Skip to content

Commit d177ba3

Browse files
hvitvedhvitved
committed
Ruby: Add data-flow test that demonstrates spurious flow
1 parent 813edd1 commit d177ba3

File tree

2 files changed

+72
-0
lines changed

2 files changed

+72
-0
lines changed

ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
failures
2+
| call_sensitivity.rb:51:10:51:10 | x | Unexpected result: hasValueFlow=12 |
3+
| call_sensitivity.rb:51:10:51:10 | x | Unexpected result: hasValueFlow=13 |
24
edges
35
| call_sensitivity.rb:9:7:9:13 | call to taint : | call_sensitivity.rb:9:6:9:14 | ( ... ) |
46
| call_sensitivity.rb:9:7:9:13 | call to taint : | call_sensitivity.rb:9:6:9:14 | ( ... ) |
@@ -36,6 +38,24 @@ edges
3638
| call_sensitivity.rb:43:24:43:24 | x : | call_sensitivity.rb:43:32:43:32 | x |
3739
| call_sensitivity.rb:44:26:44:33 | call to taint : | call_sensitivity.rb:21:27:21:27 | x : |
3840
| call_sensitivity.rb:44:26:44:33 | call to taint : | call_sensitivity.rb:21:27:21:27 | x : |
41+
| call_sensitivity.rb:50:15:50:15 | x : | call_sensitivity.rb:51:10:51:10 | x |
42+
| call_sensitivity.rb:50:15:50:15 | x : | call_sensitivity.rb:51:10:51:10 | x |
43+
| call_sensitivity.rb:54:15:54:15 | x : | call_sensitivity.rb:55:13:55:13 | x : |
44+
| call_sensitivity.rb:54:15:54:15 | x : | call_sensitivity.rb:55:13:55:13 | x : |
45+
| call_sensitivity.rb:55:13:55:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
46+
| call_sensitivity.rb:55:13:55:13 | x : | call_sensitivity.rb:50:15:50:15 | x : |
47+
| call_sensitivity.rb:58:18:58:18 | y : | call_sensitivity.rb:59:15:59:15 | y : |
48+
| call_sensitivity.rb:58:18:58:18 | y : | call_sensitivity.rb:59:15:59:15 | y : |
49+
| call_sensitivity.rb:59:15:59:15 | y : | call_sensitivity.rb:50:15:50:15 | x : |
50+
| call_sensitivity.rb:59:15:59:15 | y : | call_sensitivity.rb:50:15:50:15 | x : |
51+
| call_sensitivity.rb:64:11:64:18 | call to taint : | call_sensitivity.rb:54:15:54:15 | x : |
52+
| call_sensitivity.rb:64:11:64:18 | call to taint : | call_sensitivity.rb:54:15:54:15 | x : |
53+
| call_sensitivity.rb:65:14:65:22 | call to taint : | call_sensitivity.rb:58:18:58:18 | y : |
54+
| call_sensitivity.rb:65:14:65:22 | call to taint : | call_sensitivity.rb:58:18:58:18 | y : |
55+
| call_sensitivity.rb:74:11:74:18 | call to taint : | call_sensitivity.rb:54:15:54:15 | x : |
56+
| call_sensitivity.rb:74:11:74:18 | call to taint : | call_sensitivity.rb:54:15:54:15 | x : |
57+
| call_sensitivity.rb:75:14:75:22 | call to taint : | call_sensitivity.rb:58:18:58:18 | y : |
58+
| call_sensitivity.rb:75:14:75:22 | call to taint : | call_sensitivity.rb:58:18:58:18 | y : |
3959
nodes
4060
| call_sensitivity.rb:9:6:9:14 | ( ... ) | semmle.label | ( ... ) |
4161
| call_sensitivity.rb:9:6:9:14 | ( ... ) | semmle.label | ( ... ) |
@@ -83,10 +103,34 @@ nodes
83103
| call_sensitivity.rb:43:32:43:32 | x | semmle.label | x |
84104
| call_sensitivity.rb:44:26:44:33 | call to taint : | semmle.label | call to taint : |
85105
| call_sensitivity.rb:44:26:44:33 | call to taint : | semmle.label | call to taint : |
106+
| call_sensitivity.rb:50:15:50:15 | x : | semmle.label | x : |
107+
| call_sensitivity.rb:50:15:50:15 | x : | semmle.label | x : |
108+
| call_sensitivity.rb:51:10:51:10 | x | semmle.label | x |
109+
| call_sensitivity.rb:51:10:51:10 | x | semmle.label | x |
110+
| call_sensitivity.rb:54:15:54:15 | x : | semmle.label | x : |
111+
| call_sensitivity.rb:54:15:54:15 | x : | semmle.label | x : |
112+
| call_sensitivity.rb:55:13:55:13 | x : | semmle.label | x : |
113+
