Ruby: Block for steps into self parameters in trackModuleAccess

hvitved · hvitved · commit d69c622a5b41 · 2022-10-20T12:50:41.000+02:00
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
@@ -537,9 +537,14 @@ private DataFlow::LocalSourceNode trackModuleAccess(Module m, TypeTracker t) {
   )
 }
 
+/**
+ * We exclude steps into `self` parameters, and instead rely on the type of the
+ * enclosing module.
+ */
 pragma[nomagic]
 private DataFlow::LocalSourceNode trackModuleAccessRec(Module m, TypeTracker t, StepSummary summary) {
-  StepSummary::step(trackModuleAccess(m, t), result, summary)
+  StepSummary::step(trackModuleAccess(m, t), result, summary) and
+  not result instanceof SelfParameterNode
 }
 
 pragma[nomagic]
@@ -603,17 +608,22 @@ private predicate isInstance(DataFlow::Node n, Module tp, boolean exact) {
   or
   exists(RelevantCall call, DataFlow::LocalSourceNode sourceNode |
     flowsToMethodCallReceiver(call, sourceNode, "new") and
-    exact = true and
     n.asExpr() = call
   |
     // `C.new`
-    sourceNode = trackModuleAccess(tp)
+    sourceNode = trackModuleAccess(tp) and
+    exact = true
     or
     // `self.new` inside a module
-    selfInModule(sourceNode.(SsaSelfDefinitionNode).getVariable(), tp)
+    selfInModule(sourceNode.(SsaSelfDefinitionNode).getVariable(), tp) and
+    exact = true
     or
     // `self.new` inside a singleton method
-    selfInMethod(sourceNode.(SsaSelfDefinitionNode).getVariable(), any(SingletonMethod sm), tp)
+    exists(MethodBase target |
+      selfInMethod(sourceNode.(SsaSelfDefinitionNode).getVariable(), target, tp) and
+      singletonMethod(target, _, _) and
+      exact = false
+    )
   )
   or
   // `self` reference in method or top-level (but not in module or singleton method,
diff --git a/ruby/ql/test/library-tests/modules/callgraph.expected b/ruby/ql/test/library-tests/modules/callgraph.expected
@@ -232,11 +232,7 @@ getTarget
 | calls.rb:595:9:595:23 | call to call_singleton1 | calls.rb:590:5:592:7 | call_singleton1 |
 | calls.rb:595:9:595:23 | call to call_singleton1 | calls.rb:603:5:605:7 | call_singleton1 |
 | calls.rb:595:9:595:23 | call to call_singleton1 | calls.rb:612:5:614:7 | call_singleton1 |
-| calls.rb:604:9:604:18 | call to singleton1 | calls.rb:587:5:588:7 | singleton1 |
 | calls.rb:604:9:604:18 | call to singleton1 | calls.rb:600:5:601:7 | singleton1 |
-| calls.rb:604:9:604:18 | call to singleton1 | calls.rb:609:5:610:7 | singleton1 |
-| calls.rb:613:9:613:18 | call to singleton1 | calls.rb:587:5:588:7 | singleton1 |
-| calls.rb:613:9:613:18 | call to singleton1 | calls.rb:600:5:601:7 | singleton1 |
 | calls.rb:613:9:613:18 | call to singleton1 | calls.rb:609:5:610:7 | singleton1 |
 | calls.rb:617:1:617:31 | call to call_call_singleton1 | calls.rb:594:5:596:7 | call_call_singleton1 |
 | calls.rb:618:1:618:31 | call to call_call_singleton1 | calls.rb:594:5:596:7 | call_call_singleton1 |
