Ruby: restrict AccessLocalsKeySummary to method calls against self

alexrford · alexrford · commit 03070c9fd0ca · 2023-01-20T13:40:19.000Z
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Rails.qll b/ruby/ql/lib/codeql/ruby/frameworks/Rails.qll
@@ -365,7 +365,8 @@ private class AccessLocalsKeySummary extends SummarizedCallable {
 
   override MethodCall getACall() {
     result.getLocation().getFile() = glob.getErbFile() and
-    result.getMethodName() = methodName
+    result.getMethodName() = methodName and
+    result.getReceiver() instanceof SelfVariableReadAccess
   }
 
   override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {

Original file line number	Diff line number	Diff line change
`@@ -365,7 +365,8 @@ private class AccessLocalsKeySummary extends SummarizedCallable {`
`365`	`365`
`366`	`366`	`override MethodCall getACall() {`
`367`	`367`	`result.getLocation().getFile() = glob.getErbFile() and`
`368`		`- result.getMethodName() = methodName`
	`368`	`+ result.getMethodName() = methodName and`
	`369`	`+ result.getReceiver() instanceof SelfVariableReadAccess`
`369`	`370`	`}`
`370`	`371`
`371`	`372`	`override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {`