mirror of
https://github.com/github/codeql.git
synced 2026-04-21 23:14:03 +02:00
This query finds cases where a method memoizes its result but fails to include one or more of its parameters in the memoization key (or doesn't use memoization keys at all). This can lead to the method returning incorrect results when subsequently called with different arguments.
24 lines
694 B
Plaintext
24 lines
694 B
Plaintext
import ruby
|
|
import TestUtilities.InlineExpectationsTest
|
|
import codeql.ruby.security.ImproperMemoizationQuery
|
|
|
|
class ImproperMemoizationTest extends InlineExpectationsTest {
|
|
ImproperMemoizationTest() { this = "ImproperMemoizationTest" }
|
|
|
|
override string getARelevantTag() { result = "BAD" }
|
|
|
|
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
|
tag = "result" and
|
|
value = "BAD" and
|
|
exists(Expr e |
|
|
isImproperMemoizationMethod(e, _, _) and
|
|
location = e.getLocation() and
|
|
element = e.toString()
|
|
)
|
|
}
|
|
}
|
|
|
|
from Method m, Parameter p, AssignLogicalOrExpr s
|
|
where isImproperMemoizationMethod(m, p, s)
|
|
select m, p, s
|