Ruby: Account for protected methods in call graph

hvitved · hvitved · commit e9b96c19b881 · 2022-09-29T11:58:04.000+02:00
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
@@ -314,15 +314,20 @@ private module Cached {
         exists(Module tp |
           instanceMethodCall(call, tp, method) and
           result = lookupMethod(tp, method) and
-          if result.(Method).isPrivate()
-          then
-            call.getReceiver().getExpr() instanceof SelfVariableAccess and
-            // For now, we restrict the scope of top-level declarations to their file.
-            // This may remove some plausible targets, but also removes a lot of
-            // implausible targets
-            if result.getEnclosingModule() instanceof Toplevel
-            then result.getFile() = call.getFile()
+          (
+            if result.(Method).isPrivate()
+            then
+              call.getReceiver().getExpr() instanceof SelfVariableAccess and
+              // For now, we restrict the scope of top-level declarations to their file.
+              // This may remove some plausible targets, but also removes a lot of
+              // implausible targets
+              if result.getEnclosingModule() instanceof Toplevel
+              then result.getFile() = call.getFile()
+              else any()
             else any()
+          ) and
+          if result.(Method).isProtected()
+          then result = lookupMethod(call.getExpr().getEnclosingModule().getModule(), method)
           else any()
         )
         or
diff --git a/ruby/ql/test/library-tests/modules/callgraph.expected b/ruby/ql/test/library-tests/modules/callgraph.expected
@@ -188,7 +188,6 @@ getTarget
 | calls.rb:494:9:494:28 | call to new | calls.rb:114:5:114:16 | new |
 | calls.rb:494:9:494:32 | call to foo | calls.rb:488:15:490:7 | foo |
 | calls.rb:498:1:498:20 | call to new | calls.rb:114:5:114:16 | new |
-| calls.rb:498:1:498:24 | call to foo | calls.rb:488:15:490:7 | foo |
 | calls.rb:499:1:499:20 | call to new | calls.rb:114:5:114:16 | new |
 | calls.rb:499:1:499:24 | call to bar | calls.rb:492:5:495:7 | bar |
 | hello.rb:12:5:12:24 | call to include | calls.rb:107:5:107:20 | include |
@@ -294,6 +293,7 @@ unresolvedCall
 | calls.rb:482:5:482:15 | call to extend |
 | calls.rb:485:1:485:31 | call to singleton |
 | calls.rb:488:5:490:7 | call to protected |
+| calls.rb:498:1:498:24 | call to foo |
 | hello.rb:20:16:20:26 | ... + ... |
 | hello.rb:20:16:20:34 | ... + ... |
 | hello.rb:20:16:20:40 | ... + ... |
