Merge pull request #14225 from hvitved/ruby/fix-bad-join

hvitved · web-flow · commit 14561c414b73 · 2023-09-15T10:59:24.000+02:00
Ruby: Fix a bad join
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Sinatra.qll b/ruby/ql/lib/codeql/ruby/frameworks/Sinatra.qll
@@ -179,6 +179,12 @@ module Sinatra {
     }
   }
 
+  bindingset[local]
+  pragma[inline_late]
+  private predicate isPairKey(string local) {
+    local = any(Pair p).getKey().getConstantValue().getStringlikeValue()
+  }
+
   /**
    * A summary for accessing a local variable in an ERB template.
    * This is the second half of the modeling of the flow from the `locals`
@@ -192,7 +198,7 @@ module Sinatra {
     ErbLocalsAccessSummary() {
       this = "sinatra_erb_locals_access()" + global.getId() + "#" + local and
       local = any(MethodCall c | c.getLocation().getFile() = global.getErbFile()).getMethodName() and
-      local = any(Pair p).getKey().getConstantValue().getStringlikeValue()
+      isPairKey(local)
     }
 
     override MethodCall getACall() {

Original file line number	Diff line number	Diff line change
`@@ -179,6 +179,12 @@ module Sinatra {`
`179`	`179`	`}`
`180`	`180`	`}`
`181`	`181`
	`182`	`+ bindingset[local]`
	`183`	`+ pragma[inline_late]`
	`184`	`+ private predicate isPairKey(string local) {`
	`185`	`+ local = any(Pair p).getKey().getConstantValue().getStringlikeValue()`
	`186`	`+ }`
	`187`	`+`
`182`	`188`	`/**`
`183`	`189`	`* A summary for accessing a local variable in an ERB template.`
`184`	`190`	* This is the second half of the modeling of the flow from the `locals`
`@@ -192,7 +198,7 @@ module Sinatra {`
`192`	`198`	`ErbLocalsAccessSummary() {`
`193`	`199`	`this = "sinatra_erb_locals_access()" + global.getId() + "#" + local and`
`194`	`200`	`local = any(MethodCall c \| c.getLocation().getFile() = global.getErbFile()).getMethodName() and`
`195`		`- local = any(Pair p).getKey().getConstantValue().getStringlikeValue()`
	`201`	`+ isPairKey(local)`
`196`	`202`	`}`
`197`	`203`
`198`	`204`	`override MethodCall getACall() {`