specialize allowImplicitRead in unsafe-shell-command-construction to fix performance

erik-krogh · erik-krogh · commit 4307889b1f9b · 2023-03-14T08:42:11.000+01:00
diff --git a/ruby/ql/lib/codeql/ruby/security/UnsafeShellCommandConstructionQuery.qll b/ruby/ql/lib/codeql/ruby/security/UnsafeShellCommandConstructionQuery.qll
@@ -33,8 +33,11 @@ class Configuration extends TaintTracking::Configuration {
     result instanceof DataFlow::FeatureHasSourceCallContext
   }
 
-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
+  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet set) {
+    // allow implicit reads of array elements
     this.isSink(node) and
-    c.isKnownOrUnknownElement(_)
+    set.isKnownOrUnknownElement(any(DataFlow::Content::KnownElementContent content |
+        content.getIndex().getValueType() = "int"
+      ))
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -33,8 +33,11 @@ class Configuration extends TaintTracking::Configuration {`
`33`	`33`	`result instanceof DataFlow::FeatureHasSourceCallContext`
`34`	`34`	`}`
`35`	`35`
`36`		`- override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {`
	`36`	`+ override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet set) {`
	`37`	`+ // allow implicit reads of array elements`
`37`	`38`	`this.isSink(node) and`
`38`		`- c.isKnownOrUnknownElement(_)`
	`39`	`+ set.isKnownOrUnknownElement(any(DataFlow::Content::KnownElementContent content \|`
	`40`	`+ content.getIndex().getValueType() = "int"`
	`41`	`+ ))`
`39`	`42`	`}`
`40`	`43`	`}`