Skip to content

Commit 09bc78e

Browse files
aibaarsaibaars
committed
Ruby: local dataflow step for || and &&
1 parent e95b546 commit 09bc78e

File tree

7 files changed

+236
-4
lines changed

7 files changed

+236
-4
lines changed

ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -181,6 +181,12 @@ module LocalFlow {
181181
) and
182182
nodeFrom.asExpr() = for.getValue()
183183
)
184+
or
185+
nodeTo.asExpr() =
186+
any(CfgNodes::ExprNodes::BinaryOperationCfgNode op |
187+
op.getExpr() instanceof BinaryLogicalOperation and
188+
nodeFrom.asExpr() = op.getAPredecessor()
189+
)
184190
}
185191
}
186192

ruby/ql/test/library-tests/dataflow/local/DataflowStep.expected

Lines changed: 86 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -157,3 +157,89 @@
157157
| local_dataflow.rb:87:25:87:25 | [post] x | local_dataflow.rb:87:29:87:29 | x |
158158
| local_dataflow.rb:87:25:87:25 | x | local_dataflow.rb:87:29:87:29 | x |
159159
| local_dataflow.rb:87:29:87:29 | x | local_dataflow.rb:87:15:87:48 | then ... |
160+
| local_dataflow.rb:92:1:109:3 | self (and_or) | local_dataflow.rb:93:7:93:15 | self |
161+
| local_dataflow.rb:92:1:109:3 | self in and_or | local_dataflow.rb:92:1:109:3 | self (and_or) |
162+
| local_dataflow.rb:93:3:93:28 | ... = ... | local_dataflow.rb:94:8:94:8 | a |
163+
| local_dataflow.rb:93:7:93:15 | [post] self | local_dataflow.rb:93:20:93:28 | self |
164+
| local_dataflow.rb:93:7:93:15 | [post] self | local_dataflow.rb:94:3:94:9 | self |
165+
| local_dataflow.rb:93:7:93:15 | call to source | local_dataflow.rb:93:7:93:28 | ... \|\| ... |
166+
| local_dataflow.rb:93:7:93:15 | self | local_dataflow.rb:93:20:93:28 | self |
167+
| local_dataflow.rb:93:7:93:15 | self | local_dataflow.rb:94:3:94:9 | self |
168+
| local_dataflow.rb:93:7:93:28 | ... \|\| ... | local_dataflow.rb:93:3:93:28 | ... = ... |
169+
| local_dataflow.rb:93:7:93:28 | ... \|\| ... | local_dataflow.rb:93:3:93:28 | ... = ... |
170+
| local_dataflow.rb:93:20:93:28 | [post] self | local_dataflow.rb:94:3:94:9 | self |
171+
| local_dataflow.rb:93:20:93:28 | call to source | local_dataflow.rb:93:7:93:28 | ... \|\| ... |
172+
| local_dataflow.rb:93:20:93:28 | self | local_dataflow.rb:94:3:94:9 | self |
173+
| local_dataflow.rb:94:3:94:9 | [post] self | local_dataflow.rb:95:8:95:16 | self |
174+
| local_dataflow.rb:94:3:94:9 | self | local_dataflow.rb:95:8:95:16 | self |
175+
| local_dataflow.rb:95:3:95:30 | ... = ... | local_dataflow.rb:96:8:96:8 | b |
176+
| local_dataflow.rb:95:7:95:30 | ( ... ) | local_dataflow.rb:95:3:95:30 | ... = ... |
177+
| local_dataflow.rb:95:7:95:30 | ( ... ) | local_dataflow.rb:95:3:95:30 | ... = ... |
178+
| local_dataflow.rb:95:8:95:16 | [post] self | local_dataflow.rb:95:21:95:29 | self |
179+
| local_dataflow.rb:95:8:95:16 | [post] self | local_dataflow.rb:96:3:96:9 | self |
180+
| local_dataflow.rb:95:8:95:16 | call to source | local_dataflow.rb:95:8:95:29 | ... or ... |
181+
