Ruby: Add note about WithElement usage

hmac · hmac · commit f49507e59a8d · 2022-11-25T16:55:37.000+13:00
diff --git a/ruby/ql/docs/flow_summaries.md b/ruby/ql/docs/flow_summaries.md
@@ -255,5 +255,22 @@ sink a[0]
 sink a[1] # $ hasValueFlow=1
 ```
 
+It is also important to note that in a summary such as
+
+```ql
+input = "Argument[self].WithoutElement[0]" and
+output = "ReturnValue"
+```
+
+if `Argument[self]` contains data, it will be copied to `ReturnValue`. If you only want to copy data in elements, and not in the container itself, add `WithElement[any]` to the input path:
+
+```ql
+input = "Argument[self].WithoutElement[0].WithElement[any]" and
+output = "ReturnValue"
+```
+
+See tests 53 and 54 for examples of this behaviour.
+
+
 
 [^1]: I've chosen this name to avoid overloading the word "argument".
diff --git a/ruby/ql/test/library-tests/dataflow/flow-summaries/semantics.expected b/ruby/ql/test/library-tests/dataflow/flow-summaries/semantics.expected
@@ -868,6 +868,42 @@ edges
 | semantics.rb:496:9:496:15 | call to s53 [element :bar] :  | semantics.rb:499:10:499:10 | x [element :bar] :  |
 | semantics.rb:499:10:499:10 | x [element :bar] :  | semantics.rb:499:10:499:16 | ...[...] |
 | semantics.rb:499:10:499:10 | x [element :bar] :  | semantics.rb:499:10:499:16 | ...[...] |
+| semantics.rb:501:10:501:20 | call to source :  | semantics.rb:501:10:501:26 | call to s53 |
+| semantics.rb:501:10:501:20 | call to source :  | semantics.rb:501:10:501:26 | call to s53 |
+| semantics.rb:505:5:505:5 | [post] h [element :foo] :  | semantics.rb:506:5:506:5 | h [element :foo] :  |
+| semantics.rb:505:5:505:5 | [post] h [element :foo] :  | semantics.rb:506:5:506:5 | h [element :foo] :  |
+| semantics.rb:505:15:505:25 | call to source :  | semantics.rb:505:5:505:5 | [post] h [element :foo] :  |
+| semantics.rb:505:15:505:25 | call to source :  | semantics.rb:505:5:505:5 | [post] h [element :foo] :  |
+| semantics.rb:506:5:506:5 | [post] h [element :bar] :  | semantics.rb:510:10:510:10 | h [element :bar] :  |
+| semantics.rb:506:5:506:5 | [post] h [element :bar] :  | semantics.rb:510:10:510:10 | h [element :bar] :  |
+| semantics.rb:506:5:506:5 | [post] h [element :bar] :  | semantics.rb:512:9:512:9 | h [element :bar] :  |
+| semantics.rb:506:5:506:5 | [post] h [element :bar] :  | semantics.rb:512:9:512:9 | h [element :bar] :  |
+| semantics.rb:506:5:506:5 | [post] h [element :foo] :  | semantics.rb:509:10:509:10 | h [element :foo] :  |
+| semantics.rb:506:5:506:5 | [post] h [element :foo] :  | semantics.rb:509:10:509:10 | h [element :foo] :  |
+| semantics.rb:506:5:506:5 | h [element :foo] :  | semantics.rb:506:5:506:5 | [post] h [element :foo] :  |
+| semantics.rb:506:5:506:5 | h [element :foo] :  | semantics.rb:506:5:506:5 | [post] h [element :foo] :  |
+| semantics.rb:506:15:506:25 | call to source :  | semantics.rb:506:5:506:5 | [post] h [element :bar] :  |
+| semantics.rb:506:15:506:25 | call to source :  | semantics.rb:506:5:506:5 | [post] h [element :bar] :  |
+| semantics.rb:507:5:507:5 | [post] h [element] :  | semantics.rb:509:10:509:10 | h [element] :  |
+| semantics.rb:507:5:507:5 | [post] h [element] :  | semantics.rb:509:10:509:10 | h [element] :  |
+| semantics.rb:507:5:507:5 | [post] h [element] :  | semantics.rb:510:10:510:10 | h [element] :  |
+| semantics.rb:507:5:507:5 | [post] h [element] :  | semantics.rb:510:10:510:10 | h [element] :  |
