Address review comments

hvitved · hvitved · commit 51087d090b49 · 2023-05-10T09:42:41.000+02:00
diff --git a/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpTracking.qll b/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpTracking.qll
@@ -108,6 +108,7 @@ private module Reach<ReachInputSig Input> {
     )
   }
 
+  /** Holds if `n` is forwards and backwards reachable with type tracker `t`. */
   pragma[nomagic]
   predicate reached(DataFlow::LocalSourceNode n, TypeTracker t) {
     n = forward(t) and
@@ -132,10 +133,11 @@ private module Reach<ReachInputSig Input> {
   }
 }
 
+/** Holds if `inputStr` is compiled to a regular expression that is returned at `call`. */
 pragma[nomagic]
-private predicate regFromString(DataFlow::LocalSourceNode n, DataFlow::CallNode call) {
+private predicate regFromString(DataFlow::LocalSourceNode inputStr, DataFlow::CallNode call) {
   exists(DataFlow::Node mid |
-    n.flowsTo(mid) and
+    inputStr.flowsTo(mid) and
     call = API::getTopLevelMember("Regexp").getAMethodCall(["compile", "new"]) and
     mid = call.getArgument(0)
   )
@@ -183,9 +185,10 @@ private DataFlow::LocalSourceNode trackStrings(DataFlow::Node start, TypeTracker
   exists(TypeTracker t2 | t = StringReach::stepReached(t2, trackStrings(start, t2), result))
 }
 
+/** Holds if `strConst` flows to a regex compilation (tracked by `t`), where the resulting regular expression is stored in `reg`. */
 pragma[nomagic]
-private predicate regFromStringStart(DataFlow::Node start, TypeTracker t, DataFlow::CallNode nodeTo) {
-  regFromString(trackStrings(start, t), nodeTo) and
+private predicate regFromStringStart(DataFlow::Node strConst, TypeTracker t, DataFlow::CallNode reg) {
+  regFromString(trackStrings(strConst, t), reg) and
   exists(t.continue())
 }
 

Original file line number	Diff line number	Diff line change
`@@ -108,6 +108,7 @@ private module Reach<ReachInputSig Input> {`
`108`	`108`	`)`
`109`	`109`	`}`
`110`	`110`
	`111`	+ /** Holds if `n` is forwards and backwards reachable with type tracker `t`. */
`111`	`112`	`pragma[nomagic]`
`112`	`113`	`predicate reached(DataFlow::LocalSourceNode n, TypeTracker t) {`
`113`	`114`	`n = forward(t) and`
`@@ -132,10 +133,11 @@ private module Reach<ReachInputSig Input> {`
`132`	`133`	`}`
`133`	`134`	`}`
`134`	`135`
	`136`	+/** Holds if `inputStr` is compiled to a regular expression that is returned at `call`. */
`135`	`137`	`pragma[nomagic]`
`136`		`-private predicate regFromString(DataFlow::LocalSourceNode n, DataFlow::CallNode call) {`
	`138`	`+private predicate regFromString(DataFlow::LocalSourceNode inputStr, DataFlow::CallNode call) {`
`137`	`139`	`exists(DataFlow::Node mid \|`
`138`		`- n.flowsTo(mid) and`
	`140`	`+ inputStr.flowsTo(mid) and`
`139`	`141`	`call = API::getTopLevelMember("Regexp").getAMethodCall(["compile", "new"]) and`
`140`	`142`	`mid = call.getArgument(0)`
`141`	`143`	`)`
`@@ -183,9 +185,10 @@ private DataFlow::LocalSourceNode trackStrings(DataFlow::Node start, TypeTracker`
`183`	`185`	`exists(TypeTracker t2 \| t = StringReach::stepReached(t2, trackStrings(start, t2), result))`
`184`	`186`	`}`
`185`	`187`
	`188`	+/** Holds if `strConst` flows to a regex compilation (tracked by `t`), where the resulting regular expression is stored in `reg`. */
`186`	`189`	`pragma[nomagic]`
`187`		`-private predicate regFromStringStart(DataFlow::Node start, TypeTracker t, DataFlow::CallNode nodeTo) {`
`188`		`- regFromString(trackStrings(start, t), nodeTo) and`
	`190`	`+private predicate regFromStringStart(DataFlow::Node strConst, TypeTracker t, DataFlow::CallNode reg) {`
	`191`	`+ regFromString(trackStrings(strConst, t), reg) and`
`189`	`192`	`exists(t.continue())`
`190`	`193`	`}`
`191`	`194`