Ruby: fix some more spurious call edges

asgerf · asgerf · commit a06cc30f0560 · 2022-10-14T10:11:22.000+02:00
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
@@ -413,8 +413,17 @@ private module Cached {
           //   end
           // end
           // ```
-          selfInMethod(sourceNode.(SsaSelfDefinitionNode).getVariable(), any(SingletonMethod sm),
-            m.getSuperClass*())
+          exists(Module target |
+            target = m.getSuperClass*() and
+            selfInMethod(sourceNode.(SsaSelfDefinitionNode).getVariable(), any(SingletonMethod sm),
+              target) and
+            // Singleton methods declared in a block in the top-level may spuriously end up being seen as singleton
+            // methods on Object, if the block is actually evaluated in the context of another class.
+            // The 'self' inside such a singleton method could then be any class, leading to self-calls
+            // being resolved to arbitrary singleton methods.
+            // To remedy this, we do not allow following super-classes all the way to Object.
+            not (m != target and target = TResolved("Object"))
+          )
         )
       )
       or
diff --git a/ruby/ql/test/library-tests/modules/callgraph.expected b/ruby/ql/test/library-tests/modules/callgraph.expected
@@ -265,8 +265,6 @@ getTarget
 | private.rb:104:1:104:20 | call to new | calls.rb:117:5:117:16 | new |
 | private.rb:104:1:104:28 | call to call_m1 | private.rb:91:3:93:5 | call_m1 |
 | private.rb:105:1:105:20 | call to new | calls.rb:117:5:117:16 | new |
-| toplevel_self_singleton.rb:13:9:13:27 | call to ab_singleton_method | toplevel_self_singleton.rb:3:9:4:11 | ab_singleton_method |
-| toplevel_self_singleton.rb:19:9:19:27 | call to ab_singleton_method | toplevel_self_singleton.rb:3:9:4:11 | ab_singleton_method |
 unresolvedCall
 | calls.rb:23:9:23:19 | call to singleton_m |
 | calls.rb:26:9:26:18 | call to instance_m |
@@ -355,7 +353,9 @@ unresolvedCall
 | private.rb:105:1:105:23 | call to m1 |
 | toplevel_self_singleton.rb:8:1:15:3 | call to do_something |
 | toplevel_self_singleton.rb:10:9:10:27 | call to ab_singleton_method |
+| toplevel_self_singleton.rb:13:9:13:27 | call to ab_singleton_method |
 | toplevel_self_singleton.rb:17:12:21:1 | call to new |
+| toplevel_self_singleton.rb:19:9:19:27 | call to ab_singleton_method |
 privateMethod
 | calls.rb:1:1:3:3 | foo |
 | calls.rb:39:1:41:3 | call_instance_m |
