Merge pull request #7151 from github/ruby/methodcallnode

Ruby: add `getMethodName` predicate to `DataFlow::CallNode` class
2025-12-17 01:03:14 +01:00 · 2021-11-17 14:40:07 +00:00
parent 22ebe68b1b c8cdbfa352
commit 08b6a17097
4 changed files with 7 additions and 8 deletions
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll
@@ -58,6 +58,9 @@ class CallNode extends LocalSourceNode {

  /** Gets the data-flow node corresponding to the named argument of the call corresponding to this data-flow node */
  Node getKeywordArgument(string name) { result.asExpr() = node.getKeywordArgument(name) }
+
+  /** Gets the name of the the method called by the method call (if any) corresponding to this data-flow node */
+  string getMethodName() { result = node.getExpr().(MethodCall).getMethodName() }
 }

 /**
--- a/ruby/ql/lib/codeql/ruby/frameworks/ActiveStorage.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/ActiveStorage.qll
@@ -9,7 +9,7 @@ class ActiveStorageFilenameSanitizedCall extends Path::PathSanitization::Range,
  ActiveStorageFilenameSanitizedCall() {
    this.getReceiver() =
      API::getTopLevelMember("ActiveStorage").getMember("Filename").getAnInstantiation() and
-    this.asExpr().getExpr().(MethodCall).getMethodName() = "sanitized"
+    this.getMethodName() = "sanitized"
  }
 }

--- a/ruby/ql/lib/codeql/ruby/frameworks/Files.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Files.qll
@@ -127,8 +127,7 @@ module IO {
      api = "IO" and
      exists(IOInstanceStrict ii |
        this.getReceiver() = ii and
-        this.asExpr().getExpr().(MethodCall).getMethodName() =
-          ioFileReaderMethodName(classMethodCall)
+        this.getMethodName() = ioFileReaderMethodName(classMethodCall)
      )
      or
      // File instance methods
@@ -136,8 +135,7 @@ module IO {
      api = "File" and
      exists(File::FileInstance fi |
        this.getReceiver() = fi and
-        this.asExpr().getExpr().(MethodCall).getMethodName() =
-          ioFileReaderMethodName(classMethodCall)
+        this.getMethodName() = ioFileReaderMethodName(classMethodCall)
      )
      // TODO: enumeration style methods such as `each`, `foreach`, etc.
    }
@@ -232,7 +230,7 @@ module File {
      // Instance methods
      exists(FileInstance fi |
        this.getReceiver() = fi and
-        this.asExpr().getExpr().(MethodCall).getMethodName() = ["path", "to_path"]
+        this.getMethodName() = ["path", "to_path"]
      )
    }
  }
--- a/ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll
@@ -26,8 +26,6 @@ class KernelMethodCall extends DataFlow::CallNode {
    )
  }

-  string getMethodName() { result = methodCall.getMethodName() }
-
  int getNumberOfArguments() { result = methodCall.getNumberOfArguments() }
 }