Ruby: Add tests that demonstrate missing flow through positional arguments

hvitved · hvitved · commit aa93986d1a4d · 2022-08-16T10:36:40.000+02:00
diff --git a/ruby/ql/test/library-tests/dataflow/params/params-flow.expected b/ruby/ql/test/library-tests/dataflow/params/params-flow.expected
@@ -36,6 +36,10 @@ edges
 | params_flow.rb:41:13:41:21 | call to taint :  | params_flow.rb:16:18:16:19 | p2 :  |
 | params_flow.rb:41:24:41:29 | ** ... [element :p1] :  | params_flow.rb:16:13:16:14 | p1 :  |
 | params_flow.rb:41:26:41:29 | args [element :p1] :  | params_flow.rb:41:24:41:29 | ** ... [element :p1] :  |
+| params_flow.rb:44:12:44:20 | call to taint :  | params_flow.rb:9:16:9:17 | p1 :  |
+| params_flow.rb:49:13:49:14 | p1 :  | params_flow.rb:50:10:50:11 | p1 |
+| params_flow.rb:54:9:54:17 | call to taint :  | params_flow.rb:49:13:49:14 | p1 :  |
+| params_flow.rb:57:9:57:17 | call to taint :  | params_flow.rb:49:13:49:14 | p1 :  |
 nodes
 | params_flow.rb:9:16:9:17 | p1 :  | semmle.label | p1 :  |
 | params_flow.rb:9:20:9:21 | p2 :  | semmle.label | p2 :  |
@@ -80,9 +84,15 @@ nodes
 | params_flow.rb:41:13:41:21 | call to taint :  | semmle.label | call to taint :  |
 | params_flow.rb:41:24:41:29 | ** ... [element :p1] :  | semmle.label | ** ... [element :p1] :  |
 | params_flow.rb:41:26:41:29 | args [element :p1] :  | semmle.label | args [element :p1] :  |
+| params_flow.rb:44:12:44:20 | call to taint :  | semmle.label | call to taint :  |
+| params_flow.rb:49:13:49:14 | p1 :  | semmle.label | p1 :  |
+| params_flow.rb:50:10:50:11 | p1 | semmle.label | p1 |
+| params_flow.rb:54:9:54:17 | call to taint :  | semmle.label | call to taint :  |
+| params_flow.rb:57:9:57:17 | call to taint :  | semmle.label | call to taint :  |
 subpaths
 #select
 | params_flow.rb:10:10:10:11 | p1 | params_flow.rb:14:12:14:19 | call to taint :  | params_flow.rb:10:10:10:11 | p1 | $@ | params_flow.rb:14:12:14:19 | call to taint :  | call to taint :  |
+| params_flow.rb:10:10:10:11 | p1 | params_flow.rb:44:12:44:20 | call to taint :  | params_flow.rb:10:10:10:11 | p1 | $@ | params_flow.rb:44:12:44:20 | call to taint :  | call to taint :  |
 | params_flow.rb:11:10:11:11 | p2 | params_flow.rb:14:22:14:29 | call to taint :  | params_flow.rb:11:10:11:11 | p2 | $@ | params_flow.rb:14:22:14:29 | call to taint :  | call to taint :  |
 | params_flow.rb:17:10:17:11 | p1 | params_flow.rb:21:13:21:20 | call to taint :  | params_flow.rb:17:10:17:11 | p1 | $@ | params_flow.rb:21:13:21:20 | call to taint :  | call to taint :  |
 | params_flow.rb:17:10:17:11 | p1 | params_flow.rb:22:27:22:34 | call to taint :  | params_flow.rb:17:10:17:11 | p1 | $@ | params_flow.rb:22:27:22:34 | call to taint :  | call to taint :  |
@@ -99,3 +109,5 @@ subpaths
 | params_flow.rb:28:10:28:22 | ( ... ) | params_flow.rb:37:34:37:42 | call to taint :  | params_flow.rb:28:10:28:22 | ( ... ) | $@ | params_flow.rb:37:34:37:42 | call to taint :  | call to taint :  |
 | params_flow.rb:29:10:29:22 | ( ... ) | params_flow.rb:33:41:33:49 | call to taint :  | params_flow.rb:29:10:29:22 | ( ... ) | $@ | params_flow.rb:33:41:33:49 | call to taint :  | call to taint :  |
 | params_flow.rb:29:10:29:22 | ( ... ) | params_flow.rb:34:14:34:22 | call to taint :  | params_flow.rb:29:10:29:22 | ( ... ) | $@ | params_flow.rb:34:14:34:22 | call to taint :  | call to taint :  |
+| params_flow.rb:50:10:50:11 | p1 | params_flow.rb:54:9:54:17 | call to taint :  | params_flow.rb:50:10:50:11 | p1 | $@ | params_flow.rb:54:9:54:17 | call to taint :  | call to taint :  |
+| params_flow.rb:50:10:50:11 | p1 | params_flow.rb:57:9:57:17 | call to taint :  | params_flow.rb:50:10:50:11 | p1 | $@ | params_flow.rb:57:9:57:17 | call to taint :  | call to taint :  |
diff --git a/ruby/ql/test/library-tests/dataflow/params/params_flow.rb b/ruby/ql/test/library-tests/dataflow/params/params_flow.rb
@@ -7,8 +7,8 @@ def sink x
 end
 
 def positional(p1, p2)
-    sink p1 # $ hasValueFlow=1
-    sink p2 # $ hasValueFlow=2
+    sink p1 # $ hasValueFlow=1 $ hasValueFlow=16 $ MISSING: hasValueFlow=18
+    sink p2 # $ hasValueFlow=2 $ MISSING: hasValueFlow=17 $ MISSING: hasValueFlow=19
 end
 
 positional(taint(1), taint(2))
@@ -39,3 +39,22 @@ def kwargs(p1:, **kwargs)
 
 args = {:p1 => taint(16) }
 keyword(p2: taint(17), **args)
+
+args = [taint(17)]
+positional(taint(16), *args)
+
+args = [taint(18), taint(19)]
+positional(*args)
+
+def posargs(p1, *posargs)
+    sink p1 # $ hasValueFlow=20 $ hasValueFlow=23 $ MISSING: hasValueFlow=24
+    sink (posargs[0]) # $ MISSING: hasValueFlow=21 $ MISSING: hasValueFlow=22 $ MISSING: hasValueFlow=25
+end
+
+posargs(taint(20), taint(21))
+
+args = [taint(22)]
+posargs(taint(23), *args)
+
+args = [taint(24), taint(25)]
+posargs(*args)
