diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Grape.qll b/ruby/ql/lib/codeql/ruby/frameworks/Grape.qll
index 7e3d6c54fe4..4d64e9461b3 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/Grape.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Grape.qll
@@ -291,12 +291,7 @@ module Grape {
   private class GrapeHelperMethod extends Method {
     private GrapeApiClass apiClass;
 
-    GrapeHelperMethod() {
-      exists(DataFlow::CallNode helpersCall |
-        helpersCall = apiClass.getAModuleLevelCall("helpers") and
-        this.getParent+() = helpersCall.getBlock().asExpr().getExpr()
-      )
-    }
+    GrapeHelperMethod() { this = apiClass.getHelperSelf().getSelfVariable().getDeclaringScope() }
 
     /**
      * Gets the API class that contains this helper method.
diff --git a/ruby/ql/test/library-tests/frameworks/grape/Flow.expected b/ruby/ql/test/library-tests/frameworks/grape/Flow.expected
index c104b36afb2..f04bd930ea9 100644
--- a/ruby/ql/test/library-tests/frameworks/grape/Flow.expected
+++ b/ruby/ql/test/library-tests/frameworks/grape/Flow.expected
@@ -2,44 +2,80 @@ models
 edges
 | app.rb:103:13:103:18 | call to params | app.rb:103:13:103:70 | call to select | provenance |  |
 | app.rb:103:13:103:18 | call to params | app.rb:103:13:103:70 | call to select : [collection] [element] | provenance |  |
-| app.rb:103:13:103:70 | call to select | app.rb:149:21:149:31 | call to user_params | provenance |  |
-| app.rb:103:13:103:70 | call to select | app.rb:165:21:165:31 | call to user_params | provenance |  |
-| app.rb:103:13:103:70 | call to select : [collection] [element] | app.rb:149:21:149:31 | call to user_params : [collection] [element] | provenance |  |
-| app.rb:103:13:103:70 | call to select : [collection] [element] | app.rb:165:21:165:31 | call to user_params : [collection] [element] | provenance |  |
-| app.rb:107:13:107:32 | call to source | app.rb:143:18:143:43 | call to vulnerable_helper | provenance |  |
-| app.rb:107:13:107:32 | call to source | app.rb:143:18:143:43 | call to vulnerable_helper | provenance |  |
-| app.rb:111:13:111:33 | call to source | app.rb:150:25:150:37 | call to simple_helper | provenance |  |
-| app.rb:111:13:111:33 | call to source | app.rb:150:25:150:37 | call to simple_helper | provenance |  |
-| app.rb:126:9:126:15 | user_id | app.rb:133:14:133:20 | user_id | provenance |  |
-| app.rb:126:19:126:24 | call to params | app.rb:126:19:126:34 | ...[...] | provenance |  |
-| app.rb:126:19:126:34 | ...[...] | app.rb:126:9:126:15 | user_id | provenance |  |
-| app.rb:127:9:127:16 | route_id | app.rb:134:14:134:21 | route_id | provenance |  |
-| app.rb:127:20:127:40 | call to route_param | app.rb:127:9:127:16 | route_id | provenance |  |
-| app.rb:128:9:128:12 | auth | app.rb:135:14:135:17 | auth | provenance |  |
-| app.rb:128:16:128:22 | call to headers | app.rb:128:16:128:38 | ...[...] | provenance |  |
-| app.rb:128:16:128:38 | ...[...] | app.rb:128:9:128:12 | auth | provenance |  |
-| app.rb:129:9:129:15 | session | app.rb:136:14:136:20 | session | provenance |  |
-| app.rb:129:19:129:25 | call to cookies | app.rb:129:19:129:38 | ...[...] | provenance |  |
-| app.rb:129:19:129:38 | ...[...] | app.rb:129:9:129:15 | session | provenance |  |
-| app.rb:143:9:143:14 | result | app.rb:144:14:144:19 | result | provenance |  |
-| app.rb:143:9:143:14 | result | app.rb:144:14:144:19 | result | provenance |  |
-| app.rb:143:18:143:43 | call to vulnerable_helper | app.rb:143:9:143:14 | result | provenance |  |
-| app.rb:143:18:143:43 | call to vulnerable_helper | app.rb:143:9:143:14 | result | provenance |  |
-| app.rb:149:9:149:17 | user_data | app.rb:151:14:151:22 | user_data | provenance |  |
-| app.rb:149:9:149:17 | user_data : [collection] [element] | app.rb:151:14:151:22 | user_data | provenance |  |
-| app.rb:149:21:149:31 | call to user_params | app.rb:149:9:149:17 | user_data | provenance |  |
-| app.rb:149:21:149:31 | call to user_params : [collection] [element] | app.rb:149:9:149:17 | user_data : [collection] [element] | provenance |  |
-| app.rb:150:9:150:21 | simple_result | app.rb:152:14:152:26 | simple_result | provenance |  |
-| app.rb:150:9:150:21 | simple_result | app.rb:152:14:152:26 | simple_result | provenance |  |
-| app.rb:150:25:150:37 | call to simple_helper | app.rb:150:9:150:21 | simple_result | provenance |  |
-| app.rb:150:25:150:37 | call to simple_helper | app.rb:150:9:150:21 | simple_result | provenance |  |
