Merge pull request #15498 from hvitved/ruby/ctx-sensitivity-test

hvitved · web-flow · commit 8972133d4b6c · 2024-02-01T12:46:53.000+01:00
Ruby: Add another dataflow test
diff --git a/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected b/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected
@@ -92,6 +92,11 @@ edges
 | call_sensitivity.rb:199:16:199:23 | call to taint | call_sensitivity.rb:199:15:199:24 | ( ... ) |
 | call_sensitivity.rb:199:30:199:30 | x | call_sensitivity.rb:200:8:200:8 | x |
 | call_sensitivity.rb:203:26:203:26 | x | call_sensitivity.rb:204:8:204:8 | x |
+| call_sensitivity.rb:207:16:207:16 | y | call_sensitivity.rb:209:9:209:9 | y |
+| call_sensitivity.rb:209:9:209:9 | y | call_sensitivity.rb:214:9:214:9 | x |
+| call_sensitivity.rb:214:9:214:9 | x | call_sensitivity.rb:215:10:215:10 | x |
+| call_sensitivity.rb:222:15:222:24 | ( ... ) | call_sensitivity.rb:207:16:207:16 | y |
+| call_sensitivity.rb:222:16:222:23 | call to taint | call_sensitivity.rb:222:15:222:24 | ( ... ) |
 nodes
 | call_sensitivity.rb:9:6:9:14 | ( ... ) | semmle.label | ( ... ) |
 | call_sensitivity.rb:9:7:9:13 | call to taint | semmle.label | call to taint |
@@ -191,6 +196,12 @@ nodes
 | call_sensitivity.rb:200:8:200:8 | x | semmle.label | x |
 | call_sensitivity.rb:203:26:203:26 | x | semmle.label | x |
 | call_sensitivity.rb:204:8:204:8 | x | semmle.label | x |
+| call_sensitivity.rb:207:16:207:16 | y | semmle.label | y |
+| call_sensitivity.rb:209:9:209:9 | y | semmle.label | y |
+| call_sensitivity.rb:214:9:214:9 | x | semmle.label | x |
+| call_sensitivity.rb:215:10:215:10 | x | semmle.label | x |
+| call_sensitivity.rb:222:15:222:24 | ( ... ) | semmle.label | ( ... ) |
+| call_sensitivity.rb:222:16:222:23 | call to taint | semmle.label | call to taint |
 subpaths
 #select
 | call_sensitivity.rb:9:6:9:14 | ( ... ) | call_sensitivity.rb:9:7:9:13 | call to taint | call_sensitivity.rb:9:6:9:14 | ( ... ) | $@ | call_sensitivity.rb:9:7:9:13 | call to taint | call to taint |
@@ -218,6 +229,7 @@ subpaths
 | call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:187:12:187:19 | call to taint | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:187:12:187:19 | call to taint | call to taint |
 | call_sensitivity.rb:200:8:200:8 | x | call_sensitivity.rb:199:16:199:23 | call to taint | call_sensitivity.rb:200:8:200:8 | x | $@ | call_sensitivity.rb:199:16:199:23 | call to taint | call to taint |
 | call_sensitivity.rb:204:8:204:8 | x | call_sensitivity.rb:199:16:199:23 | call to taint | call_sensitivity.rb:204:8:204:8 | x | $@ | call_sensitivity.rb:199:16:199:23 | call to taint | call to taint |
+| call_sensitivity.rb:215:10:215:10 | x | call_sensitivity.rb:222:16:222:23 | call to taint | call_sensitivity.rb:215:10:215:10 | x | $@ | call_sensitivity.rb:222:16:222:23 | call to taint | call to taint |
 mayBenefitFromCallContext
 | call_sensitivity.rb:6:5:6:21 | call to puts |
 | call_sensitivity.rb:22:5:22:18 | call to call |
@@ -245,6 +257,9 @@ mayBenefitFromCallContext
 | call_sensitivity.rb:175:3:175:12 | call to new |
 | call_sensitivity.rb:183:5:183:25 | call to puts |
 | call_sensitivity.rb:194:3:196:5 | call to invoke_block1 |
+| call_sensitivity.rb:208:6:208:21 | call to respond_to? |
+| call_sensitivity.rb:209:5:209:9 | call to m |
+| call_sensitivity.rb:215:5:215:10 | call to sink |
 viableImplInCallContext
 | call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:5:1:7:3 | sink |
 | call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:5:1:7:3 | sink |
@@ -302,3 +317,5 @@ viableImplInCallContext
 | call_sensitivity.rb:175:3:175:12 | call to new | call_sensitivity.rb:179:1:179:20 | call to create | call_sensitivity.rb:156:3:158:5 | initialize |
 | call_sensitivity.rb:194:3:196:5 | call to invoke_block1 | call_sensitivity.rb:199:1:201:3 | call to invoke_block2 | call_sensitivity.rb:189:1:191:3 | invoke_block1 |
 | call_sensitivity.rb:194:3:196:5 | call to invoke_block1 | call_sensitivity.rb:203:1:205:3 | call to invoke_block2 | call_sensitivity.rb:189:1:191:3 | invoke_block1 |
+| call_sensitivity.rb:209:5:209:9 | call to m | call_sensitivity.rb:222:1:222:25 | call to call_m | call_sensitivity.rb:214:3:216:5 | m |
+| call_sensitivity.rb:215:5:215:10 | call to sink | call_sensitivity.rb:209:5:209:9 | call to m | call_sensitivity.rb:5:1:7:3 | sink |
diff --git a/ruby/ql/test/library-tests/dataflow/call-sensitivity/call_sensitivity.rb b/ruby/ql/test/library-tests/dataflow/call-sensitivity/call_sensitivity.rb
@@ -203,3 +203,21 @@ def invoke_block2 x
 invoke_block2 "safe" do |x|
   sink x # $ SPURIOUS hasValueFlow=37
 end
+
+def call_m (x, y)
+  if x.respond_to? :m
+    x.m y
+  end
+end
+
+class D
+  def m x
+    sink x # $ hasValueFlow=38
+  end
+end
+
+class E
+end
+
+call_m(D.new, (taint 38))
+call_m(E.new, (taint 39))
