Merge pull request github#10836 from asgerf/rb/fix-spurious-singleton-calls

Ruby: fix spurious singleton calls

Author: asgerf

ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll

@@ -368,14 +368,24 @@ private module Cached {
   }
 
   /**
-   * Holds if a `self` access may be the receiver of `call` inside some method, where
+   * Holds if a `self` access may be the receiver of `call` inside some singleton method, where
    * that method belongs to `m` or one of `m`'s transitive super classes.
    */
   pragma[nomagic]
-  private predicate selfInMethodFlowsToMethodCallReceiver(RelevantCall call, Module m, string method) {
-    exists(SsaSelfDefinitionNode self |
+  private predicate selfInSingletonMethodFlowsToMethodCallReceiver(
+    RelevantCall call, Module m, string method
+  ) {
+    exists(SsaSelfDefinitionNode self, Module target, MethodBase caller |
       flowsToMethodCallReceiver(call, self, method) and
-      selfInMethod(self.getVariable(), _, m.getSuperClass*())
+      target = m.getSuperClass*() and
+      selfInMethod(self.getVariable(), caller, target) and
+      singletonMethod(caller, _, _) and
+      // Singleton methods declared in a block in the top-level may spuriously end up being seen as singleton
+      // methods on Object, if the block is actually evaluated in the context of another class.
+      // The 'self' inside such a singleton method could then be any class, leading to self-calls
+      // being resolved to arbitrary singleton methods.
+      // To remedy this, we do not allow following super-classes all the way to Object.
+      not (m != target and target = TResolved("Object"))
     )
   }
 
@@ -454,7 +464,7 @@ private module Cached {
         //   end
         // end
         // ```
-        selfInMethodFlowsToMethodCallReceiver(call, m, method)
+        selfInSingletonMethodFlowsToMethodCallReceiver(call, m, method)
       )
     )
     or

ruby/ql/test/library-tests/modules/ancestors.expected

@@ -110,6 +110,15 @@ calls.rb:
 #  538| ProtectedMethodsSub
 #-----| super -> ProtectedMethods
 
+#  552| SingletonUpCall_Base
+#-----| super -> Object
+
+#  556| SingletonUpCall_Sub
+#-----| super -> SingletonUpCall_Base
+
+#  564| SingletonUpCall_SubSub
+#-----| super -> SingletonUpCall_Sub
+
 hello.rb:
 #    1| EnglishWords
 
@@ -204,9 +213,6 @@ modules_rec.rb:
 #    1| B::A
 #-----| super -> Object
 
-#    4| A::B
-#-----| super -> Object
-
 private.rb:
 #    1| E
 #-----| super -> Object
@@ -218,3 +224,9 @@ private.rb:
 
 #   96| PrivateOverride2
 #-----| super -> PrivateOverride1
+
+toplevel_self_singleton.rb:
+#    2| A::B
+#-----| super -> Object
+
+#   24| Good

