiteral | 0 | literals.rb:142:4:142:6 | foo | StringTextComponent |
+| literals.rb:145:1:145:34 | "abcdefghijklmnopqrstuvwxyzabcdef" | StringLiteral | 0 | literals.rb:145:2:145:33 | abcdefghijklmnopqrstuvwxyzabcdef | StringTextComponent |
+| literals.rb:146:1:146:35 | "foobarfoobarfoobarfoobarfooba..." | StringLiteral | 0 | literals.rb:146:2:146:34 | foobarfoobarfoobarfoobarfoobarfoo | StringTextComponent |
+| literals.rb:147:1:147:40 | "foobar\\\\foobar\\\\foobar\\\\fooba..." | StringLiteral | 0 | literals.rb:147:2:147:7 | foobar | StringTextComponent |
+| literals.rb:147:1:147:40 | "foobar\\\\foobar\\\\foobar\\\\fooba..." | StringLiteral | 1 | literals.rb:147:8:147:9 | \\\\ | StringEscapeSequenceComponent |
+| literals.rb:147:1:147:40 | "foobar\\\\foobar\\\\foobar\\\\fooba..." | StringLiteral | 2 | literals.rb:147:10:147:15 | foobar | StringTextComponent |
+| literals.rb:147:1:147:40 | "foobar\\\\foobar\\\\foobar\\\\fooba..." | StringLiteral | 3 | literals.rb:147:16:147:17 | \\\\ | StringEscapeSequenceComponent |
+| literals.rb:147:1:147:40 | "foobar\\\\foobar\\\\foobar\\\\fooba..." | StringLiteral | 4 | literals.rb:147:18:147:23 | foobar | StringTextComponent |
+| literals.rb:147:1:147:40 | "foobar\\\\foobar\\\\foobar\\\\fooba..." | StringLiteral | 5 | literals.rb:147:24:147:25 | \\\\ | StringEscapeSequenceComponent |
+| literals.rb:147:1:147:40 | "foobar\\\\foobar\\\\foobar\\\\fooba..." | StringLiteral | 6 | literals.rb:147:26:147:31 | foobar | StringTextComponent |
+| literals.rb:147:1:147:40 | "foobar\\\\foobar\\\\foobar\\\\fooba..." | StringLiteral | 7 | literals.rb:147:32:147:33 | \\\\ | StringEscapeSequenceComponent |
+| literals.rb:147:1:147:40 | "foobar\\\\foobar\\\\foobar\\\\fooba..." | StringLiteral | 8 | literals.rb:147:34:147:39 | foobar | StringTextComponent |
 stringInterpolations
 | literals.rb:58:10:58:19 | #{...} | 0 | literals.rb:58:13:58:17 | ... + ... | AddExpr |
 | literals.rb:59:12:59:21 | #{...} | 0 | literals.rb:59:15:59:19 | ... + ... | AddExpr |
diff --git a/ql/test/library-tests/ast/literals/literals.rb b/ql/test/library-tests/ast/literals/literals.rb
index 9fb06a84129..2202223c9bf 100644
--- a/ql/test/library-tests/ast/literals/literals.rb
+++ b/ql/test/library-tests/ast/literals/literals.rb
@@ -139,4 +139,9 @@ TRUE
 %r:foo:i
 %r{foo+\sbar\S}
 %r{foo#{ 1 + 1 }bar}  # interpolation
-%r:foo:mxo
\ No newline at end of file
+%r:foo:mxo
+
+# long strings
+'abcdefghijklmnopqrstuvwxyzabcdef'  # 32 chars, should not be truncated
+'foobarfoobarfoobarfoobarfoobarfoo' # 33 chars, should be truncated
+"foobar\\foobar\\foobar\\foobar\\foobar" # several short components, but long enough overall to be truncated