Ruby: Add tests for ActiveSupport modelling

Author: hmac

ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll

@@ -130,8 +130,8 @@ module ActiveSupport {
    * `ActiveSupport::Logger`
    */
   module Logger {
-    private class ActiveSupportLoggerInstance extends StdlibLogger::LoggerInstance {
-      ActiveSupportLoggerInstance() {
+    private class ActiveSupportLoggerInstantiation extends StdlibLogger::LoggerInstantiation {
+      ActiveSupportLoggerInstantiation() {
         this =
           API::getTopLevelMember("ActiveSupport")
               .getMember(["Logger", "TaggedLogging"])

ruby/ql/lib/codeql/ruby/frameworks/stdlib/Logger.qll

@@ -16,7 +16,7 @@ private import codeql.ruby.dataflow.internal.DataFlowDispatch
 module Logger {
   /** A reference to a `Logger` instance */
   private DataFlow::Node loggerInstance() {
-    result = API::getTopLevelMember("Logger").getAnInstantiation()
+    result instanceof LoggerInstantiation
     or
     exists(DataFlow::Node inst |
       inst = loggerInstance() and
@@ -34,17 +34,21 @@ module Logger {
   }
 
   /**
-   * An instance of a logger that responds to the std lib logging methods.
+   * An instantiation of a logger that responds to the std lib logging methods.
    * This can be extended to recognise additional instances that conform to the
    * same interface.
    */
-  abstract class LoggerInstance extends DataFlow::Node { }
+  abstract class LoggerInstantiation extends DataFlow::Node { }
 
   /**
-   * An instance of the std lib `Logger` class.
+   * An instantiation of the std lib `Logger` class.
    */
-  private class StdlibLoggerInstance extends LoggerInstance {
-    StdlibLoggerInstance() { this = loggerInstance() }
+  private class StdlibLoggerInstantiation extends LoggerInstantiation {
+    StdlibLoggerInstantiation() { this = API::getTopLevelMember("Logger").getAnInstantiation() }
+  }
+
+  private class LoggerInstance extends DataFlow::Node {
+    LoggerInstance() { this = loggerInstance() }
   }
 
   /**

ruby/ql/test/library-tests/frameworks/active_support.rb

@@ -1,2 +1,6 @@
+constantizeCalls
 | active_support.rb:1:1:1:22 | call to constantize | active_support.rb:1:1:1:10 | "Foo::Bar" |
 | active_support.rb:3:1:3:13 | call to constantize | active_support.rb:3:1:3:1 | call to a |
+loggerInstantiations
+| active_support.rb:5:1:5:33 | call to new |
+| active_support.rb:6:1:6:40 | call to new |

ruby/ql/test/library-tests/frameworks/ActiveSupport.expected renamed to ruby/ql/test/library-tests/frameworks/active_support/ActiveSupport.expected

@@ -1,6 +1,9 @@
 import codeql.ruby.frameworks.ActiveSupport
 import codeql.ruby.DataFlow
+import codeql.ruby.frameworks.stdlib.Logger
 
 query DataFlow::Node constantizeCalls(ActiveSupport::CoreExtensions::String::Constantize c) {
   result = c.getCode()
 }
+
+query predicate loggerInstantiations(Logger::LoggerInstantiation l) { any() }

ruby/ql/test/library-tests/frameworks/ActiveSupport.ql renamed to ruby/ql/test/library-tests/frameworks/active_support/ActiveSupport.ql

@@ -0,0 +1,11 @@
+/**
+ * @kind path-problem
+ */
+
+import ruby
+import TestUtilities.InlineFlowTest
+import PathGraph
+
+from DataFlow::PathNode source, DataFlow::PathNode sink, DefaultValueFlowConf conf
+where conf.hasFlowPath(source, sink)
+select sink, source, sink, "$@", source, source.toString()

ruby/ql/test/library-tests/frameworks/active_support/ActiveSupportDataFlow.expected

