Merge pull request #10354 from hvitved/ruby/convert-flow-test

hvitved · web-flow · commit e3948e66833e · 2022-09-08T15:20:58.000+02:00
Ruby: Convert data-flow test to use inline test expectations
diff --git a/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected b/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected
@@ -1,46 +1,92 @@
+failures
 edges
-| call_sensitivity.rb:7:13:7:13 | x :  | call_sensitivity.rb:8:11:8:11 | x :  |
-| call_sensitivity.rb:8:11:8:11 | x :  | call_sensitivity.rb:15:20:15:20 | x :  |
-| call_sensitivity.rb:15:9:15:15 | "taint" :  | call_sensitivity.rb:7:13:7:13 | x :  |
-| call_sensitivity.rb:15:20:15:20 | x :  | call_sensitivity.rb:15:28:15:28 | x |
-| call_sensitivity.rb:17:27:17:27 | x :  | call_sensitivity.rb:18:17:18:17 | x :  |
-| call_sensitivity.rb:17:27:17:27 | x :  | call_sensitivity.rb:18:17:18:17 | x :  |
-| call_sensitivity.rb:17:27:17:27 | x :  | call_sensitivity.rb:18:17:18:17 | x :  |
-| call_sensitivity.rb:18:17:18:17 | x :  | call_sensitivity.rb:27:17:27:17 | x :  |
-| call_sensitivity.rb:18:17:18:17 | x :  | call_sensitivity.rb:36:23:36:23 | x :  |
-| call_sensitivity.rb:18:17:18:17 | x :  | call_sensitivity.rb:39:24:39:24 | x :  |
-| call_sensitivity.rb:27:17:27:17 | x :  | call_sensitivity.rb:27:27:27:27 | x |
-| call_sensitivity.rb:28:25:28:31 | "taint" :  | call_sensitivity.rb:17:27:17:27 | x :  |
-| call_sensitivity.rb:36:23:36:23 | x :  | call_sensitivity.rb:36:31:36:31 | x |
-| call_sensitivity.rb:37:25:37:31 | "taint" :  | call_sensitivity.rb:17:27:17:27 | x :  |
-| call_sensitivity.rb:39:24:39:24 | x :  | call_sensitivity.rb:39:32:39:32 | x |
-| call_sensitivity.rb:40:26:40:32 | "taint" :  | call_sensitivity.rb:17:27:17:27 | x :  |
+| call_sensitivity.rb:9:7:9:13 | call to taint :  | call_sensitivity.rb:9:6:9:14 | ( ... ) |
+| call_sensitivity.rb:9:7:9:13 | call to taint :  | call_sensitivity.rb:9:6:9:14 | ( ... ) |
+| call_sensitivity.rb:11:13:11:13 | x :  | call_sensitivity.rb:12:11:12:11 | x :  |
+| call_sensitivity.rb:11:13:11:13 | x :  | call_sensitivity.rb:12:11:12:11 | x :  |
+| call_sensitivity.rb:12:11:12:11 | x :  | call_sensitivity.rb:19:22:19:22 | x :  |
+| call_sensitivity.rb:12:11:12:11 | x :  | call_sensitivity.rb:19:22:19:22 | x :  |
+| call_sensitivity.rb:19:9:19:17 | ( ... ) :  | call_sensitivity.rb:11:13:11:13 | x :  |
+| call_sensitivity.rb:19:9:19:17 | ( ... ) :  | call_sensitivity.rb:11:13:11:13 | x :  |
+| call_sensitivity.rb:19:10:19:16 | call to taint :  | call_sensitivity.rb:19:9:19:17 | ( ... ) :  |
+| call_sensitivity.rb:19:10:19:16 | call to taint :  | call_sensitivity.rb:19:9:19:17 | ( ... ) :  |
+| call_sensitivity.rb:19:22:19:22 | x :  | call_sensitivity.rb:19:30:19:30 | x |
+| call_sensitivity.rb:19:22:19:22 | x :  | call_sensitivity.rb:19:30:19:30 | x |
+| call_sensitivity.rb:21:27:21:27 | x :  | call_sensitivity.rb:22:17:22:17 | x :  |
+| call_sensitivity.rb:21:27:21:27 | x :  | call_sensitivity.rb:22:17:22:17 | x :  |
+| call_sensitivity.rb:21:27:21:27 | x :  | call_sensitivity.rb:22:17:22:17 | x :  |
+| call_sensitivity.rb:21:27:21:27 | x :  | call_sensitivity.rb:22:17:22:17 | x :  |
+| call_sensitivity.rb:21:27:21:27 | x :  | call_sensitivity.rb:22:17:22:17 | x :  |
+| call_sensitivity.rb:21:27:21:27 | x :  | call_sensitivity.rb:22:17:22:17 | x :  |
+| call_sensitivity.rb:22:17:22:17 | x :  | call_sensitivity.rb:31:17:31:17 | x :  |
+| call_sensitivity.rb:22:17:22:17 | x :  | call_sensitivity.rb:31:17:31:17 | x :  |
+| call_sensitivity.rb:22:17:22:17 | x :  | call_sensitivity.rb:40:23:40:23 | x :  |
+| call_sensitivity.rb:22:17:22:17 | x :  | call_sensitivity.rb:40:23:40:23 | x :  |
+| call_sensitivity.rb:22:17:22:17 | x :  | call_sensitivity.rb:43:24:43:24 | x :  |
+| call_sensitivity.rb:22:17:22:17 | x :  | call_sensitivity.rb:43:24:43:24 | x :  |
