wip

Author: hvitved

ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll

@@ -382,17 +382,15 @@ module VariableCapture {
 
   // From an assignment or implicit initialization of a captured variable to its flow-insensitive node
   private predicate flowInsensitiveWriteStep(
-    SsaDefinitionExtNode node1, CapturedVariableNode node2, CapturedVariable v
+    Node node1, CapturedVariableNode node2, CapturedVariable v
   ) {
-    exists(CapturedSsaDefinitionExt def |
-      def = node1.getDefinitionExt() and
-      def.getSourceVariable() = v and
-      (
-        def instanceof Ssa::WriteDefinition
-        or
-        def instanceof Ssa::SelfDefinition
-      ) and
+    exists(SsaImpl::WriteDefinition write |
+      write.getSourceVariable() = v and
       node2.getVariable() = v
+    |
+      write.(Ssa::WriteDefinition).assigns(node1.asExpr()) or
+      write = getParameterDef(node1.(ParameterNodeImpl).getParameter()) or
+      write = node1.(SelfParameterNodeImpl).getSelfDefinition()
     )
   }
 

ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImpl.qll

@@ -61,7 +61,7 @@ module SsaInput implements SsaImplCommon::InputSig<Location> {
     certain = false
     or
     namespaceSelfExitRead(bb, i, v) and
-    certain = false
+    certain = true // not an actual read, but needed to prevent pruning in the SSA data-flow integration module
   }
 }
 

ruby/ql/test/library-tests/dataflow/local/DataflowStep.expected

@@ -3138,13 +3138,7 @@
 | local_dataflow.rb:10:5:13:3 | __synth__0__1 | local_dataflow.rb:10:9:10:9 | x |
 | local_dataflow.rb:10:5:13:3 | call to each | local_dataflow.rb:10:5:13:3 | ... |
 | local_dataflow.rb:10:9:10:9 | ... = ... | local_dataflow.rb:10:9:10:9 | if ... |
-| local_dataflow.rb:10:9:10:9 | [input] phi | local_dataflow.rb:10:9:10:9 | phi |
-| local_dataflow.rb:10:9:10:9 | [input] phi | local_dataflow.rb:10:9:10:9 | phi |
-| local_dataflow.rb:10:9:10:9 | [post] x | local_dataflow.rb:10:9:10:9 | [input] phi |
 | local_dataflow.rb:10:9:10:9 | nil | local_dataflow.rb:10:9:10:9 | ... = ... |
-| local_dataflow.rb:10:9:10:9 | nil | local_dataflow.rb:10:9:10:9 | x |
-| local_dataflow.rb:10:9:10:9 | x | local_dataflow.rb:10:9:10:9 | [input] phi |
-| local_dataflow.rb:10:9:10:9 | x | local_dataflow.rb:10:9:10:9 | [input] phi |
 | local_dataflow.rb:10:9:10:9 | x | local_dataflow.rb:12:5:12:5 | x |
 | local_dataflow.rb:10:14:10:18 | [post] array | local_dataflow.rb:15:10:15:14 | array |
 | local_dataflow.rb:10:14:10:18 | array | local_dataflow.rb:15:10:15:14 | array |
@@ -3154,16 +3148,9 @@
 | local_dataflow.rb:15:1:17:3 | __synth__0__1 | local_dataflow.rb:15:1:17:3 | ... = ... |
 | local_dataflow.rb:15:1:17:3 | __synth__0__1 | local_dataflow.rb:15:1:17:3 | __synth__0__1 |
 | local_dataflow.rb:15:1:17:3 | __synth__0__1 | local_dataflow.rb:15:1:17:3 | __synth__0__1 |
