зеркало из https://github.com/github/codeql.git
Merge pull request #12212 from hvitved/util/inline-expect-test-use-end-line
Util: Use end line instead of start line for actual results
This commit is contained in:
Tom Hvitved
GitHub
Коммит
658cc33bb8
|
|
@ -7,7 +7,7 @@ func testing() {
|
|||
nonvariadicDeclaredFunction([]int{})
|
||||
}
|
||||
|
||||
func variadicDeclaredFunction(x ...int) int { // $ isVariadic
|
||||
func variadicDeclaredFunction(x ...int) int {
|
||||
a := make([]int, 0, 10)
|
||||
y := append(x, a...)
|
||||
print(x[0], x[1])
|
||||
|
|
@ -15,7 +15,7 @@ func variadicDeclaredFunction(x ...int) int { // $ isVariadic
|
|||
fmt.Fprint(nil, nil, nil)
|
||||
variadicFunctionLiteral := func(z ...int) int { return z[1] } // $ isVariadic
|
||||
return variadicFunctionLiteral(y...)
|
||||
}
|
||||
} // $ isVariadic
|
||||
|
||||
func nonvariadicDeclaredFunction(x []int) int {
|
||||
return 0
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ func main() {
|
|||
|
||||
http.HandleFunc("/foo", handler) // $ handler="/foo"
|
||||
|
||||
http.HandleFunc("/bar", func(w http.ResponseWriter, r *http.Request) { // $ handler="/bar"
|
||||
http.HandleFunc("/bar", func(w http.ResponseWriter, r *http.Request) {
|
||||
fmt.Fprintf(w, "Hello, %q", html.EscapeString(r.URL.Path))
|
||||
})
|
||||
}) // $ handler="/bar"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -145,7 +145,7 @@ class StrBuilderTest {
|
|||
|
||||
// Test all fluent methods are passing taint through to their result:
|
||||
StrBuilder fluentAllMethodsTest = new StrBuilder(taint());
|
||||
sink(fluentAllMethodsTest // $hasTaintFlow
|
||||
sink(fluentAllMethodsTest
|
||||
.append("text")
|
||||
.appendAll("text")
|
||||
.appendFixedWidthPadLeft("text", 4, ' ')
|
||||
|
|
@ -171,7 +171,7 @@ class StrBuilderTest {
|
|||
.setLength(500)
|
||||
.setNewLineText("newline")
|
||||
.setNullText("NULL")
|
||||
.trim());
|
||||
.trim()); // $hasTaintFlow
|
||||
|
||||
// Test all fluent methods are passing taint back to their qualifier:
|
||||
StrBuilder fluentAllMethodsTest2 = new StrBuilder();
|
||||
|
|
|
|||
|
|
@ -145,7 +145,7 @@ class StrBuilderTextTest {
|
|||
|
||||
// Test all fluent methods are passing taint through to their result:
|
||||
StrBuilder fluentAllMethodsTest = new StrBuilder(taint());
|
||||
sink(fluentAllMethodsTest // $hasTaintFlow
|
||||
sink(fluentAllMethodsTest
|
||||
.append("text")
|
||||
.appendAll("text")
|
||||
.appendFixedWidthPadLeft("text", 4, ' ')
|
||||
|
|
@ -171,7 +171,7 @@ class StrBuilderTextTest {
|
|||
.setLength(500)
|
||||
.setNewLineText("newline")
|
||||
.setNullText("NULL")
|
||||
.trim());
|
||||
.trim()); // $hasTaintFlow
|
||||
|
||||
// Test all fluent methods are passing taint back to their qualifier:
|
||||
StrBuilder fluentAllMethodsTest2 = new StrBuilder();
|
||||
|
|
|
|||
|
|
@ -146,7 +146,7 @@ class TextStringBuilderTest {
|
|||
|
||||
// Test all fluent methods are passing taint through to their result:
|
||||
TextStringBuilder fluentAllMethodsTest = new TextStringBuilder(taint());
|
||||
sink(fluentAllMethodsTest // $hasTaintFlow
|
||||
sink(fluentAllMethodsTest
|
||||
.append("text")
|
||||
.appendAll("text")
|
||||
