mirror of
https://github.com/github/codeql.git
synced 2025-12-20 10:46:30 +01:00
07c70adde5
The flow summary for `String#sub` leads to two new results in this test. They are duplicates of existing results, because the query is quite liberal in what it considers a source. ```ruby password = "abc" password_masked = password.sub(/./, "x") Logger.new(STDOUT).info password_masked ``` In the example above, the query considers lines 1 and 2 to both be sources, with a sink at line 3. Previously there was no flow from line 1 to line 3 because of the missing flow summary for `String#sub`, and therefore there was just one result. Now we have the flow summary, there are two results. Line 2 is considered a source because it is an assignment to a variable that contains the term "password". I'm not sure how to adjust the query to avoid these duplicates, so I'm leaving them in for now.