Ruby: ActiveRecord - match OrmWriteAccesses for assignements to the assignment node rather than the setter call

alexrford · alexrford · commit 8fed9f9aa0e6 · 2022-03-04T17:24:24.000Z
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll
@@ -483,14 +483,21 @@ private module Persistence {
    * as an `OrmWriteAccess` to avoid missing cases where the path to a
    * subsequent write is not clear.
    */
-  private class AssignAttributeCall extends DataFlow::CallNode, ActiveRecordInstanceMethodCall,
-    OrmWriteAccess::Range {
-    AssignAttributeCall() { this.asExpr().getExpr() instanceof SetterMethodCall }
+  private class AssignAttribute extends DataFlow::Node, OrmWriteAccess::Range {
+    private DataFlow::CallNode setter;
+    private ExprNodes::AssignExprCfgNode assignNode;
+
+    AssignAttribute() {
+      assignNode = this.asExpr() and
+      setter.getArgument(0) = this and
+      setter instanceof ActiveRecordInstanceMethodCall and
+      setter.asExpr().getExpr() instanceof SetterMethodCall
+    }
 
     override string getFieldNameAssignedTo(DataFlow::Node value) {
-      result + "=" = this.getMethodName() and
+      result + "=" = setter.getMethodName() and
       // match RHS
-      this.getArgument(0).asExpr().(ExprNodes::AssignExprCfgNode).getRhs() = value.asExpr()
+      assignNode.getRhs() = value.asExpr()
     }
   }
 }
diff --git a/ruby/ql/test/library-tests/frameworks/Orm.expected b/ruby/ql/test/library-tests/frameworks/Orm.expected
@@ -13,4 +13,4 @@
 | app/controllers/users/users_controller.rb:20:7:20:57 | call to update_attributes | name | app/controllers/users/users_controller.rb:20:37:20:41 | "U12" |
 | app/controllers/users/users_controller.rb:20:7:20:57 | call to update_attributes | uid | app/controllers/users/users_controller.rb:20:49:20:55 | call to get_uid |
 | app/controllers/users/users_controller.rb:23:7:23:42 | call to update_attribute | name | app/controllers/users/users_controller.rb:23:37:23:41 | "U13" |
-| app/controllers/users/users_controller.rb:26:7:26:15 | call to name= | name | app/controllers/users/users_controller.rb:26:19:26:23 | "U14" |
+| app/controllers/users/users_controller.rb:26:7:26:15 | ... = ... | name | app/controllers/users/users_controller.rb:26:19:26:23 | "U14" |