| local_dataflow.rb:95:8:95:16 | self | local_dataflow.rb:95:21:95:29 | self |
182+
| local_dataflow.rb:95:8:95:16 | self | local_dataflow.rb:96:3:96:9 | self |
183+
| local_dataflow.rb:95:8:95:29 | ... or ... | local_dataflow.rb:95:7:95:30 | ( ... ) |
184+
| local_dataflow.rb:95:21:95:29 | [post] self | local_dataflow.rb:96:3:96:9 | self |
185+
| local_dataflow.rb:95:21:95:29 | call to source | local_dataflow.rb:95:8:95:29 | ... or ... |
186+
| local_dataflow.rb:95:21:95:29 | self | local_dataflow.rb:96:3:96:9 | self |
187+
| local_dataflow.rb:96:3:96:9 | [post] self | local_dataflow.rb:98:7:98:15 | self |
188+
| local_dataflow.rb:96:3:96:9 | self | local_dataflow.rb:98:7:98:15 | self |
189+
| local_dataflow.rb:98:3:98:28 | ... = ... | local_dataflow.rb:99:8:99:8 | a |
190+
| local_dataflow.rb:98:7:98:15 | [post] self | local_dataflow.rb:98:20:98:28 | self |
191+
| local_dataflow.rb:98:7:98:15 | [post] self | local_dataflow.rb:99:3:99:9 | self |
192+
| local_dataflow.rb:98:7:98:15 | call to source | local_dataflow.rb:98:7:98:28 | ... && ... |
193+
| local_dataflow.rb:98:7:98:15 | self | local_dataflow.rb:98:20:98:28 | self |
194+
| local_dataflow.rb:98:7:98:15 | self | local_dataflow.rb:99:3:99:9 | self |
195+
| local_dataflow.rb:98:7:98:28 | ... && ... | local_dataflow.rb:98:3:98:28 | ... = ... |
196+
| local_dataflow.rb:98:7:98:28 | ... && ... | local_dataflow.rb:98:3:98:28 | ... = ... |
197+
| local_dataflow.rb:98:20:98:28 | [post] self | local_dataflow.rb:99:3:99:9 | self |
198+
| local_dataflow.rb:98:20:98:28 | call to source | local_dataflow.rb:98:7:98:28 | ... && ... |
199+
| local_dataflow.rb:98:20:98:28 | self | local_dataflow.rb:99:3:99:9 | self |
200+
| local_dataflow.rb:99:3:99:9 | [post] self | local_dataflow.rb:100:8:100:16 | self |
201+
| local_dataflow.rb:99:3:99:9 | self | local_dataflow.rb:100:8:100:16 | self |
202+
| local_dataflow.rb:100:3:100:31 | ... = ... | local_dataflow.rb:101:8:101:8 | b |
203+
| local_dataflow.rb:100:7:100:31 | ( ... ) | local_dataflow.rb:100:3:100:31 | ... = ... |
204+
| local_dataflow.rb:100:7:100:31 | ( ... ) | local_dataflow.rb:100:3:100:31 | ... = ... |
205+
| local_dataflow.rb:100:8:100:16 | [post] self | local_dataflow.rb:100:22:100:30 | self |
206+
| local_dataflow.rb:100:8:100:16 | [post] self | local_dataflow.rb:101:3:101:9 | self |
207+
| local_dataflow.rb:100:8:100:16 | call to source | local_dataflow.rb:100:8:100:30 | ... and ... |
208+
| local_dataflow.rb:100:8:100:16 | self | local_dataflow.rb:100:22:100:30 | self |
209+
| local_dataflow.rb:100:8:100:16 | self | local_dataflow.rb:101:3:101:9 | self |
210+
| local_dataflow.rb:100:8:100:30 | ... and ... | local_dataflow.rb:100:7:100:31 | ( ... ) |
211+
| local_dataflow.rb:100:22:100:30 | [post] self | local_dataflow.rb:101:3:101:9 | self |
212+
| local_dataflow.rb:100:22:100:30 | call to source | local_dataflow.rb:100:8:100:30 | ... and ... |
213+
| local_dataflow.rb:100:22:100:30 | self | local_dataflow.rb:101:3:101:9 | self |
214+
