Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,6 @@ nodes
| string_flow.rb:227:10:227:10 | a | semmle.label | a |
subpaths
testFailures
| string_flow.rb:85:10:85:10 | a | Unexpected result: hasValueFlow=a |
| string_flow.rb:227:10:227:10 | a | Unexpected result: hasValueFlow=a |
#select
| string_flow.rb:3:10:3:22 | call to new | string_flow.rb:2:9:2:18 | call to source | string_flow.rb:3:10:3:22 | call to new | $@ | string_flow.rb:2:9:2:18 | call to source | call to source |
| string_flow.rb:85:10:85:10 | a | string_flow.rb:83:9:83:18 | call to source | string_flow.rb:85:10:85:10 | a | $@ | string_flow.rb:83:9:83:18 | call to source | call to source |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ def m_chomp
def m_clear
a = source "a"
a.clear
sink a
sink a # $ SPURIOUS: hasValueFlow=a
end

# concat and prepend omitted because they clash with the summaries for
Expand Down Expand Up @@ -224,7 +224,7 @@ def m_replace
b = source "b"
sink a.replace(b) # $ hasTaintFlow=b
# TODO: currently we get value flow for a, because we don't clear content
sink a # $ hasTaintFlow=b
sink a # $ hasTaintFlow=b SPURIOUS: hasValueFlow=a
end

def m_reverse
Expand Down Expand Up @@ -316,4 +316,4 @@ def m_upto(i)
a.upto("b", true) { |x| sink x } # $ hasTaintFlow=a
"b".upto(a) { |x| sink x } # $ hasTaintFlow=a
"b".upto(a, true) { |x| sink x }
end
end
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
class OneController < ActionController::Base
before_action :a
after_action :c

def a
@foo = params[:foo]
end
Expand All @@ -18,14 +18,14 @@ def b
end

def c
sink @foo
sink @foo # $ hasTaintFlow
end
end

class TwoController < ActionController::Base
before_action :a
after_action :c

def a
@foo = params[:foo]
end
Expand All @@ -35,14 +35,14 @@ def b
end

def c
sink @foo
sink @foo # $ SPURIOUS: hasTaintFlow
end
end

class ThreeController < ActionController::Base
before_action :a
after_action :c

def a
@foo = params[:foo]
@foo = "safe"
Expand All @@ -52,14 +52,14 @@ def b
end

def c
sink @foo
sink @foo # $ SPURIOUS: hasTaintFlow
end
end

class FourController < ActionController::Base
before_action :a
after_action :c

def a
@foo.bar = params[:foo]
end
Expand All @@ -68,14 +68,14 @@ def b
end

def c
sink(@foo.bar)
sink(@foo.bar) # $ hasTaintFlow
end
end

class FiveController < ActionController::Base
before_action :a
after_action :c

def a
self.taint_foo
end
Expand All @@ -84,10 +84,10 @@ def b
end

def c
sink @foo
sink @foo # $ hasTaintFlow
end

def taint_foo
@foo = params[:foo]
end
end
end
Original file line number Diff line number Diff line change
Expand Up @@ -270,11 +270,6 @@ nodes
| params_flow.rb:205:10:205:10 | a | semmle.label | a |
subpaths
testFailures
| filter_flow.rb:21:10:21:13 | @foo | Unexpected result: hasTaintFlow |
| filter_flow.rb:38:10:38:13 | @foo | Unexpected result: hasTaintFlow |
| filter_flow.rb:55:10:55:13 | @foo | Unexpected result: hasTaintFlow |
| filter_flow.rb:71:10:71:17 | call to bar | Unexpected result: hasTaintFlow |
| filter_flow.rb:87:11:87:14 | @foo | Unexpected result: hasTaintFlow |
#select
| filter_flow.rb:21:10:21:13 | @foo | filter_flow.rb:14:12:14:17 | call to params | filter_flow.rb:21:10:21:13 | @foo | $@ | filter_flow.rb:14:12:14:17 | call to params | call to params |
| filter_flow.rb:38:10:38:13 | @foo | filter_flow.rb:30:12:30:17 | call to params | filter_flow.rb:38:10:38:13 | @foo | $@ | filter_flow.rb:30:12:30:17 | call to params | call to params |
Expand Down
Loading