add a generalized AddExprRoot into Operation.qll

Author: erik-krogh

ruby/ql/lib/codeql/ruby/ast/Operation.qll

@@ -158,6 +158,27 @@ class AddExpr extends BinaryArithmeticOperation, TAddExpr {
   final override string getAPrimaryQlClass() { result = "AddExpr" }
 }
 
+/**
+ * A series of add expressions, e.g. `1 + 2 + 3`.
+ * This class is used to represent the root of such a series, and
+ * the `getALeaf` predicate can be used to get the leaf nodes.
+ */
+class AddExprRoot extends AddExpr {
+  AddExprRoot() { not this.getParent() instanceof AddExpr }
+
+  private AstNode getALeafOrAdd() {
+    result = this.getAChild()
+    or
+    result = getALeafOrAdd().(AddExpr).getAChild()
+  }
+
+  /** Gets a leaf node of this add expression. */
+  AstNode getALeaf() {
+    result = getALeafOrAdd() and
+    not result instanceof AddExpr
+  }
+}
+
 /**
  * A subtract expression.
  * ```rb

ruby/ql/lib/codeql/ruby/security/UnsafeCodeConstructionCustomizations.qll

@@ -96,21 +96,6 @@ module UnsafeCodeConstruction {
     override string getSinkType() { result = "string interpolation" }
   }
 
-  private class AddRoot extends Ast::AddExpr {
-    AddRoot() { not this.getParent() instanceof Ast::AddExpr }
-
-    private Ast::AstNode getALeafOrAdd() {
-      result = this.getAChild()
-      or
-      result = getALeafOrAdd().(Ast::AddExpr).getAChild()
-    }
-
-    Ast::AstNode getALeaf() {
-      result = getALeafOrAdd() and
-      not result instanceof Ast::AddExpr
-    }
-  }
-
   /**
    * A string constructed from a string-concatenation (e.g. `"foo " + sink`),
    * where the resulting string ends up being executed as a code.
@@ -119,7 +104,7 @@ module UnsafeCodeConstruction {
     Concepts::CodeExecution s;
 
     StringConcatAsSink() {
-      exists(AddRoot add |
+      exists(Ast::AddExprRoot add |
         any(DataFlow::Node n | n.asExpr().getExpr() = add) = getANodeExecutedAsCode(s) and
         this.asExpr().getExpr() = add.getALeaf()
       )