Ruby: Model ActiveSupport extensions to Enumerable

hmac · hmac · commit 14d2ff6528dc · 2022-05-24T09:35:26.000+01:00
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
@@ -56,5 +56,70 @@ module ActiveSupport {
         }
       }
     }
+
+    /**
+     * Extensions to the `Enumerable` module.
+     */
+    module Enumerable {
+      private class ArrayIndex extends int {
+        ArrayIndex() { this = any(DataFlow::Content::KnownElementContent c).getIndex().getInt() }
+      }
+
+      private class CompactBlankSummary extends SimpleSummarizedCallable {
+        CompactBlankSummary() { this = "compact_blank" }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          input = "Argument[self].Element[any]" and
+          output = "ReturnValue.Element[?]" and
+          preservesValue = true
+        }
+      }
+
+      private class ExcludingSummary extends SimpleSummarizedCallable {
+        ExcludingSummary() { this = ["excluding", "without"] }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          input = "Argument[self].Element[any]" and
+          output = "ReturnValue.Element[?]" and
+          preservesValue = true
+        }
+      }
+
+      private class InOrderOfSummary extends SimpleSummarizedCallable {
+        InOrderOfSummary() { this = "in_order_of" }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          input = "Argument[self].Element[any]" and
+          output = "ReturnValue.Element[?]" and
+          preservesValue = true
+        }
+      }
+
+      /**
+       * Like `Array#push` but doesn't update the receiver.
+       */
+      private class IncludingSummary extends SimpleSummarizedCallable {
+        IncludingSummary() { this = "including" }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          (
+            exists(ArrayIndex i |
+              input = "Argument[self].Element[" + i + "]" and
+              output = "ReturnValue.Element[" + i + "]"
+            )
+            or
+            input = "Argument[self].Element[?]" and
+            output = "ReturnValue.Element[?]"
+            or
+            exists(int i | i in [0 .. (mc.getNumberOfArguments() - 1)] |
+              input = "Argument[" + i + "]" and
+              output = ["ReturnValue.Element[?]"]
+            )
+          ) and
+          preservesValue = true
+        }
+      }
+      // TODO: index_by, index_with, pick, pluck (they require Hash dataflow)
+    }
   }
 }