| local_dataflow.rb:101:3:101:9 | [post] self | local_dataflow.rb:103:7:103:15 | self |
215+
| local_dataflow.rb:101:3:101:9 | self | local_dataflow.rb:103:7:103:15 | self |
216+
| local_dataflow.rb:103:3:103:15 | ... = ... | local_dataflow.rb:104:3:104:3 | a |
217+
| local_dataflow.rb:103:7:103:15 | [post] self | local_dataflow.rb:104:9:104:17 | self |
218+
| local_dataflow.rb:103:7:103:15 | [post] self | local_dataflow.rb:105:3:105:9 | self |
219+
| local_dataflow.rb:103:7:103:15 | call to source | local_dataflow.rb:103:3:103:15 | ... = ... |
220+
| local_dataflow.rb:103:7:103:15 | call to source | local_dataflow.rb:103:3:103:15 | ... = ... |
221+
| local_dataflow.rb:103:7:103:15 | self | local_dataflow.rb:104:9:104:17 | self |
222+
| local_dataflow.rb:103:7:103:15 | self | local_dataflow.rb:105:3:105:9 | self |
223+
| local_dataflow.rb:104:3:104:3 | a | local_dataflow.rb:104:5:104:7 | ... \|\| ... |
224+
| local_dataflow.rb:104:3:104:17 | ... = ... | local_dataflow.rb:105:8:105:8 | a |
225+
| local_dataflow.rb:104:5:104:7 | ... \|\| ... | local_dataflow.rb:104:3:104:17 | ... = ... |
226+
| local_dataflow.rb:104:5:104:7 | ... \|\| ... | local_dataflow.rb:104:3:104:17 | ... = ... |
227+
| local_dataflow.rb:104:9:104:17 | [post] self | local_dataflow.rb:105:3:105:9 | self |
228+
| local_dataflow.rb:104:9:104:17 | call to source | local_dataflow.rb:104:5:104:7 | ... \|\| ... |
229+
| local_dataflow.rb:104:9:104:17 | self | local_dataflow.rb:105:3:105:9 | self |
230+
| local_dataflow.rb:105:3:105:9 | [post] self | local_dataflow.rb:106:7:106:15 | self |
231+
| local_dataflow.rb:105:3:105:9 | self | local_dataflow.rb:106:7:106:15 | self |
232+
| local_dataflow.rb:106:3:106:15 | ... = ... | local_dataflow.rb:107:3:107:3 | b |
233+
| local_dataflow.rb:106:7:106:15 | [post] self | local_dataflow.rb:107:9:107:17 | self |
234+
| local_dataflow.rb:106:7:106:15 | [post] self | local_dataflow.rb:108:3:108:9 | self |
235+
| local_dataflow.rb:106:7:106:15 | call to source | local_dataflow.rb:106:3:106:15 | ... = ... |
236+
| local_dataflow.rb:106:7:106:15 | call to source | local_dataflow.rb:106:3:106:15 | ... = ... |
237+
| local_dataflow.rb:106:7:106:15 | self | local_dataflow.rb:107:9:107:17 | self |
238+
| local_dataflow.rb:106:7:106:15 | self | local_dataflow.rb:108:3:108:9 | self |
239+
| local_dataflow.rb:107:3:107:3 | b | local_dataflow.rb:107:5:107:7 | ... && ... |
240+
| local_dataflow.rb:107:3:107:17 | ... = ... | local_dataflow.rb:108:8:108:8 | b |
241+
| local_dataflow.rb:107:5:107:7 | ... && ... | local_dataflow.rb:107:3:107:17 | ... = ... |
242+
| local_dataflow.rb:107:5:107:7 | ... && ... | local_dataflow.rb:107:3:107:17 | ... = ... |
243+
| local_dataflow.rb:107:9:107:17 | [post] self | local_dataflow.rb:108:3:108:9 | self |
244+
| local_dataflow.rb:107:9:107:17 | call to source | local_dataflow.rb:107:5:107:7 | ... && ... |
245+
| local_dataflow.rb:107:9:107:17 | self | local_dataflow.rb:108:3:108:9 | self |