ruby/ql/test/library-tests/modules/callgraph.expected

@@ -8,7 +8,6 @@ getTarget
 | calls.rb:17:1:17:8 | call to bar | calls.rb:13:1:15:3 | bar |
 | calls.rb:19:1:19:8 | call to foo | calls.rb:1:1:3:3 | foo |
 | calls.rb:19:1:19:8 | call to foo | calls.rb:85:1:89:3 | foo |
-| calls.rb:23:9:23:19 | call to singleton_m | calls.rb:25:5:27:7 | singleton_m |
 | calls.rb:32:5:32:15 | call to singleton_m | calls.rb:25:5:27:7 | singleton_m |
 | calls.rb:33:5:33:20 | call to singleton_m | calls.rb:25:5:27:7 | singleton_m |
 | calls.rb:37:1:37:13 | call to singleton_m | calls.rb:25:5:27:7 | singleton_m |
@@ -77,7 +76,6 @@ getTarget
 | calls.rb:224:9:224:24 | call to singleton_g | calls.rb:236:1:238:3 | singleton_g |
 | calls.rb:224:9:224:24 | call to singleton_g | calls.rb:243:1:245:3 | singleton_g |
 | calls.rb:224:9:224:24 | call to singleton_g | calls.rb:251:5:253:7 | singleton_g |
-| calls.rb:224:9:224:24 | call to singleton_g | calls.rb:267:1:269:3 | singleton_g |
 | calls.rb:228:1:228:22 | call to singleton_a | calls.rb:191:5:194:7 | singleton_a |
 | calls.rb:229:1:229:22 | call to singleton_f | calls.rb:218:9:220:11 | singleton_f |
 | calls.rb:231:6:231:19 | call to new | calls.rb:117:5:117:16 | new |
@@ -215,6 +213,10 @@ getTarget
 | calls.rb:549:2:549:6 | call to new | calls.rb:117:5:117:16 | new |
 | calls.rb:549:20:549:24 | call to baz | calls.rb:51:5:57:7 | baz |
 | calls.rb:550:26:550:37 | call to capitalize | calls.rb:97:5:97:23 | capitalize |
+| calls.rb:557:5:557:13 | call to singleton | calls.rb:553:5:554:7 | singleton |
+| calls.rb:560:9:560:17 | call to singleton | calls.rb:553:5:554:7 | singleton |
+| calls.rb:561:9:561:18 | call to singleton2 | calls.rb:565:5:566:7 | singleton2 |
+| calls.rb:568:5:568:14 | call to mid_method | calls.rb:559:5:562:7 | mid_method |
 | hello.rb:12:5:12:24 | call to include | calls.rb:108:5:110:7 | include |
 | hello.rb:14:16:14:20 | call to hello | hello.rb:2:5:4:7 | hello |
 | hello.rb:20:16:20:20 | call to super | hello.rb:13:5:15:7 | message |
@@ -263,7 +265,10 @@ getTarget
 | private.rb:104:1:104:20 | call to new | calls.rb:117:5:117:16 | new |
 | private.rb:104:1:104:28 | call to call_m1 | private.rb:91:3:93:5 | call_m1 |
 | private.rb:105:1:105:20 | call to new | calls.rb:117:5:117:16 | new |
+| toplevel_self_singleton.rb:30:13:30:19 | call to call_me | toplevel_self_singleton.rb:26:9:27:11 | call_me |
+| toplevel_self_singleton.rb:31:13:31:20 | call to call_you | toplevel_self_singleton.rb:29:9:32:11 | call_you |
 unresolvedCall
+| calls.rb:23:9:23:19 | call to singleton_m |
 | calls.rb:26:9:26:18 | call to instance_m |
 | calls.rb:29:5:29:14 | call to instance_m |
 | calls.rb:30:5:30:19 | call to instance_m |
@@ -334,6 +339,7 @@ unresolvedCall
 | calls.rb:549:1:549:26 | call to each |
 | calls.rb:550:1:550:13 | call to [] |
 | calls.rb:550:1:550:39 | call to each |
+| calls.rb:558:5:558:14 | call to singleton2 |
 | hello.rb:20:16:20:26 | ... + ... |
 | hello.rb:20:16:20:34 | ... + ... |
 | hello.rb:20:16:20:40 | ... + ... |
@@ -347,6 +353,11 @@ unresolvedCall
 | private.rb:57:1:57:14 | call to private4 |
 | private.rb:100:7:100:29 | call to m1 |
 | private.rb:105:1:105:23 | call to m1 |
+| toplevel_self_singleton.rb:8:1:16:3 | call to do_something |
+| toplevel_self_singleton.rb:10:9:10:27 | call to ab_singleton_method |
+| toplevel_self_singleton.rb:14:9:14:27 | call to ab_singleton_method |
+| toplevel_self_singleton.rb:18:12:22:1 | call to new |
+| toplevel_self_singleton.rb:20:9:20:27 | call to ab_singleton_method |
 privateMethod
 | calls.rb:1:1:3:3 | foo |
 | calls.rb:39:1:41:3 | call_instance_m |
@@ -377,6 +388,7 @@ privateMethod
 | private.rb:83:11:85:5 | m1 |
 | private.rb:87:11:89:5 | m2 |
 | private.rb:97:11:101:5 | m1 |
+| toplevel_self_singleton.rb:9:5:11:7 | method_in_block |
 publicMethod
 | calls.rb:7:1:9:3 | bar |
 | calls.rb:13:1:15:3 | bar |
@@ -435,6 +447,9 @@ publicMethod
 | calls.rb:485:5:487:7 | singleton |
 | calls.rb:526:5:531:7 | baz |
 | calls.rb:539:5:542:7 | baz |
+| calls.rb:553:5:554:7 | singleton |
+| calls.rb:559:5:562:7 | mid_method |
+| calls.rb:565:5:566:7 | singleton2 |
 | hello.rb:2:5:4:7 | hello |
 | hello.rb:5:5:7:7 | world |
 | hello.rb:13:5:15:7 | message |
@@ -456,6 +471,11 @@ publicMethod
 | private.rb:38:3:39:5 | public3 |
 | private.rb:66:3:67:5 | public |
 | private.rb:91:3:93:5 | call_m1 |
+| toplevel_self_singleton.rb:3:9:4:11 | ab_singleton_method |
+| toplevel_self_singleton.rb:13:5:15:7 | method_in_block |
+| toplevel_self_singleton.rb:19:5:21:7 | method_in_struct |
+| toplevel_self_singleton.rb:26:9:27:11 | call_me |
+| toplevel_self_singleton.rb:29:9:32:11 | call_you |
 protectedMethod
 | calls.rb:514:15:516:7 | foo |
 | calls.rb:522:15:524:7 | bar |

