Ruby: add tests for '[]' and '[]=' method summaries

asgerf · asgerf · commit fc4026fd2853 · 2023-06-16T10:15:04.000+02:00
diff --git a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected
@@ -44,6 +44,10 @@ edges
 | summaries.rb:1:1:1:7 | tainted | summaries.rb:147:16:147:22 | tainted |
 | summaries.rb:1:1:1:7 | tainted | summaries.rb:150:39:150:45 | tainted |
 | summaries.rb:1:1:1:7 | tainted | summaries.rb:150:39:150:45 | tainted |
+| summaries.rb:1:1:1:7 | tainted | summaries.rb:154:5:154:11 | tainted |
+| summaries.rb:1:1:1:7 | tainted | summaries.rb:154:5:154:11 | tainted |
+| summaries.rb:1:1:1:7 | tainted | summaries.rb:155:10:155:16 | ... = ... |
+| summaries.rb:1:1:1:7 | tainted | summaries.rb:155:10:155:16 | ... = ... |
 | summaries.rb:1:11:1:36 | call to identity | summaries.rb:1:1:1:7 | tainted |
 | summaries.rb:1:11:1:36 | call to identity | summaries.rb:1:1:1:7 | tainted |
 | summaries.rb:1:20:1:36 | call to source | summaries.rb:1:11:1:36 | call to identity |
@@ -231,6 +235,8 @@ edges
 | summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:145:26:145:32 | tainted |
 | summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:147:16:147:22 | tainted |
 | summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:150:39:150:45 | tainted |
+| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:154:5:154:11 | tainted |
+| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:155:10:155:16 | ... = ... |
 | summaries.rb:122:16:122:22 | tainted | summaries.rb:122:16:122:22 | [post] tainted |
 | summaries.rb:122:16:122:22 | tainted | summaries.rb:122:25:122:25 | [post] y |
 | summaries.rb:122:16:122:22 | tainted | summaries.rb:122:33:122:33 | [post] z |
@@ -474,6 +480,10 @@ nodes
 | summaries.rb:147:16:147:22 | tainted | semmle.label | tainted |
 | summaries.rb:150:39:150:45 | tainted | semmle.label | tainted |
 | summaries.rb:150:39:150:45 | tainted | semmle.label | tainted |
+| summaries.rb:154:5:154:11 | tainted | semmle.label | tainted |
+| summaries.rb:154:5:154:11 | tainted | semmle.label | tainted |
+| summaries.rb:155:10:155:16 | ... = ... | semmle.label | ... = ... |
+| summaries.rb:155:10:155:16 | ... = ... | semmle.label | ... = ... |
 subpaths
 invalidSpecComponent
 #select
@@ -573,6 +583,10 @@ invalidSpecComponent
 | summaries.rb:147:16:147:22 | tainted | summaries.rb:1:20:1:36 | call to source | summaries.rb:147:16:147:22 | tainted | $@ | summaries.rb:1:20:1:36 | call to source | call to source |
 | summaries.rb:150:39:150:45 | tainted | summaries.rb:1:20:1:36 | call to source | summaries.rb:150:39:150:45 | tainted | $@ | summaries.rb:1:20:1:36 | call to source | call to source |
 | summaries.rb:150:39:150:45 | tainted | summaries.rb:1:20:1:36 | call to source | summaries.rb:150:39:150:45 | tainted | $@ | summaries.rb:1:20:1:36 | call to source | call to source |
+| summaries.rb:154:5:154:11 | tainted | summaries.rb:1:20:1:36 | call to source | summaries.rb:154:5:154:11 | tainted | $@ | summaries.rb:1:20:1:36 | call to source | call to source |
+| summaries.rb:154:5:154:11 | tainted | summaries.rb:1:20:1:36 | call to source | summaries.rb:154:5:154:11 | tainted | $@ | summaries.rb:1:20:1:36 | call to source | call to source |
+| summaries.rb:155:10:155:16 | ... = ... | summaries.rb:1:20:1:36 | call to source | summaries.rb:155:10:155:16 | ... = ... | $@ | summaries.rb:1:20:1:36 | call to source | call to source |
+| summaries.rb:155:10:155:16 | ... = ... | summaries.rb:1:20:1:36 | call to source | summaries.rb:155:10:155:16 | ... = ... | $@ | summaries.rb:1:20:1:36 | call to source | call to source |
 warning
 | CSV type row should have 3 columns but has 1: TooFewColumns |
 | CSV type row should have 3 columns but has 6: TooManyColumns;;Member[Foo].Instance;too;many;columns |
diff --git a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql
@@ -145,6 +145,8 @@ private class SinkFromModel extends ModelInput::SinkModelCsv {
         "Foo!;Method[getSinks].ReturnValue.Element[any].Method[mySink].Argument[0];test-sink", //
         "Foo!;Method[arraySink].Argument[0].Element[any];test-sink", //
         "Foo!;Method[secondArrayElementIsSink].Argument[0].Element[1];test-sink", //
+        "Foo!;Method['[]'].Argument[0];test-sink", //
+        "Bar!;Method['[]='].Argument[1];test-sink", //
       ]
   }
 }
diff --git a/ruby/ql/test/library-tests/dataflow/summaries/summaries.rb b/ruby/ql/test/library-tests/dataflow/summaries/summaries.rb
@@ -150,3 +150,6 @@ def userDefinedFunction(x, y)
 Foo.secondArrayElementIsSink(["safe", tainted, "safe"]) # $ hasValueFlow=tainted
 Foo.secondArrayElementIsSink(["safe", "safe", tainted])
 Foo.secondArrayElementIsSink([tainted] * 10) # $ MISSING: hasValueFlow=tainted
+
+Foo[tainted] # $ hasValueFlow=tainted
+Bar[1] = tainted # $ hasValueFlow=tainted

Original file line number	Diff line number	Diff line change
`@@ -145,6 +145,8 @@ private class SinkFromModel extends ModelInput::SinkModelCsv {`
`145`	`145`	`"Foo!;Method[getSinks].ReturnValue.Element[any].Method[mySink].Argument[0];test-sink", //`
`146`	`146`	`"Foo!;Method[arraySink].Argument[0].Element[any];test-sink", //`
`147`	`147`	`"Foo!;Method[secondArrayElementIsSink].Argument[0].Element[1];test-sink", //`
	`148`	`+ "Foo!;Method['[]'].Argument[0];test-sink", //`
	`149`	`+ "Bar!;Method['[]='].Argument[1];test-sink", //`
`148`	`150`	`]`
`149`	`151`	`}`
`150`	`152`	`}`