mirror of
https://github.com/github/codeql.git
synced 2026-04-22 15:25:18 +02:00
5fff9fa8da
We now precisely track flow from positional arguments to splat
parameters, provided that splat arguments are not used and there are no
positional parameters after the splat parameter. For example, in this
case:
def f(x, y, *z); end
f(a, b, c, d)
we get flow from `c` to `z[0]` and `d` to `z[1]`.
We get false flow if there are positional parameters after the splat
parameter. For example in this case:
def g(x, y, *z, w); end
g(a, b, c, d)
we get flow from `d` to `z[0]` instead of `w`.
We also track flow in this case
def f(a, *b)
sink b[0]
end
f(1, *[taint, 2])
Ruby analysis support for CodeQL
This directory contains the extractor, CodeQL libraries, and queries that power Ruby support in CodeQL products that GitHub makes available to its customers worldwide.
It contains two major components:
- static analysis libraries and queries written in CodeQL that can be used to analyze such a database to find coding mistakes or security vulnerabilities.
- an extractor, written in Rust, that parses Ruby source code and converts it into a database that can be queried using CodeQL. See Developer information for information on building the extractor (you do not need to do this if you are only developing queries).