You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The flow summary for `String#sub` leads to two new results in this test.
They are duplicates of existing results, because the query is quite
liberal in what it considers a source.
```ruby
password = "abc"
password_masked = password.sub(/./, "x")
Logger.new(STDOUT).info password_masked
```
In the example above, the query considers lines 1 and 2 to both be
sources, with a sink at line 3. Previously there was no flow from line 1
to line 3 because of the missing flow summary for `String#sub`, and
therefore there was just one result. Now we have the flow summary, there
are two results.
Line 2 is considered a source because it is an assignment to a variable
that contains the term "password". I'm not sure how to adjust the query
to avoid these duplicates, so I'm leaving them in for now.
| logging.rb:28:26:28:33 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" : | logging.rb:28:26:28:33 | password | Sensitive data returned by $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
66
74
| logging.rb:37:20:37:34 | ...[...] | logging.rb:30:8:30:55 | call to [] : | logging.rb:37:20:37:34 | ...[...] | Sensitive data returned by $@ is logged here. | logging.rb:30:8:30:55 | call to [] | an write to password |
67
75
| logging.rb:39:20:39:34 | ...[...] | logging.rb:34:1:34:15 | call to []= : | logging.rb:39:20:39:34 | ...[...] | Sensitive data returned by $@ is logged here. | logging.rb:34:1:34:15 | call to []= | a write to password |
76
+
| logging.rb:69:20:69:50 | password_masked_ineffective_sub | logging.rb:59:35:59:68 | "ca497451f5e883662fb1a37bc9ec7838" : | logging.rb:69:20:69:50 | password_masked_ineffective_sub | Sensitive data returned by $@ is logged here. | logging.rb:59:35:59:68 | "ca497451f5e883662fb1a37bc9ec7838" | an assignment to password_masked_ineffective_sub |
68
77
| logging.rb:69:20:69:50 | password_masked_ineffective_sub | logging.rb:63:35:63:88 | call to sub : | logging.rb:69:20:69:50 | password_masked_ineffective_sub | Sensitive data returned by $@ is logged here. | logging.rb:63:35:63:88 | call to sub | an assignment to password_masked_ineffective_sub |
78
+
| logging.rb:71:20:71:51 | password_masked_ineffective_gsub | logging.rb:61:36:61:69 | "a7e3747b19930d4f4b8181047194832f" : | logging.rb:71:20:71:51 | password_masked_ineffective_gsub | Sensitive data returned by $@ is logged here. | logging.rb:61:36:61:69 | "a7e3747b19930d4f4b8181047194832f" | an assignment to password_masked_ineffective_gsub |
69
79
| logging.rb:71:20:71:51 | password_masked_ineffective_gsub | logging.rb:65:36:65:86 | call to gsub : | logging.rb:71:20:71:51 | password_masked_ineffective_gsub | Sensitive data returned by $@ is logged here. | logging.rb:65:36:65:86 | call to gsub | an assignment to password_masked_ineffective_gsub |
70
80
| logging.rb:73:20:73:53 | password_masked_ineffective_sub_ex | logging.rb:60:38:60:71 | "ca497451f5e883662fb1a37bc9ec7838" : | logging.rb:73:20:73:53 | password_masked_ineffective_sub_ex | Sensitive data returned by $@ is logged here. | logging.rb:60:38:60:71 | "ca497451f5e883662fb1a37bc9ec7838" | an assignment to password_masked_ineffective_sub_ex |
71
81
| logging.rb:75:20:75:54 | password_masked_ineffective_gsub_ex | logging.rb:62:39:62:72 | "a7e3747b19930d4f4b8181047194832f" : | logging.rb:75:20:75:54 | password_masked_ineffective_gsub_ex | Sensitive data returned by $@ is logged here. | logging.rb:62:39:62:72 | "a7e3747b19930d4f4b8181047194832f" | an assignment to password_masked_ineffective_gsub_ex |
0 commit comments