+| semantics.rb:507:12:507:22 | call to source :  | semantics.rb:507:5:507:5 | [post] h [element] :  |
+| semantics.rb:507:12:507:22 | call to source :  | semantics.rb:507:5:507:5 | [post] h [element] :  |
+| semantics.rb:509:10:509:10 | h [element :foo] :  | semantics.rb:509:10:509:16 | ...[...] |
+| semantics.rb:509:10:509:10 | h [element :foo] :  | semantics.rb:509:10:509:16 | ...[...] |
+| semantics.rb:509:10:509:10 | h [element] :  | semantics.rb:509:10:509:16 | ...[...] |
+| semantics.rb:509:10:509:10 | h [element] :  | semantics.rb:509:10:509:16 | ...[...] |
+| semantics.rb:510:10:510:10 | h [element :bar] :  | semantics.rb:510:10:510:16 | ...[...] |
+| semantics.rb:510:10:510:10 | h [element :bar] :  | semantics.rb:510:10:510:16 | ...[...] |
+| semantics.rb:510:10:510:10 | h [element] :  | semantics.rb:510:10:510:16 | ...[...] |
+| semantics.rb:510:10:510:10 | h [element] :  | semantics.rb:510:10:510:16 | ...[...] |
+| semantics.rb:512:9:512:9 | h [element :bar] :  | semantics.rb:512:9:512:15 | call to s54 [element :bar] :  |
+| semantics.rb:512:9:512:9 | h [element :bar] :  | semantics.rb:512:9:512:15 | call to s54 [element :bar] :  |
+| semantics.rb:512:9:512:15 | call to s54 [element :bar] :  | semantics.rb:515:10:515:10 | x [element :bar] :  |
+| semantics.rb:512:9:512:15 | call to s54 [element :bar] :  | semantics.rb:515:10:515:10 | x [element :bar] :  |
+| semantics.rb:515:10:515:10 | x [element :bar] :  | semantics.rb:515:10:515:16 | ...[...] |
+| semantics.rb:515:10:515:10 | x [element :bar] :  | semantics.rb:515:10:515:16 | ...[...] |
 nodes
 | semantics.rb:2:9:2:18 | call to source :  | semmle.label | call to source :  |
 | semantics.rb:2:9:2:18 | call to source :  | semmle.label | call to source :  |
@@ -1820,4 +1856,44 @@ nodes
 | semantics.rb:499:10:499:10 | x [element :bar] :  | semmle.label | x [element :bar] :  |
 | semantics.rb:499:10:499:16 | ...[...] | semmle.label | ...[...] |
 | semantics.rb:499:10:499:16 | ...[...] | semmle.label | ...[...] |
+| semantics.rb:501:10:501:20 | call to source :  | semmle.label | call to source :  |
+| semantics.rb:501:10:501:20 | call to source :  | semmle.label | call to source :  |
+| semantics.rb:501:10:501:26 | call to s53 | semmle.label | call to s53 |
+| semantics.rb:501:10:501:26 | call to s53 | semmle.label | call to s53 |
+| semantics.rb:505:5:505:5 | [post] h [element :foo] :  | semmle.label | [post] h [element :foo] :  |
+| semantics.rb:505:5:505:5 | [post] h [element :foo] :  | semmle.label | [post] h [element :foo] :  |
+| semantics.rb:505:15:505:25 | call to source :  | semmle.label | call to source :  |
+| semantics.rb:505:15:505:25 | call to source :  | semmle.label | call to source :  |
+| semantics.rb:506:5:506:5 | [post] h [element :bar] :  | semmle.label | [post] h [element :bar] :  |
+| semantics.rb:506:5:506:5 | [post] h [element :bar] :  | semmle.label | [post] h [element :bar] :  |
+| semantics.rb:506:5:506:5 | [post] h [element :foo] :  | semmle.label | [post] h [element :foo] :  |
+| semantics.rb:506:5:506:5 | [post] h [element :foo] :  | semmle.label | [post] h [element :foo] :  |
+| semantics.rb:506:5:506:5 | h [element :foo] :  | semmle.label | h [element :foo] :  |
+| semantics.rb:506:5:506:5 | h [element :foo] :  | semmle.label | h [element :foo] :  |
+| semantics.rb:506:15:506:25 | call to source :  | semmle.label | call to source :  |
+| semantics.rb:506:15:506:25 | call to source :  | semmle.label | call to source :  |
