Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RB: add a RegexExecution concept, and use it for better regexp tracking #11879

Merged
merged 13 commits into from
Jan 30, 2023
Merged

RB: add a RegexExecution concept, and use it for better regexp tracking #11879

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
6e33dd5
add failing test
erik-krogh Jan 12, 2023
acf28eb
add a `RegexExecution`, and use it to track regular expressions to th…
erik-krogh Jan 12, 2023
2fceee4
track regular expressions that gets compiled with Regexp.compile
erik-krogh Jan 13, 2023
f516ccb
limit the fieldFlowBranchLimit for the regexp tracker to improve perf…
erik-krogh Jan 13, 2023
d0b627b
move the implementation detail of how regular-expressions are tracked…
erik-krogh Jan 16, 2023
25e65e0
rewrite the regexp tracking DataFlow::Configuration to TypeTracking
erik-krogh Jan 16, 2023
45316b6
rename RegExpConfiguration to RegExpTracking
erik-krogh Jan 16, 2023
b8f6feb
delete old test
erik-krogh Jan 16, 2023
1a3c9c8
improve performance of regular-expression type-tracking by adding an …
erik-krogh Jan 17, 2023
1477974
the RegexExecution concept does not need to have getTerm()
erik-krogh Jan 18, 2023
e4d4873
remove the dataflow copy for regexp tracking now that type-tracking i…
erik-krogh Jan 18, 2023
800077d
changes based on feedback
erik-krogh Jan 23, 2023
f04a9cb
Merge branch 'main' into rbRegConcept
erik-krogh Jan 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
changes based on feedback
  • Loading branch information
@erik-krogh
erik-krogh committed Jan 23, 2023
commit 800077dabe40e7112c2b2f50181276ad85aa98c0
13 changes: 7 additions & 6 deletions ruby/ql/lib/codeql/ruby/Regexp.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,14 +177,15 @@ private predicate regexExecution(
)
or
// a case-when statement
exists(CfgNodes::ExprNodes::CaseExprCfgNode caseWhen |
name = "case-when" and
exec.asExpr() = caseWhen and
input.asExpr() = caseWhen.getValue()
exists(CfgNodes::ExprNodes::CaseExprCfgNode caseExpr |
exec.asExpr() = caseExpr and
input.asExpr() = caseExpr.getValue()
|
regexp.asExpr() = caseWhen.getBranch(_).(CfgNodes::ExprNodes::WhenClauseCfgNode).getPattern(_)
name = "case-when" and
regexp.asExpr() = caseExpr.getBranch(_).(CfgNodes::ExprNodes::WhenClauseCfgNode).getPattern(_)
or
regexp.asExpr() = caseWhen.getBranch(_).(CfgNodes::ExprNodes::InClauseCfgNode).getPattern()
name = "case-in" and
regexp.asExpr() = caseExpr.getBranch(_).(CfgNodes::ExprNodes::InClauseCfgNode).getPattern()
)
}

Expand Down
11 changes: 11 additions & 0 deletions ruby/ql/lib/codeql/ruby/regexp/internal/DebugRegExpConfiguration.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
/**
* @description Used to debug the discovery of regexp literals.
* @kind problem
*/

import codeql.ruby.regexp.internal.RegExpTracking
import ruby

from DataFlow::Node source, DataFlow::Node sink
where source = regExpSource(sink)
select sink, "Regexp from $@ is used.", source, "this source"
6 changes: 3 additions & 3 deletions ruby/ql/lib/codeql/ruby/regexp/internal/RegExpTracking.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
*
* 2: A precise type tracking analysis that tracks
* strings and regular expressions to the places where they are used.
* This phase keeps track of which strings and regular expressions ends up in which places.
* This phase keeps track of which strings and regular expressions end up in which places.
*/

private import codeql.ruby.Regexp as RE
Expand Down Expand Up @@ -156,7 +156,7 @@ private DataFlow::LocalSourceNode trackRegs(DataFlow::Node start, TypeTracker t)
)
}

/** Gests a node that references a regular expression. */
/** Gets a node that references a regular expression. */
private DataFlow::LocalSourceNode trackRegexpType(TypeTracker t) {
t.start() and
(
Expand All @@ -167,7 +167,7 @@ private DataFlow::LocalSourceNode trackRegexpType(TypeTracker t) {
exists(TypeTracker t2 | result = trackRegexpType(t2).track(t2, t))
}

/** Gests a node that references a regular expression. */
/** Gets a node that references a regular expression. */
DataFlow::Node trackRegexpType() { trackRegexpType(TypeTracker::end()).flowsTo(result) }

/** Gets a node holding a value for the regular expression that is evaluated at `re`. */
Expand Down