-| app.rb:159:13:159:19 | user_id | app.rb:160:18:160:24 | user_id | provenance |  |
-| app.rb:159:23:159:28 | call to params | app.rb:159:23:159:33 | ...[...] | provenance |  |
-| app.rb:159:23:159:33 | ...[...] | app.rb:159:13:159:19 | user_id | provenance |  |
-| app.rb:165:9:165:17 | user_data | app.rb:166:14:166:22 | user_data | provenance |  |
-| app.rb:165:9:165:17 | user_data : [collection] [element] | app.rb:166:14:166:22 | user_data | provenance |  |
-| app.rb:165:21:165:31 | call to user_params | app.rb:165:9:165:17 | user_data | provenance |  |
-| app.rb:165:21:165:31 | call to user_params : [collection] [element] | app.rb:165:9:165:17 | user_data : [collection] [element] | provenance |  |
+| app.rb:103:13:103:70 | call to select | app.rb:189:21:189:31 | call to user_params | provenance |  |
+| app.rb:103:13:103:70 | call to select | app.rb:205:21:205:31 | call to user_params | provenance |  |
+| app.rb:103:13:103:70 | call to select : [collection] [element] | app.rb:189:21:189:31 | call to user_params : [collection] [element] | provenance |  |
+| app.rb:103:13:103:70 | call to select : [collection] [element] | app.rb:205:21:205:31 | call to user_params : [collection] [element] | provenance |  |
+| app.rb:107:13:107:32 | call to source | app.rb:183:18:183:43 | call to vulnerable_helper | provenance |  |
+| app.rb:107:13:107:32 | call to source | app.rb:183:18:183:43 | call to vulnerable_helper | provenance |  |
+| app.rb:111:13:111:33 | call to source | app.rb:190:25:190:37 | call to simple_helper | provenance |  |
+| app.rb:111:13:111:33 | call to source | app.rb:190:25:190:37 | call to simple_helper | provenance |  |
+| app.rb:118:17:118:43 | call to source | app.rb:212:23:212:39 | call to authenticate_user | provenance |  |
+| app.rb:118:17:118:43 | call to source | app.rb:212:23:212:39 | call to authenticate_user | provenance |  |
+| app.rb:122:17:122:47 | call to source | app.rb:216:23:216:48 | call to check_permissions | provenance |  |
+| app.rb:122:17:122:47 | call to source | app.rb:216:23:216:48 | call to check_permissions | provenance |  |
+| app.rb:128:17:128:42 | call to source | app.rb:220:29:220:80 | call to validate_email | provenance |  |
+| app.rb:128:17:128:42 | call to source | app.rb:220:29:220:80 | call to validate_email | provenance |  |
+| app.rb:134:17:134:42 | call to source | app.rb:225:28:225:39 | call to debug_helper | provenance |  |
+| app.rb:134:17:134:42 | call to source | app.rb:225:28:225:39 | call to debug_helper | provenance |  |
+| app.rb:140:17:140:37 | call to source | app.rb:230:25:230:37 | call to rescue_helper | provenance |  |
+| app.rb:140:17:140:37 | call to source | app.rb:230:25:230:37 | call to rescue_helper | provenance |  |
+| app.rb:150:17:150:35 | call to source | app.rb:235:27:235:37 | call to test_helper | provenance |  |
+| app.rb:150:17:150:35 | call to source | app.rb:235:27:235:37 | call to test_helper | provenance |  |
+| app.rb:166:9:166:15 | user_id | app.rb:173:14:173:20 | user_id | provenance |  |
+| app.rb:166:19:166:24 | call to params | app.rb:166:19:166:34 | ...[...] | provenance |  |
+| app.rb:166:19:166:34 | ...[...] | app.rb:166:9:166:15 | user_id | provenance |  |
+| app.rb:167:9:167:16 | route_id | app.rb:174:14:174:21 | route_id | provenance |  |
+| app.rb:167:20:167:40 | call to route_param | app.rb:167:9:167:16 | route_id | provenance |  |
+| app.rb:168:9:168:12 | auth | app.rb:175:14:175:17 | auth | provenance |  |
+| app.rb:168:16:168:22 | call to headers | app.rb:168:16:168:38 | ...[...] | provenance |  |
+| app.rb:168:16:168:38 | ...[...] | app.rb:168:9:168:12 | auth | provenance |  |
+| app.rb:169:9:169:15 | session | app.rb:176:14:176:20 | session | provenance |  |
+| app.rb:169:19:169:25 | call to cookies | app.rb:169:19:169:38 | ...[...] | provenance |  |
+| app.rb:169:19:169:38 | ...[...] | app.rb:169:9:169:15 | session | provenance |  |
+| app.rb:183:9:183:14 | result | app.rb:184:14:184:19 | result | provenance |  |
+| app.rb:183:9:183:14 | result | app.rb:184:14:184:19 | result | provenance |  |
+| app.rb:183:18:183:43 | call to vulnerable_helper | app.rb:183:9:183:14 | result | provenance |  |
+| app.rb:183:18:183:43 | call to vulnerable_helper | app.rb:183:9:183:14 | result | provenance |  |
+| app.rb:189:9:189:17 | user_data | app.rb:191:14:191:22 | user_data | provenance |  |
