Skip to content

Commit c0baa51

Browse files
hmachmac
committed
Ruby: add test for example splat arg/param matches
1 parent 72356d1 commit c0baa51

File tree

2 files changed

+41
-7
lines changed

2 files changed

+41
-7
lines changed

ruby/ql/test/library-tests/dataflow/params/params-flow.expected

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,8 +72,12 @@ edges
7272
| params_flow.rb:67:13:67:16 | args | params_flow.rb:67:12:67:16 | * ... [element 0] |
7373
| params_flow.rb:69:14:69:14 | x | params_flow.rb:70:10:70:10 | x |
7474
| params_flow.rb:69:17:69:17 | y | params_flow.rb:71:10:71:10 | y |
75+
| params_flow.rb:69:20:69:21 | *z [element 0] | params_flow.rb:72:10:72:10 | z [element 0] |
76+
| params_flow.rb:69:20:69:21 | *z [element 1] | params_flow.rb:73:10:73:10 | z [element 1] |
7577
| params_flow.rb:69:24:69:24 | w | params_flow.rb:74:10:74:10 | w |
7678
| params_flow.rb:69:27:69:27 | r | params_flow.rb:75:10:75:10 | r |
79+
| params_flow.rb:72:10:72:10 | z [element 0] | params_flow.rb:72:10:72:13 | ...[...] |
80+
| params_flow.rb:73:10:73:10 | z [element 1] | params_flow.rb:73:10:73:13 | ...[...] |
7781
| params_flow.rb:78:10:78:18 | call to taint | params_flow.rb:69:14:69:14 | x |
7882
| params_flow.rb:78:21:78:29 | call to taint | params_flow.rb:69:17:69:17 | y |
7983
| params_flow.rb:78:43:78:51 | call to taint | params_flow.rb:69:24:69:24 | w |
@@ -85,6 +89,14 @@ edges
8589
| params_flow.rb:94:10:94:18 | call to taint | params_flow.rb:83:14:83:14 | t |
8690
| params_flow.rb:94:21:94:29 | call to taint | params_flow.rb:83:17:83:17 | u |
8791
| params_flow.rb:94:39:94:47 | call to taint | params_flow.rb:83:23:83:23 | w |
92+
| params_flow.rb:96:10:96:18 | call to taint | params_flow.rb:69:14:69:14 | x |
93+
| params_flow.rb:96:21:96:29 | call to taint | params_flow.rb:69:17:69:17 | y |
94+
| params_flow.rb:96:32:96:65 | * ... [element 0] | params_flow.rb:69:20:69:21 | *z [element 0] |
95+
| params_flow.rb:96:32:96:65 | * ... [element 1] | params_flow.rb:69:20:69:21 | *z [element 1] |
96+
| params_flow.rb:96:34:96:42 | call to taint | params_flow.rb:96:32:96:65 | * ... [element 0] |
97+
| params_flow.rb:96:45:96:53 | call to taint | params_flow.rb:96:32:96:65 | * ... [element 1] |
98+
| params_flow.rb:96:68:96:76 | call to taint | params_flow.rb:69:24:69:24 | w |
99+
| params_flow.rb:96:79:96:87 | call to taint | params_flow.rb:69:27:69:27 | r |
88100
nodes
89101
| params_flow.rb:9:16:9:17 | p1 | semmle.label | p1 |
90102
| params_flow.rb:9:20:9:21 | p2 | semmle.label | p2 |
@@ -167,10 +179,16 @@ nodes
167179
| params_flow.rb:67:13:67:16 | args | semmle.label | args |
168180
| params_flow.rb:69:14:69:14 | x | semmle.label | x |
169181
| params_flow.rb:69:17:69:17 | y | semmle.label | y |
182+
| params_flow.rb:69:20:69:21 | *z [element 0] | semmle.label | *z [element 0] |
183+
| params_flow.rb:69:20:69:21 | *z [element 1] | semmle.label | *z [element 1] |
170184
| params_flow.rb:69:24:69:24 | w | semmle.label | w |
171185
| params_flow.rb:69:27:69:27 | r | semmle.label | r |
172186
| params_flow.rb:70:10:70:10 | x | semmle.label | x |
173187
| params_flow.rb:71:10:71:10 | y | semmle.label | y |
188+
| params_flow.rb:72:10:72:10 | z [element 0] | semmle.label | z [element 0] |
189+
| params_flow.rb:72:10:72:13 | ...[...] | semmle.label | ...[...] |
190+
| params_flow.rb:73:10:73:10 | z [element 1] | semmle.label | z [element 1] |
191+
| params_flow.rb:73:10:73:13 | ...[...] | semmle.label | ...[...] |
174192
| params_flow.rb:74:10:74:10 | w | semmle.label | w |
175193
| params_flow.rb:75:10:75:10 | r | semmle.label | r |
176194
| params_flow.rb:78:10:78:18 | call to taint | semmle.label | call to taint |
@@ -187,6 +205,14 @@ nodes
187205
| params_flow.rb:94:10:94:18 | call to taint | semmle.label | call to taint |
188206
| params_flow.rb:94:21:94:29 | call to taint | semmle.label | call to taint |
