Merge pull request #20080 from d10c/d10c/diff-informed-phase-3-ruby

cklin · web-flow · commit 72563ec5a496 · 2025-08-07T07:37:40.000-07:00
Ruby: Diff-informed queries: phase 3 (non-trivial locations)
diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/MissingFullAnchorQuery.qll b/ruby/ql/lib/codeql/ruby/security/regexp/MissingFullAnchorQuery.qll
@@ -17,6 +17,10 @@ private module MissingFullAnchorConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() {
+    none() // can't be made diff-informed because the locations of Ruby RegExpTerms aren't correct when the regexp is parsed from a string arising from constant folding
+  }
 }
 
 /**

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,10 @@ private module MissingFullAnchorConfig implements DataFlow::ConfigSig {`
`17`	`17`	`predicate isSink(DataFlow::Node sink) { sink instanceof Sink }`
`18`	`18`
`19`	`19`	`predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }`
	`20`	`+`
	`21`	`+ predicate observeDiffInformedIncrementalMode() {`
	`22`	`+ none() // can't be made diff-informed because the locations of Ruby RegExpTerms aren't correct when the regexp is parsed from a string arising from constant folding`
	`23`	`+ }`
`20`	`24`	`}`
`21`	`25`
`22`	`26`	`/**`