+| call_sensitivity.rb:31:17:31:17 | x :  | call_sensitivity.rb:31:27:31:27 | x |
+| call_sensitivity.rb:31:17:31:17 | x :  | call_sensitivity.rb:31:27:31:27 | x |
+| call_sensitivity.rb:32:25:32:32 | call to taint :  | call_sensitivity.rb:21:27:21:27 | x :  |
+| call_sensitivity.rb:32:25:32:32 | call to taint :  | call_sensitivity.rb:21:27:21:27 | x :  |
+| call_sensitivity.rb:40:23:40:23 | x :  | call_sensitivity.rb:40:31:40:31 | x |
+| call_sensitivity.rb:40:23:40:23 | x :  | call_sensitivity.rb:40:31:40:31 | x |
+| call_sensitivity.rb:41:25:41:32 | call to taint :  | call_sensitivity.rb:21:27:21:27 | x :  |
+| call_sensitivity.rb:41:25:41:32 | call to taint :  | call_sensitivity.rb:21:27:21:27 | x :  |
+| call_sensitivity.rb:43:24:43:24 | x :  | call_sensitivity.rb:43:32:43:32 | x |
+| call_sensitivity.rb:43:24:43:24 | x :  | call_sensitivity.rb:43:32:43:32 | x |
+| call_sensitivity.rb:44:26:44:33 | call to taint :  | call_sensitivity.rb:21:27:21:27 | x :  |
+| call_sensitivity.rb:44:26:44:33 | call to taint :  | call_sensitivity.rb:21:27:21:27 | x :  |
 nodes
-| call_sensitivity.rb:5:6:5:12 | "taint" | semmle.label | "taint" |
-| call_sensitivity.rb:7:13:7:13 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:8:11:8:11 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:15:9:15:15 | "taint" :  | semmle.label | "taint" :  |
-| call_sensitivity.rb:15:20:15:20 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:15:28:15:28 | x | semmle.label | x |
-| call_sensitivity.rb:17:27:17:27 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:17:27:17:27 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:17:27:17:27 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:18:17:18:17 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:18:17:18:17 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:18:17:18:17 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:27:17:27:17 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:27:27:27:27 | x | semmle.label | x |
-| call_sensitivity.rb:28:25:28:31 | "taint" :  | semmle.label | "taint" :  |
-| call_sensitivity.rb:36:23:36:23 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:36:31:36:31 | x | semmle.label | x |
-| call_sensitivity.rb:37:25:37:31 | "taint" :  | semmle.label | "taint" :  |
-| call_sensitivity.rb:39:24:39:24 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:39:32:39:32 | x | semmle.label | x |
-| call_sensitivity.rb:40:26:40:32 | "taint" :  | semmle.label | "taint" :  |
+| call_sensitivity.rb:9:6:9:14 | ( ... ) | semmle.label | ( ... ) |
+| call_sensitivity.rb:9:6:9:14 | ( ... ) | semmle.label | ( ... ) |
+| call_sensitivity.rb:9:7:9:13 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:9:7:9:13 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:11:13:11:13 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:11:13:11:13 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:12:11:12:11 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:12:11:12:11 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:19:9:19:17 | ( ... ) :  | semmle.label | ( ... ) :  |
+| call_sensitivity.rb:19:9:19:17 | ( ... ) :  | semmle.label | ( ... ) :  |
+| call_sensitivity.rb:19:10:19:16 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:19:10:19:16 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:19:22:19:22 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:19:22:19:22 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:19:30:19:30 | x | semmle.label | x |
+| call_sensitivity.rb:19:30:19:30 | x | semmle.label | x |
+| call_sensitivity.rb:21:27:21:27 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:21:27:21:27 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:21:27:21:27 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:21:27:21:27 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:21:27:21:27 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:21:27:21:27 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:22:17:22:17 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:22:17:22:17 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:22:17:22:17 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:22:17:22:17 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:22:17:22:17 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:22:17:22:17 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:31:17:31:17 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:31:17:31:17 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:31:27:31:27 | x | semmle.label | x |
+| call_sensitivity.rb:31:27:31:27 | x | semmle.label | x |
+| call_sensitivity.rb:32:25:32:32 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:32:25:32:32 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:40:23:40:23 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:40:23:40:23 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:40:31:40:31 | x | semmle.label | x |
+| call_sensitivity.rb:40:31:40:31 | x | semmle.label | x |
+| call_sensitivity.rb:41:25:41:32 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:41:25:41:32 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:43:24:43:24 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:43:24:43:24 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:43:32:43:32 | x | semmle.label | x |
+| call_sensitivity.rb:43:32:43:32 | x | semmle.label | x |
+| call_sensitivity.rb:44:26:44:33 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:44:26:44:33 | call to taint :  | semmle.label | call to taint :  |
 subpaths
 #select
-| call_sensitivity.rb:5:6:5:12 | "taint" | call_sensitivity.rb:5:6:5:12 | "taint" | call_sensitivity.rb:5:6:5:12 | "taint" | $@ | call_sensitivity.rb:5:6:5:12 | "taint" | "taint" |
-| call_sensitivity.rb:15:28:15:28 | x | call_sensitivity.rb:15:9:15:15 | "taint" :  | call_sensitivity.rb:15:28:15:28 | x | $@ | call_sensitivity.rb:15:9:15:15 | "taint" :  | "taint" :  |
-| call_sensitivity.rb:27:27:27:27 | x | call_sensitivity.rb:28:25:28:31 | "taint" :  | call_sensitivity.rb:27:27:27:27 | x | $@ | call_sensitivity.rb:28:25:28:31 | "taint" :  | "taint" :  |
-| call_sensitivity.rb:36:31:36:31 | x | call_sensitivity.rb:37:25:37:31 | "taint" :  | call_sensitivity.rb:36:31:36:31 | x | $@ | call_sensitivity.rb:37:25:37:31 | "taint" :  | "taint" :  |
-| call_sensitivity.rb:39:32:39:32 | x | call_sensitivity.rb:40:26:40:32 | "taint" :  | call_sensitivity.rb:39:32:39:32 | x | $@ | call_sensitivity.rb:40:26:40:32 | "taint" :  | "taint" :  |
+| call_sensitivity.rb:9:6:9:14 | ( ... ) | call_sensitivity.rb:9:7:9:13 | call to taint :  | call_sensitivity.rb:9:6:9:14 | ( ... ) | $@ | call_sensitivity.rb:9:7:9:13 | call to taint :  | call to taint :  |
+| call_sensitivity.rb:19:30:19:30 | x | call_sensitivity.rb:19:10:19:16 | call to taint :  | call_sensitivity.rb:19:30:19:30 | x | $@ | call_sensitivity.rb:19:10:19:16 | call to taint :  | call to taint :  |
+| call_sensitivity.rb:31:27:31:27 | x | call_sensitivity.rb:32:25:32:32 | call to taint :  | call_sensitivity.rb:31:27:31:27 | x | $@ | call_sensitivity.rb:32:25:32:32 | call to taint :  | call to taint :  |
+| call_sensitivity.rb:40:31:40:31 | x | call_sensitivity.rb:41:25:41:32 | call to taint :  | call_sensitivity.rb:40:31:40:31 | x | $@ | call_sensitivity.rb:41:25:41:32 | call to taint :  | call to taint :  |
+| call_sensitivity.rb:43:32:43:32 | x | call_sensitivity.rb:44:26:44:33 | call to taint :  | call_sensitivity.rb:43:32:43:32 | x | $@ | call_sensitivity.rb:44:26:44:33 | call to taint :  | call to taint :  |
diff --git a/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.ql b/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.ql
@@ -4,23 +4,9 @@
 