+| app.rb:189:9:189:17 | user_data : [collection] [element] | app.rb:191:14:191:22 | user_data | provenance |  |
+| app.rb:189:21:189:31 | call to user_params | app.rb:189:9:189:17 | user_data | provenance |  |
+| app.rb:189:21:189:31 | call to user_params : [collection] [element] | app.rb:189:9:189:17 | user_data : [collection] [element] | provenance |  |
+| app.rb:190:9:190:21 | simple_result | app.rb:192:14:192:26 | simple_result | provenance |  |
+| app.rb:190:9:190:21 | simple_result | app.rb:192:14:192:26 | simple_result | provenance |  |
+| app.rb:190:25:190:37 | call to simple_helper | app.rb:190:9:190:21 | simple_result | provenance |  |
+| app.rb:190:25:190:37 | call to simple_helper | app.rb:190:9:190:21 | simple_result | provenance |  |
+| app.rb:199:13:199:19 | user_id | app.rb:200:18:200:24 | user_id | provenance |  |
+| app.rb:199:23:199:28 | call to params | app.rb:199:23:199:33 | ...[...] | provenance |  |
+| app.rb:199:23:199:33 | ...[...] | app.rb:199:13:199:19 | user_id | provenance |  |
+| app.rb:205:9:205:17 | user_data | app.rb:206:14:206:22 | user_data | provenance |  |
+| app.rb:205:9:205:17 | user_data : [collection] [element] | app.rb:206:14:206:22 | user_data | provenance |  |
+| app.rb:205:21:205:31 | call to user_params | app.rb:205:9:205:17 | user_data | provenance |  |
+| app.rb:205:21:205:31 | call to user_params : [collection] [element] | app.rb:205:9:205:17 | user_data : [collection] [element] | provenance |  |
+| app.rb:212:9:212:19 | auth_result | app.rb:213:14:213:24 | auth_result | provenance |  |
+| app.rb:212:9:212:19 | auth_result | app.rb:213:14:213:24 | auth_result | provenance |  |
+| app.rb:212:23:212:39 | call to authenticate_user | app.rb:212:9:212:19 | auth_result | provenance |  |
+| app.rb:212:23:212:39 | call to authenticate_user | app.rb:212:9:212:19 | auth_result | provenance |  |
+| app.rb:216:9:216:19 | perm_result | app.rb:217:14:217:24 | perm_result | provenance |  |
+| app.rb:216:9:216:19 | perm_result | app.rb:217:14:217:24 | perm_result | provenance |  |
+| app.rb:216:23:216:48 | call to check_permissions | app.rb:216:9:216:19 | perm_result | provenance |  |
+| app.rb:216:23:216:48 | call to check_permissions | app.rb:216:9:216:19 | perm_result | provenance |  |
+| app.rb:220:9:220:25 | validation_result | app.rb:221:14:221:30 | validation_result | provenance |  |
+| app.rb:220:9:220:25 | validation_result | app.rb:221:14:221:30 | validation_result | provenance |  |
+| app.rb:220:29:220:80 | call to validate_email | app.rb:220:9:220:25 | validation_result | provenance |  |
+| app.rb:220:29:220:80 | call to validate_email | app.rb:220:9:220:25 | validation_result | provenance |  |
+| app.rb:225:13:225:24 | debug_result | app.rb:226:18:226:29 | debug_result | provenance |  |
+| app.rb:225:13:225:24 | debug_result | app.rb:226:18:226:29 | debug_result | provenance |  |
+| app.rb:225:28:225:39 | call to debug_helper | app.rb:225:13:225:24 | debug_result | provenance |  |
+| app.rb:225:28:225:39 | call to debug_helper | app.rb:225:13:225:24 | debug_result | provenance |  |
+| app.rb:230:9:230:21 | rescue_result | app.rb:231:14:231:26 | rescue_result | provenance |  |
+| app.rb:230:9:230:21 | rescue_result | app.rb:231:14:231:26 | rescue_result | provenance |  |
+| app.rb:230:25:230:37 | call to rescue_helper | app.rb:230:9:230:21 | rescue_result | provenance |  |
+| app.rb:230:25:230:37 | call to rescue_helper | app.rb:230:9:230:21 | rescue_result | provenance |  |
+| app.rb:235:13:235:23 | case_result | app.rb:236:18:236:28 | case_result | provenance |  |
+| app.rb:235:13:235:23 | case_result | app.rb:236:18:236:28 | case_result | provenance |  |
+| app.rb:235:27:235:37 | call to test_helper | app.rb:235:13:235:23 | case_result | provenance |  |
+| app.rb:235:27:235:37 | call to test_helper | app.rb:235:13:235:23 | case_result | provenance |  |
 nodes
 | app.rb:103:13:103:18 | call to params | semmle.label | call to params |
 | app.rb:103:13:103:70 | call to select | semmle.label | call to select |
@@ -48,58 +84,118 @@ nodes
 | app.rb:107:13:107:32 | call to source | semmle.label | call to source |
 | app.rb:111:13:111:33 | call to source | semmle.label | call to source |
 | app.rb:111:13:111:33 | call to source | semmle.label | call to source |
-| app.rb:126:9:126:15 | user_id | semmle.label | user_id |
-| app.rb:126:19:126:24 | call to params | semmle.label | call to params |
-| app.rb:126:19:126:34 | ...[...] | semmle.label | ...[...] |
