refactor the existing taint-step for string interpolation into StringFormatters.qll

Author: erik-krogh

ruby/ql/lib/codeql/ruby/dataflow/FlowSteps.qll

@@ -11,7 +11,9 @@ private class Unit = DFPrivate::Unit;
  * A module importing the frameworks that implement additional flow steps,
  * ensuring that they are visible to the taint tracking library.
  */
-private module Frameworks { }
+private module Frameworks {
+  import codeql.ruby.frameworks.StringFormatters
+}
 
 /**
  * A unit class for adding additional taint steps.

ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll

@@ -95,10 +95,6 @@ private module Cached {
         )
     )
     or
-    // string interpolation of `nodeFrom` into `nodeTo`
-    nodeFrom.asExpr() =
-      nodeTo.asExpr().(CfgNodes::ExprNodes::StringlikeLiteralCfgNode).getAComponent()
-    or
     FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom, nodeTo, false)
     or
     any(FlowSteps::AdditionalTaintStep s).step(nodeFrom, nodeTo)

ruby/ql/lib/codeql/ruby/frameworks/StringFormatters.qll

@@ -77,3 +77,19 @@ class IOPrintfCall extends PrintfStyleCall {
 
   override predicate returnsFormatted() { none() }
 }
+
+private import codeql.ruby.dataflow.FlowSteps
+private import codeql.ruby.CFG
+
+/**
+ * A step for string interpolation of `pred` into `succ`.
+ * E.g.
+ * ```rb
+ * succ = "foo #{pred} bar"
+ * ```
+ */
+private class StringLiteralFormatStep extends AdditionalTaintStep {
+  override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
+    pred.asExpr() = succ.asExpr().(CfgNodes::ExprNodes::StringlikeLiteralCfgNode).getAComponent()
+  }
+}