Ruby: Fix in clause barrier guard

hmac · hmac · commit f1b63c4df31a · 2022-11-09T16:10:17.000+13:00
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/BarrierGuards.qll b/ruby/ql/lib/codeql/ruby/dataflow/BarrierGuards.qll
@@ -159,42 +159,44 @@ private predicate stringConstCaseCompare(
   branch = true and
   exists(CfgNodes::ExprNodes::CaseExprCfgNode case |
     case.getValue() = testedNode and
-    exists(CfgNodes::ExprNodes::WhenClauseCfgNode branchNode |
-      branchNode = case.getBranch(_) and
-      guard = branchNode.getPattern(_) and
-      // For simplicity, consider patterns that contain only string literals or arrays of string literals
-      forall(ExprCfgNode pattern | pattern = branchNode.getPattern(_) |
-        // when "foo"
-        // when "foo", "bar"
-        pattern instanceof ExprNodes::StringLiteralCfgNode
-        or
-        exists(CfgNodes::ExprNodes::SplatExprCfgNode splat | splat = pattern |
-          // when *["foo", "bar"]
-          forex(ExprCfgNode elem |
-            elem = splat.getOperand().(ExprNodes::ArrayLiteralCfgNode).getAnArgument()
-          |
-            elem instanceof ExprNodes::StringLiteralCfgNode
-          )
+    (
+      exists(CfgNodes::ExprNodes::WhenClauseCfgNode branchNode |
+        branchNode = case.getBranch(_) and
+        guard = branchNode.getPattern(_) and
+        // For simplicity, consider patterns that contain only string literals or arrays of string literals
+        forall(ExprCfgNode pattern | pattern = branchNode.getPattern(_) |
+          // when "foo"
+          // when "foo", "bar"
+          pattern instanceof ExprNodes::StringLiteralCfgNode
           or
-          // when *some_var
-          // when *SOME_CONST
-          exists(ExprNodes::ArrayLiteralCfgNode arr |
-            isArrayConstant(splat.getOperand(), arr) and
-            forall(ExprCfgNode elem | elem = arr.getAnArgument() |
+          exists(CfgNodes::ExprNodes::SplatExprCfgNode splat | splat = pattern |
+            // when *["foo", "bar"]
+            forex(ExprCfgNode elem |
+              elem = splat.getOperand().(ExprNodes::ArrayLiteralCfgNode).getAnArgument()
+            |
               elem instanceof ExprNodes::StringLiteralCfgNode
             )
+            or
+            // when *some_var
+            // when *SOME_CONST
+            exists(ExprNodes::ArrayLiteralCfgNode arr |
+              isArrayConstant(splat.getOperand(), arr) and
+              forall(ExprCfgNode elem | elem = arr.getAnArgument() |
+                elem instanceof ExprNodes::StringLiteralCfgNode
+              )
+            )
           )
         )
       )
-    )
-    or
-    // in "foo"
-    exists(
-      CfgNodes::ExprNodes::InClauseCfgNode branchNode, ExprNodes::StringLiteralCfgNode pattern
-    |
-      branchNode = case.getBranch(_) and
-      pattern = branchNode.getPattern() and
-      guard = pattern
+      or
+      // in "foo"
+      exists(
+        CfgNodes::ExprNodes::InClauseCfgNode branchNode, ExprNodes::StringLiteralCfgNode pattern
+      |
+        branchNode = case.getBranch(_) and
+        pattern = branchNode.getPattern() and
+        guard = pattern
+      )
     )
   )
 }
diff --git a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.expected b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.expected
@@ -123,3 +123,4 @@ controls
 | barrier-guards.rb:207:4:207:8 | "foo" | barrier-guards.rb:209:1:210:7 | in ... then ... | no-match |
 | barrier-guards.rb:207:4:207:8 | "foo" | barrier-guards.rb:210:5:210:7 | foo | no-match |
 | barrier-guards.rb:209:4:209:4 | x | barrier-guards.rb:210:5:210:7 | foo | match |
+| barrier-guards.rb:214:4:214:8 | "foo" | barrier-guards.rb:215:5:215:7 | foo | match |
diff --git a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.rb b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.rb
@@ -209,3 +209,8 @@
 in x
     foo
 end
+
+case bar
+in "foo"
+    foo
+end