.appendFixedWidthPadLeft("text", 4, ' ')
|
||||
|
|
@ -172,7 +172,7 @@ class TextStringBuilderTest {
|
|||
.setLength(500)
|
||||
.setNewLineText("newline")
|
||||
.setNullText("NULL")
|
||||
.trim());
|
||||
.trim()); // $hasTaintFlow
|
||||
|
||||
// Test all fluent methods are passing taint back to their qualifier:
|
||||
TextStringBuilder fluentAllMethodsTest2 = new TextStringBuilder();
|
||||
|
|
|
|||
|
|
@ -24,9 +24,9 @@ public class JsfXSS extends Renderer
|
|||
ResponseWriter writer = facesContext.getResponseWriter();
|
||||
writer.write("<script type=\"text/javascript\">");
|
||||
writer.write("(function(){");
|
||||
writer.write("dswh.init('" + windowId + "','" // $xss
|
||||
writer.write("dswh.init('" + windowId + "','"
|
||||
+ "......" + "',"
|
||||
+ -1 + ",{");
|
||||
+ -1 + ",{"); // $xss
|
||||
writer.write("});");
|
||||
writer.write("})();");
|
||||
writer.write("</script>");
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
xmlns:tools="http://schemas.android.com/tools"
|
||||
package="com.example.happybirthday">
|
||||
|
||||
<!-- $ hasDebuggableAttributeEnabled --> <application
|
||||
<application
|
||||
android:debuggable="true"
|
||||
android:allowBackup="true"
|
||||
android:dataExtractionRules="@xml/data_extraction_rules"
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
android:roundIcon="@mipmap/ic_launcher_round"
|
||||
android:supportsRtl="true"
|
||||
android:theme="@style/Theme.HappyBirthday"
|
||||
tools:targetApi="31">
|
||||
tools:targetApi="31"> <!-- $ hasDebuggableAttributeEnabled -->
|
||||
<activity
|
||||
android:name=".MainActivity"
|
||||
android:exported="true">
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
xmlns:tools="http://schemas.android.com/tools"
|
||||
package="com.example.happybirthday">
|
||||
|
||||
<!-- Safe: manifest file located in build directory --> <application
|
||||
<application
|
||||
android:debuggable="true"
|
||||
android:allowBackup="true"
|
||||
android:dataExtractionRules="@xml/data_extraction_rules"
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
android:roundIcon="@mipmap/ic_launcher_round"
|
||||
android:supportsRtl="true"
|
||||
android:theme="@style/Theme.HappyBirthday"
|
||||
tools:targetApi="31">
|
||||
tools:targetApi="31"> <!-- Safe: manifest file located in build directory -->
|
||||
<activity
|
||||
android:name=".MainActivity"
|
||||
android:exported="true">
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
xmlns:app="http://schemas.android.com/apk/res-auto">
|
||||
|
||||
|
||||
<!-- $hasResult --> <EditText
|
||||
<EditText
|
||||
android:id="@+id/test1_password"
|
||||
android:inputType="text"/>
|
||||
android:inputType="text"/> <!-- $hasResult -->
|
||||
|
||||
<EditText
|
||||
android:id="@+id/test2_safe"
|
||||
|
|
@ -20,12 +20,12 @@
|
|||
android:id="@+id/test4_password"
|
||||
android:inputType="textPassword"/>
|
||||
|
||||
<!-- $hasResult --> <EditText
|
||||
<EditText
|
||||
android:id="@+id/test5_bank_account_name"
|
||||
android:inputType="textMultiLine"/>
|
||||
android:inputType="textMultiLine"/> <!-- $hasResult -->
|
||||
|
||||
<!-- $hasResult --> <EditText
|
||||
android:id="@+id/test6_password"/>
|
||||
<EditText
|
||||
