Ruby: Add test of what Argument[any] for input/output includes

and an explicit test of what `Argument[self]` includes.

Author: RasmusWL

ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected

@@ -23,6 +23,8 @@ edges
 | summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:55:17:55:23 | tainted :  |
 | summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:58:32:58:38 | tainted :  |
 | summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:60:23:60:29 | tainted :  |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:90:16:90:22 | tainted :  |
+| summaries.rb:1:11:1:36 | call to identity :  | summaries.rb:96:14:96:20 | tainted :  |
 | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:1:11:1:36 | call to identity :  |
 | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:1:11:1:36 | call to identity :  |
 | summaries.rb:4:12:7:3 | call to apply_block :  | summaries.rb:9:6:9:13 | tainted2 |
@@ -86,6 +88,16 @@ edges
 | summaries.rb:82:1:82:1 | a [element 2] :  | summaries.rb:82:1:82:1 | [post] a [element 2] :  |
 | summaries.rb:85:6:85:6 | a [element 2] :  | summaries.rb:85:6:85:9 | ...[...] |
 | summaries.rb:85:6:85:6 | a [element 2] :  | summaries.rb:85:6:85:9 | ...[...] |
+| summaries.rb:90:1:90:1 | [post] x :  | summaries.rb:91:6:91:6 | x |
+| summaries.rb:90:16:90:22 | [post] tainted :  | summaries.rb:96:14:96:20 | tainted :  |
+| summaries.rb:90:16:90:22 | tainted :  | summaries.rb:90:1:90:1 | [post] x :  |
+| summaries.rb:90:16:90:22 | tainted :  | summaries.rb:90:16:90:22 | [post] tainted :  |
+| summaries.rb:90:16:90:22 | tainted :  | summaries.rb:90:25:90:25 | [post] y :  |
+| summaries.rb:90:16:90:22 | tainted :  | summaries.rb:90:33:90:33 | [post] z :  |
+| summaries.rb:90:25:90:25 | [post] y :  | summaries.rb:92:6:92:6 | y |
+| summaries.rb:90:33:90:33 | [post] z :  | summaries.rb:93:6:93:6 | z |
+| summaries.rb:96:1:96:1 | [post] x :  | summaries.rb:97:6:97:6 | x |
+| summaries.rb:96:14:96:20 | tainted :  | summaries.rb:96:1:96:1 | [post] x :  |
 nodes
 | summaries.rb:1:11:1:36 | call to identity :  | semmle.label | call to identity :  |
 | summaries.rb:1:11:1:36 | call to identity :  | semmle.label | call to identity :  |
@@ -183,6 +195,17 @@ nodes
 | summaries.rb:85:6:85:6 | a [element 2] :  | semmle.label | a [element 2] :  |
 | summaries.rb:85:6:85:9 | ...[...] | semmle.label | ...[...] |
 | summaries.rb:85:6:85:9 | ...[...] | semmle.label | ...[...] |
+| summaries.rb:90:1:90:1 | [post] x :  | semmle.label | [post] x :  |
+| summaries.rb:90:16:90:22 | [post] tainted :  | semmle.label | [post] tainted :  |
+| summaries.rb:90:16:90:22 | tainted :  | semmle.label | tainted :  |
+| summaries.rb:90:25:90:25 | [post] y :  | semmle.label | [post] y :  |
+| summaries.rb:90:33:90:33 | [post] z :  | semmle.label | [post] z :  |
+| summaries.rb:91:6:91:6 | x | semmle.label | x |
+| summaries.rb:92:6:92:6 | y | semmle.label | y |
+| summaries.rb:93:6:93:6 | z | semmle.label | z |
+| summaries.rb:96:1:96:1 | [post] x :  | semmle.label | [post] x :  |
+| summaries.rb:96:14:96:20 | tainted :  | semmle.label | tainted :  |
+| summaries.rb:97:6:97:6 | x | semmle.label | x |
 subpaths
 invalidSpecComponent
 #select
@@ -227,6 +250,10 @@ invalidSpecComponent
 | summaries.rb:80:6:80:9 | ...[...] | summaries.rb:74:15:74:29 | call to source :  | summaries.rb:80:6:80:9 | ...[...] | $@ | summaries.rb:74:15:74:29 | call to source :  | call to source :  |
 | summaries.rb:85:6:85:9 | ...[...] | summaries.rb:74:32:74:46 | call to source :  | summaries.rb:85:6:85:9 | ...[...] | $@ | summaries.rb:74:32:74:46 | call to source :  | call to source :  |
 | summaries.rb:85:6:85:9 | ...[...] | summaries.rb:74:32:74:46 | call to source :  | summaries.rb:85:6:85:9 | ...[...] | $@ | summaries.rb:74:32:74:46 | call to source :  | call to source :  |
+| summaries.rb:91:6:91:6 | x | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:91:6:91:6 | x | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:92:6:92:6 | y | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:92:6:92:6 | y | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:93:6:93:6 | z | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:93:6:93:6 | z | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
+| summaries.rb:97:6:97:6 | x | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:97:6:97:6 | x | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
 warning
 | CSV type row should have 5 columns but has 2: test;TooFewColumns |
 | CSV type row should have 5 columns but has 8: test;TooManyColumns;;;Member[Foo].Instance;too;many;columns |

ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql

@@ -78,6 +78,8 @@ private class StepsFromModel extends ModelInput::SummaryModelCsv {
         ";;Member[Foo].Method[intoNamedParameter];Argument[0];Argument[0].Parameter[foo:];taint",
         ";;Member[Foo].Method[startInNamedCallback].Argument[foo:].Parameter[0].Method[preserveTaint];Argument[0];ReturnValue;taint",
         ";;Member[Foo].Method[startInNamedParameter].Argument[0].Parameter[foo:].Method[preserveTaint];Argument[0];ReturnValue;taint",
+        ";;Member[Foo].Instance.Method[flowToAnyArg];Argument[0];Argument[any];taint",
+        ";;Member[Foo].Instance.Method[flowToSelf];Argument[0];Argument[self];taint",
         ";any;Method[matchedByName];Argument[0];ReturnValue;taint",
         ";any;Method[matchedByNameRcv];Argument[self];ReturnValue;taint",
         ";any;Method[withElementOne];Argument[self].WithElement[1];ReturnValue;value",

ruby/ql/test/library-tests/dataflow/summaries/summaries.rb

@@ -82,4 +82,16 @@ def userDefinedFunction(x, y)
 a.withoutElementOne()
 sink(a[0])
 sink(a[1])
-sink(a[2]) # $ hasValueFlow=elem2
+sink(a[2]) # $ hasValueFlow=elem2
+
+x = Foo.new
+y = []
+z = []
+x.flowToAnyArg(tainted, y, key: z)
+sink(x) # $ hasTaintFlow=tainted
+sink(y) # $ hasTaintFlow=tainted
+sink(z) # $ hasTaintFlow=tainted
+
+x = Foo.new
+x.flowToSelf(tainted)
+sink(x) # $ hasTaintFlow=tainted