add returnsFormatted predicate to PrintfStyleCall (similar to JS)

erik-krogh · erik-krogh · commit dbf2673a916b · 2022-10-17T12:15:31.000+02:00
diff --git a/ruby/ql/lib/codeql/ruby/security/TaintedFormatStringSpecific.qll b/ruby/ql/lib/codeql/ruby/security/TaintedFormatStringSpecific.qll
@@ -25,6 +25,9 @@ abstract class PrintfStyleCall extends DataFlow::CallNode {
    * Gets then `n`th formatted argument of this call.
    */
   DataFlow::Node getFormatArgument(int n) { n >= 0 and result = this.getArgument(n + 1) }
+
+  /** Holds if this call returns the formatted string. */
+  predicate returnsFormatted() { any() }
 }
 
 /**
@@ -50,6 +53,8 @@ class KernelPrintfCall extends PrintfStyleCall {
     then result = this.getArgument(0)
     else result = this.getArgument([0, 1])
   }
+
+  override predicate returnsFormatted() { none() }
 }
 
 /**
@@ -62,6 +67,8 @@ class KernelSprintfCall extends PrintfStyleCall {
     this.asExpr().getExpr() instanceof UnknownMethodCall and
     this.getMethodName() = "sprintf"
   }
+
+  override predicate returnsFormatted() { any() }
 }
 
 /**
@@ -71,4 +78,6 @@ class IOPrintfCall extends PrintfStyleCall {
   IOPrintfCall() {
     this.getReceiver() instanceof IO::IOInstance and this.getMethodName() = "printf"
   }
+
+  override predicate returnsFormatted() { none() }
 }

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,9 @@ abstract class PrintfStyleCall extends DataFlow::CallNode {`
`25`	`25`	* Gets then `n`th formatted argument of this call.
`26`	`26`	`*/`
`27`	`27`	`DataFlow::Node getFormatArgument(int n) { n >= 0 and result = this.getArgument(n + 1) }`
	`28`	`+`
	`29`	`+ /** Holds if this call returns the formatted string. */`
	`30`	`+ predicate returnsFormatted() { any() }`
`28`	`31`	`}`
`29`	`32`
`30`	`33`	`/**`
`@@ -50,6 +53,8 @@ class KernelPrintfCall extends PrintfStyleCall {`
`50`	`53`	`then result = this.getArgument(0)`
`51`	`54`	`else result = this.getArgument([0, 1])`
`52`	`55`	`}`
	`56`	`+`
	`57`	`+ override predicate returnsFormatted() { none() }`
`53`	`58`	`}`
`54`	`59`
`55`	`60`	`/**`
`@@ -62,6 +67,8 @@ class KernelSprintfCall extends PrintfStyleCall {`
`62`	`67`	`this.asExpr().getExpr() instanceof UnknownMethodCall and`
`63`	`68`	`this.getMethodName() = "sprintf"`
`64`	`69`	`}`
	`70`	`+`
	`71`	`+ override predicate returnsFormatted() { any() }`
`65`	`72`	`}`
`66`	`73`
`67`	`74`	`/**`
`@@ -71,4 +78,6 @@ class IOPrintfCall extends PrintfStyleCall {`
`71`	`78`	`IOPrintfCall() {`
`72`	`79`	`this.getReceiver() instanceof IO::IOInstance and this.getMethodName() = "printf"`
`73`	`80`	`}`
	`81`	`+`
	`82`	`+ override predicate returnsFormatted() { none() }`
`74`	`83`	`}`