Merge branch 'main' into change/adjust-extracted-files-diagnostics

ruby/downgrades/f9f0f4023e433184fda76f595247bf448b782135/upgrade.properties

@@ -1,2 +1,8 @@
 description: Sync dbscheme fragments
 compatibility: full
+yaml.rel: delete
+yaml_aliases.rel: delete
+yaml_anchors.rel: delete
+yaml_errors.rel: delete
+yaml_locations.rel: delete
+yaml_scalars.rel: delete

ruby/extractor/Cargo.toml

@@ -10,7 +10,7 @@ edition = "2018"
 [dependencies]
 tree-sitter = "0.20"
 tree-sitter-embedded-template = { git = "https://github.com/tree-sitter/tree-sitter-embedded-template.git", rev = "203f7bd3c1bbfbd98fc19add4b8fcb213c059205" }
-tree-sitter-ruby = { git = "https://github.com/tree-sitter/tree-sitter-ruby.git", rev = "2edbd437ee901b8fa95861ec538e56efe3ebd127" }
+tree-sitter-ruby = { git = "https://github.com/tree-sitter/tree-sitter-ruby.git", rev = "4d9ad3f010fdc47a8433adcf9ae30c8eb8475ae7" }
 clap = { version = "4.2", features = ["derive"] }
 tracing = "0.1"
 tracing-subscriber = { version = "0.3.3", features = ["env-filter"] }

ruby/ql/consistency-queries/DataFlowConsistency.ql

@@ -43,10 +43,6 @@ private module Input implements InputSig<RubyDataFlow> {
       arg.asExpr().getASuccessor(any(SuccessorTypes::ConditionalSuccessor c)).getASuccessor*() = n and
       n.getASplit() instanceof Split::ConditionalCompletionSplit
     )
-    or
-    // Synthetic block parameter nodes are passed directly as lambda-self reference
-    // arguments to all `yield` calls
-    arg instanceof ArgumentNodes::BlockParameterArgumentNode
   }
 }
 

ruby/ql/lib/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 0.8.6
+
+### Minor Analysis Improvements
+
+* Parsing of division operators (`/`) at the end of a line has been improved. Before they were wrongly interpreted as the start of a regular expression literal (`/.../`) leading to syntax errors.
+* Parsing of `case` statements that are formatted with the value expression on a different line than the `case` keyword  has been improved and should no longer lead to syntax errors.
+* Ruby now makes use of the shared type tracking library, exposed as `codeql.ruby.typetracking.TypeTracking`. The existing type tracking library, `codeql.ruby.typetracking.TypeTracker`, has consequently been deprecated.
+
 ## 0.8.5
 
 No user-facing changes.

ruby/ql/lib/change-notes/2023-11-21-new-type-tracking-lib.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Ruby now makes use of the shared type tracking library, exposed as `codeql.ruby.typetracking.TypeTracking`. The existing type tracking library, `codeql.ruby.typetracking.TypeTracker`, has consequently been deprecated.

ruby/ql/lib/change-notes/released/0.8.6.md

@@ -0,0 +1,7 @@
+## 0.8.6
+
+### Minor Analysis Improvements
+
+* Parsing of division operators (`/`) at the end of a line has been improved. Before they were wrongly interpreted as the start of a regular expression literal (`/.../`) leading to syntax errors.
+* Parsing of `case` statements that are formatted with the value expression on a different line than the `case` keyword  has been improved and should no longer lead to syntax errors.
+* Ruby now makes use of the shared type tracking library, exposed as `codeql.ruby.typetracking.TypeTracking`. The existing type tracking library, `codeql.ruby.typetracking.TypeTracker`, has consequently been deprecated.

ruby/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.5
+lastReleaseVersion: 0.8.6

ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll

@@ -208,7 +208,9 @@ private predicate moduleFlowsToMethodCallReceiver(RelevantCall call, Module m, s
   flowsToMethodCallReceiver(call, trackModuleAccess(m), method)
 }
 
-private Block blockCall(RelevantCall call) { lambdaSourceCall(call, _, trackBlock(result)) }
+private Block blockCall(RelevantCall call) {
+  lambdaSourceCall(call, _, trackBlock(result).(DataFlow::LocalSourceNode).getALocalUse())
+}
 
 pragma[nomagic]
 private predicate superCall(RelevantCall call, Module cls, string method) {
@@ -1088,8 +1090,8 @@ private CfgScope getTargetSingleton(RelevantCall call, string method) {
 }
 
 /**
- * Holds if `ctx` targets `encl`, which is the enclosing callable of `call`, the receiver
- * of `call` is a parameter access, where the corresponding argument of `ctx` is `arg`.
+ * Holds if `ctx` targets the enclosing callable of `call`, the receiver of `call` is a
+ * parameter access, where the corresponding argument of `ctx` is `arg`.
  *
  * `name` is the name of the method being called by `call`, `source` is a
  * `LocalSourceNode` that flows to `arg`, and `paramDef` is the SSA definition for the
@@ -1098,11 +1100,11 @@ private CfgScope getTargetSingleton(RelevantCall call, string method) {
 pragma[nomagic]
 private predicate argMustFlowToReceiver(
   RelevantCall ctx, DataFlow::LocalSourceNode source, DataFlow::Node arg, RelevantCall call,
-  Callable encl, string name
+  string name
 ) {
   exists(
     ParameterNodeImpl p, SsaDefinitionExtNode paramDef, ParameterPosition ppos,
-    ArgumentPosition apos
+    ArgumentPosition apos, Callable encl
   |
     // the receiver of `call` references `p`
     exists(DataFlow::Node receiver |
@@ -1133,7 +1135,7 @@ private predicate argMustFlowToReceiver(
 }
 
