Merge pull request github#10745 from hvitved/ruby/cache-library-flow

hvitved · web-flow · commit 9f2f6ac49124 · 2022-10-10T13:08:36.000+02:00
Ruby: Cache use of `DataFlowImplFor(Pathname|HttpClientLibraries)`
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Excon.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Excon.qll
@@ -70,6 +70,7 @@ class ExconHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode
     )
   }
 
+  cached
   override predicate disablesCertificateValidation(
     DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
   ) {
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll
@@ -71,6 +71,7 @@ class FaradayHttpRequest extends Http::Client::Request::Range, DataFlow::CallNod
     )
   }
 
+  cached
   override predicate disablesCertificateValidation(
     DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
   ) {
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/HttpClient.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/HttpClient.qll
@@ -61,6 +61,7 @@ class HttpClientRequest extends Http::Client::Request::Range, DataFlow::CallNode
           .getArgument(0)
   }
 
+  cached
   override predicate disablesCertificateValidation(
     DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
   ) {
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Httparty.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Httparty.qll
@@ -53,6 +53,7 @@ class HttpartyRequest extends Http::Client::Request::Range, DataFlow::CallNode {
     result = this.getKeywordArgumentIncludeHashArgument(["verify", "verify_peer"])
   }
 
+  cached
   override predicate disablesCertificateValidation(
     DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
   ) {
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll
@@ -80,6 +80,7 @@ class NetHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode {
     )
   }
 
+  cached
   override predicate disablesCertificateValidation(
     DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
   ) {
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/OpenURI.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/OpenURI.qll
@@ -42,6 +42,7 @@ class OpenUriRequest extends Http::Client::Request::Range, DataFlow::CallNode {
     result = this.getKeywordArgumentIncludeHashArgument("ssl_verify_mode")
   }
 
+  cached
   override predicate disablesCertificateValidation(
     DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
   ) {
@@ -91,6 +92,7 @@ class OpenUriKernelOpenRequest extends Http::Client::Request::Range, DataFlow::C
     )
   }
 
+  cached
   override predicate disablesCertificateValidation(
     DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
   ) {
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/RestClient.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/RestClient.qll
@@ -54,6 +54,7 @@ class RestClientHttpRequest extends Http::Client::Request::Range, DataFlow::Call
     )
   }
 
+  cached
   override predicate disablesCertificateValidation(
     DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
   ) {
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Typhoeus.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Typhoeus.qll
@@ -34,6 +34,7 @@ class TyphoeusHttpRequest extends Http::Client::Request::Range, DataFlow::CallNo
     result = this.getKeywordArgumentIncludeHashArgument("ssl_verifypeer")
   }
 
+  cached
   override predicate disablesCertificateValidation(
     DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
   ) {
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/stdlib/Pathname.qll b/ruby/ql/lib/codeql/ruby/frameworks/stdlib/Pathname.qll
@@ -27,6 +27,7 @@ module Pathname {
    * Every `PathnameInstance` is considered to be a `FileNameSource`.
    */
   class PathnameInstance extends FileNameSource {
+    cached
     PathnameInstance() { any(PathnameConfiguration c).hasFlowTo(this) }
   }
 