| call_sensitivity.rb:55:13:55:13 | x : | semmle.label | x : |
114+
| call_sensitivity.rb:58:18:58:18 | y : | semmle.label | y : |
115+
| call_sensitivity.rb:58:18:58:18 | y : | semmle.label | y : |
116+
| call_sensitivity.rb:59:15:59:15 | y : | semmle.label | y : |
117+
| call_sensitivity.rb:59:15:59:15 | y : | semmle.label | y : |
118+
| call_sensitivity.rb:64:11:64:18 | call to taint : | semmle.label | call to taint : |
119+
| call_sensitivity.rb:64:11:64:18 | call to taint : | semmle.label | call to taint : |
120+
| call_sensitivity.rb:65:14:65:22 | call to taint : | semmle.label | call to taint : |
121+
| call_sensitivity.rb:65:14:65:22 | call to taint : | semmle.label | call to taint : |
122+
| call_sensitivity.rb:74:11:74:18 | call to taint : | semmle.label | call to taint : |
123+
| call_sensitivity.rb:74:11:74:18 | call to taint : | semmle.label | call to taint : |
124+
| call_sensitivity.rb:75:14:75:22 | call to taint : | semmle.label | call to taint : |
125+
| call_sensitivity.rb:75:14:75:22 | call to taint : | semmle.label | call to taint : |
86126
subpaths
87127
#select
88128
| call_sensitivity.rb:9:6:9:14 | ( ... ) | call_sensitivity.rb:9:7:9:13 | call to taint : | call_sensitivity.rb:9:6:9:14 | ( ... ) | $@ | call_sensitivity.rb:9:7:9:13 | call to taint : | call to taint : |
89129
| call_sensitivity.rb:19:30:19:30 | x | call_sensitivity.rb:19:10:19:16 | call to taint : | call_sensitivity.rb:19:30:19:30 | x | $@ | call_sensitivity.rb:19:10:19:16 | call to taint : | call to taint : |
90130
| call_sensitivity.rb:31:27:31:27 | x | call_sensitivity.rb:32:25:32:32 | call to taint : | call_sensitivity.rb:31:27:31:27 | x | $@ | call_sensitivity.rb:32:25:32:32 | call to taint : | call to taint : |
91131
| call_sensitivity.rb:40:31:40:31 | x | call_sensitivity.rb:41:25:41:32 | call to taint : | call_sensitivity.rb:40:31:40:31 | x | $@ | call_sensitivity.rb:41:25:41:32 | call to taint : | call to taint : |
92132
| call_sensitivity.rb:43:32:43:32 | x | call_sensitivity.rb:44:26:44:33 | call to taint : | call_sensitivity.rb:43:32:43:32 | x | $@ | call_sensitivity.rb:44:26:44:33 | call to taint : | call to taint : |
133+
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:64:11:64:18 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:64:11:64:18 | call to taint : | call to taint : |
134+
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:65:14:65:22 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:65:14:65:22 | call to taint : | call to taint : |
135+
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:74:11:74:18 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:74:11:74:18 | call to taint : | call to taint : |
136+
| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:75:14:75:22 | call to taint : | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:75:14:75:22 | call to taint : | call to taint : |

ruby/ql/test/library-tests/dataflow/call-sensitivity/call_sensitivity.rb

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,3 +45,31 @@ def apply_lambda (lambda, x)
4545

4646
MY_LAMBDA2 = lambda { |x| puts x }
4747
apply_lambda(MY_LAMBDA2, taint(9))
48+
49+
class A
50+
def method1 x
51+
sink x # $ hasValueFlow=10 $ hasValueFlow=11
52+
end
53+
54+
def method2 x
55+
method1 x
56+
end
57+
58+
def method3(x, y)
59+
x.method1(y)
60+
end
61+
end
62+
63+
a = A.new
64+
a.method2(taint 10)
65+
a.method3(a, taint(11))
66+
67+
class B < A
68+
def method1 x
69+
puts x
70+
end
71+
end
72+
73+
b = B.new
74+
b.method2(taint 12)
75+
b.method3(b, taint(13))

0 commit comments

Comments
 (0)