improve XSS::Shared::isFlowFromHelperMethod performance

alexrford · alexrford · commit 9083cda8dff8 · 2021-10-12T20:43:20.000+01:00
diff --git a/ql/lib/codeql/ruby/security/XSS.qll b/ql/lib/codeql/ruby/security/XSS.qll
@@ -184,20 +184,25 @@ private module Shared {
     )
   }
 
+  pragma[noinline]
+  predicate isHelperMethodNameMatch(ActionControllerHelperMethod helperMethod, MethodCall call) {
+    helperMethod.getName() = call.getMethodName()
+  }
+
   predicate isFlowFromHelperMethod(DataFlow::Node node1, DataFlow::Node node2) {
     // flow out of controller helper method into template
-    exists(
-      ErbFile template, ActionControllerHelperMethod helperMethod,
-      CfgNodes::ExprNodes::MethodCallCfgNode helperMethodCall
-    |
-      template = node2.getLocation().getFile() and
-      // TODO: this is slow, x-product of helper method names and method calls
-      helperMethod.getName() = helperMethodCall.getExpr().getMethodName() and
-      helperMethod.getControllerClass() = getAssociatedControllerClass(template) and
-      // `node1` is an expr node that may be returned by the helper method
-      exprNodeReturnedFrom(node1, helperMethod) and
-      // `node2` is a call to the helper method
-      node2.asExpr() = helperMethodCall
+    exists(ErbFile template |
+      template = node2.getLocation().getFile() |
+      exists(ActionControllerHelperMethod helperMethod |
+        helperMethod.getControllerClass() = getAssociatedControllerClass(template) and
+        // `node1` is an expr node that may be returned by the helper method
+        exprNodeReturnedFrom(node1, helperMethod) |
+        exists(CfgNodes::ExprNodes::MethodCallCfgNode helperMethodCall |
+          // `node2` is a call to the helper method
+          node2.asExpr() = helperMethodCall and
+          isHelperMethodNameMatch(helperMethod, helperMethodCall.getExpr())
+        )
+      )
     )
   }
 
