Ruby: handle knownOrUnkown in default taint step

asgerf · asgerf · commit a60f510c85c3 · 2022-11-08T16:11:55.000+01:00
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll
@@ -105,6 +105,8 @@ private module Cached {
     exists(DataFlow::ContentSet c | readStep(nodeFrom, c, nodeTo) |
       c.isSingleton(any(DataFlow::Content::ElementContent ec))
       or
+      c.isKnownOrUnknownElement(any(DataFlow::Content::ElementContent ec))
+      or
       c.isAnyElement()
     )
   }

Original file line number	Diff line number	Diff line change
`@@ -105,6 +105,8 @@ private module Cached {`
`105`	`105`	`exists(DataFlow::ContentSet c \| readStep(nodeFrom, c, nodeTo) \|`
`106`	`106`	`c.isSingleton(any(DataFlow::Content::ElementContent ec))`
`107`	`107`	`or`
	`108`	`+ c.isKnownOrUnknownElement(any(DataFlow::Content::ElementContent ec))`
	`109`	`+ or`
`108`	`110`	`c.isAnyElement()`
`109`	`111`	`)`
`110`	`112`	`}`