ruby/ql/test/library-tests/modules/calls.rb

@@ -548,3 +548,22 @@ def baz
 
 [C.new].each { |c| c.baz }
 ["a","b","c"].each { |s| s.capitalize }
+
+class SingletonUpCall_Base
+    def self.singleton
+    end
+end
+class SingletonUpCall_Sub < SingletonUpCall_Base
+    singleton
+    singleton2 # should not resolve
+    def self.mid_method
+        singleton
+        singleton2 # should resolve
+    end
+end
+class SingletonUpCall_SubSub < SingletonUpCall_Sub
+    def self.singleton2
+    end
+
+    mid_method
+end

ruby/ql/test/library-tests/modules/methods.expected

@@ -390,6 +390,48 @@ lookupMethod
 | calls.rb:538:1:543:3 | ProtectedMethodsSub | private_on_main | calls.rb:185:1:186:3 | private_on_main |
 | calls.rb:538:1:543:3 | ProtectedMethodsSub | puts | calls.rb:102:5:102:30 | puts |
 | calls.rb:538:1:543:3 | ProtectedMethodsSub | to_s | calls.rb:172:5:173:7 | to_s |
+| calls.rb:552:1:555:3 | SingletonUpCall_Base | add_singleton | calls.rb:367:1:371:3 | add_singleton |
+| calls.rb:552:1:555:3 | SingletonUpCall_Base | call_block | calls.rb:81:1:83:3 | call_block |
+| calls.rb:552:1:555:3 | SingletonUpCall_Base | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
+| calls.rb:552:1:555:3 | SingletonUpCall_Base | create | calls.rb:278:1:286:3 | create |
+| calls.rb:552:1:555:3 | SingletonUpCall_Base | foo | calls.rb:1:1:3:3 | foo |
+| calls.rb:552:1:555:3 | SingletonUpCall_Base | foo | calls.rb:85:1:89:3 | foo |
+| calls.rb:552:1:555:3 | SingletonUpCall_Base | funny | calls.rb:140:1:142:3 | funny |
+| calls.rb:552:1:555:3 | SingletonUpCall_Base | indirect | calls.rb:158:1:160:3 | indirect |
+| calls.rb:552:1:555:3 | SingletonUpCall_Base | new | calls.rb:117:5:117:16 | new |
+| calls.rb:552:1:555:3 | SingletonUpCall_Base | optional_arg | calls.rb:76:1:79:3 | optional_arg |
+| calls.rb:552:1:555:3 | SingletonUpCall_Base | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
+| calls.rb:552:1:555:3 | SingletonUpCall_Base | private_on_main | calls.rb:185:1:186:3 | private_on_main |
+| calls.rb:552:1:555:3 | SingletonUpCall_Base | puts | calls.rb:102:5:102:30 | puts |
+| calls.rb:552:1:555:3 | SingletonUpCall_Base | to_s | calls.rb:172:5:173:7 | to_s |
+| calls.rb:556:1:563:3 | SingletonUpCall_Sub | add_singleton | calls.rb:367:1:371:3 | add_singleton |
+| calls.rb:556:1:563:3 | SingletonUpCall_Sub | call_block | calls.rb:81:1:83:3 | call_block |
+| calls.rb:556:1:563:3 | SingletonUpCall_Sub | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
+| calls.rb:556:1:563:3 | SingletonUpCall_Sub | create | calls.rb:278:1:286:3 | create |
+| calls.rb:556:1:563:3 | SingletonUpCall_Sub | foo | calls.rb:1:1:3:3 | foo |
+| calls.rb:556:1:563:3 | SingletonUpCall_Sub | foo | calls.rb:85:1:89:3 | foo |
+| calls.rb:556:1:563:3 | SingletonUpCall_Sub | funny | calls.rb:140:1:142:3 | funny |
