Ruby: Use InclusionTests library in barrier guards

hmac · hmac · commit ea95e2e1d0a6 · 2022-07-13T18:20:27.000+12:00
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/BarrierGuards.qll b/ruby/ql/lib/codeql/ruby/dataflow/BarrierGuards.qll
@@ -6,6 +6,7 @@ private import codeql.ruby.CFG
 private import codeql.ruby.controlflow.CfgNodes
 private import codeql.ruby.dataflow.SSA
 private import codeql.ruby.ast.internal.Constant
+private import codeql.ruby.InclusionTests
 
 private predicate stringConstCompare(CfgNodes::ExprCfgNode g, CfgNode e, boolean branch) {
   exists(CfgNodes::ExprNodes::ComparisonOperationCfgNode c |
@@ -72,18 +73,19 @@ deprecated class StringConstCompare extends DataFlow::BarrierGuard,
 }
 
 private predicate stringConstArrayInclusionCall(CfgNodes::ExprCfgNode g, CfgNode e, boolean branch) {
-  exists(CfgNodes::ExprNodes::MethodCallCfgNode mc |
-    mc = g and
-    mc.getExpr().getMethodName() = "include?" and
-    mc.getArgument(0) = e
+  exists(InclusionTest t |
+    t.asExpr() = g and
+    e = t.getContainedNode().asExpr() and
+    branch = t.getPolarity()
   |
-    exists(ExprNodes::ArrayLiteralCfgNode arr | isArrayConstant(mc.getReceiver(), arr) |
+    exists(ExprNodes::ArrayLiteralCfgNode arr |
+      isArrayConstant(t.getContainerNode().asExpr(), arr)
+    |
       forall(ExprCfgNode elem | elem = arr.getAnArgument() |
         elem instanceof ExprNodes::StringLiteralCfgNode
       )
     )
-  ) and
-  branch = true
+  )
 }
 
 /**
@@ -126,7 +128,7 @@ deprecated class StringConstArrayInclusionCall extends DataFlow::BarrierGuard,
   CfgNodes::ExprNodes::MethodCallCfgNode {
   private CfgNode checkedNode;
 
-  StringConstArrayInclusionCall() { stringConstArrayInclusionCall(this, checkedNode, _) }
+  StringConstArrayInclusionCall() { stringConstArrayInclusionCall(this, checkedNode, true) }
 
   override predicate checks(CfgNode expr, boolean branch) { expr = checkedNode and branch = true }
 }
diff --git a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.expected b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.expected
@@ -8,6 +8,7 @@ oldStyleBarrierGuards
 | barrier-guards.rb:37:4:37:20 | call to include? | barrier-guards.rb:38:5:38:7 | foo | barrier-guards.rb:37:17:37:19 | foo | true |
 | barrier-guards.rb:43:4:43:15 | ... == ... | barrier-guards.rb:45:9:45:11 | foo | barrier-guards.rb:43:4:43:6 | foo | true |
 | barrier-guards.rb:70:4:70:21 | call to include? | barrier-guards.rb:71:5:71:7 | foo | barrier-guards.rb:70:18:70:20 | foo | true |
+| barrier-guards.rb:82:4:82:25 | ... != ... | barrier-guards.rb:83:5:83:7 | foo | barrier-guards.rb:82:15:82:17 | foo | true |
 newStyleBarrierGuards
 | barrier-guards.rb:4:5:4:7 | foo |
 | barrier-guards.rb:10:5:10:7 | foo |
@@ -17,3 +18,5 @@ newStyleBarrierGuards
 | barrier-guards.rb:38:5:38:7 | foo |
 | barrier-guards.rb:45:9:45:11 | foo |
 | barrier-guards.rb:71:5:71:7 | foo |
+| barrier-guards.rb:83:5:83:7 | foo |
+| barrier-guards.rb:91:5:91:7 | foo |
diff --git a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.rb b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.rb
@@ -79,6 +79,18 @@
     foo
 end
 
+if foos.index(foo) != nil
+    foo
+else
+    foo
+end
+
+if foos.index(foo)r == nil
+    foo
+else
+    foo
+end
+
 bars = ["bar"]
 
 if condition
