Merge pull request #13612 from asgerf/rb/api-graph-explicit-proc-lambda

Ruby: Improve support for explicit proc-creation
2026-04-28 10:15:14 +02:00 · 2023-07-14 13:02:44 +02:00
parent 1c8297b91b 18762db0fb
commit 31bed36231
4 changed files with 31 additions and 1 deletions
--- a/ruby/ql/lib/codeql/ruby/ApiGraphs.qll
+++ b/ruby/ql/lib/codeql/ruby/ApiGraphs.qll
@@ -978,6 +978,12 @@ module API {
        pred = Impl::MkModuleInstanceUp(mod) and
        succ = getBackwardEndNode(mod.getOwnInstanceMethod("call"))
      )
+      or
+      // Step through callable wrappers like `proc` and `lambda` calls.
+      exists(DataFlow::Node node |
+        pred = getBackwardEndNode(node) and
+        succ = getBackwardStartNode(node.asCallable())
+      )
    }

    pragma[nomagic]
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll
@@ -1333,11 +1333,20 @@ predicate lambdaCreation(Node creation, LambdaCallKind kind, DataFlowCallable c)
    creation.asExpr() =
      any(CfgNodes::ExprNodes::MethodCallCfgNode mc |
        c.asCallable() = mc.getBlock().getExpr() and
-        mc.getExpr().getMethodName() = ["lambda", "proc"]
+        isProcCreationCall(mc.getExpr())
      )
  )
 }

+/** Holds if `call` is a call to `lambda`, `proc`, or `Proc.new` */
+pragma[nomagic]
+private predicate isProcCreationCall(MethodCall call) {
+  call.getMethodName() = ["proc", "lambda"]
+  or
+  call.getMethodName() = "new" and
+  call.getReceiver().(ConstantReadAccess).getAQualifiedName() = "Proc"
+}
+
 /**
 * Holds if `call` is a from-source lambda call of kind `kind` where `receiver`
 * is the lambda expression.
--- a/ruby/ql/src/change-notes/2023-06-29-api-graph-explicit-proc-lambda.md
+++ b/ruby/ql/src/change-notes/2023-06-29-api-graph-explicit-proc-lambda.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Improved resolution of calls performed on an object created with `Proc.new`.
--- a/ruby/ql/test/library-tests/dataflow/api-graphs/explicit-proc.rb
+++ b/ruby/ql/test/library-tests/dataflow/api-graphs/explicit-proc.rb
@@ -0,0 +1,11 @@
+Foo.bar proc { |x|
+    x # $ reachableFromSource=Member[Foo].Method[bar].Argument[0].Parameter[0]
+}
+
+Foo.bar lambda { |x|
+    x # $ reachableFromSource=Member[Foo].Method[bar].Argument[0].Parameter[0]
+}
+
+Foo.bar Proc.new { |x|
+    x # $ reachableFromSource=Member[Foo].Method[bar].Argument[0].Parameter[0]
+}