+| calls.rb:556:1:563:3 | SingletonUpCall_Sub | indirect | calls.rb:158:1:160:3 | indirect |
+| calls.rb:556:1:563:3 | SingletonUpCall_Sub | new | calls.rb:117:5:117:16 | new |
+| calls.rb:556:1:563:3 | SingletonUpCall_Sub | optional_arg | calls.rb:76:1:79:3 | optional_arg |
+| calls.rb:556:1:563:3 | SingletonUpCall_Sub | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
+| calls.rb:556:1:563:3 | SingletonUpCall_Sub | private_on_main | calls.rb:185:1:186:3 | private_on_main |
+| calls.rb:556:1:563:3 | SingletonUpCall_Sub | puts | calls.rb:102:5:102:30 | puts |
+| calls.rb:556:1:563:3 | SingletonUpCall_Sub | to_s | calls.rb:172:5:173:7 | to_s |
+| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | add_singleton | calls.rb:367:1:371:3 | add_singleton |
+| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | call_block | calls.rb:81:1:83:3 | call_block |
+| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
+| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | create | calls.rb:278:1:286:3 | create |
+| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | foo | calls.rb:1:1:3:3 | foo |
+| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | foo | calls.rb:85:1:89:3 | foo |
+| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | funny | calls.rb:140:1:142:3 | funny |
+| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | indirect | calls.rb:158:1:160:3 | indirect |
+| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | new | calls.rb:117:5:117:16 | new |
+| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | optional_arg | calls.rb:76:1:79:3 | optional_arg |
+| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
+| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | private_on_main | calls.rb:185:1:186:3 | private_on_main |
+| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | puts | calls.rb:102:5:102:30 | puts |
+| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | to_s | calls.rb:172:5:173:7 | to_s |
 | file://:0:0:0:0 | Class | include | calls.rb:108:5:110:7 | include |
 | file://:0:0:0:0 | Class | module_eval | calls.rb:107:5:107:24 | module_eval |
 | file://:0:0:0:0 | Class | new | calls.rb:117:5:117:16 | new |
@@ -476,9 +518,6 @@ lookupMethod
 | modules_rec.rb:1:1:2:3 | B::A | new | calls.rb:117:5:117:16 | new |
 | modules_rec.rb:1:1:2:3 | B::A | puts | calls.rb:102:5:102:30 | puts |
 | modules_rec.rb:1:1:2:3 | B::A | to_s | calls.rb:172:5:173:7 | to_s |
-| modules_rec.rb:4:1:5:3 | A::B | new | calls.rb:117:5:117:16 | new |
-| modules_rec.rb:4:1:5:3 | A::B | puts | calls.rb:102:5:102:30 | puts |
-| modules_rec.rb:4:1:5:3 | A::B | to_s | calls.rb:172:5:173:7 | to_s |
 | private.rb:1:1:49:3 | E | new | calls.rb:117:5:117:16 | new |
 | private.rb:1:1:49:3 | E | private1 | private.rb:2:11:3:5 | private1 |
 | private.rb:1:1:49:3 | E | private2 | private.rb:8:3:9:5 | private2 |
