changes based on feedback

erik-krogh · erik-krogh · commit 800077dabe40 · 2023-01-23T14:54:36.000+01:00
diff --git a/ruby/ql/lib/codeql/ruby/Regexp.qll b/ruby/ql/lib/codeql/ruby/Regexp.qll
@@ -177,14 +177,15 @@ private predicate regexExecution(
   )
   or
   // a case-when statement
-  exists(CfgNodes::ExprNodes::CaseExprCfgNode caseWhen |
-    name = "case-when" and
-    exec.asExpr() = caseWhen and
-    input.asExpr() = caseWhen.getValue()
+  exists(CfgNodes::ExprNodes::CaseExprCfgNode caseExpr |
+    exec.asExpr() = caseExpr and
+    input.asExpr() = caseExpr.getValue()
   |
-    regexp.asExpr() = caseWhen.getBranch(_).(CfgNodes::ExprNodes::WhenClauseCfgNode).getPattern(_)
+    name = "case-when" and
+    regexp.asExpr() = caseExpr.getBranch(_).(CfgNodes::ExprNodes::WhenClauseCfgNode).getPattern(_)
     or
-    regexp.asExpr() = caseWhen.getBranch(_).(CfgNodes::ExprNodes::InClauseCfgNode).getPattern()
+    name = "case-in" and
+    regexp.asExpr() = caseExpr.getBranch(_).(CfgNodes::ExprNodes::InClauseCfgNode).getPattern()
   )
 }
 
diff --git a/ruby/ql/lib/codeql/ruby/regexp/internal/DebugRegExpConfiguration.ql b/ruby/ql/lib/codeql/ruby/regexp/internal/DebugRegExpConfiguration.ql
@@ -0,0 +1,11 @@
+/**
+ * @description Used to debug the discovery of regexp literals.
+ * @kind problem
+ */
+
+import codeql.ruby.regexp.internal.RegExpTracking
+import ruby
+
+from DataFlow::Node source, DataFlow::Node sink
+where source = regExpSource(sink)
+select sink, "Regexp from $@ is used.", source, "this source"
diff --git a/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpTracking.qll b/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpTracking.qll
@@ -9,7 +9,7 @@
  *
  * 2: A precise type tracking analysis that tracks
  * strings and regular expressions to the places where they are used.
- * This phase keeps track of which strings and regular expressions ends up in which places.
+ * This phase keeps track of which strings and regular expressions end up in which places.
  */
 
 private import codeql.ruby.Regexp as RE
@@ -156,7 +156,7 @@ private DataFlow::LocalSourceNode trackRegs(DataFlow::Node start, TypeTracker t)
   )
 }
 
-/** Gests a node that references a regular expression. */
+/** Gets a node that references a regular expression. */
 private DataFlow::LocalSourceNode trackRegexpType(TypeTracker t) {
   t.start() and
   (
@@ -167,7 +167,7 @@ private DataFlow::LocalSourceNode trackRegexpType(TypeTracker t) {
   exists(TypeTracker t2 | result = trackRegexpType(t2).track(t2, t))
 }
 
-/** Gests a node that references a regular expression. */
+/** Gets a node that references a regular expression. */
 DataFlow::Node trackRegexpType() { trackRegexpType(TypeTracker::end()).flowsTo(result) }
 
 /** Gets a node holding a value for the regular expression that is evaluated at `re`. */

Original file line number	Diff line number	Diff line change
`@@ -177,14 +177,15 @@ private predicate regexExecution(`
`177`	`177`	`)`
`178`	`178`	`or`
`179`	`179`	`// a case-when statement`
`180`		`- exists(CfgNodes::ExprNodes::CaseExprCfgNode caseWhen \|`
`181`		`- name = "case-when" and`
`182`		`- exec.asExpr() = caseWhen and`
`183`		`- input.asExpr() = caseWhen.getValue()`
	`180`	`+ exists(CfgNodes::ExprNodes::CaseExprCfgNode caseExpr \|`
	`181`	`+ exec.asExpr() = caseExpr and`
	`182`	`+ input.asExpr() = caseExpr.getValue()`
`184`	`183`	`\|`
`185`		`- regexp.asExpr() = caseWhen.getBranch(_).(CfgNodes::ExprNodes::WhenClauseCfgNode).getPattern(_)`
	`184`	`+ name = "case-when" and`
	`185`	`+ regexp.asExpr() = caseExpr.getBranch(_).(CfgNodes::ExprNodes::WhenClauseCfgNode).getPattern(_)`
`186`	`186`	`or`
`187`		`- regexp.asExpr() = caseWhen.getBranch(_).(CfgNodes::ExprNodes::InClauseCfgNode).getPattern()`
	`187`	`+ name = "case-in" and`
	`188`	`+ regexp.asExpr() = caseExpr.getBranch(_).(CfgNodes::ExprNodes::InClauseCfgNode).getPattern()`
`188`	`189`	`)`
`189`	`190`	`}`
`190`	`191`
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@`
`9`	`9`	`*`
`10`	`10`	`* 2: A precise type tracking analysis that tracks`
`11`	`11`	`* strings and regular expressions to the places where they are used.`
`12`		`- * This phase keeps track of which strings and regular expressions ends up in which places.`
	`12`	`+ * This phase keeps track of which strings and regular expressions end up in which places.`
`13`	`13`	`*/`
`14`	`14`
`15`	`15`	`private import codeql.ruby.Regexp as RE`
`@@ -156,7 +156,7 @@ private DataFlow::LocalSourceNode trackRegs(DataFlow::Node start, TypeTracker t)`
`156`	`156`	`)`
`157`	`157`	`}`
`158`	`158`
`159`		`-/** Gests a node that references a regular expression. */`
	`159`	`+/** Gets a node that references a regular expression. */`
`160`	`160`	`private DataFlow::LocalSourceNode trackRegexpType(TypeTracker t) {`
`161`	`161`	`t.start() and`
`162`	`162`	`(`
`@@ -167,7 +167,7 @@ private DataFlow::LocalSourceNode trackRegexpType(TypeTracker t) {`
`167`	`167`	`exists(TypeTracker t2 \| result = trackRegexpType(t2).track(t2, t))`
`168`	`168`	`}`
`169`	`169`
`170`		`-/** Gests a node that references a regular expression. */`
	`170`	`+/** Gets a node that references a regular expression. */`
`171`	`171`	`DataFlow::Node trackRegexpType() { trackRegexpType(TypeTracker::end()).flowsTo(result) }`
`172`	`172`
`173`	`173`	/** Gets a node holding a value for the regular expression that is evaluated at `re`. */