Improve extraction of Output/Env assignments

Alvaro Muñoz · Alvaro Muñoz · commit d8f79818d6ff · 2024-10-25T10:25:47.000+02:00
diff --git a/ql/lib/codeql/actions/Bash.qll b/ql/lib/codeql/actions/Bash.qll
@@ -256,20 +256,20 @@ class BashShellScript extends ShellScript {
 
   override predicate getAWriteToGitHubEnv(string name, string data) {
     exists(string raw |
-      Bash::extractFileWrite(this.getRawScript(), "GITHUB_ENV", raw) and
+      Bash::extractFileWrite(this, "GITHUB_ENV", raw) and
       Bash::extractVariableAndValue(raw, name, data)
     )
   }
 
   override predicate getAWriteToGitHubOutput(string name, string data) {
     exists(string raw |
-      Bash::extractFileWrite(this.getRawScript(), "GITHUB_OUTPUT", raw) and
+      Bash::extractFileWrite(this, "GITHUB_OUTPUT", raw) and
       Bash::extractVariableAndValue(raw, name, data)
     )
   }
 
   override predicate getAWriteToGitHubPath(string data) {
-    Bash::extractFileWrite(this.getRawScript(), "GITHUB_PATH", data)
+    Bash::extractFileWrite(this, "GITHUB_PATH", data)
   }
 
   override predicate getAnEnvReachingGitHubOutputWrite(string var, string output_field) {
@@ -542,12 +542,12 @@ module Bash {
     blockFileWrite(script, cmd, file, content, filters)
   }
 
-  bindingset[script, file_var]
-  predicate extractFileWrite(string script, string file_var, string content) {
+  bindingset[file_var]
+  predicate extractFileWrite(BashShellScript script, string file_var, string content) {
     // single line assignment
     exists(string file_expr, string raw_content |
       isParameterExpansion(file_expr, file_var, _, _) and
-      singleLineFileWrite(script.splitAt("\n"), _, file_expr, raw_content, _) and
+      singleLineFileWrite(script.getAStmt(), _, file_expr, raw_content, _) and
       content = trimQuotes(raw_content)
     )
     or
@@ -566,12 +566,12 @@ module Bash {
         cmd = "add-path" and
         content = value
       ) and
-      singleLineWorkflowCmd(script.splitAt("\n"), cmd, key, value)
+      singleLineWorkflowCmd(script.getAStmt(), cmd, key, value)
     )
     or
     // multiline assignment
     exists(string file_expr, string raw_content |
-      multiLineFileWrite(script, _, file_expr, raw_content, _) and
+      multiLineFileWrite(script.getRawScript(), _, file_expr, raw_content, _) and
       isParameterExpansion(file_expr, file_var, _, _) and
       content = trimQuotes(raw_content)
     )

Original file line number	Diff line number	Diff line change
`@@ -256,20 +256,20 @@ class BashShellScript extends ShellScript {`
`256`	`256`
`257`	`257`	`override predicate getAWriteToGitHubEnv(string name, string data) {`
`258`	`258`	`exists(string raw \|`
`259`		`- Bash::extractFileWrite(this.getRawScript(), "GITHUB_ENV", raw) and`
	`259`	`+ Bash::extractFileWrite(this, "GITHUB_ENV", raw) and`
`260`	`260`	`Bash::extractVariableAndValue(raw, name, data)`
`261`	`261`	`)`
`262`	`262`	`}`
`263`	`263`
`264`	`264`	`override predicate getAWriteToGitHubOutput(string name, string data) {`
`265`	`265`	`exists(string raw \|`
`266`		`- Bash::extractFileWrite(this.getRawScript(), "GITHUB_OUTPUT", raw) and`
	`266`	`+ Bash::extractFileWrite(this, "GITHUB_OUTPUT", raw) and`
`267`	`267`	`Bash::extractVariableAndValue(raw, name, data)`
`268`	`268`	`)`
`269`	`269`	`}`
`270`	`270`
`271`	`271`	`override predicate getAWriteToGitHubPath(string data) {`
`272`		`- Bash::extractFileWrite(this.getRawScript(), "GITHUB_PATH", data)`
	`272`	`+ Bash::extractFileWrite(this, "GITHUB_PATH", data)`
`273`	`273`	`}`
`274`	`274`
`275`	`275`	`override predicate getAnEnvReachingGitHubOutputWrite(string var, string output_field) {`
`@@ -542,12 +542,12 @@ module Bash {`
`542`	`542`	`blockFileWrite(script, cmd, file, content, filters)`
`543`	`543`	`}`
`544`	`544`
`545`		`- bindingset[script, file_var]`
`546`		`- predicate extractFileWrite(string script, string file_var, string content) {`
	`545`	`+ bindingset[file_var]`
	`546`	`+ predicate extractFileWrite(BashShellScript script, string file_var, string content) {`
`547`	`547`	`// single line assignment`
`548`	`548`	`exists(string file_expr, string raw_content \|`
`549`	`549`	`isParameterExpansion(file_expr, file_var, _, _) and`
`550`		`- singleLineFileWrite(script.splitAt("\n"), _, file_expr, raw_content, _) and`
	`550`	`+ singleLineFileWrite(script.getAStmt(), _, file_expr, raw_content, _) and`
`551`	`551`	`content = trimQuotes(raw_content)`
`552`	`552`	`)`
`553`	`553`	`or`
`@@ -566,12 +566,12 @@ module Bash {`
`566`	`566`	`cmd = "add-path" and`
`567`	`567`	`content = value`
`568`	`568`	`) and`
`569`		`- singleLineWorkflowCmd(script.splitAt("\n"), cmd, key, value)`
	`569`	`+ singleLineWorkflowCmd(script.getAStmt(), cmd, key, value)`
`570`	`570`	`)`
`571`	`571`	`or`
`572`	`572`	`// multiline assignment`
`573`	`573`	`exists(string file_expr, string raw_content \|`
`574`		`- multiLineFileWrite(script, _, file_expr, raw_content, _) and`
	`574`	`+ multiLineFileWrite(script.getRawScript(), _, file_expr, raw_content, _) and`
`575`	`575`	`isParameterExpansion(file_expr, file_var, _, _) and`
`576`	`576`	`content = trimQuotes(raw_content)`
`577`	`577`	`)`