ruby/ql/test/library-tests/dataflow/local/Nodes.expected

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ ret
1313
| local_dataflow.rb:51:3:51:15 | break |
1414
| local_dataflow.rb:52:3:52:10 | "normal" |
1515
| local_dataflow.rb:89:3:89:9 | call to sink |
16+
| local_dataflow.rb:108:3:108:9 | call to sink |
1617
arg
1718
| local_dataflow.rb:3:8:3:10 | self | local_dataflow.rb:3:8:3:10 | call to p | self |
1819
| local_dataflow.rb:3:10:3:10 | a | local_dataflow.rb:3:8:3:10 | call to p | position 0 |
@@ -75,3 +76,51 @@ arg
7576
| local_dataflow.rb:87:25:87:25 | x | local_dataflow.rb:87:20:87:26 | call to sink | position 0 |
7677
| local_dataflow.rb:89:3:89:9 | self | local_dataflow.rb:89:3:89:9 | call to sink | self |
7778
| local_dataflow.rb:89:8:89:8 | z | local_dataflow.rb:89:3:89:9 | call to sink | position 0 |
79+
| local_dataflow.rb:93:7:93:15 | call to source | local_dataflow.rb:93:7:93:28 | ... \|\| ... | self |
80+
| local_dataflow.rb:93:7:93:15 | self | local_dataflow.rb:93:7:93:15 | call to source | self |
81+
| local_dataflow.rb:93:14:93:14 | 1 | local_dataflow.rb:93:7:93:15 | call to source | position 0 |
82+
| local_dataflow.rb:93:20:93:28 | call to source | local_dataflow.rb:93:7:93:28 | ... \|\| ... | position 0 |
83+
| local_dataflow.rb:93:20:93:28 | self | local_dataflow.rb:93:20:93:28 | call to source | self |
84+
| local_dataflow.rb:93:27:93:27 | 2 | local_dataflow.rb:93:20:93:28 | call to source | position 0 |
85+
| local_dataflow.rb:94:3:94:9 | self | local_dataflow.rb:94:3:94:9 | call to sink | self |
86+
| local_dataflow.rb:94:8:94:8 | a | local_dataflow.rb:94:3:94:9 | call to sink | position 0 |
87+
| local_dataflow.rb:95:8:95:16 | call to source | local_dataflow.rb:95:8:95:29 | ... or ... | self |
88+
| local_dataflow.rb:95:8:95:16 | self | local_dataflow.rb:95:8:95:16 | call to source | self |
89+
| local_dataflow.rb:95:15:95:15 | 1 | local_dataflow.rb:95:8:95:16 | call to source | position 0 |
90+
| local_dataflow.rb:95:21:95:29 | call to source | local_dataflow.rb:95:8:95:29 | ... or ... | position 0 |
91+
| local_dataflow.rb:95:21:95:29 | self | local_dataflow.rb:95:21:95:29 | call to source | self |
92+
| local_dataflow.rb:95:28:95:28 | 2 | local_dataflow.rb:95:21:95:29 | call to source | position 0 |
93+
| local_dataflow.rb:96:3:96:9 | self | local_dataflow.rb:96:3:96:9 | call to sink | self |
94+
| local_dataflow.rb:96:8:96:8 | b | local_dataflow.rb:96:3:96:9 | call to sink | position 0 |
95+
| local_dataflow.rb:98:7:98:15 | call to source | local_dataflow.rb:98:7:98:28 | ... && ... | self |
96+
| local_dataflow.rb:98:7:98:15 | self | local_dataflow.rb:98:7:98:15 | call to source | self |
97+
| local_dataflow.rb:98:14:98:14 | 1 | local_dataflow.rb:98:7:98:15 | call to source | position 0 |
98+
| local_dataflow.rb:98:20:98:28 | call to source | local_dataflow.rb:98:7:98:28 | ... && ... | position 0 |
99+
