add a runsImmediately predicate to CodeExecution (name chosen by Copilot)

erik-krogh · erik-krogh · commit 2a72e8909011 · 2022-10-19T12:30:47.000+02:00
diff --git a/ruby/ql/lib/codeql/ruby/Concepts.qll b/ruby/ql/lib/codeql/ruby/Concepts.qll
@@ -701,6 +701,9 @@ module SystemCommandExecution {
 class CodeExecution extends DataFlow::Node instanceof CodeExecution::Range {
   /** Gets the argument that specifies the code to be executed. */
   DataFlow::Node getCode() { result = super.getCode() }
+
+  /** Holds if this execution immediately runs the input as code, as opposed to loading some code using the input as a "path". */
+  predicate runsImmediately() { super.runsImmediately() }
 }
 
 /** Provides a class for modeling new dynamic code execution APIs. */
@@ -714,6 +717,9 @@ module CodeExecution {
   abstract class Range extends DataFlow::Node {
     /** Gets the argument that specifies the code to be executed. */
     abstract DataFlow::Node getCode();
+
+    /** Holds if this execution immediately runs the input as code, as opposed to loading some code using the input as a "path". */
+    predicate runsImmediately() { any() }
   }
 }
 
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveJob.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveJob.qll
@@ -25,6 +25,8 @@ module ActiveJob {
       }
 
       override DataFlow::Node getCode() { result = this.getArgument(0) }
+
+      override predicate runsImmediately() { none() }
     }
   }
 }
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveStorage.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveStorage.qll
@@ -221,5 +221,7 @@ module ActiveStorage {
     }
 
     override DataFlow::Node getCode() { result = this.getArgument(0) }
+
+    override predicate runsImmediately() { none() }
   }
 }
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
@@ -35,6 +35,8 @@ module ActiveSupport {
         }
 
         override DataFlow::Node getCode() { result = this.getReceiver() }
+
+        override predicate runsImmediately() { none() }
       }
 
       /**
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
@@ -166,6 +166,8 @@ module Kernel {
     SendCallCodeExecution() { this.getMethodName() = "send" }
 
     override DataFlow::Node getCode() { result = this.getArgument(0) }
+
+    override predicate runsImmediately() { none() }
   }
 
   private class TapSummary extends SimpleSummarizedCallable {
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Module.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Module.qll
@@ -42,5 +42,7 @@ module Module {
     }
 
     override DataFlow::Node getCode() { result = this.getArgument(0) }
+
+    override predicate runsImmediately() { none() }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -701,6 +701,9 @@ module SystemCommandExecution {`
`701`	`701`	`class CodeExecution extends DataFlow::Node instanceof CodeExecution::Range {`
`702`	`702`	`/** Gets the argument that specifies the code to be executed. */`
`703`	`703`	`DataFlow::Node getCode() { result = super.getCode() }`
	`704`	`+`
	`705`	`+ /** Holds if this execution immediately runs the input as code, as opposed to loading some code using the input as a "path". */`
	`706`	`+ predicate runsImmediately() { super.runsImmediately() }`
`704`	`707`	`}`
`705`	`708`
`706`	`709`	`/** Provides a class for modeling new dynamic code execution APIs. */`
`@@ -714,6 +717,9 @@ module CodeExecution {`
`714`	`717`	`abstract class Range extends DataFlow::Node {`
`715`	`718`	`/** Gets the argument that specifies the code to be executed. */`
`716`	`719`	`abstract DataFlow::Node getCode();`
	`720`	`+`
	`721`	`+ /** Holds if this execution immediately runs the input as code, as opposed to loading some code using the input as a "path". */`
	`722`	`+ predicate runsImmediately() { any() }`
`717`	`723`	`}`
`718`	`724`	`}`
`719`	`725`
Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,8 @@ module ActiveJob {`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`override DataFlow::Node getCode() { result = this.getArgument(0) }`
	`28`	`+`
	`29`	`+ override predicate runsImmediately() { none() }`
`28`	`30`	`}`
`29`	`31`	`}`
`30`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -221,5 +221,7 @@ module ActiveStorage {`
`221`	`221`	`}`
`222`	`222`
`223`	`223`	`override DataFlow::Node getCode() { result = this.getArgument(0) }`
	`224`	`+`
	`225`	`+ override predicate runsImmediately() { none() }`
`224`	`226`	`}`
`225`	`227`	`}`
Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,8 @@ module ActiveSupport {`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`override DataFlow::Node getCode() { result = this.getReceiver() }`
	`38`	`+`
	`39`	`+ override predicate runsImmediately() { none() }`
`38`	`40`	`}`
`39`	`41`
`40`	`42`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -166,6 +166,8 @@ module Kernel {`
`166`	`166`	`SendCallCodeExecution() { this.getMethodName() = "send" }`
`167`	`167`
`168`	`168`	`override DataFlow::Node getCode() { result = this.getArgument(0) }`
	`169`	`+`
	`170`	`+ override predicate runsImmediately() { none() }`
`169`	`171`	`}`
`170`	`172`
`171`	`173`	`private class TapSummary extends SimpleSummarizedCallable {`
Original file line number	Diff line number	Diff line change
`@@ -42,5 +42,7 @@ module Module {`
`42`	`42`	`}`
`43`	`43`
`44`	`44`	`override DataFlow::Node getCode() { result = this.getArgument(0) }`
	`45`	`+`
	`46`	`+ override predicate runsImmediately() { none() }`
`45`	`47`	`}`
`46`	`48`	`}`