Merge pull request github#13612 from asgerf/rb/api-graph-explicit-proc-lambda

Ruby: Improve support for explicit proc-creation

Author: asgerf

ruby/ql/lib/codeql/ruby/ApiGraphs.qll

@@ -978,6 +978,12 @@ module API {
         pred = Impl::MkModuleInstanceUp(mod) and
         succ = getBackwardEndNode(mod.getOwnInstanceMethod("call"))
       )
+      or
+      // Step through callable wrappers like `proc` and `lambda` calls.
+      exists(DataFlow::Node node |
+        pred = getBackwardEndNode(node) and
+        succ = getBackwardStartNode(node.asCallable())
+      )
     }
 
     pragma[nomagic]

ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll

@@ -1333,11 +1333,20 @@ predicate lambdaCreation(Node creation, LambdaCallKind kind, DataFlowCallable c)
     creation.asExpr() =
       any(CfgNodes::ExprNodes::MethodCallCfgNode mc |
         c.asCallable() = mc.getBlock().getExpr() and
-        mc.getExpr().getMethodName() = ["lambda", "proc"]
+        isProcCreationCall(mc.getExpr())
       )
   )
 }
 
+/** Holds if `call` is a call to `lambda`, `proc`, or `Proc.new` */
+pragma[nomagic]
+private predicate isProcCreationCall(MethodCall call) {
+  call.getMethodName() = ["proc", "lambda"]
+  or
+  call.getMethodName() = "new" and
+  call.getReceiver().(ConstantReadAccess).getAQualifiedName() = "Proc"
+}
+
 /**
  * Holds if `call` is a from-source lambda call of kind `kind` where `receiver`
  * is the lambda expression.

ruby/ql/src/change-notes/2023-06-29-api-graph-explicit-proc-lambda.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Improved resolution of calls performed on an object created with `Proc.new`.

ruby/ql/test/library-tests/dataflow/api-graphs/explicit-proc.rb

@@ -0,0 +1,11 @@
+Foo.bar proc { |x|
+    x # $ reachableFromSource=Member[Foo].Method[bar].Argument[0].Parameter[0]
+}
+
+Foo.bar lambda { |x|
+    x # $ reachableFromSource=Member[Foo].Method[bar].Argument[0].Parameter[0]
+}
+
+Foo.bar Proc.new { |x|
+    x # $ reachableFromSource=Member[Foo].Method[bar].Argument[0].Parameter[0]
+}