Ruby: specialize filter-like calls

asgerf · asgerf · commit d1d2fae4f5f8 · 2022-10-03T12:34:33.000+02:00
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll
@@ -6,6 +6,7 @@ private import codeql.ruby.DataFlow
 private import codeql.ruby.ast.internal.Module
 private import codeql.ruby.dataflow.FlowSummary
 private import codeql.ruby.dataflow.internal.DataFlowDispatch
+private import codeql.ruby.typetracking.TypeTrackerSpecific
 
 /** An array index that may be tracked precisely in data flow. */
 private class ArrayIndex extends int {
@@ -2471,6 +2472,20 @@ module Enumerable {
     }
   }
 
+  private class FilterTypeTrackingStep extends TypeTrackingStep {
+    override predicate withContentStep(Node pred, Node succ, ContentFilter filter) {
+      // Type-tracking cannot currently handle the `WithoutElement[0..!].WithElement[any]`
+      // sequence with full precision, so manually add it as a `WithContent` step.
+      exists(DataFlow::CallNode call |
+        call.asExpr().getExpr() =
+          [any(SelectSummary s).getACallSimple(), any(RejectSummary s).getACallSimple()] and
+        pred = call.getReceiver() and
+        succ = call and
+        filter = ContentFilter::hasElements()
+      )
+    }
+  }
+
   private class SliceBeforeAfterSummary extends SimpleSummarizedCallable {
     SliceBeforeAfterSummary() { this = ["slice_before", "slice_after"] }
 
diff --git a/ruby/ql/test/library-tests/dataflow/hash-flow/type-tracking-hash-flow.expected b/ruby/ql/test/library-tests/dataflow/hash-flow/type-tracking-hash-flow.expected
@@ -11,17 +11,14 @@
 | hash_flow.rb:219:27:219:47 | # $ hasValueFlow=14.2 | Missing result:hasValueFlow=14.2 |
 | hash_flow.rb:291:10:291:14 | ...[...] | Unexpected result: hasValueFlow=19.1 |
 | hash_flow.rb:294:10:294:14 | ...[...] | Unexpected result: hasValueFlow=19.3 |
-| hash_flow.rb:351:18:351:38 | # $ hasValueFlow=22.1 | Missing result:hasValueFlow=22.1 |
 | hash_flow.rb:396:18:396:38 | # $ hasValueFlow=25.1 | Missing result:hasValueFlow=25.1 |
 | hash_flow.rb:453:22:453:42 | # $ hasValueFlow=27.3 | Missing result:hasValueFlow=27.3 |
 | hash_flow.rb:455:22:455:42 | # $ hasValueFlow=27.4 | Missing result:hasValueFlow=27.4 |
 | hash_flow.rb:467:16:467:36 | # $ hasValueFlow=28.1 | Missing result:hasValueFlow=28.1 |
-| hash_flow.rb:482:16:482:36 | # $ hasValueFlow=29.1 | Missing result:hasValueFlow=29.1 |
 | hash_flow.rb:497:16:497:36 | # $ hasValueFlow=30.1 | Missing result:hasValueFlow=30.1 |
 | hash_flow.rb:513:22:513:42 | # $ hasValueFlow=31.1 | Missing result:hasValueFlow=31.1 |
 | hash_flow.rb:515:10:515:20 | ( ... ) | Unexpected result: hasValueFlow=31.3 |
 | hash_flow.rb:515:22:515:42 | # $ hasValueFlow=31.2 | Missing result:hasValueFlow=31.2 |
-| hash_flow.rb:529:18:529:38 | # $ hasValueFlow=32.1 | Missing result:hasValueFlow=32.1 |
 | hash_flow.rb:559:17:559:57 | # $ hasValueFlow=34.1 $ hasValueFlow=34.2 | Missing result:hasValueFlow=34.1 |
 | hash_flow.rb:559:17:559:57 | # $ hasValueFlow=34.1 $ hasValueFlow=34.2 | Missing result:hasValueFlow=34.2 |
 | hash_flow.rb:571:18:571:38 | # $ hasValueFlow=35.1 | Missing result:hasValueFlow=35.1 |
