Merge pull request #13746 from asgerf/rb/fix-rack-todo

alexrford · web-flow · commit bdf1aa080786 · 2023-07-14T16:29:00.000+01:00
Ruby: Use API graphs asCallable() instead of Proc.new workaround
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll b/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll
@@ -18,16 +18,7 @@ private class PotentialRequestHandler extends DataFlow::CallableNode {
     (
       this.(DataFlow::MethodNode).getMethodName() = "call"
       or
-      not this instanceof DataFlow::MethodNode and
-      exists(DataFlow::CallNode cn | cn.getMethodName() = "run" |
-        this.(DataFlow::LocalSourceNode).flowsTo(cn.getArgument(0))
-        or
-        // TODO: `Proc.new` should automatically propagate flow from its block argument
-        any(DataFlow::CallNode proc |
-          proc = API::getTopLevelMember("Proc").getAnInstantiation() and
-          proc.getBlock() = this
-        ).(DataFlow::LocalSourceNode).flowsTo(cn.getArgument(0))
-      )
+      this = API::getTopLevelCall("run").getArgument(0).asCallable()
     )
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -18,16 +18,7 @@ private class PotentialRequestHandler extends DataFlow::CallableNode {`
`18`	`18`	`(`
`19`	`19`	`this.(DataFlow::MethodNode).getMethodName() = "call"`
`20`	`20`	`or`
`21`		`- not this instanceof DataFlow::MethodNode and`
`22`		`- exists(DataFlow::CallNode cn \| cn.getMethodName() = "run" \|`
`23`		`- this.(DataFlow::LocalSourceNode).flowsTo(cn.getArgument(0))`
`24`		`- or`
`25`		- // TODO: `Proc.new` should automatically propagate flow from its block argument
`26`		`- any(DataFlow::CallNode proc \|`
`27`		`- proc = API::getTopLevelMember("Proc").getAnInstantiation() and`
`28`		`- proc.getBlock() = this`
`29`		`- ).(DataFlow::LocalSourceNode).flowsTo(cn.getArgument(0))`
`30`		`- )`
	`21`	`+ this = API::getTopLevelCall("run").getArgument(0).asCallable()`
`31`	`22`	`)`
`32`	`23`	`}`
`33`	`24`	`}`