Skip to content

Commit 0736991

Browse files
committed
Ruby: Remove bad flow to/from block arguments
In these cases there is no block argument to the method call.
1 parent 07c70ad commit 0736991

File tree

1 file changed

+7
-15
lines changed

1 file changed

+7
-15
lines changed

ruby/ql/lib/codeql/ruby/frameworks/core/String.qll

Lines changed: 7 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -247,7 +247,7 @@ module String {
247247
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
248248
preservesValue = false and
249249
input = "Receiver" and
250-
output = ["BlockArgument.Parameter[0]", "ReturnValue.ArrayElement[?]"]
250+
output = "ReturnValue.ArrayElement[?]"
251251
}
252252
}
253253

@@ -413,6 +413,7 @@ module String {
413413
[
414414
// scan(pattern) -> array
415415
"ReturnValue",
416+
// scan(pattern) {|match, ...| block } -> str
416417
// Parameter[_] doesn't seem to work
417418
"BlockArgument.Parameter[" + [0 .. 10] + "]"
418419
]
@@ -423,15 +424,10 @@ module String {
423424
ScanNoBlockSummary() { this = "scan_no_block" and not exists(mc.getBlock()) }
424425

425426
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
427+
// scan(pattern) -> array
426428
input = "Receiver" and
427-
preservesValue = false and
428-
output =
429-
[
430-
// scan(pattern) {|match, ...| block } -> str
431-
"ReturnValue.ArrayElement[?]",
432-
// Parameter[_] doesn't seem to work
433-
"BlockArgument.Parameter[" + [0 .. 10] + "]"
434-
]
429+
output = "ReturnValue.ArrayElement[?]" and
430+
preservesValue = false
435431
}
436432
}
437433

@@ -473,12 +469,8 @@ module String {
473469
taintIdentityFlow(input, output, preservesValue)
474470
or
475471
preservesValue = false and
476-
(
477-
input = "Receiver" and
478-
output = "BlockArgument.Parameter[0]"
479-
or
480-
input = "Argument[0]" and output = "ReturnValue"
481-
)
472+
input = "Argument[0]" and
473+
output = "ReturnValue"
482474
}
483475
}
484476

0 commit comments

Comments
 (0)