Ruby: Fix SplatExprCfgNode

Author: hmac

ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll

@@ -866,15 +866,19 @@ module ExprNodes {
     final override RelationalOperation getExpr() { result = super.getExpr() }
   }
 
+  private class SplatExprChildMapping extends ExprChildMapping, SplatExpr {
+    override predicate relevantChild(AstNode n) { n = this.getOperand() }
+  }
+
   /** A control-flow node that wraps a `SplatExpr` AST expression. */
   class SplatExprCfgNode extends ExprCfgNode {
     override string getAPrimaryQlClass() { result = "SplatExprCfgNode" }
 
-    SplatExprCfgNode() { e instanceof SplatExpr }
+    override SplatExprChildMapping e;
 
     final override SplatExpr getExpr() { result = super.getExpr() }
 
-    final ExprCfgNode getOperand() { result.getExpr() = e.(SplatExpr).getOperand() }
+    final ExprCfgNode getOperand() { e.hasCfgChild(e.getOperand(), this, result) }
   }
 
   /** A control-flow node that wraps an `ElementReference` AST expression. */

ruby/ql/lib/codeql/ruby/dataflow/BarrierGuards.qll

@@ -168,13 +168,12 @@ private predicate stringConstCaseCompare(
         // when "foo", "bar"
         pattern instanceof ExprNodes::StringLiteralCfgNode
         or
-        // array literals behave weirdly in the CFG so we need to drop down to the AST level for this bit
-        // specifically: `SplatExprCfgNode.getOperand()` does not return results for array literals
         exists(CfgNodes::ExprNodes::SplatExprCfgNode splat | splat = pattern |
           // when *["foo", "bar"]
-          exists(ArrayLiteral arr |
-            splat.getExpr().getOperand() = arr and
-            forall(Expr elem | elem = arr.getAnElement() | elem instanceof StringLiteral)
+          forex(ExprCfgNode elem |
+            elem = splat.getOperand().(ExprNodes::ArrayLiteralCfgNode).getAnArgument()
+          |
+            elem instanceof ExprNodes::StringLiteralCfgNode
           )
           or
           // when *some_var