Ruby: Include more nodes in {Hash,Array}LiteralCfgNode

hvitved · hvitved · commit 475d8da3426e · 2023-11-14T13:50:46.000+01:00
diff --git a/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll b/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll
@@ -960,8 +960,7 @@ module ExprNodes {
       exists(ConstantReadAccess array |
         array = this.getReceiver().getExpr() and
         e.(MethodCall).getMethodName() = "[]" and
-        array.getName() = "Array" and
-        array.hasGlobalScope()
+        array.getModule().getQualifiedName() = "Array"
       )
     }
   }
@@ -975,11 +974,10 @@ module ExprNodes {
     override string getAPrimaryQlClass() { result = "HashLiteralCfgNode" }
 
     HashLiteralCfgNode() {
-      exists(ConstantReadAccess array |
-        array = this.getReceiver().getExpr() and
+      exists(ConstantReadAccess hash |
+        hash = this.getReceiver().getExpr() and
         e.(MethodCall).getMethodName() = "[]" and
-        array.getName() = "Hash" and
-        array.hasGlobalScope()
+        hash.getModule().getQualifiedName() = "Hash"
       )
     }
 
diff --git a/ruby/ql/test/library-tests/dataflow/hash-flow/hash-flow.expected b/ruby/ql/test/library-tests/dataflow/hash-flow/hash-flow.expected
@@ -42,10 +42,10 @@ edges
 | hash_flow.rb:44:10:44:13 | hash [element 0] | hash_flow.rb:44:10:44:16 | ...[...] |
 | hash_flow.rb:46:10:46:13 | hash [element :a] | hash_flow.rb:46:10:46:17 | ...[...] |
 | hash_flow.rb:48:10:48:13 | hash [element a] | hash_flow.rb:48:10:48:18 | ...[...] |
-| hash_flow.rb:55:5:55:9 | hash1 [hash-splat position :a] | hash_flow.rb:56:10:56:14 | hash1 [hash-splat position :a] |
-| hash_flow.rb:55:13:55:37 | ...[...] [hash-splat position :a] | hash_flow.rb:55:5:55:9 | hash1 [hash-splat position :a] |
-| hash_flow.rb:55:21:55:30 | call to taint | hash_flow.rb:55:13:55:37 | ...[...] [hash-splat position :a] |
-| hash_flow.rb:56:10:56:14 | hash1 [hash-splat position :a] | hash_flow.rb:56:10:56:18 | ...[...] |
+| hash_flow.rb:55:5:55:9 | hash1 [element :a] | hash_flow.rb:56:10:56:14 | hash1 [element :a] |
+| hash_flow.rb:55:13:55:37 | ...[...] [element :a] | hash_flow.rb:55:5:55:9 | hash1 [element :a] |
+| hash_flow.rb:55:21:55:30 | call to taint | hash_flow.rb:55:13:55:37 | ...[...] [element :a] |
+| hash_flow.rb:56:10:56:14 | hash1 [element :a] | hash_flow.rb:56:10:56:18 | ...[...] |
 | hash_flow.rb:59:5:59:5 | x [element :a] | hash_flow.rb:60:18:60:18 | x [element :a] |
 | hash_flow.rb:59:13:59:22 | call to taint | hash_flow.rb:59:5:59:5 | x [element :a] |
 | hash_flow.rb:60:5:60:9 | hash2 [element :a] | hash_flow.rb:61:10:61:14 | hash2 [element :a] |
@@ -62,10 +62,10 @@ edges
 | hash_flow.rb:68:13:68:39 | ...[...] [element :a] | hash_flow.rb:68:5:68:9 | hash4 [element :a] |
 | hash_flow.rb:68:22:68:31 | call to taint | hash_flow.rb:68:13:68:39 | ...[...] [element :a] |
 | hash_flow.rb:69:10:69:14 | hash4 [element :a] | hash_flow.rb:69:10:69:18 | ...[...] |
-| hash_flow.rb:72:5:72:9 | hash5 [hash-splat position a] | hash_flow.rb:73:10:73:14 | hash5 [hash-splat position a] |
-| hash_flow.rb:72:13:72:45 | ...[...] [hash-splat position a] | hash_flow.rb:72:5:72:9 | hash5 [hash-splat position a] |
-| hash_flow.rb:72:25:72:34 | call to taint | hash_flow.rb:72:13:72:45 | ...[...] [hash-splat position a] |
-| hash_flow.rb:73:10:73:14 | hash5 [hash-splat position a] | hash_flow.rb:73:10:73:19 | ...[...] |
+| hash_flow.rb:72:5:72:9 | hash5 [element a] | hash_flow.rb:73:10:73:14 | hash5 [element a] |
+| hash_flow.rb:72:13:72:45 | ...[...] [element a] | hash_flow.rb:72:5:72:9 | hash5 [element a] |
+| hash_flow.rb:72:25:72:34 | call to taint | hash_flow.rb:72:13:72:45 | ...[...] [element a] |
+| hash_flow.rb:73:10:73:14 | hash5 [element a] | hash_flow.rb:73:10:73:19 | ...[...] |
 | hash_flow.rb:76:5:76:9 | hash6 [element a] | hash_flow.rb:77:10:77:14 | hash6 [element a] |
 | hash_flow.rb:76:13:76:47 | ...[...] [element a] | hash_flow.rb:76:5:76:9 | hash6 [element a] |
 | hash_flow.rb:76:26:76:35 | call to taint | hash_flow.rb:76:13:76:47 | ...[...] [element a] |
@@ -1015,10 +1015,10 @@ nodes
 | hash_flow.rb:46:10:46:17 | ...[...] | semmle.label | ...[...] |
 | hash_flow.rb:48:10:48:13 | hash [element a] | semmle.label | hash [element a] |
 | hash_flow.rb:48:10:48:18 | ...[...] | semmle.label | ...[...] |
-| hash_flow.rb:55:5:55:9 | hash1 [hash-splat position :a] | semmle.label | hash1 [hash-splat position :a] |
-| hash_flow.rb:55:13:55:37 | ...[...] [hash-splat position :a] | semmle.label | ...[...] [hash-splat position :a] |
+| hash_flow.rb:55:5:55:9 | hash1 [element :a] | semmle.label | hash1 [element :a] |
+| hash_flow.rb:55:13:55:37 | ...[...] [element :a] | semmle.label | ...[...] [element :a] |
 | hash_flow.rb:55:21:55:30 | call to taint | semmle.label | call to taint |
-| hash_flow.rb:56:10:56:14 | hash1 [hash-splat position :a] | semmle.label | hash1 [hash-splat position :a] |
+| hash_flow.rb:56:10:56:14 | hash1 [element :a] | semmle.label | hash1 [element :a] |
 | hash_flow.rb:56:10:56:18 | ...[...] | semmle.label | ...[...] |
 | hash_flow.rb:59:5:59:5 | x [element :a] | semmle.label | x [element :a] |
 | hash_flow.rb:59:13:59:22 | call to taint | semmle.label | call to taint |
@@ -1039,10 +1039,10 @@ nodes
 | hash_flow.rb:68:22:68:31 | call to taint | semmle.label | call to taint |
 | hash_flow.rb:69:10:69:14 | hash4 [element :a] | semmle.label | hash4 [element :a] |
 | hash_flow.rb:69:10:69:18 | ...[...] | semmle.label | ...[...] |
-| hash_flow.rb:72:5:72:9 | hash5 [hash-splat position a] | semmle.label | hash5 [hash-splat position a] |
-| hash_flow.rb:72:13:72:45 | ...[...] [hash-splat position a] | semmle.label | ...[...] [hash-splat position a] |
+| hash_flow.rb:72:5:72:9 | hash5 [element a] | semmle.label | hash5 [element a] |
+| hash_flow.rb:72:13:72:45 | ...[...] [element a] | semmle.label | ...[...] [element a] |
 | hash_flow.rb:72:25:72:34 | call to taint | semmle.label | call to taint |
-| hash_flow.rb:73:10:73:14 | hash5 [hash-splat position a] | semmle.label | hash5 [hash-splat position a] |
+| hash_flow.rb:73:10:73:14 | hash5 [element a] | semmle.label | hash5 [element a] |
 | hash_flow.rb:73:10:73:19 | ...[...] | semmle.label | ...[...] |
 | hash_flow.rb:76:5:76:9 | hash6 [element a] | semmle.label | hash6 [element a] |
 | hash_flow.rb:76:13:76:47 | ...[...] [element a] | semmle.label | ...[...] [element a] |

Original file line number	Diff line number	Diff line change
`@@ -960,8 +960,7 @@ module ExprNodes {`
`960`	`960`	`exists(ConstantReadAccess array \|`
`961`	`961`	`array = this.getReceiver().getExpr() and`
`962`	`962`	`e.(MethodCall).getMethodName() = "[]" and`
`963`		`- array.getName() = "Array" and`
`964`		`- array.hasGlobalScope()`
	`963`	`+ array.getModule().getQualifiedName() = "Array"`
`965`	`964`	`)`
`966`	`965`	`}`
`967`	`966`	`}`
`@@ -975,11 +974,10 @@ module ExprNodes {`
`975`	`974`	`override string getAPrimaryQlClass() { result = "HashLiteralCfgNode" }`
`976`	`975`
`977`	`976`	`HashLiteralCfgNode() {`
`978`		`- exists(ConstantReadAccess array \|`
`979`		`- array = this.getReceiver().getExpr() and`
	`977`	`+ exists(ConstantReadAccess hash \|`
	`978`	`+ hash = this.getReceiver().getExpr() and`
`980`	`979`	`e.(MethodCall).getMethodName() = "[]" and`
`981`		`- array.getName() = "Hash" and`
`982`		`- array.hasGlobalScope()`
	`980`	`+ hash.getModule().getQualifiedName() = "Hash"`
`983`	`981`	`)`
`984`	`982`	`}`
`985`	`983`