add an AdditionalTaintStep class for Ruby

Author: erik-krogh

ruby/ql/lib/codeql/ruby/dataflow/FlowSteps.qll

@@ -0,0 +1,28 @@
+/**
+ * Provides classes representing various flow steps for taint tracking.
+ */
+
+private import codeql.ruby.DataFlow
+private import internal.DataFlowPrivate as DFPrivate
+
+private class Unit = DFPrivate::Unit;
+
+/**
+ * A module importing the frameworks that implement additional flow steps,
+ * ensuring that they are visible to the taint tracking library.
+ */
+private module Frameworks { }
+
+/**
+ * A unit class for adding additional taint steps.
+ *
+ * Extend this class to add additional taint steps that should apply to all
+ * taint configurations.
+ */
+class AdditionalTaintStep extends Unit {
+  /**
+   * Holds if the step from `node1` to `node2` should be considered a taint
+   * step for all configurations.
+   */
+  abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
+}

ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll

@@ -62,6 +62,8 @@ private CfgNodes::ExprNodes::VariableWriteAccessCfgNode variablesInPattern(
 
 cached
 private module Cached {
+  private import codeql.ruby.dataflow.FlowSteps as FlowSteps
+
   cached
   predicate forceCachingInSameStage() { any() }
 
@@ -99,6 +101,8 @@ private module Cached {
     or
     FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom, nodeTo, false)
     or
+    any(FlowSteps::AdditionalTaintStep s).step(nodeFrom, nodeTo)
+    or
     // Although flow through collections is modeled precisely using stores/reads, we still
     // allow flow out of a _tainted_ collection. This is needed in order to support taint-
     // tracking configurations where the source is a collection.