@@ -0,0 +1,136 @@
+"Foo::Bar".constantize
+
+a.constantize
+
+ActiveSupport::Logger.new(STDOUT)
+ActiveSupport::TaggedLogging.new(STDOUT)
+
+def m_camelize
+    x = source "a"
+    sink x.camelize # $hasTaintFlow=a
+end
+
+def m_camelcase
+    x = source "a"
+    sink x.camelcase # $hasTaintFlow=a
+end
+
+def m_classify
+    x = source "a"
+    sink x.classify # $hasTaintFlow=a
+end
+
+def m_dasherize
+    x = source "a"
+    sink x.dasherize # $hasTaintFlow=a
+end
+
+def m_deconstantize
+    x = source "a"
+    sink x.deconstantize # $hasTaintFlow=a
+end
+
+def m_demodulize
+    x = source "a"
+    sink x.demodulize # $hasTaintFlow=a
+end
+
+def m_foreign_key
+    x = source "a"
+    sink x.foreign_key # $hasTaintFlow=a
+end
+
+def m_humanize
+    x = source "a"
+    sink x.humanize # $hasTaintFlow=a
+end
+
+def m_indent
+    x = source "a"
+    sink x.indent(1) # $hasTaintFlow=a
+end
+
+def m_parameterize
+    x = source "a"
+    sink x.parameterize # $hasTaintFlow=a
+end
+
+def m_pluralize
+    x = source "a"
+    sink x.pluralize # $hasTaintFlow=a
+end
+
+def m_singularize
+    x = source "a"
+    sink x.singularize # $hasTaintFlow=a
+end
+
+def m_squish
+    x = source "a"
+    sink x.squish # $hasTaintFlow=a
+end
+
+def m_strip_heredoc
+    x = source "a"
+    sink x.strip_heredoc # $hasTaintFlow=a
+end
+
+def m_tableize
+    x = source "a"
+    sink x.tableize # $hasTaintFlow=a
+end
+
+def m_titlecase
+    x = source "a"
+    sink x.titlecase # $hasTaintFlow=a
+end
+
+def m_titleize
+    x = source "a"
+    sink x.titleize # $hasTaintFlow=a
+end
+
+def m_underscore
+    x = source "a"
+    sink x.underscore # $hasTaintFlow=a
+end
+
+def m_upcase_first
+    x = source "a"
+    sink x.upcase_first # $hasTaintFlow=a
+end
+
+def m_compact_blank
+    x = [source 1]
+    y = x.compact_blank
+    sink y[0] # $hasValueFlow=1
+end
+
+def m_excluding
+    x = [source(1), 2]
+    y = x.excluding 2
+    sink y[0] # $hasValueFlow=1
+end
+
+def m_without
+    x = [source(1), 2]
+    y = x.without 2
+    sink y[0] # $hasValueFlow=1
+end
+
+def m_in_order_of
+    x = [source(1), 2]
+    y = x.in_order_of(:itself, [2,1])
+    sink y[0] # $hasValueFlow=1
+end
+
+def m_including
+    a = [source(1), 2]
+    b = a.including(source(3), source(4))
+    sink a[0] # $ hasValueFlow=1
+    sink a[1]
+    sink b[0] # $ hasValueFlow=1 $ hasValueFlow=3 $ hasValueFlow=4
+    sink b[1] # $ hasValueFlow=3 $ hasValueFlow=4
+    sink b[2] # $ hasValueFlow=3 $ hasValueFlow=4
+    sink b[3] # $ hasValueFlow=3 $ hasValueFlow=4
+end

ruby/ql/test/library-tests/frameworks/active_support/ActiveSupportDataFlow.ql

@@ -21,3 +21,5 @@
 | Logging.rb:73:5:73:63 | call to log | Logging.rb:73:36:73:45 | "message1" |
 | Logging.rb:74:5:74:76 | call to log | Logging.rb:74:36:74:45 | "message2" |
 | Logging.rb:74:5:74:76 | call to log | Logging.rb:74:48:74:58 | "progname2" |
+| Logging.rb:81:1:81:21 | call to debug | Logging.rb:81:16:81:20 | "msg" |
+| Logging.rb:82:1:82:21 | call to debug | Logging.rb:82:16:82:20 | "msg" |

ruby/ql/test/library-tests/frameworks/active_support/active_support.rb

@@ -1,4 +1,5 @@
 import codeql.ruby.frameworks.stdlib.Logger::Logger
+import codeql.ruby.frameworks.ActiveSupport::ActiveSupport::Logger
 import codeql.ruby.DataFlow
 
 query DataFlow::Node loggerLoggingCallInputs(LoggerLoggingCall c) { result = c.getAnInput() }