Ruby: add test case

asgerf · asgerf · commit 65de5d014cff · 2022-09-28T12:23:58.000+02:00
diff --git a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected
@@ -34,6 +34,10 @@ edges
 | summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:128:26:128:32 | tainted |
 | summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:130:23:130:29 | tainted |
 | summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:130:23:130:29 | tainted |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:133:19:133:25 | tainted |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:133:19:133:25 | tainted |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:134:19:134:25 | tainted |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:134:19:134:25 | tainted |
 | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:1:11:1:36 | call to identity :  |
 | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:1:11:1:36 | call to identity :  |
 | summaries.rb:4:12:7:3 | call to apply_block :  | summaries.rb:9:6:9:13 | tainted2 |
@@ -186,6 +190,8 @@ edges
 | summaries.rb:115:16:115:22 | [post] tainted :  | summaries.rb:125:21:125:27 | tainted |
 | summaries.rb:115:16:115:22 | [post] tainted :  | summaries.rb:128:26:128:32 | tainted |
 | summaries.rb:115:16:115:22 | [post] tainted :  | summaries.rb:130:23:130:29 | tainted |
+| summaries.rb:115:16:115:22 | [post] tainted :  | summaries.rb:133:19:133:25 | tainted |
+| summaries.rb:115:16:115:22 | [post] tainted :  | summaries.rb:134:19:134:25 | tainted |
 | summaries.rb:115:16:115:22 | tainted :  | summaries.rb:115:16:115:22 | [post] tainted :  |
 | summaries.rb:115:16:115:22 | tainted :  | summaries.rb:115:25:115:25 | [post] y :  |
 | summaries.rb:115:16:115:22 | tainted :  | summaries.rb:115:33:115:33 | [post] z :  |
@@ -387,6 +393,10 @@ nodes
 | summaries.rb:128:26:128:32 | tainted | semmle.label | tainted |
 | summaries.rb:130:23:130:29 | tainted | semmle.label | tainted |
 | summaries.rb:130:23:130:29 | tainted | semmle.label | tainted |
+| summaries.rb:133:19:133:25 | tainted | semmle.label | tainted |
+| summaries.rb:133:19:133:25 | tainted | semmle.label | tainted |
+| summaries.rb:134:19:134:25 | tainted | semmle.label | tainted |
+| summaries.rb:134:19:134:25 | tainted | semmle.label | tainted |
 subpaths
 invalidSpecComponent
 #select
@@ -474,6 +484,10 @@ invalidSpecComponent
 | summaries.rb:128:26:128:32 | tainted | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:128:26:128:32 | tainted | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
 | summaries.rb:130:23:130:29 | tainted | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:130:23:130:29 | tainted | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
 | summaries.rb:130:23:130:29 | tainted | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:130:23:130:29 | tainted | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:133:19:133:25 | tainted | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:133:19:133:25 | tainted | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:133:19:133:25 | tainted | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:133:19:133:25 | tainted | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:134:19:134:25 | tainted | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:134:19:134:25 | tainted | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:134:19:134:25 | tainted | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:134:19:134:25 | tainted | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
 warning
 | CSV type row should have 5 columns but has 2: test;TooFewColumns |
 | CSV type row should have 5 columns but has 8: test;TooManyColumns;;;Member[Foo].Instance;too;many;columns |
diff --git a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql
@@ -3,6 +3,7 @@
  */
 
 import codeql.ruby.AST
+import codeql.ruby.ApiGraphs
 import codeql.ruby.dataflow.FlowSummary
 import codeql.ruby.TaintTracking
 import codeql.ruby.dataflow.internal.FlowSummaryImpl
@@ -112,6 +113,12 @@ private class TypeFromCodeQL extends ModelInput::TypeModel {
     type = "FooOrBar" and
     result.asExpr().getExpr().getConstantValue().getString() = "magic_string"
   }
+
+  override API::Node getAnApiNode(string package, string type) {
+    package = "test" and
+    type = "FooOrBar" and
+    result = API::getTopLevelMember("Alias").getMember(["Foo", "Bar"])
+  }
 }
 
 private class InvalidTypeModel extends ModelInput::TypeModelCsv {
diff --git a/ruby/ql/test/library-tests/dataflow/summaries/summaries.rb b/ruby/ql/test/library-tests/dataflow/summaries/summaries.rb
@@ -129,3 +129,8 @@ def userDefinedFunction(x, y)
 
 "magic_string".method(tainted) # $ hasValueFlow=tainted
 "magic_string2".method(tainted)
+
+Alias::Foo.method(tainted) # $ hasValueFlow=tainted
+Alias::Bar.method(tainted) # $ hasValueFlow=tainted
+Something::Foo.method(tainted)
+Alias::Something.method(tainted)