-| local_dataflow.rb:15:1:17:3 | __synth__0__1 | local_dataflow.rb:15:5:15:5 | x |
 | local_dataflow.rb:15:1:17:3 | call to each | local_dataflow.rb:15:1:17:3 | ... |
 | local_dataflow.rb:15:5:15:5 | ... = ... | local_dataflow.rb:15:5:15:5 | if ... |
-| local_dataflow.rb:15:5:15:5 | [input] phi | local_dataflow.rb:15:5:15:5 | phi |
-| local_dataflow.rb:15:5:15:5 | [input] phi | local_dataflow.rb:15:5:15:5 | phi |
-| local_dataflow.rb:15:5:15:5 | [post] x | local_dataflow.rb:15:5:15:5 | [input] phi |
 | local_dataflow.rb:15:5:15:5 | nil | local_dataflow.rb:15:5:15:5 | ... = ... |
-| local_dataflow.rb:15:5:15:5 | nil | local_dataflow.rb:15:5:15:5 | x |
-| local_dataflow.rb:15:5:15:5 | x | local_dataflow.rb:15:5:15:5 | [input] phi |
-| local_dataflow.rb:15:5:15:5 | x | local_dataflow.rb:15:5:15:5 | [input] phi |
 | local_dataflow.rb:15:10:15:14 | [post] array | local_dataflow.rb:19:10:19:14 | array |
 | local_dataflow.rb:15:10:15:14 | array | local_dataflow.rb:19:10:19:14 | array |
 | local_dataflow.rb:16:9:16:10 | 10 | local_dataflow.rb:16:3:16:10 | break |
@@ -3173,21 +3160,14 @@
 | local_dataflow.rb:19:1:21:3 | __synth__0__1 | local_dataflow.rb:19:5:19:5 | x |
 | local_dataflow.rb:19:1:21:3 | call to each | local_dataflow.rb:19:1:21:3 | ... |
 | local_dataflow.rb:19:5:19:5 | ... = ... | local_dataflow.rb:19:5:19:5 | if ... |
-| local_dataflow.rb:19:5:19:5 | [input] phi | local_dataflow.rb:19:5:19:5 | phi |
-| local_dataflow.rb:19:5:19:5 | [input] phi | local_dataflow.rb:19:5:19:5 | phi |
-| local_dataflow.rb:19:5:19:5 | [post] x | local_dataflow.rb:19:5:19:5 | [input] phi |
 | local_dataflow.rb:19:5:19:5 | nil | local_dataflow.rb:19:5:19:5 | ... = ... |
-| local_dataflow.rb:19:5:19:5 | nil | local_dataflow.rb:19:5:19:5 | x |
-| local_dataflow.rb:19:5:19:5 | x | local_dataflow.rb:19:5:19:5 | [input] phi |
-| local_dataflow.rb:19:5:19:5 | x | local_dataflow.rb:19:5:19:5 | [input] phi |
 | local_dataflow.rb:19:5:19:5 | x | local_dataflow.rb:20:6:20:6 | x |
 | local_dataflow.rb:24:2:24:8 | break | local_dataflow.rb:23:1:25:3 | while ... |
 | local_dataflow.rb:24:8:24:8 | 5 | local_dataflow.rb:24:2:24:8 | break |
 | local_dataflow.rb:28:5:28:26 | M | local_dataflow.rb:28:1:28:26 | ... = ... |
 | local_dataflow.rb:28:15:28:22 | "module" | local_dataflow.rb:28:5:28:26 | M |
 | local_dataflow.rb:30:5:30:24 | C | local_dataflow.rb:30:1:30:24 | ... = ... |
 | local_dataflow.rb:30:14:30:20 | "class" | local_dataflow.rb:30:5:30:24 | C |
-| local_dataflow.rb:32:5:32:25 | bar | local_dataflow.rb:32:1:32:1 | x |
 | local_dataflow.rb:32:5:32:25 | bar | local_dataflow.rb:32:1:32:25 | ... = ... |
 | local_dataflow.rb:34:7:34:7 | x | local_dataflow.rb:34:7:34:7 | x |
 | local_dataflow.rb:34:7:34:7 | x | local_dataflow.rb:35:6:35:6 | x |