 import ruby
 import codeql.ruby.DataFlow
+import TestUtilities.InlineFlowTest
 import DataFlow::PathGraph
 
-class Conf extends DataFlow::Configuration {
-  Conf() { this = "Conf" }
-
-  override predicate isSource(DataFlow::Node src) {
-    src.asExpr().getExpr().(StringLiteral).getConstantValue().isString("taint")
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(MethodCall mc |
-      mc.getMethodName() = "sink" and
-      mc.getAnArgument() = sink.asExpr().getExpr()
-    )
-  }
-}
-
-from DataFlow::PathNode source, DataFlow::PathNode sink, Conf conf
+from DataFlow::PathNode source, DataFlow::PathNode sink, DefaultTaintFlowConf conf
 where conf.hasFlowPath(source, sink)
 select sink, source, sink, "$@", source, source.toString()
diff --git a/ruby/ql/test/library-tests/dataflow/call-sensitivity/call_sensitivity.rb b/ruby/ql/test/library-tests/dataflow/call-sensitivity/call_sensitivity.rb
@@ -1,43 +1,47 @@
-def sink s
-    puts s
+def taint x
+    x
 end
 
-sink "taint"
+def sink x
+    puts "SINK: #{x}"
+end
+
+sink (taint 1) # $ hasValueFlow=1
 
 def yielder x
     yield x
 end
 
-yielder "no taint" { |x| sink x } # no flow
+yielder ("no taint") { |x| sink x }
 
-yielder "taint" { |x| puts x } # no flow
+yielder (taint 2) { |x| puts x }
 
-yielder "taint" { |x| sink x } # flow
+yielder (taint 3) { |x| sink x } # $ hasValueFlow=3
 
 def apply_lambda (lambda, x)
     lambda.call(x)
 end
 
 my_lambda = -> (x) { sink x }
-apply_lambda(my_lambda, "no taint") # no flow
+apply_lambda(my_lambda, "no taint")
 
 my_lambda = -> (x) { puts x }
-apply_lambda(my_lambda, "taint") # no flow
+apply_lambda(my_lambda, taint(4))
 
-my_lambda = -> (x) { sink x }
-apply_lambda(my_lambda, "taint") # flow
+my_lambda = -> (x) { sink x } # $ hasValueFlow=5
+apply_lambda(my_lambda, taint(5))
 
 my_lambda = lambda { |x| sink x }
-apply_lambda(my_lambda, "no taint") # no flow
+apply_lambda(my_lambda, "no taint")
 
 my_lambda = lambda { |x| puts x }
-apply_lambda(my_lambda, "taint") # no flow
+apply_lambda(my_lambda, taint(6))
 
-my_lambda = lambda { |x| sink x }
-apply_lambda(my_lambda, "taint") # flow
+my_lambda = lambda { |x| sink x } # $ hasValueFlow=7
+apply_lambda(my_lambda, taint(7))
 
-MY_LAMBDA1 = lambda { |x| sink x }
-apply_lambda(MY_LAMBDA1, "taint") # flow
+MY_LAMBDA1 = lambda { |x| sink x } # $ hasValueFlow=8
+apply_lambda(MY_LAMBDA1, taint(8))
 
 MY_LAMBDA2 = lambda { |x| puts x }
-apply_lambda(MY_LAMBDA2, "taint") # no flow
+apply_lambda(MY_LAMBDA2, taint(9))
