Ruby: Fix call graph for overridden private methods

hvitved · hvitved · commit 61e9c6f658e7 · 2022-09-21T14:00:17.000+02:00
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
@@ -302,11 +302,7 @@ private module Cached {
           result = lookupMethod(tp, method) and
           if result.(Method).isPrivate()
           then
-            exists(SelfVariableAccess self |
-              self = call.getReceiver().getExpr() and
-              pragma[only_bind_out](self.getEnclosingModule().getModule().getSuperClass*()) =
-                pragma[only_bind_out](result.getEnclosingModule().getModule())
-            ) and
+            call.getReceiver().getExpr() instanceof SelfVariableAccess and
             // For now, we restrict the scope of top-level declarations to their file.
             // This may remove some plausible targets, but also removes a lot of
             // implausible targets
diff --git a/ruby/ql/test/library-tests/modules/callgraph.expected b/ruby/ql/test/library-tests/modules/callgraph.expected
@@ -191,6 +191,7 @@ getTarget
 | private.rb:67:3:69:5 | call to private | calls.rb:109:5:109:20 | private |
 | private.rb:68:7:68:32 | call to puts | calls.rb:102:5:102:30 | puts |
 | private.rb:72:7:72:8 | call to m1 | private.rb:63:11:65:5 | m1 |
+| private.rb:72:7:72:8 | call to m1 | private.rb:77:11:81:5 | m1 |
 | private.rb:77:3:81:5 | call to private | calls.rb:109:5:109:20 | private |
 | private.rb:78:7:78:32 | call to puts | calls.rb:102:5:102:30 | puts |
 | private.rb:79:7:79:8 | call to m2 | private.rb:67:11:69:5 | m2 |
