Merge pull request #10935 from github/nickrolfe/taint-step

github · Oct 21, 2022 · e566357 · e566357
2 parents 88c6453 + 9fb436e
commit e566357
Show file tree

Hide file tree

Showing 6 changed files with 367 additions and 2 deletions.
diff --git a/ruby/ql/lib/change-notes/2022-10-21-local-taint-step.md b/ruby/ql/lib/change-notes/2022-10-21-local-taint-step.md
@@ -0,0 +1,4 @@
+---
+ category: minorAnalysis
+---
+ * There was a bug in `TaintTracking::localTaint` and `TaintTracking::localTaintStep` such that they only tracked non-value-preserving flow steps. They have been fixed and now also include value-preserving steps.
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll
@@ -115,8 +115,8 @@ private module Cached {
    */
   cached
   predicate localTaintStepCached(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    defaultAdditionalTaintStep(nodeFrom, nodeTo)
-    or
+    DataFlow::localFlowStep(nodeFrom, nodeTo) or
+    defaultAdditionalTaintStep(nodeFrom, nodeTo) or
     // Simple flow through library code is included in the exposed local
     // step relation, even though flow is technically inter-procedural
     FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(nodeFrom, nodeTo, _)

diff --git a/...sts/dataflow/local/TaintflowStep.expected → ...ts/dataflow/local/InlineFlowTest.expected b/...sts/dataflow/local/TaintflowStep.expected → ...ts/dataflow/local/InlineFlowTest.expected
diff --git a/...ary-tests/dataflow/local/TaintflowStep.ql → ...ry-tests/dataflow/local/InlineFlowTest.ql b/...ary-tests/dataflow/local/TaintflowStep.ql → ...ry-tests/dataflow/local/InlineFlowTest.ql