Ruby: Model various JSON methods

ruby/ql/lib/codeql/ruby/Frameworks.qll

@@ -24,3 +24,4 @@ private import codeql.ruby.frameworks.XmlParsing
 private import codeql.ruby.frameworks.ActionDispatch
 private import codeql.ruby.frameworks.PosixSpawn
 private import codeql.ruby.frameworks.StringFormatters
+private import codeql.ruby.frameworks.Json

ruby/ql/lib/codeql/ruby/frameworks/Json.qll

@@ -0,0 +1,22 @@
+/** Provides modelling for the `json` gem. */
+
+private import codeql.ruby.frameworks.data.ModelsAsData
+
+/** Provides modelling for the `json` gem. */
+module Json {
+  /**
+   * Flow summaries for common `JSON` methods.
+   * Not all of these methods are strictly defined in the `json` gem.
+   * The `JSON` namespace is heavily overloaded by other JSON parsing gems such as `oj`, `json_pure`, `multi_json` etc.
+   * This summary covers common methods we've seen called on `JSON` in the wild.
+   */
+  private class JsonSummary extends ModelInput::SummaryModelCsv {
+    override predicate row(string row) {
+      row =
+        [
+          "json;;Member[JSON].Method[parse,parse!,load,restore];Argument[0];ReturnValue;taint",
+          "json;;Member[JSON].Method[generate,fast_generate,dump,unparse,fast_unparse];Argument[0];ReturnValue;taint",
+        ]
+    }
+  }
+}