ruby/ql/test/library-tests/dataflow/local/TaintStep.expected

@@ -3591,15 +3591,9 @@
 | local_dataflow.rb:10:5:13:3 | call to each | local_dataflow.rb:10:5:13:3 | ... |
 | local_dataflow.rb:10:5:13:3 | synthetic splat parameter | local_dataflow.rb:10:5:13:3 | __synth__0__1 |
 | local_dataflow.rb:10:9:10:9 | ... = ... | local_dataflow.rb:10:9:10:9 | if ... |
-| local_dataflow.rb:10:9:10:9 | [input] phi | local_dataflow.rb:10:9:10:9 | phi |
-| local_dataflow.rb:10:9:10:9 | [input] phi | local_dataflow.rb:10:9:10:9 | phi |
-| local_dataflow.rb:10:9:10:9 | [post] x | local_dataflow.rb:10:9:10:9 | [input] phi |
 | local_dataflow.rb:10:9:10:9 | defined? ... | local_dataflow.rb:10:9:10:9 | [false] ! ... |
 | local_dataflow.rb:10:9:10:9 | defined? ... | local_dataflow.rb:10:9:10:9 | [true] ! ... |
 | local_dataflow.rb:10:9:10:9 | nil | local_dataflow.rb:10:9:10:9 | ... = ... |
-| local_dataflow.rb:10:9:10:9 | nil | local_dataflow.rb:10:9:10:9 | x |
-| local_dataflow.rb:10:9:10:9 | x | local_dataflow.rb:10:9:10:9 | [input] phi |
-| local_dataflow.rb:10:9:10:9 | x | local_dataflow.rb:10:9:10:9 | [input] phi |
 | local_dataflow.rb:10:9:10:9 | x | local_dataflow.rb:10:9:10:9 | defined? ... |
 | local_dataflow.rb:10:9:10:9 | x | local_dataflow.rb:12:5:12:5 | x |
 | local_dataflow.rb:10:14:10:18 | [post] array | local_dataflow.rb:15:10:15:14 | array |
@@ -3610,19 +3604,12 @@
 | local_dataflow.rb:15:1:17:3 | __synth__0__1 | local_dataflow.rb:15:1:17:3 | ... = ... |
 | local_dataflow.rb:15:1:17:3 | __synth__0__1 | local_dataflow.rb:15:1:17:3 | __synth__0__1 |
 | local_dataflow.rb:15:1:17:3 | __synth__0__1 | local_dataflow.rb:15:1:17:3 | __synth__0__1 |
-| local_dataflow.rb:15:1:17:3 | __synth__0__1 | local_dataflow.rb:15:5:15:5 | x |
 | local_dataflow.rb:15:1:17:3 | call to each | local_dataflow.rb:15:1:17:3 | ... |
 | local_dataflow.rb:15:1:17:3 | synthetic splat parameter | local_dataflow.rb:15:1:17:3 | __synth__0__1 |
 | local_dataflow.rb:15:5:15:5 | ... = ... | local_dataflow.rb:15:5:15:5 | if ... |
-| local_dataflow.rb:15:5:15:5 | [input] phi | local_dataflow.rb:15:5:15:5 | phi |
-| local_dataflow.rb:15:5:15:5 | [input] phi | local_dataflow.rb:15:5:15:5 | phi |
-| local_dataflow.rb:15:5:15:5 | [post] x | local_dataflow.rb:15:5:15:5 | [input] phi |
 | local_dataflow.rb:15:5:15:5 | defined? ... | local_dataflow.rb:15:5:15:5 | [false] ! ... |
 | local_dataflow.rb:15:5:15:5 | defined? ... | local_dataflow.rb:15:5:15:5 | [true] ! ... |
 | local_dataflow.rb:15:5:15:5 | nil | local_dataflow.rb:15:5:15:5 | ... = ... |
-| local_dataflow.rb:15:5:15:5 | nil | local_dataflow.rb:15:5:15:5 | x |
-| local_dataflow.rb:15:5:15:5 | x | local_dataflow.rb:15:5:15:5 | [input] phi |
-| local_dataflow.rb:15:5:15:5 | x | local_dataflow.rb:15:5:15:5 | [input] phi |
 | local_dataflow.rb:15:5:15:5 | x | local_dataflow.rb:15:5:15:5 | defined? ... |
 | local_dataflow.rb:15:10:15:14 | [post] array | local_dataflow.rb:19:10:19:14 | array |
 | local_dataflow.rb:15:10:15:14 | array | local_dataflow.rb:19:10:19:14 | array |
@@ -3634,15 +3621,9 @@
 | local_dataflow.rb:19:1:21:3 | call to each | local_dataflow.rb:19:1:21:3 | ... |
 | local_dataflow.rb:19:1:21:3 | synthetic splat parameter | local_dataflow.rb:19:1:21:3 | __synth__0__1 |
 | local_dataflow.rb:19:5:19:5 | ... = ... | local_dataflow.rb:19:5:19:5 | if ... |
-| local_dataflow.rb:19:5:19:5 | [input] phi | local_dataflow.rb:19:5:19:5 | phi |
-| local_dataflow.rb:19:5:19:5 | [input] phi | local_dataflow.rb:19:5:19:5 | phi |
-| local_dataflow.rb:19:5:19:5 | [post] x | local_dataflow.rb:19:5:19:5 | [input] phi |
 | local_dataflow.rb:19:5:19:5 | defined? ... | local_dataflow.rb:19:5:19:5 | [false] ! ... |
 | local_dataflow.rb:19:5:19:5 | defined? ... | local_dataflow.rb:19:5:19:5 | [true] ! ... |
 | local_dataflow.rb:19:5:19:5 | nil | local_dataflow.rb:19:5:19:5 | ... = ... |
-| local_dataflow.rb:19:5:19:5 | nil | local_dataflow.rb:19:5:19:5 | x |
-| local_dataflow.rb:19:5:19:5 | x | local_dataflow.rb:19:5:19:5 | [input] phi |
-| local_dataflow.rb:19:5:19:5 | x | local_dataflow.rb:19:5:19:5 | [input] phi |
 | local_dataflow.rb:19:5:19:5 | x | local_dataflow.rb:19:5:19:5 | defined? ... |
 | local_dataflow.rb:19:5:19:5 | x | local_dataflow.rb:20:6:20:6 | x |
 | local_dataflow.rb:20:6:20:6 | x | local_dataflow.rb:20:6:20:10 | ... > ... |
@@ -3653,7 +3634,6 @@
 | local_dataflow.rb:28:15:28:22 | "module" | local_dataflow.rb:28:5:28:26 | M |
 | local_dataflow.rb:30:5:30:24 | C | local_dataflow.rb:30:1:30:24 | ... = ... |
 | local_dataflow.rb:30:14:30:20 | "class" | local_dataflow.rb:30:5:30:24 | C |
-| local_dataflow.rb:32:5:32:25 | bar | local_dataflow.rb:32:1:32:1 | x |
 | local_dataflow.rb:32:5:32:25 | bar | local_dataflow.rb:32:1:32:25 | ... = ... |
 | local_dataflow.rb:34:1:39:3 | synthetic splat parameter | local_dataflow.rb:34:7:34:7 | x |
 | local_dataflow.rb:34:7:34:7 | x | local_dataflow.rb:34:7:34:7 | x |