-| app.rb:127:9:127:16 | route_id | semmle.label | route_id |
-| app.rb:127:20:127:40 | call to route_param | semmle.label | call to route_param |
-| app.rb:128:9:128:12 | auth | semmle.label | auth |
-| app.rb:128:16:128:22 | call to headers | semmle.label | call to headers |
-| app.rb:128:16:128:38 | ...[...] | semmle.label | ...[...] |
-| app.rb:129:9:129:15 | session | semmle.label | session |
-| app.rb:129:19:129:25 | call to cookies | semmle.label | call to cookies |
-| app.rb:129:19:129:38 | ...[...] | semmle.label | ...[...] |
-| app.rb:133:14:133:20 | user_id | semmle.label | user_id |
-| app.rb:134:14:134:21 | route_id | semmle.label | route_id |
-| app.rb:135:14:135:17 | auth | semmle.label | auth |
-| app.rb:136:14:136:20 | session | semmle.label | session |
-| app.rb:143:9:143:14 | result | semmle.label | result |
-| app.rb:143:9:143:14 | result | semmle.label | result |
-| app.rb:143:18:143:43 | call to vulnerable_helper | semmle.label | call to vulnerable_helper |
-| app.rb:143:18:143:43 | call to vulnerable_helper | semmle.label | call to vulnerable_helper |
-| app.rb:144:14:144:19 | result | semmle.label | result |
-| app.rb:144:14:144:19 | result | semmle.label | result |
-| app.rb:149:9:149:17 | user_data | semmle.label | user_data |
-| app.rb:149:9:149:17 | user_data : [collection] [element] | semmle.label | user_data : [collection] [element] |
-| app.rb:149:21:149:31 | call to user_params | semmle.label | call to user_params |
-| app.rb:149:21:149:31 | call to user_params : [collection] [element] | semmle.label | call to user_params : [collection] [element] |
-| app.rb:150:9:150:21 | simple_result | semmle.label | simple_result |
-| app.rb:150:9:150:21 | simple_result | semmle.label | simple_result |
-| app.rb:150:25:150:37 | call to simple_helper | semmle.label | call to simple_helper |
-| app.rb:150:25:150:37 | call to simple_helper | semmle.label | call to simple_helper |
-| app.rb:151:14:151:22 | user_data | semmle.label | user_data |
-| app.rb:152:14:152:26 | simple_result | semmle.label | simple_result |
-| app.rb:152:14:152:26 | simple_result | semmle.label | simple_result |
-| app.rb:159:13:159:19 | user_id | semmle.label | user_id |
-| app.rb:159:23:159:28 | call to params | semmle.label | call to params |
-| app.rb:159:23:159:33 | ...[...] | semmle.label | ...[...] |
-| app.rb:160:18:160:24 | user_id | semmle.label | user_id |
-| app.rb:165:9:165:17 | user_data | semmle.label | user_data |
-| app.rb:165:9:165:17 | user_data : [collection] [element] | semmle.label | user_data : [collection] [element] |
-| app.rb:165:21:165:31 | call to user_params | semmle.label | call to user_params |
-| app.rb:165:21:165:31 | call to user_params : [collection] [element] | semmle.label | call to user_params : [collection] [element] |
-| app.rb:166:14:166:22 | user_data | semmle.label | user_data |
+| app.rb:118:17:118:43 | call to source | semmle.label | call to source |
+| app.rb:118:17:118:43 | call to source | semmle.label | call to source |
+| app.rb:122:17:122:47 | call to source | semmle.label | call to source |
+| app.rb:122:17:122:47 | call to source | semmle.label | call to source |
+| app.rb:128:17:128:42 | call to source | semmle.label | call to source |
+| app.rb:128:17:128:42 | call to source | semmle.label | call to source |
+| app.rb:134:17:134:42 | call to source | semmle.label | call to source |
+| app.rb:134:17:134:42 | call to source | semmle.label | call to source |
+| app.rb:140:17:140:37 | call to source | semmle.label | call to source |
+| app.rb:140:17:140:37 | call to source | semmle.label | call to source |
+| app.rb:150:17:150:35 | call to source | semmle.label | call to source |
+| app.rb:150:17:150:35 | call to source | semmle.label | call to source |
+| app.rb:166:9:166:15 | user_id | semmle.label | user_id |
+| app.rb:166:19:166:24 | call to params | semmle.label | call to params |
+| app.rb:166:19:166:34 | ...[...] | semmle.label | ...[...] |
+| app.rb:167:9:167:16 | route_id | semmle.label | route_id |
+| app.rb:167:20:167:40 | call to route_param | semmle.label | call to route_param |
+| app.rb:168:9:168:12 | auth | semmle.label | auth |
+| app.rb:168:16:168:22 | call to headers | semmle.label | call to headers |
+| app.rb:168:16:168:38 | ...[...] | semmle.label | ...[...] |
+| app.rb:169:9:169:15 | session | semmle.label | session |
+| app.rb:169:19:169:25 | call to cookies | semmle.label | call to cookies |
