Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ruby: fix some name clashes between summarized callables #13265

Merged
merged 6 commits into from May 24, 2023

Conversation

asgerf
Copy link
Contributor

@asgerf asgerf commented May 23, 2023

Fixes an issue where the summaries for delete and assoc had multiple implementations that applied to each others' call sites.

We had code like this:

// Array.qll
private class DeleteUnknownSummary extends DeleteSummary {
    DeleteUnknownSummary() {
      this = "delete" and
      not exists(DataFlow::Content::getKnownElementIndex(mc.getArgument(0)))
    }
    ...
}

// String.qll
private class DeleteSummary extends SimpleSummarizedCallable {
  DeleteSummary() { this = ["delete", "delete_prefix", "delete_suffix"] + ["", "!"] }
}

The existence of DeleteSummary in String.qll means all method calls named delete are associated with the summary whose underlying string value is delete. This means DeleteUnknownSummary, if it exists, ends up applying to all calls named delete, regardless of the extra condition in its charpred.

This means that calls of form x.delete(:foo) would return all elements of x, not just its :foo element (because the call was treated as having an unknown key).

A similar situation occurred with AssocUnknownSummary in Hash.qll and AssocSummary in Array.qll.

This is a big enough footgun that I decided to add a new QL4QL query for it, which is part of this PR as well. In fact, that query is how I found the issue with assoc (the issue with delete was discovered by investigating a FP).

Evaluation looks reasonable. We lose some call edges and a few alerts - it's hard to verify at a glance whether these were correct, but I have a branch where some rather blatant FPs were causing by this issue and are fixed by this change.

@asgerf asgerf added Awaiting evaluation Do not merge yet, this PR is waiting for an evaluation to finish Ruby labels May 23, 2023
@asgerf asgerf removed the Awaiting evaluation Do not merge yet, this PR is waiting for an evaluation to finish label May 24, 2023
@asgerf asgerf marked this pull request as ready for review May 24, 2023 08:44
@asgerf asgerf requested review from a team as code owners May 24, 2023 08:44
Copy link
Contributor

@aibaars aibaars left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@asgerf asgerf merged commit 818753e into github:main May 24, 2023
27 checks passed
Copy link
Contributor

@hvitved hvitved left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great catch!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants