ruby: remove some FPs from rb/useless-assignment-to-local

yoff · yoff · commit fd75a3d7003b · 2025-04-04T16:46:29.000+02:00
diff --git a/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql b/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql
@@ -12,11 +12,27 @@
 
 import codeql.ruby.AST
 import codeql.ruby.dataflow.SSA
+import codeql.ruby.ApiGraphs
 
 class RelevantLocalVariableWriteAccess extends LocalVariableWriteAccess {
   RelevantLocalVariableWriteAccess() {
     not this.getVariable().getName().charAt(0) = "_" and
-    not this = any(Parameter p).getAVariable().getDefiningAccess()
+    not this = any(Parameter p).getAVariable().getDefiningAccess() and
+    not exists(SuperCall s |
+      s.getEnclosingCallable().getAParameter().getAVariable().getAnAccess() = this
+    |
+      // a call to 'super' without any arguments will pass on the parameter.
+      // thus, the parameter is used, and the assignment is not useless.
+      not exists(s.getAnArgument())
+    ) and
+    not API::getTopLevelMember("ERB").getInstance().getAMethodCall("result").asExpr().getScope() =
+      this.getCfgScope() and
+    not exists(RetryStmt r | r.getCfgScope() = this.getCfgScope()) and
+    not exists(MethodCall c |
+      c.getReceiver() instanceof SelfVariableAccess and
+      c.getMethodName() = "binding" and
+      c.getCfgScope() = this.getCfgScope()
+    )
   }
 }
 
diff --git a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.expected b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.expected
@@ -1,4 +1 @@
 | DeadStoreOfLocal.rb:2:5:2:5 | y | This assignment to $@ is useless, since its value is never read. | DeadStoreOfLocal.rb:2:5:2:5 | y | y |
-| DeadStoreOfLocal.rb:14:9:14:9 | x | This assignment to $@ is useless, since its value is never read. | DeadStoreOfLocal.rb:8:5:8:5 | x | x |
-| DeadStoreOfLocal.rb:21:5:21:5 | x | This assignment to $@ is useless, since its value is never read. | DeadStoreOfLocal.rb:21:5:21:5 | x | x |
-| TestTemplate.rb:9:1:9:1 | x | This assignment to $@ is useless, since its value is never read. | TestTemplate.rb:9:1:9:1 | x | x |
diff --git a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.rb b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.rb
@@ -11,14 +11,14 @@ def test_retry
             raise "error"
         end
     rescue
-        x = 2  #$ SPURIOUS: Alert
+        x = 2  # OK - the retry will allow a later read
         retry
     end
     return 42
 end
 
 def test_binding
-    x = 4  #$ SPURIOUS: Alert
+    x = 4  # OK - the binding collects the value of x
     return binding
 end
 
diff --git a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/TestTemplate.rb b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/TestTemplate.rb
@@ -6,5 +6,5 @@
   \_\_ENCODING\_\_ is <%= \_\_ENCODING\_\_ %>.
   x is <%= x %>.
 EOF
-x = 5  #$ SPURIOUS: Alert
+x = 5  # OK - the template can see the value of x
 puts template.result