+| app.rb:169:19:169:38 | ...[...] | semmle.label | ...[...] |
+| app.rb:173:14:173:20 | user_id | semmle.label | user_id |
+| app.rb:174:14:174:21 | route_id | semmle.label | route_id |
+| app.rb:175:14:175:17 | auth | semmle.label | auth |
+| app.rb:176:14:176:20 | session | semmle.label | session |
+| app.rb:183:9:183:14 | result | semmle.label | result |
+| app.rb:183:9:183:14 | result | semmle.label | result |
+| app.rb:183:18:183:43 | call to vulnerable_helper | semmle.label | call to vulnerable_helper |
+| app.rb:183:18:183:43 | call to vulnerable_helper | semmle.label | call to vulnerable_helper |
+| app.rb:184:14:184:19 | result | semmle.label | result |
+| app.rb:184:14:184:19 | result | semmle.label | result |
+| app.rb:189:9:189:17 | user_data | semmle.label | user_data |
+| app.rb:189:9:189:17 | user_data : [collection] [element] | semmle.label | user_data : [collection] [element] |
+| app.rb:189:21:189:31 | call to user_params | semmle.label | call to user_params |
+| app.rb:189:21:189:31 | call to user_params : [collection] [element] | semmle.label | call to user_params : [collection] [element] |
+| app.rb:190:9:190:21 | simple_result | semmle.label | simple_result |
+| app.rb:190:9:190:21 | simple_result | semmle.label | simple_result |
+| app.rb:190:25:190:37 | call to simple_helper | semmle.label | call to simple_helper |
+| app.rb:190:25:190:37 | call to simple_helper | semmle.label | call to simple_helper |
+| app.rb:191:14:191:22 | user_data | semmle.label | user_data |
+| app.rb:192:14:192:26 | simple_result | semmle.label | simple_result |
+| app.rb:192:14:192:26 | simple_result | semmle.label | simple_result |
+| app.rb:199:13:199:19 | user_id | semmle.label | user_id |
+| app.rb:199:23:199:28 | call to params | semmle.label | call to params |
+| app.rb:199:23:199:33 | ...[...] | semmle.label | ...[...] |
+| app.rb:200:18:200:24 | user_id | semmle.label | user_id |
+| app.rb:205:9:205:17 | user_data | semmle.label | user_data |
+| app.rb:205:9:205:17 | user_data : [collection] [element] | semmle.label | user_data : [collection] [element] |
+| app.rb:205:21:205:31 | call to user_params | semmle.label | call to user_params |
+| app.rb:205:21:205:31 | call to user_params : [collection] [element] | semmle.label | call to user_params : [collection] [element] |
+| app.rb:206:14:206:22 | user_data | semmle.label | user_data |
+| app.rb:212:9:212:19 | auth_result | semmle.label | auth_result |
+| app.rb:212:9:212:19 | auth_result | semmle.label | auth_result |
+| app.rb:212:23:212:39 | call to authenticate_user | semmle.label | call to authenticate_user |
+| app.rb:212:23:212:39 | call to authenticate_user | semmle.label | call to authenticate_user |
+| app.rb:213:14:213:24 | auth_result | semmle.label | auth_result |
+| app.rb:213:14:213:24 | auth_result | semmle.label | auth_result |
+| app.rb:216:9:216:19 | perm_result | semmle.label | perm_result |
+| app.rb:216:9:216:19 | perm_result | semmle.label | perm_result |
+| app.rb:216:23:216:48 | call to check_permissions | semmle.label | call to check_permissions |
+| app.rb:216:23:216:48 | call to check_permissions | semmle.label | call to check_permissions |
+| app.rb:217:14:217:24 | perm_result | semmle.label | perm_result |
+| app.rb:217:14:217:24 | perm_result | semmle.label | perm_result |
+| app.rb:220:9:220:25 | validation_result | semmle.label | validation_result |
+| app.rb:220:9:220:25 | validation_result | semmle.label | validation_result |
+| app.rb:220:29:220:80 | call to validate_email | semmle.label | call to validate_email |
+| app.rb:220:29:220:80 | call to validate_email | semmle.label | call to validate_email |
+| app.rb:221:14:221:30 | validation_result | semmle.label | validation_result |
+| app.rb:221:14:221:30 | validation_result | semmle.label | validation_result |
+| app.rb:225:13:225:24 | debug_result | semmle.label | debug_result |
+| app.rb:225:13:225:24 | debug_result | semmle.label | debug_result |
+| app.rb:225:28:225:39 | call to debug_helper | semmle.label | call to debug_helper |
+| app.rb:225:28:225:39 | call to debug_helper | semmle.label | call to debug_helper |
+| app.rb:226:18:226:29 | debug_result | semmle.label | debug_result |
+| app.rb:226:18:226:29 | debug_result | semmle.label | debug_result |
+| app.rb:230:9:230:21 | rescue_result | semmle.label | rescue_result |
+| app.rb:230:9:230:21 | rescue_result | semmle.label | rescue_result |
+| app.rb:230:25:230:37 | call to rescue_helper | semmle.label | call to rescue_helper |
+| app.rb:230:25:230:37 | call to rescue_helper | semmle.label | call to rescue_helper |
+| app.rb:231:14:231:26 | rescue_result | semmle.label | rescue_result |
+| app.rb:231:14:231:26 | rescue_result | semmle.label | rescue_result |
+| app.rb:235:13:235:23 | case_result | semmle.label | case_result |
+| app.rb:235:13:235:23 | case_result | semmle.label | case_result |
+| app.rb:235:27:235:37 | call to test_helper | semmle.label | call to test_helper |
+| app.rb:235:27:235:37 | call to test_helper | semmle.label | call to test_helper |
+| app.rb:236:18:236:28 | case_result | semmle.label | case_result |
+| app.rb:236:18:236:28 | case_result | semmle.label | case_result |
 subpaths
 testFailures
 #select
-| app.rb:133:14:133:20 | user_id | app.rb:126:19:126:24 | call to params | app.rb:133:14:133:20 | user_id | $@ | app.rb:126:19:126:24 | call to params | call to params |
-| app.rb:134:14:134:21 | route_id | app.rb:127:20:127:40 | call to route_param | app.rb:134:14:134:21 | route_id | $@ | app.rb:127:20:127:40 | call to route_param | call to route_param |
-| app.rb:135:14:135:17 | auth | app.rb:128:16:128:22 | call to headers | app.rb:135:14:135:17 | auth | $@ | app.rb:128:16:128:22 | call to headers | call to headers |
-| app.rb:136:14:136:20 | session | app.rb:129:19:129:25 | call to cookies | app.rb:136:14:136:20 | session | $@ | app.rb:129:19:129:25 | call to cookies | call to cookies |
-| app.rb:144:14:144:19 | result | app.rb:107:13:107:32 | call to source | app.rb:144:14:144:19 | result | $@ | app.rb:107:13:107:32 | call to source | call to source |
-| app.rb:144:14:144:19 | result | app.rb:107:13:107:32 | call to source | app.rb:144:14:144:19 | result | $@ | app.rb:107:13:107:32 | call to source | call to source |
-| app.rb:151:14:151:22 | user_data | app.rb:103:13:103:18 | call to params | app.rb:151:14:151:22 | user_data | $@ | app.rb:103:13:103:18 | call to params | call to params |
-| app.rb:152:14:152:26 | simple_result | app.rb:111:13:111:33 | call to source | app.rb:152:14:152:26 | simple_result | $@ | app.rb:111:13:111:33 | call to source | call to source |
-| app.rb:152:14:152:26 | simple_result | app.rb:111:13:111:33 | call to source | app.rb:152:14:152:26 | simple_result | $@ | app.rb:111:13:111:33 | call to source | call to source |
-| app.rb:160:18:160:24 | user_id | app.rb:159:23:159:28 | call to params | app.rb:160:18:160:24 | user_id | $@ | app.rb:159:23:159:28 | call to params | call to params |
-| app.rb:166:14:166:22 | user_data | app.rb:103:13:103:18 | call to params | app.rb:166:14:166:22 | user_data | $@ | app.rb:103:13:103:18 | call to params | call to params |
+| app.rb:173:14:173:20 | user_id | app.rb:166:19:166:24 | call to params | app.rb:173:14:173:20 | user_id | $@ | app.rb:166:19:166:24 | call to params | call to params |
+| app.rb:174:14:174:21 | route_id | app.rb:167:20:167:40 | call to route_param | app.rb:174:14:174:21 | route_id | $@ | app.rb:167:20:167:40 | call to route_param | call to route_param |
+| app.rb:175:14:175:17 | auth | app.rb:168:16:168:22 | call to headers | app.rb:175:14:175:17 | auth | $@ | app.rb:168:16:168:22 | call to headers | call to headers |
+| app.rb:176:14:176:20 | session | app.rb:169:19:169:25 | call to cookies | app.rb:176:14:176:20 | session | $@ | app.rb:169:19:169:25 | call to cookies | call to cookies |
+| app.rb:184:14:184:19 | result | app.rb:107:13:107:32 | call to source | app.rb:184:14:184:19 | result | $@ | app.rb:107:13:107:32 | call to source | call to source |
+| app.rb:184:14:184:19 | result | app.rb:107:13:107:32 | call to source | app.rb:184:14:184:19 | result | $@ | app.rb:107:13:107:32 | call to source | call to source |
+| app.rb:191:14:191:22 | user_data | app.rb:103:13:103:18 | call to params | app.rb:191:14:191:22 | user_data | $@ | app.rb:103:13:103:18 | call to params | call to params |
+| app.rb:192:14:192:26 | simple_result | app.rb:111:13:111:33 | call to source | app.rb:192:14:192:26 | simple_result | $@ | app.rb:111:13:111:33 | call to source | call to source |
+| app.rb:192:14:192:26 | simple_result | app.rb:111:13:111:33 | call to source | app.rb:192:14:192:26 | simple_result | $@ | app.rb:111:13:111:33 | call to source | call to source |
+| app.rb:200:18:200:24 | user_id | app.rb:199:23:199:28 | call to params | app.rb:200:18:200:24 | user_id | $@ | app.rb:199:23:199:28 | call to params | call to params |
+| app.rb:206:14:206:22 | user_data | app.rb:103:13:103:18 | call to params | app.rb:206:14:206:22 | user_data | $@ | app.rb:103:13:103:18 | call to params | call to params |
+| app.rb:213:14:213:24 | auth_result | app.rb:118:17:118:43 | call to source | app.rb:213:14:213:24 | auth_result | $@ | app.rb:118:17:118:43 | call to source | call to source |
+| app.rb:213:14:213:24 | auth_result | app.rb:118:17:118:43 | call to source | app.rb:213:14:213:24 | auth_result | $@ | app.rb:118:17:118:43 | call to source | call to source |
+| app.rb:217:14:217:24 | perm_result | app.rb:122:17:122:47 | call to source | app.rb:217:14:217:24 | perm_result | $@ | app.rb:122:17:122:47 | call to source | call to source |
+| app.rb:217:14:217:24 | perm_result | app.rb:122:17:122:47 | call to source | app.rb:217:14:217:24 | perm_result | $@ | app.rb:122:17:122:47 | call to source | call to source |
+| app.rb:221:14:221:30 | validation_result | app.rb:128:17:128:42 | call to source | app.rb:221:14:221:30 | validation_result | $@ | app.rb:128:17:128:42 | call to source | call to source |
+| app.rb:221:14:221:30 | validation_result | app.rb:128:17:128:42 | call to source | app.rb:221:14:221:30 | validation_result | $@ | app.rb:128:17:128:42 | call to source | call to source |
+| app.rb:226:18:226:29 | debug_result | app.rb:134:17:134:42 | call to source | app.rb:226:18:226:29 | debug_result | $@ | app.rb:134:17:134:42 | call to source | call to source |
+| app.rb:226:18:226:29 | debug_result | app.rb:134:17:134:42 | call to source | app.rb:226:18:226:29 | debug_result | $@ | app.rb:134:17:134:42 | call to source | call to source |
+| app.rb:231:14:231:26 | rescue_result | app.rb:140:17:140:37 | call to source | app.rb:231:14:231:26 | rescue_result | $@ | app.rb:140:17:140:37 | call to source | call to source |
+| app.rb:231:14:231:26 | rescue_result | app.rb:140:17:140:37 | call to source | app.rb:231:14:231:26 | rescue_result | $@ | app.rb:140:17:140:37 | call to source | call to source |
+| app.rb:236:18:236:28 | case_result | app.rb:150:17:150:35 | call to source | app.rb:236:18:236:28 | case_result | $@ | app.rb:150:17:150:35 | call to source | call to source |
+| app.rb:236:18:236:28 | case_result | app.rb:150:17:150:35 | call to source | app.rb:236:18:236:28 | case_result | $@ | app.rb:150:17:150:35 | call to source | call to source |
diff --git a/ruby/ql/test/library-tests/frameworks/grape/Grape.expected b/ruby/ql/test/library-tests/frameworks/grape/Grape.expected
index d39d9430f92..7088eeb9018 100644
--- a/ruby/ql/test/library-tests/frameworks/grape/Grape.expected
+++ b/ruby/ql/test/library-tests/frameworks/grape/Grape.expected
@@ -1,7 +1,7 @@
 grapeApiClasses
 | app.rb:1:1:90:3 | MyAPI |
 | app.rb:92:1:96:3 | AdminAPI |
-| app.rb:98:1:168:3 | UserAPI |
+| app.rb:98:1:239:3 | UserAPI |
 grapeEndpoints
 | app.rb:1:1:90:3 | MyAPI | app.rb:7:3:11:5 | call to get | GET | /hello/:name |
 | app.rb:1:1:90:3 | MyAPI | app.rb:17:3:20:5 | call to post | POST | /messages |
@@ -14,10 +14,11 @@ grapeEndpoints
 | app.rb:1:1:90:3 | MyAPI | app.rb:78:3:82:5 | call to get | GET | /cookie_test |
 | app.rb:1:1:90:3 | MyAPI | app.rb:85:3:89:5 | call to get | GET | /header_test |
 | app.rb:92:1:96:3 | AdminAPI | app.rb:93:3:95:5 | call to get | GET | /admin |
-| app.rb:98:1:168:3 | UserAPI | app.rb:124:5:138:7 | call to get | GET | /comprehensive_test/:user_id |
-| app.rb:98:1:168:3 | UserAPI | app.rb:140:5:145:7 | call to get | GET | /helper_test/:user_id |
-| app.rb:98:1:168:3 | UserAPI | app.rb:147:5:153:7 | call to post | POST | /users |
-| app.rb:98:1:168:3 | UserAPI | app.rb:164:5:167:7 | call to post | POST | /users |
+| app.rb:98:1:239:3 | UserAPI | app.rb:164:5:178:7 | call to get | GET | /comprehensive_test/:user_id |
+| app.rb:98:1:239:3 | UserAPI | app.rb:180:5:185:7 | call to get | GET | /helper_test/:user_id |
+| app.rb:98:1:239:3 | UserAPI | app.rb:187:5:193:7 | call to post | POST | /users |
+| app.rb:98:1:239:3 | UserAPI | app.rb:204:5:207:7 | call to post | POST | /users |
+| app.rb:98:1:239:3 | UserAPI | app.rb:210:5:238:7 | call to get | GET | /nested_test/:token |
 grapeParams
 | app.rb:8:12:8:17 | call to params |
 | app.rb:14:3:16:5 | call to params |
@@ -28,29 +29,30 @@ grapeParams
 | app.rb:60:12:60:17 | call to params |
 | app.rb:94:5:94:10 | call to params |
 | app.rb:103:13:103:18 | call to params |
