A synthetic data-flow node to allow for flow into keyword parameters from hash-splat arguments.
For all methods containing keyword parameters, we construct a synthesized (hidden) parameter node to contain all keyword arguments. This allows us to handle cases like
def foo(p1:, p2:); end
args = {:p1 => taint(1), :p2 => taint(2) }
foo(**args)
by adding read steps out of the synthesized parameter node to the relevant keyword parameters.
Import path
import codeql.ruby.dataflow.internal.DataFlowPrivateDirect supertypes
Predicates
| getCfgScope | Do not call: use |
| getEnclosingCallable | |
| getLocationImpl | Do not call: use |
| getParameter | |
| isParameterOf | |
| readInto | Holds if a read-step should be added into parameter |
| toStringImpl | Do not call: use |
Inherited predicates
| asCallable | Gets the callable corresponding to this block, lambda expression, or call to | from Node |
| asExpr | Gets the expression corresponding to this node, if any. | from Node |
| asParameter | Gets the parameter corresponding to this node, if any. | from Node |
| backtrack | Starts backtracking from this node using API graphs. | from Node |
| getALocalSource | Gets a local source node from which data may flow to this node in zero or more local data-flow steps. | from Node |
| getAPredecessor | Gets a data flow node from which data may flow to this node in one local step. | from Node |
| getASuccessor | Gets a data flow node to which data may flow from this node in one local step. | from Node |
| getConstantValue | Gets the constant value of this expression, if any. | from Node |
| getEnclosingMethod | Gets the enclosing method, if any. | from Node |
| getLocation | Gets the location of this node. | from Node |
| hasLocationInfo | Holds if this element is at the specified location. The location spans column | from Node |
| isSourceParameterOf | from ParameterNodeImpl | |
| toString | Gets a textual representation of this node. | from Node |