Ruby: use resolveConstantReadAccess instead of trackModuleAccess for 'extend' calls

aibaars · aibaars · commit 5d55daa49161 · 2022-10-04T12:58:49.000+02:00
This avoids non-linear recursion at the cost of losing some results.
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
@@ -295,22 +295,24 @@ private DataFlowCallable viableLibraryCallable(DataFlowCall call) {
 }
 
 /** Holds if there is a call like `receiver.extend(M)` */
-private predicate extendCall(DataFlow::LocalSourceNode receiver, Module m) {
+pragma[nomagic]
+private predicate flowsToExtendCall(DataFlow::LocalSourceNode receiver, Module m) {
   exists(DataFlow::CallNode extendCall |
     extendCall.getMethodName() = "extend" and
     exists(DataFlow::LocalSourceNode sourceNode | sourceNode.flowsTo(extendCall.getArgument(0)) |
       selfInModule(sourceNode.(SsaSelfDefinitionNode).getVariable(), m) or
-      sourceNode = trackModuleAccess(m)
+      m = resolveConstantReadAccess(sourceNode.asExpr().getExpr())
     ) and
     receiver.flowsTo(extendCall.getReceiver())
   )
 }
 
 /** Holds if there is a call like `M.extend(N)` */
+pragma[nomagic]
 private predicate extendCallModule(Module m, Module n) {
-  exists(DataFlow::LocalSourceNode receiver | extendCall(receiver, n) |
+  exists(DataFlow::LocalSourceNode receiver | flowsToExtendCall(receiver, n) |
     selfInModule(receiver.(SsaSelfDefinitionNode).getVariable(), m) or
-    receiver = trackModuleAccess(m)
+    m = resolveConstantReadAccess(receiver.asExpr().getExpr())
   )
 }
 
@@ -375,7 +377,7 @@ private module Cached {
             receiver = trackSingletonMethodOnInstance(result, method)
             or
             exists(Module m |
-              extendCall(any(DataFlow::LocalSourceNode n | n.flowsTo(receiver)), m) and
+              flowsToExtendCall(any(DataFlow::LocalSourceNode n | n.flowsTo(receiver)), m) and
               result = lookupMethod(m, pragma[only_bind_into](method))
             )
           )

Original file line number	Diff line number	Diff line change
`@@ -295,22 +295,24 @@ private DataFlowCallable viableLibraryCallable(DataFlowCall call) {`
`295`	`295`	`}`
`296`	`296`
`297`	`297`	/** Holds if there is a call like `receiver.extend(M)` */
`298`		`-private predicate extendCall(DataFlow::LocalSourceNode receiver, Module m) {`
	`298`	`+pragma[nomagic]`
	`299`	`+private predicate flowsToExtendCall(DataFlow::LocalSourceNode receiver, Module m) {`
`299`	`300`	`exists(DataFlow::CallNode extendCall \|`
`300`	`301`	`extendCall.getMethodName() = "extend" and`
`301`	`302`	`exists(DataFlow::LocalSourceNode sourceNode \| sourceNode.flowsTo(extendCall.getArgument(0)) \|`
`302`	`303`	`selfInModule(sourceNode.(SsaSelfDefinitionNode).getVariable(), m) or`
`303`		`- sourceNode = trackModuleAccess(m)`
	`304`	`+ m = resolveConstantReadAccess(sourceNode.asExpr().getExpr())`
`304`	`305`	`) and`
`305`	`306`	`receiver.flowsTo(extendCall.getReceiver())`
`306`	`307`	`)`
`307`	`308`	`}`
`308`	`309`
`309`	`310`	/** Holds if there is a call like `M.extend(N)` */
	`311`	`+pragma[nomagic]`
`310`	`312`	`private predicate extendCallModule(Module m, Module n) {`
`311`		`- exists(DataFlow::LocalSourceNode receiver \| extendCall(receiver, n) \|`
	`313`	`+ exists(DataFlow::LocalSourceNode receiver \| flowsToExtendCall(receiver, n) \|`
`312`	`314`	`selfInModule(receiver.(SsaSelfDefinitionNode).getVariable(), m) or`
`313`		`- receiver = trackModuleAccess(m)`
	`315`	`+ m = resolveConstantReadAccess(receiver.asExpr().getExpr())`
`314`	`316`	`)`
`315`	`317`	`}`
`316`	`318`
`@@ -375,7 +377,7 @@ private module Cached {`
`375`	`377`	`receiver = trackSingletonMethodOnInstance(result, method)`
`376`	`378`	`or`
`377`	`379`	`exists(Module m \|`
`378`		`- extendCall(any(DataFlow::LocalSourceNode n \| n.flowsTo(receiver)), m) and`
	`380`	`+ flowsToExtendCall(any(DataFlow::LocalSourceNode n \| n.flowsTo(receiver)), m) and`
`379`	`381`	`result = lookupMethod(m, pragma[only_bind_into](method))`
`380`	`382`	`)`
`381`	`383`	`)`