android:id="@+id/test6_password"/> <!-- $hasResult -->
|
||||
|
||||
<EditText
|
||||
android:id="@+id/test7_password"/>
|
||||
|
|
|
|||
|
|
@ -14,58 +14,58 @@
|
|||
android:theme="@style/Theme.HappyBirthday"
|
||||
tools:targetApi="31">
|
||||
|
||||
<!-- $ hasImplicitExport --> <activity
|
||||
<activity
|
||||
android:name=".Activity">
|
||||
<intent-filter>
|
||||
<action android:name="android.intent.action.VIEW" />
|
||||
</intent-filter>
|
||||
</activity>
|
||||
</activity> <!-- $ hasImplicitExport -->
|
||||
|
||||
<!-- $ hasImplicitExport --> <receiver
|
||||
<receiver
|
||||
android:name=".CheckInstall">
|
||||
<intent-filter>
|
||||
<action android:name="android.intent.action.PACKAGE_INSTALL"/>
|
||||
|
||||
</intent-filter>
|
||||
</receiver>
|
||||
</receiver> <!-- $ hasImplicitExport -->
|
||||
|
||||
<!-- $ hasImplicitExport --> <service
|
||||
<service
|
||||
android:name=".backgroundService">
|
||||
<intent-filter>
|
||||
<action android:name="android.intent.action.START_BACKGROUND"/>
|
||||
|
||||
</intent-filter>
|
||||
</service>
|
||||
</service> <!-- $ hasImplicitExport -->
|
||||
|
||||
<!-- $ hasImplicitExport --> <provider
|
||||
<provider
|
||||
android:name=".MyCloudProvider">
|
||||
<intent-filter>
|
||||
<action android:name="android.intent.action.DOCUMENTS_PROVIDER"/>
|
||||
|
||||
</intent-filter>
|
||||
</provider>
|
||||
</provider> <!-- $ hasImplicitExport -->
|
||||
|
||||
<!-- Safe: 'android:exported' explicitly set --> <activity
|
||||
<activity
|
||||
android:name=".Activity"
|
||||
android:exported="true">
|
||||
<intent-filter>
|
||||
<action android:name="android.intent.action.VIEW" />
|
||||
</intent-filter>
|
||||
</activity>
|
||||
</activity> <!-- Safe: 'android:exported' explicitly set -->
|
||||
|
||||
<!-- Safe: no intent filter --> <activity
|
||||
<activity
|
||||
android:name=".Activity">
|
||||
</activity>
|
||||
</activity> <!-- Safe: no intent filter -->
|
||||
|
||||
<!-- Safe: has 'permission' attribute --> <activity
|
||||
<activity
|
||||
android:name=".Activity"
|
||||
android:permission=".Test">
|
||||
<intent-filter>
|
||||
<action android:name="android.intent.action.VIEW" />
|
||||
</intent-filter>
|
||||
</activity>
|
||||
</activity> <!-- Safe: has 'permission' attribute -->
|
||||
|
||||
<!-- Safe: 'provider' with read and write permissions set --> <provider
|
||||
<provider
|
||||
android:name=".MyCloudProvider"
|
||||
android:readPermission=".TestRead"
|
||||
android:writePermission=".TestWrite">
|
||||
|
|
@ -73,41 +73,41 @@
|
|||
<action android:name="android.intent.action.DOCUMENTS_PROVIDER"/>
|
||||
|
||||
</intent-filter>
|
||||
</provider>
|
||||
</provider> <!-- Safe: 'provider' with read and write permissions set -->
|
||||
|
||||
<!-- $ hasImplicitExport --> <provider
|
||||
<provider
|
||||
android:name=".MyCloudProvider"
|
||||
android:readPermission=".TestRead">
|
||||
<intent-filter>
|
||||
<action android:name="android.intent.action.DOCUMENTS_PROVIDER"/>
|
||||
|
||||
</intent-filter>
|
||||
</provider>
|
||||
</provider> <!-- $ hasImplicitExport -->
|
||||
|
||||
<!-- $ hasImplicitExport --> <provider
|
||||
<provider
|
||||
android:name=".MyCloudProvider"
|
||||
android:writePermission=".TestWrite">