@@ -511,6 +550,9 @@ lookupMethod
 | private.rb:96:1:102:3 | PrivateOverride2 | private_on_main | private.rb:51:1:52:3 | private_on_main |
 | private.rb:96:1:102:3 | PrivateOverride2 | puts | calls.rb:102:5:102:30 | puts |
 | private.rb:96:1:102:3 | PrivateOverride2 | to_s | calls.rb:172:5:173:7 | to_s |
+| toplevel_self_singleton.rb:2:5:5:7 | A::B | new | calls.rb:117:5:117:16 | new |
+| toplevel_self_singleton.rb:2:5:5:7 | A::B | puts | calls.rb:102:5:102:30 | puts |
+| toplevel_self_singleton.rb:2:5:5:7 | A::B | to_s | calls.rb:172:5:173:7 | to_s |
 enclosingMethod
 | calls.rb:2:5:2:14 | call to puts | calls.rb:1:1:3:3 | foo |
 | calls.rb:2:5:2:14 | self | calls.rb:1:1:3:3 | foo |
@@ -842,6 +884,10 @@ enclosingMethod
 | calls.rb:541:9:541:27 | ProtectedMethodsSub | calls.rb:539:5:542:7 | baz |
 | calls.rb:541:9:541:31 | call to new | calls.rb:539:5:542:7 | baz |
 | calls.rb:541:9:541:35 | call to foo | calls.rb:539:5:542:7 | baz |
+| calls.rb:560:9:560:17 | call to singleton | calls.rb:559:5:562:7 | mid_method |
+| calls.rb:560:9:560:17 | self | calls.rb:559:5:562:7 | mid_method |
+| calls.rb:561:9:561:18 | call to singleton2 | calls.rb:559:5:562:7 | mid_method |
+| calls.rb:561:9:561:18 | self | calls.rb:559:5:562:7 | mid_method |
 | hello.rb:3:9:3:22 | return | hello.rb:2:5:4:7 | hello |
 | hello.rb:3:16:3:22 | "hello" | hello.rb:2:5:4:7 | hello |
 | hello.rb:3:17:3:21 | hello | hello.rb:2:5:4:7 | hello |
@@ -897,3 +943,13 @@ enclosingMethod
 | private.rb:100:7:100:22 | PrivateOverride1 | private.rb:97:11:101:5 | m1 |
 | private.rb:100:7:100:26 | call to new | private.rb:97:11:101:5 | m1 |
 | private.rb:100:7:100:29 | call to m1 | private.rb:97:11:101:5 | m1 |
+| toplevel_self_singleton.rb:10:9:10:27 | call to ab_singleton_method | toplevel_self_singleton.rb:9:5:11:7 | method_in_block |
+| toplevel_self_singleton.rb:10:9:10:27 | self | toplevel_self_singleton.rb:9:5:11:7 | method_in_block |
+| toplevel_self_singleton.rb:14:9:14:27 | call to ab_singleton_method | toplevel_self_singleton.rb:13:5:15:7 | method_in_block |
+| toplevel_self_singleton.rb:14:9:14:27 | self | toplevel_self_singleton.rb:13:5:15:7 | method_in_block |
+| toplevel_self_singleton.rb:20:9:20:27 | call to ab_singleton_method | toplevel_self_singleton.rb:19:5:21:7 | method_in_struct |
+| toplevel_self_singleton.rb:20:9:20:27 | self | toplevel_self_singleton.rb:19:5:21:7 | method_in_struct |
+| toplevel_self_singleton.rb:30:13:30:19 | call to call_me | toplevel_self_singleton.rb:29:9:32:11 | call_you |
+| toplevel_self_singleton.rb:30:13:30:19 | self | toplevel_self_singleton.rb:29:9:32:11 | call_you |
+| toplevel_self_singleton.rb:31:13:31:20 | call to call_you | toplevel_self_singleton.rb:29:9:32:11 | call_you |
+| toplevel_self_singleton.rb:31:13:31:20 | self | toplevel_self_singleton.rb:29:9:32:11 | call_you |