+| semantics.rb:507:5:507:5 | [post] h [element] :  | semmle.label | [post] h [element] :  |
+| semantics.rb:507:5:507:5 | [post] h [element] :  | semmle.label | [post] h [element] :  |
+| semantics.rb:507:12:507:22 | call to source :  | semmle.label | call to source :  |
+| semantics.rb:507:12:507:22 | call to source :  | semmle.label | call to source :  |
+| semantics.rb:509:10:509:10 | h [element :foo] :  | semmle.label | h [element :foo] :  |
+| semantics.rb:509:10:509:10 | h [element :foo] :  | semmle.label | h [element :foo] :  |
+| semantics.rb:509:10:509:10 | h [element] :  | semmle.label | h [element] :  |
+| semantics.rb:509:10:509:10 | h [element] :  | semmle.label | h [element] :  |
+| semantics.rb:509:10:509:16 | ...[...] | semmle.label | ...[...] |
+| semantics.rb:509:10:509:16 | ...[...] | semmle.label | ...[...] |
+| semantics.rb:510:10:510:10 | h [element :bar] :  | semmle.label | h [element :bar] :  |
+| semantics.rb:510:10:510:10 | h [element :bar] :  | semmle.label | h [element :bar] :  |
+| semantics.rb:510:10:510:10 | h [element] :  | semmle.label | h [element] :  |
+| semantics.rb:510:10:510:10 | h [element] :  | semmle.label | h [element] :  |
+| semantics.rb:510:10:510:16 | ...[...] | semmle.label | ...[...] |
+| semantics.rb:510:10:510:16 | ...[...] | semmle.label | ...[...] |
+| semantics.rb:512:9:512:9 | h [element :bar] :  | semmle.label | h [element :bar] :  |
+| semantics.rb:512:9:512:9 | h [element :bar] :  | semmle.label | h [element :bar] :  |
+| semantics.rb:512:9:512:15 | call to s54 [element :bar] :  | semmle.label | call to s54 [element :bar] :  |
+| semantics.rb:512:9:512:15 | call to s54 [element :bar] :  | semmle.label | call to s54 [element :bar] :  |
+| semantics.rb:515:10:515:10 | x [element :bar] :  | semmle.label | x [element :bar] :  |
+| semantics.rb:515:10:515:10 | x [element :bar] :  | semmle.label | x [element :bar] :  |
+| semantics.rb:515:10:515:16 | ...[...] | semmle.label | ...[...] |
+| semantics.rb:515:10:515:16 | ...[...] | semmle.label | ...[...] |
 subpaths
diff --git a/ruby/ql/test/library-tests/dataflow/flow-summaries/semantics.ql b/ruby/ql/test/library-tests/dataflow/flow-summaries/semantics.ql
@@ -569,6 +569,19 @@ private class S53 extends Summary {
   S53() { this = "s53" }
 
   override predicate propagates(string input, string output) {
-    input = "Argument[self].WithoutElement[:foo]" and output = "ReturnValue"
+    input = "Argument[self].WithoutElement[:foo]" and
+    output = "ReturnValue"
+  }
+}
+
+/**
+ * `WithoutElement` 11
+ */
+private class S54 extends Summary {
+  S54() { this = "s54" }
+
+  override predicate propagates(string input, string output) {
+    input = "Argument[self].WithoutElement[:foo].WithElement[any]" and
+    output = "ReturnValue"
   }
 }
diff --git a/ruby/ql/test/library-tests/dataflow/flow-summaries/semantics.rb b/ruby/ql/test/library-tests/dataflow/flow-summaries/semantics.rb
@@ -497,4 +497,22 @@ def m53(i, h)
     
     sink x[:foo]
     sink x[:bar] # $ hasValueFlow=b
+
+    sink(source("d").s53()) # $ hasValueFlow=d
+end
+
+def m54(i, h)
+    h[:foo] = source("a")
+    h[:bar] = source("b")
+    h[i] = source("c")
+
+    sink h[:foo] # $ hasValueFlow=a hasValueFlow=c
+    sink h[:bar] # $ hasValueFlow=b hasValueFlow=c
+
+    x = h.s54()
+
+    sink x[:foo]
+    sink x[:bar] # $ hasValueFlow=b
+
+    sink(source("d").s54())
 end