|
||||
<intent-filter>
|
||||
<action android:name="android.intent.action.DOCUMENTS_PROVIDER"/>
|
||||
|
||||
</intent-filter>
|
||||
</provider>
|
||||
</provider> <!-- $ hasImplicitExport -->
|
||||
|
||||
<!-- Safe: has category 'android.intent.category.LAUNCHER' --> <activity
|
||||
<activity
|
||||
android:name=".Activity">
|
||||
<intent-filter>
|
||||
<action android:name="android.intent.action.MAIN" />
|
||||
|
||||
<category android:name="android.intent.category.LAUNCHER" />
|
||||
</intent-filter>
|
||||
</activity>
|
||||
</activity> <!-- Safe: has category 'android.intent.category.LAUNCHER' -->
|
||||
|
||||
<!-- Safe: has action 'android.intent.category.MAIN' --> <activity
|
||||
<activity
|
||||
android:name=".Activity">
|
||||
<intent-filter>
|
||||
<action android:name="android.intent.action.MAIN" />
|
||||
</intent-filter>
|
||||
</activity>
|
||||
</activity> <!-- Safe: has action 'android.intent.category.MAIN' -->
|
||||
|
||||
</application>
|
||||
|
||||
|
|
|
|||
|
|
@ -17,22 +17,22 @@
|
|||
|
||||
<!-- Read Only -->
|
||||
|
||||
<!-- $ hasIncompletePermissions --><provider
|
||||
<provider
|
||||
android:name=".MyContentProviderRO"
|
||||
android:authorities="table"
|
||||
android:enabled="true"
|
||||
android:exported="true"
|
||||
android:readPermission="android.permission.MANAGE_DOCUMENTS"></provider>
|
||||
android:readPermission="android.permission.MANAGE_DOCUMENTS"></provider><!-- $ hasIncompletePermissions -->
|
||||
|
||||
|
||||
<!-- Write Only -->
|
||||
|
||||
<!-- $ hasIncompletePermissions --> <provider
|
||||
<provider
|
||||
android:name=".MyContentProviderWO"
|
||||
android:authorities="table"
|
||||
android:enabled="true"
|
||||
android:exported="true"
|
||||
android:writePermission="android.permission.MANAGE_DOCUMENTS"></provider>
|
||||
android:writePermission="android.permission.MANAGE_DOCUMENTS"></provider><!-- $ hasIncompletePermissions -->
|
||||
|
||||
<!-- Full -->
|
||||
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ INSTALLED_APPS = [
|
|||
'django.contrib.staticfiles',
|
||||
]
|
||||
|
||||
MIDDLEWARE = [ # $CsrfProtectionSetting=false
|
||||
MIDDLEWARE = [
|
||||
'django.middleware.security.SecurityMiddleware',
|
||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
||||
'django.middleware.common.CommonMiddleware',
|
||||
|
|
@ -48,7 +48,7 @@ MIDDLEWARE = [ # $CsrfProtectionSetting=false
|
|||
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
||||
'django.contrib.messages.middleware.MessageMiddleware',
|
||||
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
||||
]
|
||||
] # $CsrfProtectionSetting=false
|
||||
|
||||
ROOT_URLCONF = 'testproj.urls'
|
||||
|
||||
|
|
|
|||
|
|
@ -21,8 +21,8 @@ class MyView(MethodView):
|
|||
|
||||
the_view = MyView.as_view('my_view')
|
||||
|
||||
app.add_url_rule('/the/', defaults={'user_id': None}, # $routeSetup="/the/"
|
||||
view_func=the_view, methods=['GET',])
|
||||
app.add_url_rule('/the/', defaults={'user_id': None},
|
||||
view_func=the_view, methods=['GET',]) # $routeSetup="/the/"
|
||||
|
||||
@app.route("/dangerous") # $routeSetup="/dangerous"
|
||||
def dangerous(): # $requestHandler
|
||||
|
|
|
|||
|
|
@ -1,30 +1,30 @@
