Merge pull request github#11339 from aibaars/active_support_enumerable

Ruby: Active support enumerable

Author: aibaars

ruby/ql/lib/change-notes/2022-11-28-activesupport-enumerable.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Data flow through the `ActiveSupport` extensions `Enumerable#index_with`, `Enumerable#pick`, `Enumerable#pluck` and `Enumerable#sole`  are now modeled.

ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll

@@ -305,7 +305,143 @@ module ActiveSupport {
           preservesValue = true
         }
       }
-      // TODO: index_with, pick, pluck (they require Hash dataflow)
+
+      private class IndexWithSummary extends SimpleSummarizedCallable {
+        IndexWithSummary() { this = "index_with" }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          input = "Argument[self].Element[any]" and
+          output = "Argument[block].Parameter[0]" and
+          preservesValue = true
+          or
+          input = ["Argument[0]", "Argument[block].ReturnValue"] and
+          output = "ReturnValue.Element[?]" and
+          preservesValue = true
+        }
+      }
+
+      private string getKeyArgument(MethodCall mc, int i) {
+        mc.getMethodName() = ["pick", "pluck"] and
+        result = DataFlow::Content::getKnownElementIndex(mc.getArgument(i)).serialize()
+      }
+
+      private class PickSingleSummary extends SummarizedCallable {
+        private MethodCall mc;
+        private string key;
+
+        PickSingleSummary() {
+          key = getKeyArgument(mc, 0) and
+          this = "Enumerable.pick(" + key + ")" and
+          mc.getMethodName() = "pick" and
+          mc.getNumberOfArguments() = 1
+        }
+
+        override MethodCall getACall() { result = mc }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          input = "Argument[self].Element[0].Element[" + key + "]" and
+          output = "ReturnValue" and
+          preservesValue = true
+        }
+      }
+
+      private class PickMultipleSummary extends SummarizedCallable {
+        private MethodCall mc;
+
+        PickMultipleSummary() {
+          mc.getMethodName() = "pick" and
+          mc.getNumberOfArguments() > 1 and
+          exists(int maxKey |
+            maxKey = max(int j | exists(getKeyArgument(mc, j))) and
+            this =
+              "Enumerable.pick(" +
+                concat(int i, string key |
+                  key = getKeyArgument(mc, i)
+                  or
+                  key = "_" and
+                  not exists(getKeyArgument(mc, i)) and
+                  i in [0 .. maxKey]
+                |
+                  key, "," order by i
+                ) + ")"
+          )
+        }
+
+        override MethodCall getACall() { result = mc }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          exists(string s, int i |
+            s = getKeyArgument(mc, i) and
+            input = "Argument[self].Element[0].Element[" + s + "]" and
+            output = "ReturnValue.Element[" + i + "]"
+          ) and
+          preservesValue = true
+        }
+      }
+
+      private class PluckSingleSummary extends SummarizedCallable {
+        private MethodCall mc;
+        private string key;
+
+        PluckSingleSummary() {
+          key = getKeyArgument(mc, 0) and
+          this = "Enumerable.pluck(" + key + ")" and
+          mc.getMethodName() = "pluck" and
+          mc.getNumberOfArguments() = 1
+        }
+
+        override MethodCall getACall() { result = mc }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          input = "Argument[self].Element[any].Element[" + key + "]" and
+          output = "ReturnValue.Element[any]" and
+          preservesValue = true
+        }
+      }
+
+      private class PluckMultipleSummary extends SummarizedCallable {
+        private MethodCall mc;
+
+        PluckMultipleSummary() {
+          mc.getMethodName() = "pluck" and
+          mc.getNumberOfArguments() > 1 and
+          exists(int maxKey |
+            maxKey = max(int j | exists(getKeyArgument(mc, j))) and
+            this =
+              "Enumerable.pluck(" +
+                concat(int i, string key |
+                  key = getKeyArgument(mc, i)
+                  or
+                  key = "_" and
+                  not exists(getKeyArgument(mc, i)) and
+                  i in [0 .. maxKey]
+                |
+                  key, "," order by i
+                ) + ")"
+          )
+        }
+
+        override MethodCall getACall() { result = mc }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          exists(string s, int i |
+            s = getKeyArgument(mc, i) and
+            input = "Argument[self].Element[any].Element[" + s + "]" and
+            output = "ReturnValue.Element[?].Element[" + i + "]"
+          ) and
+          preservesValue = true
+        }
+      }
+
+      private class SoleSummary extends SimpleSummarizedCallable {
+        SoleSummary() { this = "sole" }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          input = "Argument[self].Element[0]" and
+          output = "ReturnValue" and
+          preservesValue = true
+        }
+      }
     }
   }