Ruby: Include self parameters in type tracking flow-through logic

hvitved · hvitved · commit 826b6219a0bb · 2023-05-15T16:02:33.000+02:00
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll
@@ -940,6 +940,12 @@ private class NewCall extends DataFlowCall {
 abstract class ReturningNode extends Node {
   /** Gets the kind of this return node. */
   abstract ReturnKind getKind();
+
+  pragma[nomagic]
+  predicate hasKind(ReturnKind kind, CfgScope scope) {
+    kind = this.getKind() and
+    scope = this.(NodeImpl).getCfgScope()
+  }
 }
 
 /** A data-flow node that represents a value returned by a callable. */
@@ -1060,10 +1066,8 @@ private module ReturnNodes {
     SynthReturnNode() { this = TSynthReturnNode(scope, kind) }
 
     /** Gets a syntactic return node that flows into this synthetic node. */
-    ReturningNode getAnInput() {
-      result.(NodeImpl).getCfgScope() = scope and
-      result.getKind() = kind
-    }
+    pragma[nomagic]
+    ReturningNode getAnInput() { result.hasKind(kind, scope) }
 
     override ReturnKind getKind() { result = kind }
 
diff --git a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll
@@ -80,10 +80,8 @@ predicate jumpStep = DataFlowPrivate::jumpStep/2;
 pragma[nomagic]
 private predicate flowThrough(DataFlowPublic::ParameterNode param) {
   exists(DataFlowPrivate::ReturningNode returnNode, DataFlowDispatch::ReturnKind rk |
-    DataFlowPrivate::LocalFlow::getParameterDefNode(param.getParameter())
-        .(TypeTrackingNode)
-        .flowsTo(returnNode) and
-    rk = returnNode.getKind()
+    param.flowsTo(returnNode) and
+    returnNode.hasKind(rk, param.(DataFlowPrivate::NodeImpl).getCfgScope())
   |
     rk instanceof DataFlowDispatch::NormalReturnKind
     or
diff --git a/ruby/ql/test/library-tests/modules/callgraph.expected b/ruby/ql/test/library-tests/modules/callgraph.expected
@@ -153,6 +153,7 @@ getTarget
 | calls.rb:383:1:383:23 | call to instance | calls.rb:326:5:328:7 | instance |
 | calls.rb:383:1:383:23 | call to instance | calls.rb:336:5:338:7 | instance |
 | calls.rb:383:1:383:23 | call to instance | calls.rb:342:5:344:7 | instance |
+| calls.rb:383:1:383:23 | call to instance | calls.rb:375:5:377:7 | instance |
 | calls.rb:388:13:388:48 | call to puts | calls.rb:102:5:102:30 | puts |
 | calls.rb:392:13:392:22 | call to singleton1 | calls.rb:387:9:389:11 | singleton1 |
 | calls.rb:392:13:392:22 | call to singleton1 | calls.rb:422:9:424:11 | singleton1 |