|
|||
Something.foo.withCallback do |a, b| #$ use=getMember("Something").getMethod("foo").getReturn().getMethod("withCallback").getReturn()
|
||||
Something.foo.withCallback do |a, b| #$ use=getMember("Something").getMethod("foo").getReturn()
|
||||
a.something #$ use=getMember("Something").getMethod("foo").getReturn().getMethod("withCallback").getBlock().getParameter(0).getMethod("something").getReturn()
|
||||
b.somethingElse #$ use=getMember("Something").getMethod("foo").getReturn().getMethod("withCallback").getBlock().getParameter(1).getMethod("somethingElse").getReturn()
|
||||
end
|
||||
end #$ use=getMember("Something").getMethod("foo").getReturn().getMethod("withCallback").getReturn()
|
||||
|
||||
Something.withNamedArg do |a:, b: nil| #$ use=getMember("Something").getMethod("withNamedArg").getReturn()
|
||||
Something.withNamedArg do |a:, b: nil| #$ use=getMember("Something")
|
||||
a.something #$ use=getMember("Something").getMethod("withNamedArg").getBlock().getKeywordParameter("a").getMethod("something").getReturn()
|
||||
b.somethingElse #$ use=getMember("Something").getMethod("withNamedArg").getBlock().getKeywordParameter("b").getMethod("somethingElse").getReturn()
|
||||
end
|
||||
end #$ use=getMember("Something").getMethod("withNamedArg").getReturn()
|
||||
|
||||
Something.withLambda ->(a, b) { #$ use=getMember("Something").getMethod("withLambda").getReturn()
|
||||
Something.withLambda ->(a, b) { #$ use=getMember("Something")
|
||||
a.something #$ use=getMember("Something").getMethod("withLambda").getParameter(0).getParameter(0).getMethod("something").getReturn()
|
||||
b.something #$ use=getMember("Something").getMethod("withLambda").getParameter(0).getParameter(1).getMethod("something").getReturn()
|
||||
}
|
||||
} #$ use=getMember("Something").getMethod("withLambda").getReturn()
|
||||
|
||||
Something.namedCallback( #$ use=getMember("Something").getMethod("namedCallback").getReturn()
|
||||
Something.namedCallback( #$ use=getMember("Something")
|
||||
onEvent: ->(a, b) {
|
||||
a.something #$ use=getMember("Something").getMethod("namedCallback").getKeywordParameter("onEvent").getParameter(0).getMethod("something").getReturn()
|
||||
b.something #$ use=getMember("Something").getMethod("namedCallback").getKeywordParameter("onEvent").getParameter(1).getMethod("something").getReturn()
|
||||
}
|
||||
)
|
||||
) #$ use=getMember("Something").getMethod("namedCallback").getReturn()
|
||||
|
||||
Something.nestedCall1 do |a| #$ use=getMember("Something").getMethod("nestedCall1").getReturn()
|
||||
a.nestedCall2 do |b:| #$ use=getMember("Something").getMethod("nestedCall1").getBlock().getParameter(0).getMethod("nestedCall2").getReturn()
|
||||
Something.nestedCall1 do |a| #$ use=getMember("Something")
|
||||
a.nestedCall2 do |b:| #$ use=getMember("Something").getMethod("nestedCall1").getBlock().getParameter(0)
|
||||
b.something #$ use=getMember("Something").getMethod("nestedCall1").getBlock().getParameter(0).getMethod("nestedCall2").getBlock().getKeywordParameter("b").getMethod("something").getReturn()
|
||||
end
|
||||
end
|
||||
end #$ use=getMember("Something").getMethod("nestedCall1").getBlock().getParameter(0).getMethod("nestedCall2").getReturn()
