Fix #19294, Ruby NetHttpRequest improvements

Author: mschwager

ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll

@@ -12,15 +12,22 @@ private import codeql.ruby.DataFlow
 /**
  * A `Net::HTTP` call which initiates an HTTP request.
  * ```ruby
+ * # one-off request
  * Net::HTTP.get("http://example.com/")
  * Net::HTTP.post("http://example.com/", "some_data")
  * req = Net::HTTP.new("example.com")
  * response = req.get("/")
+ *
+ * # connection re-use
+ * Net::HTTP.start("http://example.com") do |http|
+ *   http.get("/")
+ * end
  * ```
  */
 class NetHttpRequest extends Http::Client::Request::Range instanceof DataFlow::CallNode {
   private DataFlow::CallNode request;
-  private API::Node requestNode;
+  API::Node requestNode;
+  API::Node connectionNode;
   private boolean returnsResponseBody;
 
   NetHttpRequest() {
@@ -30,20 +37,27 @@ class NetHttpRequest extends Http::Client::Request::Range instanceof DataFlow::C
     |
       // Net::HTTP.get(...)
       method in ["get", "get_response"] and
-      requestNode = API::getTopLevelMember("Net").getMember("HTTP").getReturn(method) and
+      connectionNode = API::getTopLevelMember("Net").getMember("HTTP") and
+      requestNode = connectionNode.getReturn(method) and
       returnsResponseBody = true
       or
       // Net::HTTP.post(...).body
       method in ["post", "post_form"] and
-      requestNode = API::getTopLevelMember("Net").getMember("HTTP").getReturn(method) and
+      connectionNode = API::getTopLevelMember("Net").getMember("HTTP") and
+      requestNode = connectionNode.getReturn(method) and
       returnsResponseBody = false
       or
       // Net::HTTP.new(..).get(..).body
+      // Net::HTTP.start(..) do |http| http.get(..) end
       method in [
           "get", "get2", "request_get", "head", "head2", "request_head", "delete", "put", "patch",
           "post", "post2", "request_post", "request"
         ] and
-      requestNode = API::getTopLevelMember("Net").getMember("HTTP").getInstance().getReturn(method) and
+      connectionNode = [
+        API::getTopLevelMember("Net").getMember("HTTP").getInstance(),
+        API::getTopLevelMember("Net").getMember("HTTP").getMethod("start").getBlock().getParameter(0)
+        ] and
+      requestNode = connectionNode.getReturn(method) and
       returnsResponseBody = false
     )
   }

ruby/ql/test/library-tests/frameworks/http_clients/NetHttp.rb

@@ -27,3 +27,11 @@ def get(domain, path)
 get("example.com", "/").body
 
 Net::HTTP.post(uri, "some_body") # note: response body not accessed
+
+http = Net::HTTP.new("https://example.com")
+root_get = Net::HTTP::Get.new("/")
+http.request(root_get)
+
+Net::HTTP.start("https://example.com") do |http|
+  http.get("/")
+end