189207
| params_flow.rb:94:39:94:47 | call to taint | semmle.label | call to taint |
208+
| params_flow.rb:96:10:96:18 | call to taint | semmle.label | call to taint |
209+
| params_flow.rb:96:21:96:29 | call to taint | semmle.label | call to taint |
210+
| params_flow.rb:96:32:96:65 | * ... [element 0] | semmle.label | * ... [element 0] |
211+
| params_flow.rb:96:32:96:65 | * ... [element 1] | semmle.label | * ... [element 1] |
212+
| params_flow.rb:96:34:96:42 | call to taint | semmle.label | call to taint |
213+
| params_flow.rb:96:45:96:53 | call to taint | semmle.label | call to taint |
214+
| params_flow.rb:96:68:96:76 | call to taint | semmle.label | call to taint |
215+
| params_flow.rb:96:79:96:87 | call to taint | semmle.label | call to taint |
190216
subpaths
191217
#select
192218
| params_flow.rb:10:10:10:11 | p1 | params_flow.rb:14:12:14:19 | call to taint | params_flow.rb:10:10:10:11 | p1 | $@ | params_flow.rb:14:12:14:19 | call to taint | call to taint |
@@ -216,9 +242,15 @@ subpaths
216242
| params_flow.rb:65:10:65:13 | ...[...] | params_flow.rb:63:8:63:16 | call to taint | params_flow.rb:65:10:65:13 | ...[...] | $@ | params_flow.rb:63:8:63:16 | call to taint | call to taint |
217243
| params_flow.rb:70:10:70:10 | x | params_flow.rb:78:10:78:18 | call to taint | params_flow.rb:70:10:70:10 | x | $@ | params_flow.rb:78:10:78:18 | call to taint | call to taint |
218244
| params_flow.rb:70:10:70:10 | x | params_flow.rb:81:10:81:18 | call to taint | params_flow.rb:70:10:70:10 | x | $@ | params_flow.rb:81:10:81:18 | call to taint | call to taint |
245+
| params_flow.rb:70:10:70:10 | x | params_flow.rb:96:10:96:18 | call to taint | params_flow.rb:70:10:70:10 | x | $@ | params_flow.rb:96:10:96:18 | call to taint | call to taint |
219246
| params_flow.rb:71:10:71:10 | y | params_flow.rb:78:21:78:29 | call to taint | params_flow.rb:71:10:71:10 | y | $@ | params_flow.rb:78:21:78:29 | call to taint | call to taint |
247+
| params_flow.rb:71:10:71:10 | y | params_flow.rb:96:21:96:29 | call to taint | params_flow.rb:71:10:71:10 | y | $@ | params_flow.rb:96:21:96:29 | call to taint | call to taint |
248+
| params_flow.rb:72:10:72:13 | ...[...] | params_flow.rb:96:34:96:42 | call to taint | params_flow.rb:72:10:72:13 | ...[...] | $@ | params_flow.rb:96:34:96:42 | call to taint | call to taint |
249+
| params_flow.rb:73:10:73:13 | ...[...] | params_flow.rb:96:45:96:53 | call to taint | params_flow.rb:73:10:73:13 | ...[...] | $@ | params_flow.rb:96:45:96:53 | call to taint | call to taint |
220250
| params_flow.rb:74:10:74:10 | w | params_flow.rb:78:43:78:51 | call to taint | params_flow.rb:74:10:74:10 | w | $@ | params_flow.rb:78:43:78:51 | call to taint | call to taint |
251+
| params_flow.rb:74:10:74:10 | w | params_flow.rb:96:68:96:76 | call to taint | params_flow.rb:74:10:74:10 | w | $@ | params_flow.rb:96:68:96:76 | call to taint | call to taint |
221252
| params_flow.rb:75:10:75:10 | r | params_flow.rb:78:54:78:62 | call to taint | params_flow.rb:75:10:75:10 | r | $@ | params_flow.rb:78:54:78:62 | call to taint | call to taint |
253+
| params_flow.rb:75:10:75:10 | r | params_flow.rb:96:79:96:87 | call to taint | params_flow.rb:75:10:75:10 | r | $@ | params_flow.rb:96:79:96:87 | call to taint | call to taint |
222254
| params_flow.rb:84:10:84:10 | t | params_flow.rb:94:10:94:18 | call to taint | params_flow.rb:84:10:84:10 | t | $@ | params_flow.rb:94:10:94:18 | call to taint | call to taint |
223255
| params_flow.rb:85:10:85:10 | u | params_flow.rb:94:21:94:29 | call to taint | params_flow.rb:85:10:85:10 | u | $@ | params_flow.rb:94:21:94:29 | call to taint | call to taint |
224256
| params_flow.rb:87:10:87:10 | w | params_flow.rb:94:39:94:47 | call to taint | params_flow.rb:87:10:87:10 | w | $@ | params_flow.rb:94:39:94:47 | call to taint | call to taint |