|
||||
end #$ use=getMember("Something").getMethod("nestedCall1").getReturn()
|
||||
|
||||
def getCallback()
|
||||
->(x) {
|
||||
|
|
@ -33,7 +33,7 @@ def getCallback()
|
|||
end
|
||||
Something.indirectCallback(getCallback()) #$ use=getMember("Something").getMethod("indirectCallback").getReturn()
|
||||
|
||||
Something.withMixed do |a, *args, b| #$ use=getMember("Something").getMethod("withMixed").getReturn()
|
||||
Something.withMixed do |a, *args, b| #$ use=getMember("Something")
|
||||
a.something #$ use=getMember("Something").getMethod("withMixed").getBlock().getParameter(0).getMethod("something").getReturn()
|
||||
# b.something # not currently handled correctly
|
||||
end
|
||||
end #$ use=getMember("Something").getMethod("withMixed").getReturn()
|
||||
|
|
|
|||
|
|
@ -13,9 +13,9 @@ Unknown.new.run #$ use=getMember("Unknown").getMethod("new").getReturn().getMeth
|
|||
Foo::Bar::Baz #$ use=getMember("Foo").getMember("Bar").getMember("Baz")
|
||||
|
||||
Const = [1, 2, 3] #$ use=getMember("Array").getMethod("[]").getReturn()
|
||||
Const.each do |c| #$ use=getMember("Const").getMethod("each").getReturn() def=getMember("Const").getMethod("each").getBlock()
|
||||
Const.each do |c| #$ use=getMember("Const")
|
||||
puts c #$ use=getMember("Const").getMethod("each").getBlock().getParameter(0) use=getMember("Const").getContent(element)
|
||||
end
|
||||
end #$ use=getMember("Const").getMethod("each").getReturn() def=getMember("Const").getMethod("each").getBlock()
|
||||
|
||||
foo = Foo #$ use=getMember("Foo")
|
||||
foo::Bar::Baz #$ use=getMember("Foo").getMember("Bar").getMember("Baz")
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ class ApiUseTest extends InlineExpectationsTest {
|
|||
max(API::Node a2, Location l2, DataFlow::Node n2 |
|
||||
relevantNode(a2, n2, l2, tag) and
|
||||
l2.getFile() = location.getFile() and
|
||||
l2.getStartLine() = location.getStartLine()
|
||||
l2.getEndLine() = location.getEndLine()
|
||||
|
|
||||
a2.getPath()
|
||||
order by
|
||||
|
|
|
|||
|
|
@ -44,9 +44,9 @@ end
|
|||
|
||||
def m8
|
||||
sink(s8 { source "a" }) # $ hasValueFlow=a
|
||||
sink(s8 do # $hasValueFlow=a
|
||||
sink(s8 do
|
||||
source "a"
|
||||
end)
|
||||
end) # $hasValueFlow=a
|
||||
end
|
||||
|
||||
def m9
|
||||
|
|
|
|||
|
|
@ -47,54 +47,54 @@ def m6(arg1, arg2)
|
|||
end
|
||||
|
||||
# Bad: method has parameter but only one result is memoized.
|
||||
def m7(arg) # $result=BAD
|
||||
def m7(arg)
|
||||
@m7 ||= begin
|
||||
arg += 3
|
||||
end
|
||||
@m7
|
||||
end
|
||||
end # $result=BAD
|
||||
|
||||
# Bad: method has parameter but only one result is memoized.
|
||||
def m8(arg) # $result=BAD
|
||||
def m8(arg)
|
||||
@m8 ||= begin
|
||||
long_running_method(arg)
|
||||
end
|
||||
@m8
|
||||
end
|
||||
end # $result=BAD
|
||||
|
||||
# Bad: method has parameter but only one result is memoized.
|
||||
def m9(arg) # $result=BAD
|
||||
def m9(arg)
|
||||
@m9 ||= long_running_method(arg)
|
||||
end
|
||||
end # $result=BAD
|
||||
|
||||
# Bad: method has parameter but only one result is memoized.
|
||||
def m10(arg1, arg2) # $result=BAD
|
||||
def m10(arg1, arg2)
|
||||
@m10 ||= long_running_method(arg1, arg2)