| local_dataflow.rb:98:20:98:28 | self | local_dataflow.rb:98:20:98:28 | call to source | self |
100+
| local_dataflow.rb:98:27:98:27 | 2 | local_dataflow.rb:98:20:98:28 | call to source | position 0 |
101+
| local_dataflow.rb:99:3:99:9 | self | local_dataflow.rb:99:3:99:9 | call to sink | self |
102+
| local_dataflow.rb:99:8:99:8 | a | local_dataflow.rb:99:3:99:9 | call to sink | position 0 |
103+
| local_dataflow.rb:100:8:100:16 | call to source | local_dataflow.rb:100:8:100:30 | ... and ... | self |
104+
| local_dataflow.rb:100:8:100:16 | self | local_dataflow.rb:100:8:100:16 | call to source | self |
105+
| local_dataflow.rb:100:15:100:15 | 1 | local_dataflow.rb:100:8:100:16 | call to source | position 0 |
106+
| local_dataflow.rb:100:22:100:30 | call to source | local_dataflow.rb:100:8:100:30 | ... and ... | position 0 |
107+
| local_dataflow.rb:100:22:100:30 | self | local_dataflow.rb:100:22:100:30 | call to source | self |
108+
| local_dataflow.rb:100:29:100:29 | 2 | local_dataflow.rb:100:22:100:30 | call to source | position 0 |
109+
| local_dataflow.rb:101:3:101:9 | self | local_dataflow.rb:101:3:101:9 | call to sink | self |
110+
| local_dataflow.rb:101:8:101:8 | b | local_dataflow.rb:101:3:101:9 | call to sink | position 0 |
111+
| local_dataflow.rb:103:7:103:15 | self | local_dataflow.rb:103:7:103:15 | call to source | self |
112+
| local_dataflow.rb:103:14:103:14 | 5 | local_dataflow.rb:103:7:103:15 | call to source | position 0 |
113+
| local_dataflow.rb:104:3:104:3 | a | local_dataflow.rb:104:5:104:7 | ... \|\| ... | self |
114+
| local_dataflow.rb:104:9:104:17 | call to source | local_dataflow.rb:104:5:104:7 | ... \|\| ... | position 0 |
115+
| local_dataflow.rb:104:9:104:17 | self | local_dataflow.rb:104:9:104:17 | call to source | self |
116+
| local_dataflow.rb:104:16:104:16 | 6 | local_dataflow.rb:104:9:104:17 | call to source | position 0 |
117+
| local_dataflow.rb:105:3:105:9 | self | local_dataflow.rb:105:3:105:9 | call to sink | self |
118+
| local_dataflow.rb:105:8:105:8 | a | local_dataflow.rb:105:3:105:9 | call to sink | position 0 |
119+
| local_dataflow.rb:106:7:106:15 | self | local_dataflow.rb:106:7:106:15 | call to source | self |
120+
| local_dataflow.rb:106:14:106:14 | 7 | local_dataflow.rb:106:7:106:15 | call to source | position 0 |
121+
| local_dataflow.rb:107:3:107:3 | b | local_dataflow.rb:107:5:107:7 | ... && ... | self |
122+
| local_dataflow.rb:107:9:107:17 | call to source | local_dataflow.rb:107:5:107:7 | ... && ... | position 0 |
123+
| local_dataflow.rb:107:9:107:17 | self | local_dataflow.rb:107:9:107:17 | call to source | self |
124+
| local_dataflow.rb:107:16:107:16 | 8 | local_dataflow.rb:107:9:107:17 | call to source | position 0 |
125+
| local_dataflow.rb:108:3:108:9 | self | local_dataflow.rb:108:3:108:9 | call to sink | self |
126+
| local_dataflow.rb:108:8:108:8 | b | local_dataflow.rb:108:3:108:9 | call to sink | position 0 |

0 commit comments

Comments
 (0)