Original file line number	Diff line number	Diff line change
`@@ -70,6 +70,7 @@ class ExconHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode`
`70`	`70`	`)`
`71`	`71`	`}`
`72`	`72`
	`73`	`+ cached`
`73`	`74`	`override predicate disablesCertificateValidation(`
`74`	`75`	`DataFlow::Node disablingNode, DataFlow::Node argumentOrigin`
`75`	`76`	`) {`
Original file line number	Diff line number	Diff line change
`@@ -71,6 +71,7 @@ class FaradayHttpRequest extends Http::Client::Request::Range, DataFlow::CallNod`
`71`	`71`	`)`
`72`	`72`	`}`
`73`	`73`
	`74`	`+ cached`
`74`	`75`	`override predicate disablesCertificateValidation(`
`75`	`76`	`DataFlow::Node disablingNode, DataFlow::Node argumentOrigin`
`76`	`77`	`) {`
Original file line number	Diff line number	Diff line change
`@@ -61,6 +61,7 @@ class HttpClientRequest extends Http::Client::Request::Range, DataFlow::CallNode`
`61`	`61`	`.getArgument(0)`
`62`	`62`	`}`
`63`	`63`
	`64`	`+ cached`
`64`	`65`	`override predicate disablesCertificateValidation(`
`65`	`66`	`DataFlow::Node disablingNode, DataFlow::Node argumentOrigin`
`66`	`67`	`) {`
Original file line number	Diff line number	Diff line change
`@@ -53,6 +53,7 @@ class HttpartyRequest extends Http::Client::Request::Range, DataFlow::CallNode {`
`53`	`53`	`result = this.getKeywordArgumentIncludeHashArgument(["verify", "verify_peer"])`
`54`	`54`	`}`
`55`	`55`
	`56`	`+ cached`
`56`	`57`	`override predicate disablesCertificateValidation(`
`57`	`58`	`DataFlow::Node disablingNode, DataFlow::Node argumentOrigin`
`58`	`59`	`) {`
Original file line number	Diff line number	Diff line change
`@@ -80,6 +80,7 @@ class NetHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode {`
`80`	`80`	`)`
`81`	`81`	`}`
`82`	`82`
	`83`	`+ cached`
`83`	`84`	`override predicate disablesCertificateValidation(`
`84`	`85`	`DataFlow::Node disablingNode, DataFlow::Node argumentOrigin`
`85`	`86`	`) {`
Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,7 @@ class OpenUriRequest extends Http::Client::Request::Range, DataFlow::CallNode {`
`42`	`42`	`result = this.getKeywordArgumentIncludeHashArgument("ssl_verify_mode")`
`43`	`43`	`}`
`44`	`44`
	`45`	`+ cached`
`45`	`46`	`override predicate disablesCertificateValidation(`
`46`	`47`	`DataFlow::Node disablingNode, DataFlow::Node argumentOrigin`
`47`	`48`	`) {`
`@@ -91,6 +92,7 @@ class OpenUriKernelOpenRequest extends Http::Client::Request::Range, DataFlow::C`
`91`	`92`	`)`
`92`	`93`	`}`
`93`	`94`
	`95`	`+ cached`
`94`	`96`	`override predicate disablesCertificateValidation(`
`95`	`97`	`DataFlow::Node disablingNode, DataFlow::Node argumentOrigin`
`96`	`98`	`) {`
Original file line number	Diff line number	Diff line change
`@@ -54,6 +54,7 @@ class RestClientHttpRequest extends Http::Client::Request::Range, DataFlow::Call`
`54`	`54`	`)`
`55`	`55`	`}`
`56`	`56`
	`57`	`+ cached`
`57`	`58`	`override predicate disablesCertificateValidation(`
`58`	`59`	`DataFlow::Node disablingNode, DataFlow::Node argumentOrigin`
`59`	`60`	`) {`
Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,7 @@ class TyphoeusHttpRequest extends Http::Client::Request::Range, DataFlow::CallNo`
`34`	`34`	`result = this.getKeywordArgumentIncludeHashArgument("ssl_verifypeer")`
`35`	`35`	`}`
`36`	`36`
	`37`	`+ cached`
`37`	`38`	`override predicate disablesCertificateValidation(`
`38`	`39`	`DataFlow::Node disablingNode, DataFlow::Node argumentOrigin`
`39`	`40`	`) {`
Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@ module Pathname {`
`27`	`27`	* Every `PathnameInstance` is considered to be a `FileNameSource`.
`28`	`28`	`*/`
`29`	`29`	`class PathnameInstance extends FileNameSource {`
	`30`	`+ cached`
`30`	`31`	`PathnameInstance() { any(PathnameConfiguration c).hasFlowTo(this) }`
`31`	`32`	`}`
`32`	`33`