Ruby: Add support for pretty-printed provenace in tests. Convert one test.

Author: aschackmull

ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll

@@ -369,6 +369,28 @@ private predicate typeVariableModel(string name, string path) {
   Extensions::typeVariableModel(name, path)
 }
 
+/**
+ * Holds if the given extension tuple `madId` should pretty-print as `model`.
+ *
+ * This predicate should only be used in tests.
+ */
+predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) {
+  exists(string type, string path, string kind |
+    Extensions::sourceModel(type, path, kind, madId) and
+    model = "Source: " + type + "; " + path + "; " + kind
+  )
+  or
+  exists(string type, string path, string kind |
+    Extensions::sinkModel(type, path, kind, madId) and
+    model = "Sink: " + type + "; " + path + "; " + kind
+  )
+  or
+  exists(string type, string path, string input, string output, string kind |
+    Extensions::summaryModel(type, path, input, output, kind, madId) and
+    model = "Summary: " + type + "; " + path + "; " + input + "; " + output + "; " + kind
+  )
+}
+
 /**
  * Holds if rows involving `type` might be relevant for the analysis of this database.
  */

ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected

@@ -1,3 +1,6 @@
+models
+| 1 | Sink: Terrapin::CommandLine!; Method[new].Argument[0]; command-injection |
+| 2 | Sink: Terrapin::CommandLine!; Method[new].Argument[1]; command-injection |
 edges
 | CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:7:10:7:15 | #{...} | provenance |  |
 | CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:8:16:8:18 | cmd | provenance |  |
@@ -21,9 +24,9 @@ edges
 | CommandInjection.rb:103:9:103:12 | file | CommandInjection.rb:104:16:104:28 | "cat #{...}" | provenance | AdditionalTaintStep |
 | CommandInjection.rb:103:16:103:21 | call to params | CommandInjection.rb:103:16:103:28 | ...[...] | provenance |  |
 | CommandInjection.rb:103:16:103:28 | ...[...] | CommandInjection.rb:103:9:103:12 | file | provenance |  |
-| CommandInjection.rb:111:33:111:38 | call to params | CommandInjection.rb:111:33:111:44 | ...[...] | provenance |  Sink:MaD:46 |
+| CommandInjection.rb:111:33:111:38 | call to params | CommandInjection.rb:111:33:111:44 | ...[...] | provenance |  Sink:MaD:1 |
 | CommandInjection.rb:113:44:113:49 | call to params | CommandInjection.rb:113:44:113:54 | ...[...] | provenance |  |
-| CommandInjection.rb:113:44:113:54 | ...[...] | CommandInjection.rb:113:41:113:56 | "#{...}" | provenance | AdditionalTaintStep Sink:MaD:47 |
+| CommandInjection.rb:113:44:113:54 | ...[...] | CommandInjection.rb:113:41:113:56 | "#{...}" | provenance | AdditionalTaintStep Sink:MaD:2 |
 nodes
 | CommandInjection.rb:6:9:6:11 | cmd | semmle.label | cmd |
 | CommandInjection.rb:6:15:6:20 | call to params | semmle.label | call to params |

ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.ql

@@ -0,0 +1,16 @@
+/**
+ * @kind path-problem
+ */
+
+import codeql.ruby.AST
+import codeql.ruby.security.CommandInjectionQuery
+import codeql.dataflow.test.ProvenancePathGraph
+import codeql.ruby.frameworks.data.internal.ApiGraphModels
+import ShowProvenance<interpretModelForTest/2, CommandInjectionFlow::PathNode, CommandInjectionFlow::PathGraph>
+
+from CommandInjectionFlow::PathNode source, CommandInjectionFlow::PathNode sink, Source sourceNode
+where
+  CommandInjectionFlow::flowPath(source, sink) and
+  sourceNode = source.getNode()
+select sink.getNode(), source, sink, "This command depends on a $@.", sourceNode,
+  sourceNode.getSourceType()