|
||||
end
|
||||
end # $result=BAD
|
||||
|
||||
# Bad: `arg2` not used in key.
|
||||
def m11(arg1, arg2) # $result=BAD
|
||||
def m11(arg1, arg2)
|
||||
@m11 ||= {}
|
||||
@m11[arg1] ||= long_running_method(arg1, arg2)
|
||||
end
|
||||
end # $result=BAD
|
||||
|
||||
# Bad: `arg2` not used in key.
|
||||
def m12(arg1, arg2) # $result=BAD
|
||||
def m12(arg1, arg2)
|
||||
@m12 ||= Hash.new do |h1, arg1|
|
||||
h1[arg1] = result(arg1, arg2)
|
||||
end
|
||||
@m12[arg1]
|
||||
end
|
||||
end # $result=BAD
|
||||
|
||||
# Bad: arg not used in key.
|
||||
def m13(id:) # $result=BAD
|
||||
def m13(id:)
|
||||
@m13 ||= Rails.cache.fetch("product_sku/#{id}", expires_in: 30.minutes) do
|
||||
ActiveRecord::Base.transaction do
|
||||
ProductSku.find_by(id: id)
|
||||
end
|
||||
end
|
||||
@m13
|
||||
end
|
||||
end # $result=BAD
|
||||
|
||||
# Good (FP): arg is used in key via string interpolation.
|
||||
def m14(arg)
|
||||
|
|
|
|||
|
|
@ -80,9 +80,9 @@ def m9(x)
|
|||
x = x.gsub(/^(\.\.\/?)+/, "") # OK
|
||||
|
||||
# NOT OK
|
||||
x = x.gsub(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/) do |match| # $ hasResult=html
|
||||
x = x.gsub(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/) do |match|
|
||||
if unknown then match else "" end
|
||||
end
|
||||
end # $ hasResult=html
|
||||
|
||||
x = x.gsub(/<\/?([a-z][a-z0-9]*)\b[^>]*>/i, "") # NOT OK [INCONSISTENCY] $ hasResult=html
|
||||
|
||||
|
|
@ -113,10 +113,10 @@ def m9(x)
|
|||
|
||||
x = x.gsub(/<!\-\-DEVEL[\d\D]*?DEVEL\-\->/, "") # OK
|
||||
|
||||
x = x # $ hasResult=path
|
||||
x = x
|
||||
.gsub(/^\.\//, "")
|
||||
.gsub(/\/\.\//, "/")
|
||||
.gsub(/[^\/]*\/\.\.\//, "")
|
||||
.gsub(/[^\/]*\/\.\.\//, "") # $ hasResult=path
|
||||
|
||||
x
|
||||
end
|
||||
|
|
|
|||
|
|
@ -384,7 +384,7 @@ module Make<InlineExpectationsTestSig Impl> {
|
|||
la = a.getLocation() and
|
||||
pragma[only_bind_into](lb) = b.getLocation() and
|
||||
pragma[only_bind_into](la).hasLocationInfo(fname, line, _, _, _) and
|
||||
lb.hasLocationInfo(fname, line, _, _, _)
|
||||
lb.hasLocationInfo(fname, _, _, line, _)
|
||||
)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -244,9 +244,9 @@ func taintThroughSimpleStringOperations() {
|
|||
sink(arg: tainted.reversed()) // $ tainted=217
|
||||
|
||||
sink(arg: tainted.split(separator: ",")) // $ tainted=217
|
||||
sink(arg: tainted.split(whereSeparator: { // $ tainted=217
|
||||
sink(arg: tainted.split(whereSeparator: {
|
||||
c in return (c == ",")
|
||||
}))
|
||||
})) // $ tainted=217
|
||||
sink(arg: tainted.trimmingCharacters(in: CharacterSet.whitespaces)) // $ tainted=217
|
||||
sink(arg: tainted.padding(toLength: 20, withPad: " ", startingAt: 0)) // $ tainted=217
|
||||
sink(arg: tainted.components(separatedBy: CharacterSet.whitespaces)) // $ tainted=217
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче