add a returnsFormatted predicate to the printf model, similar to the JS implementation

erik-krogh · erik-krogh · commit 6de1abcb0ef4 · 2022-10-17T13:16:38.000+02:00
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/StringFormatters.qll b/ruby/ql/lib/codeql/ruby/frameworks/StringFormatters.qll
@@ -21,6 +21,9 @@ abstract class PrintfStyleCall extends DataFlow::CallNode {
    * Gets then `n`th formatted argument of this call.
    */
   DataFlow::Node getFormatArgument(int n) { n >= 0 and result = this.getArgument(n + 1) }
+
+  /** Holds if this call returns the formatted string. */
+  predicate returnsFormatted() { any() }
 }
 
 /**
@@ -46,6 +49,8 @@ class KernelPrintfCall extends PrintfStyleCall {
     then result = this.getArgument(0)
     else result = this.getArgument([0, 1])
   }
+
+  override predicate returnsFormatted() { none() }
 }
 
 /**
@@ -58,6 +63,8 @@ class KernelSprintfCall extends PrintfStyleCall {
     this.asExpr().getExpr() instanceof UnknownMethodCall and
     this.getMethodName() = "sprintf"
   }
+
+  override predicate returnsFormatted() { any() }
 }
 
 /**
@@ -67,4 +74,6 @@ class IOPrintfCall extends PrintfStyleCall {
   IOPrintfCall() {
     this.getReceiver() instanceof IO::IOInstance and this.getMethodName() = "printf"
   }
+
+  override predicate returnsFormatted() { none() }
 }

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,9 @@ abstract class PrintfStyleCall extends DataFlow::CallNode {`
`21`	`21`	* Gets then `n`th formatted argument of this call.
`22`	`22`	`*/`
`23`	`23`	`DataFlow::Node getFormatArgument(int n) { n >= 0 and result = this.getArgument(n + 1) }`
	`24`	`+`
	`25`	`+ /** Holds if this call returns the formatted string. */`
	`26`	`+ predicate returnsFormatted() { any() }`
`24`	`27`	`}`
`25`	`28`
`26`	`29`	`/**`
`@@ -46,6 +49,8 @@ class KernelPrintfCall extends PrintfStyleCall {`
`46`	`49`	`then result = this.getArgument(0)`
`47`	`50`	`else result = this.getArgument([0, 1])`
`48`	`51`	`}`
	`52`	`+`
	`53`	`+ override predicate returnsFormatted() { none() }`
`49`	`54`	`}`
`50`	`55`
`51`	`56`	`/**`
`@@ -58,6 +63,8 @@ class KernelSprintfCall extends PrintfStyleCall {`
`58`	`63`	`this.asExpr().getExpr() instanceof UnknownMethodCall and`
`59`	`64`	`this.getMethodName() = "sprintf"`
`60`	`65`	`}`
	`66`	`+`
	`67`	`+ override predicate returnsFormatted() { any() }`
`61`	`68`	`}`
`62`	`69`
`63`	`70`	`/**`
`@@ -67,4 +74,6 @@ class IOPrintfCall extends PrintfStyleCall {`
`67`	`74`	`IOPrintfCall() {`
`68`	`75`	`this.getReceiver() instanceof IO::IOInstance and this.getMethodName() = "printf"`
`69`	`76`	`}`
	`77`	`+`
	`78`	`+ override predicate returnsFormatted() { none() }`
`70`	`79`	`}`