From 4e4ee32dbcfbf65cc298bdf2184e91cc56579f52 Mon Sep 17 00:00:00 2001
From: Tom Hvitved <hvitved@github.com>
Date: Thu, 24 Nov 2022 10:48:29 +0100
Subject: [PATCH] Data flow: Join on one more column in `flowThroughIntoCall`

---
 .../codeql/ruby/dataflow/internal/DataFlowImpl.qll    | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll
index a52ad110662..bfdb6c9c9a3 100644
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll
@@ -1502,10 +1502,13 @@ private module MkStage<StageSig PrevStage> {
     private predicate flowThroughIntoCall(
       DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
     ) {
-      flowIntoCall(call, pragma[only_bind_into](arg), pragma[only_bind_into](p), allowsFieldFlow,
-        pragma[only_bind_into](config)) and
-      fwdFlow(arg, _, _, _, _, _, pragma[only_bind_into](config)) and
-      returnFlowsThrough(_, _, _, _, p.asNode(), _, _, pragma[only_bind_into](config))
+      exists(Ap argAp |
+        flowIntoCall(call, pragma[only_bind_into](arg), pragma[only_bind_into](p), allowsFieldFlow,
+          pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p.asNode(), pragma[only_bind_into](argAp), _,
+          pragma[only_bind_into](config))
+      )
     }
 
     /**