Ruby: Avoid SummarizedCallable::propagatesFlowExt being recursive

hvitved · hvitved · commit 367aa35d8c9c · 2022-12-11T20:37:23.000+01:00
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll
@@ -140,10 +140,9 @@ module Array {
     }
   }
 
-  private class SetDifferenceSummary extends SummarizedCallable {
-    SetDifferenceSummary() { this = "-" }
-
-    override SubExpr getACallSimple() { any() }
+  abstract private class DifferenceSummaryShared extends SummarizedCallable {
+    bindingset[this]
+    DifferenceSummaryShared() { any() }
 
     override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
       input = "Argument[self].Element[any]" and
@@ -152,6 +151,12 @@ module Array {
     }
   }
 
+  private class SetDifferenceSummary extends DifferenceSummaryShared {
+    SetDifferenceSummary() { this = "-" }
+
+    override SubExpr getACallSimple() { any() }
+  }
+
   /** Flow summary for `Array#<<`. For `Array#append`, see `PushSummary`. */
   private class AppendOperatorSummary extends SummarizedCallable {
     AppendOperatorSummary() { this = "<<" }
@@ -687,14 +692,8 @@ module Array {
     }
   }
 
-  private class DifferenceSummary extends SimpleSummarizedCallable {
+  private class DifferenceSummary extends DifferenceSummaryShared, SimpleSummarizedCallable {
     DifferenceSummary() { this = "difference" }
-
-    override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
-      // `Array#difference` and `Array#-` do not behave exactly the same way,
-      // but we model their flow the same way.
-      any(SetDifferenceSummary s).propagatesFlowExt(input, output, preservesValue)
-    }
   }
 
   private string getDigArg(MethodCall dig, int i) {

Original file line number	Diff line number	Diff line change
`@@ -140,10 +140,9 @@ module Array {`
`140`	`140`	`}`
`141`	`141`	`}`
`142`	`142`
`143`		`- private class SetDifferenceSummary extends SummarizedCallable {`
`144`		`- SetDifferenceSummary() { this = "-" }`
`145`		`-`
`146`		`- override SubExpr getACallSimple() { any() }`
	`143`	`+ abstract private class DifferenceSummaryShared extends SummarizedCallable {`
	`144`	`+ bindingset[this]`
	`145`	`+ DifferenceSummaryShared() { any() }`
`147`	`146`
`148`	`147`	`override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {`
`149`	`148`	`input = "Argument[self].Element[any]" and`
`@@ -152,6 +151,12 @@ module Array {`
`152`	`151`	`}`
`153`	`152`	`}`
`154`	`153`
	`154`	`+ private class SetDifferenceSummary extends DifferenceSummaryShared {`
	`155`	`+ SetDifferenceSummary() { this = "-" }`
	`156`	`+`
	`157`	`+ override SubExpr getACallSimple() { any() }`
	`158`	`+ }`
	`159`	`+`
`155`	`160`	/** Flow summary for `Array#<<`. For `Array#append`, see `PushSummary`. */
`156`	`161`	`private class AppendOperatorSummary extends SummarizedCallable {`
`157`	`162`	`AppendOperatorSummary() { this = "<<" }`
`@@ -687,14 +692,8 @@ module Array {`
`687`	`692`	`}`
`688`	`693`	`}`
`689`	`694`
`690`		`- private class DifferenceSummary extends SimpleSummarizedCallable {`
	`695`	`+ private class DifferenceSummary extends DifferenceSummaryShared, SimpleSummarizedCallable {`
`691`	`696`	`DifferenceSummary() { this = "difference" }`
`692`		`-`
`693`		`- override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {`
`694`		- // `Array#difference` and `Array#-` do not behave exactly the same way,
`695`		`- // but we model their flow the same way.`
`696`		`- any(SetDifferenceSummary s).propagatesFlowExt(input, output, preservesValue)`
`697`		`- }`
`698`	`697`	`}`
`699`	`698`
`700`	`699`	`private string getDigArg(MethodCall dig, int i) {`