ruby/ql/test/library-tests/dataflow/params/params_flow.rb

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -67,12 +67,12 @@ def splatstuff(*x)
6767
splatstuff(*args)
6868

6969
def splatmid(x, y, *z, w, r)
70-
sink x # $ hasValueFlow=27 $ hasValueFlow=32
71-
sink y # $ hasValueFlow=28 $ MISSING: hasValueFlow=33
72-
sink z[0] # $ MISSING: hasValueFlow=29 $ MISSING: hasValueFlow=34
73-
sink z[1] # $ MISSING: hasValueFlow=35
74-
sink w # $ hasValueFlow=30 $ MISSING: hasValueFlow=36
75-
sink r # $ hasValueFlow=31 $ MISSING: hasValueFlow=37
70+
sink x # $ hasValueFlow=27 $ hasValueFlow=32 $ hasValueFlow=45
71+
sink y # $ hasValueFlow=28 $ hasValueFlow=46 $ MISSING: hasValueFlow=33
72+
sink z[0] # $ hasValueFlow=47 $ MISSING: hasValueFlow=29 $ hasValueFlow=34
73+
sink z[1] # $ hasValueFlow=48 $ MISSING: hasValueFlow=35
74+
sink w # $ hasValueFlow=30 $ hasValueFlow=50 $ MISSING: hasValueFlow=36
75+
sink r # $ hasValueFlow=31 $ hasValueFlow=51 $ MISSING: hasValueFlow=37
7676
end
7777

7878
splatmid(taint(27), taint(28), taint(29), taint(30), taint(31))
@@ -91,4 +91,6 @@ def pos_many(t, u, v, w, x, y, z)
9191
end
9292

9393
args = [taint(40), taint(41), taint(42), taint(43)]
94-
pos_many(taint(38), taint(39), *args, taint(44))
94+
pos_many(taint(38), taint(39), *args, taint(44))
95+
96+
splatmid(taint(45), taint(46), *[taint(47), taint(48), taint(49)], taint(50), taint(51))

0 commit comments

Comments
 (0)