jorgectf
diff --git a/‎ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
Lines changed: 9 additions & 2 deletions b/‎ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
Lines changed: 9 additions & 2 deletions
diff --git a/‎ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
Lines changed: 4 additions & 4 deletions b/‎ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
Lines changed: 4 additions & 4 deletions
@@ -592,12 +592,15 @@ private module ParamsSummaries {
   /**
    * `#merge`
    * Returns a new ActionController::Parameters with all keys from other_hash merged into current hash.
+   * `#reverse_merge`
+   * `#with_defaults`
+   * Returns a new ActionController::Parameters with all keys from current hash merged into other_hash.
    */
   private class MergeSummary extends SummarizedCallable {
     MergeSummary() { this = "ActionController::Parameters#merge" }
 
     override MethodCall getACall() {
-      result.getMethodName() = "merge" and
+      result.getMethodName() = ["merge", "reverse_merge", "with_defaults"] and
       exists(ParamsInstance i |
         i.asExpr().getExpr() = [result.getReceiver(), result.getArgument(0)]
       )
@@ -613,12 +616,16 @@ private module ParamsSummaries {
   /**
    * `#merge!`
    * Returns current ActionController::Parameters instance with current hash merged into other_hash.
+   * `#reverse_merge!`
+   * `#with_defaults!`
+   * `#reverse_update`
+   * Returns a new ActionController::Parameters with all keys from current hash merged into other_hash.
    */
   private class MergeBangSummary extends SummarizedCallable {
     MergeBangSummary() { this = "ActionController::Parameters#merge!" }
 
     override MethodCall getACall() {
-      result.getMethodName() = "merge!" and
+      result.getMethodName() = ["merge!", "reverse_merge!", "with_defaults!", "reverse_update"] and
       exists(ParamsInstance i |
         i.asExpr().getExpr() = [result.getReceiver(), result.getArgument(0)]
       )
 
@@ -127,9 +127,9 @@ module ActiveSupport {
         ReverseMergeSummary() { this = ["reverse_merge", "with_defaults"] }
 
         override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
-          input = ["Argument[self]", "Argument[0]"] and
+          input = "Argument[self,0].WithElement[any]" and
           output = "ReturnValue" and
-          preservesValue = false
+          preservesValue = true
         }
       }
 
@@ -140,9 +140,9 @@ module ActiveSupport {
         ReverseMergeBangSummary() { this = ["reverse_merge!", "with_defaults!", "reverse_update"] }
 
         override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
-          input = ["Argument[self]", "Argument[0]"] and
+          input = "Argument[self,0].WithElement[any]" and
           output = ["ReturnValue", "Argument[self]"] and
-          preservesValue = false
+          preservesValue = true
         }
       }
Original file line number	Diff line number	Diff line change
`@@ -127,9 +127,9 @@ module ActiveSupport {`
`127`	`127`	`ReverseMergeSummary() { this = ["reverse_merge", "with_defaults"] }`
`128`	`128`
`129`	`129`	`override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {`
`130`		`- input = ["Argument[self]", "Argument[0]"] and`
	`130`	`+ input = "Argument[self,0].WithElement[any]" and`
`131`	`131`	`output = "ReturnValue" and`
`132`		`- preservesValue = false`
	`132`	`+ preservesValue = true`
`133`	`133`	`}`
`134`	`134`	`}`
`135`	`135`
`@@ -140,9 +140,9 @@ module ActiveSupport {`
`140`	`140`	`ReverseMergeBangSummary() { this = ["reverse_merge!", "with_defaults!", "reverse_update"] }`
`141`	`141`
`142`	`142`	`override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {`
`143`		`- input = ["Argument[self]", "Argument[0]"] and`
	`143`	`+ input = "Argument[self,0].WithElement[any]" and`
`144`	`144`	`output = ["ReturnValue", "Argument[self]"] and`
`145`		`- preservesValue = false`
	`145`	`+ preservesValue = true`
`146`	`146`	`}`
`147`	`147`	`}`
`148`	`148`