Ruby: Remove bad flow to/from block arguments

hmac · hmac · commit 07369916b089 · 2022-02-24T14:44:59.000+13:00
In these cases there is no block argument to the method call.
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/String.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/String.qll
@@ -247,7 +247,7 @@ module String {
     override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
       preservesValue = false and
       input = "Receiver" and
-      output = ["BlockArgument.Parameter[0]", "ReturnValue.ArrayElement[?]"]
+      output = "ReturnValue.ArrayElement[?]"
     }
   }
 
@@ -413,6 +413,7 @@ module String {
         [
           // scan(pattern) -> array
           "ReturnValue",
+          // scan(pattern) {|match, ...| block } -> str
           // Parameter[_] doesn't seem to work
           "BlockArgument.Parameter[" + [0 .. 10] + "]"
         ]
@@ -423,15 +424,10 @@ module String {
     ScanNoBlockSummary() { this = "scan_no_block" and not exists(mc.getBlock()) }
 
     override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+      // scan(pattern) -> array
       input = "Receiver" and
-      preservesValue = false and
-      output =
-        [
-          // scan(pattern) {|match, ...| block } -> str
-          "ReturnValue.ArrayElement[?]",
-          // Parameter[_] doesn't seem to work
-          "BlockArgument.Parameter[" + [0 .. 10] + "]"
-        ]
+      output = "ReturnValue.ArrayElement[?]" and
+      preservesValue = false
     }
   }
 
@@ -473,12 +469,8 @@ module String {
       taintIdentityFlow(input, output, preservesValue)
       or
       preservesValue = false and
-      (
-        input = "Receiver" and
-        output = "BlockArgument.Parameter[0]"
-        or
-        input = "Argument[0]" and output = "ReturnValue"
-      )
+      input = "Argument[0]" and
+      output = "ReturnValue"
     }
   }
 

Original file line number	Diff line number	Diff line change
`@@ -247,7 +247,7 @@ module String {`
`247`	`247`	`override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {`
`248`	`248`	`preservesValue = false and`
`249`	`249`	`input = "Receiver" and`
`250`		`- output = ["BlockArgument.Parameter[0]", "ReturnValue.ArrayElement[?]"]`
	`250`	`+ output = "ReturnValue.ArrayElement[?]"`
`251`	`251`	`}`
`252`	`252`	`}`
`253`	`253`
`@@ -413,6 +413,7 @@ module String {`
`413`	`413`	`[`
`414`	`414`	`// scan(pattern) -> array`
`415`	`415`	`"ReturnValue",`
	`416`	`+ // scan(pattern) {\|match, ...\| block } -> str`
`416`	`417`	`// Parameter[_] doesn't seem to work`
`417`	`418`	`"BlockArgument.Parameter[" + [0 .. 10] + "]"`
`418`	`419`	`]`
`@@ -423,15 +424,10 @@ module String {`
`423`	`424`	`ScanNoBlockSummary() { this = "scan_no_block" and not exists(mc.getBlock()) }`
`424`	`425`
`425`	`426`	`override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {`
	`427`	`+ // scan(pattern) -> array`
`426`	`428`	`input = "Receiver" and`
`427`		`- preservesValue = false and`
`428`		`- output =`
`429`		`- [`
`430`		`- // scan(pattern) {\|match, ...\| block } -> str`
`431`		`- "ReturnValue.ArrayElement[?]",`
`432`		`- // Parameter[_] doesn't seem to work`
`433`		`- "BlockArgument.Parameter[" + [0 .. 10] + "]"`
`434`		`- ]`
	`429`	`+ output = "ReturnValue.ArrayElement[?]" and`
	`430`	`+ preservesValue = false`
`435`	`431`	`}`
`436`	`432`	`}`
`437`	`433`
`@@ -473,12 +469,8 @@ module String {`
`473`	`469`	`taintIdentityFlow(input, output, preservesValue)`
`474`	`470`	`or`
`475`	`471`	`preservesValue = false and`
`476`		`- (`
`477`		`- input = "Receiver" and`
`478`		`- output = "BlockArgument.Parameter[0]"`
`479`		`- or`
`480`		`- input = "Argument[0]" and output = "ReturnValue"`
`481`		`- )`
	`472`	`+ input = "Argument[0]" and`
	`473`	`+ output = "ReturnValue"`
`482`	`474`	`}`
`483`	`475`	`}`
`484`	`476`