-| app.rb:126:19:126:24 | call to params |
-| app.rb:142:19:142:24 | call to params |
-| app.rb:159:23:159:28 | call to params |
+| app.rb:117:25:117:30 | call to params |
+| app.rb:166:19:166:24 | call to params |
+| app.rb:182:19:182:24 | call to params |
+| app.rb:199:23:199:28 | call to params |
 grapeHeaders
 | app.rb:9:18:9:24 | call to headers |
 | app.rb:46:5:46:11 | call to headers |
 | app.rb:66:3:69:5 | call to headers |
 | app.rb:86:12:86:18 | call to headers |
 | app.rb:87:14:87:20 | call to headers |
-| app.rb:116:5:118:7 | call to headers |
-| app.rb:128:16:128:22 | call to headers |
+| app.rb:156:5:158:7 | call to headers |
+| app.rb:168:16:168:22 | call to headers |
 grapeRequest
 | app.rb:25:12:25:18 | call to request |
-| app.rb:130:21:130:27 | call to request |
+| app.rb:170:21:170:27 | call to request |
 grapeRouteParam
 | app.rb:51:15:51:35 | call to route_param |
 | app.rb:52:15:52:36 | call to route_param |
 | app.rb:57:3:63:5 | call to route_param |
-| app.rb:127:20:127:40 | call to route_param |
-| app.rb:156:5:162:7 | call to route_param |
+| app.rb:167:20:167:40 | call to route_param |
+| app.rb:196:5:202:7 | call to route_param |
 grapeCookies
 | app.rb:72:3:75:5 | call to cookies |
 | app.rb:79:15:79:21 | call to cookies |
 | app.rb:80:16:80:22 | call to cookies |
-| app.rb:120:5:122:7 | call to cookies |
-| app.rb:129:19:129:25 | call to cookies |
+| app.rb:160:5:162:7 | call to cookies |
+| app.rb:169:19:169:25 | call to cookies |
diff --git a/ruby/ql/test/library-tests/frameworks/grape/app.rb b/ruby/ql/test/library-tests/frameworks/grape/app.rb
index 81f46482687..1b1fd15d5d8 100644
--- a/ruby/ql/test/library-tests/frameworks/grape/app.rb
+++ b/ruby/ql/test/library-tests/frameworks/grape/app.rb
@@ -110,6 +110,46 @@ class UserAPI < Grape::API
         def simple_helper
             source "simpleHelper" # Test simple helper return
         end
+
+        # Nested helper scenarios that require getParent+()
+        module AuthHelpers
+            def authenticate_user
+                token = params[:token]
+                source "nestedModuleHelper" # Test nested module helper
+            end
+
+            def check_permissions(resource)
+                source "nestedPermissionHelper" # Test nested module helper with params
+            end
+        end
+
+        class ValidationHelpers
+            def self.validate_email(email)
+                source "nestedClassHelper" # Test nested class helper
+            end
+        end
+
+        if Rails.env.development?
+            def debug_helper
+                source "conditionalHelper" # Test helper inside conditional block
+            end
+        end
+
+        begin
+            def rescue_helper
+                source "rescueHelper" # Test helper inside begin block
+            end
+        rescue
+            # error handling
+        end
+
+        # Helper inside a case statement
+        case ENV['RACK_ENV']
+        when 'test'
+            def test_helper
+                source "caseHelper" # Test helper inside case block
+            end
+        end
     end
 
     # Headers and cookies blocks for DSL testing
@@ -165,4 +205,35 @@ class UserAPI < Grape::API
         user_data = user_params
         sink user_data # $ hasTaintFlow
     end
+
+    # Test nested helper methods
+    get '/nested_test/:token' do
+        # Test nested module helper
+        auth_result = authenticate_user
+        sink auth_result # $ hasValueFlow=nestedModuleHelper
+
+        # Test nested module helper with parameters
+        perm_result = check_permissions("admin")
+        sink perm_result # $ hasValueFlow=nestedPermissionHelper
+
+        # Test nested class helper
+        validation_result = ValidationHelpers.validate_email("test@example.com")
+        sink validation_result # $ hasValueFlow=nestedClassHelper
+
+        # Test conditional helper (if it exists)
+        if respond_to?(:debug_helper)
+            debug_result = debug_helper
+            sink debug_result # $ hasValueFlow=conditionalHelper
+        end
+
+        # Test rescue helper
+        rescue_result = rescue_helper
+        sink rescue_result # $ hasValueFlow=rescueHelper
+
+        # Test case helper (if it exists)
+        if respond_to?(:test_helper)
+            case_result = test_helper
+            sink case_result # $ hasValueFlow=caseHelper
+        end
+    end
 end