Ruby: reject ArrayElement[-n] instead of interpreting it as ArrayElement[?]

asgerf · asgerf · commit bb9348d77fef · 2022-02-23T14:13:41.000+01:00
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll b/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll
@@ -32,12 +32,18 @@ module SummaryComponent {
   /** Gets a summary component that represents an element in an array at an unknown index. */
   SummaryComponent arrayElementUnknown() { result = SC::content(TUnknownArrayElementContent()) }
 
-  /** Gets a summary component that represents an element in an array at a known index. */
+  /**
+   * Gets a summary component that represents an element in an array at a known index.
+   *
+   * Has no result for negative indices. Wrap-around interpretation of negative indices should be
+   * handled by the caller, if modeling a function that has such behavior.
+   */
   bindingset[i]
   SummaryComponent arrayElementKnown(int i) {
     result = SC::content(TKnownArrayElementContent(i))
     or
     // `i` may be out of range
+    i >= 0 and
     not exists(TKnownArrayElementContent(i)) and
     result = arrayElementUnknown()
   }