 /**
- * Holds if `ctx` targets `encl`, which is the enclosing callable of `new`, and
+ * Holds if `ctx` targets the enclosing callable of `new`, and
  * the receiver of `new` is a parameter access, where the corresponding argument
  * `arg` of `ctx` has type `tp`.
  *
@@ -1141,10 +1143,10 @@ private predicate argMustFlowToReceiver(
  */
 pragma[nomagic]
 private predicate mayBenefitFromCallContextInitialize(
-  RelevantCall ctx, RelevantCall new, DataFlow::Node arg, Callable encl, Module tp, string name
+  RelevantCall ctx, RelevantCall new, DataFlow::Node arg, Module tp, string name
 ) {
   exists(DataFlow::LocalSourceNode source |
-    argMustFlowToReceiver(ctx, pragma[only_bind_into](source), arg, new, encl, "new") and
+    argMustFlowToReceiver(ctx, pragma[only_bind_into](source), arg, new, "new") and
     source = trackModuleAccess(tp) and
     name = "initialize" and
     exists(lookupMethod(tp, name))
@@ -1152,7 +1154,7 @@ private predicate mayBenefitFromCallContextInitialize(
 }
 
 /**
- * Holds if `ctx` targets `encl`, which is the enclosing callable of `call`, and
+ * Holds if `ctx` targets the enclosing callable of `call`, and
  * the receiver of `call` is a parameter access, where the corresponding argument
  * `arg` of `ctx` has type `tp`.
  *
@@ -1161,11 +1163,10 @@ private predicate mayBenefitFromCallContextInitialize(
  */
 pragma[nomagic]
 private predicate mayBenefitFromCallContextInstance(
-  RelevantCall ctx, RelevantCall call, DataFlow::Node arg, Callable encl, Module tp, boolean exact,
-  string name
+  RelevantCall ctx, RelevantCall call, DataFlow::Node arg, Module tp, boolean exact, string name
 ) {
   exists(DataFlow::LocalSourceNode source |
-    argMustFlowToReceiver(ctx, pragma[only_bind_into](source), arg, call, encl,
+    argMustFlowToReceiver(ctx, pragma[only_bind_into](source), arg, call,
       pragma[only_bind_into](name)) and
     source = trackInstance(tp, exact) and
     exists(lookupMethod(tp, pragma[only_bind_into](name)))
@@ -1173,7 +1174,7 @@ private predicate mayBenefitFromCallContextInstance(
 }
 
 /**
- * Holds if `ctx` targets `encl`, which is the enclosing callable of `call`, and
+ * Holds if `ctx` targets  the enclosing callable of `call`, and
  * the receiver of `call` is a parameter access, where the corresponding argument
  * `arg` of `ctx` is a module access targeting a module of type `tp`.
  *
@@ -1182,12 +1183,11 @@ private predicate mayBenefitFromCallContextInstance(
  */
 pragma[nomagic]
 private predicate mayBenefitFromCallContextSingleton(
-  RelevantCall ctx, RelevantCall call, DataFlow::Node arg, Callable encl, Module tp, boolean exact,
-  string name
+  RelevantCall ctx, RelevantCall call, DataFlow::Node arg, Module tp, boolean exact, string name
 ) {
   exists(DataFlow::LocalSourceNode source |
     argMustFlowToReceiver(ctx, pragma[only_bind_into](source), pragma[only_bind_into](arg), call,
-      encl, pragma[only_bind_into](name)) and
+      pragma[only_bind_into](name)) and
     exists(lookupSingletonMethod(tp, pragma[only_bind_into](name), exact))
   |
     source = trackModuleAccess(tp) and
@@ -1208,16 +1208,14 @@ private predicate mayBenefitFromCallContextSingleton(
 
 /**
  * Holds if the set of viable implementations that can be called by `call`
- * might be improved by knowing the call context. This is the case if the
- * receiver accesses a parameter of the enclosing callable `c` (including
- * the implicit `self` parameter).
+ * might be improved by knowing the call context.
  */
-predicate mayBenefitFromCallContext(DataFlowCall call, DataFlowCallable c) {
-  mayBenefitFromCallContextInitialize(_, call.asCall(), _, c.asCallable(), _, _)
+predicate mayBenefitFromCallContext(DataFlowCall call) {
+  mayBenefitFromCallContextInitialize(_, call.asCall(), _, _, _)
   or
-  mayBenefitFromCallContextInstance(_, call.asCall(), _, c.asCallable(), _, _, _)
+  mayBenefitFromCallContextInstance(_, call.asCall(), _, _, _, _)
   or
-  mayBenefitFromCallContextSingleton(_, call.asCall(), _, c.asCallable(), _, _, _)
+  mayBenefitFromCallContextSingleton(_, call.asCall(), _, _, _, _)
 }
 
 /**
@@ -1226,25 +1224,25 @@ predicate mayBenefitFromCallContext(DataFlowCall call, DataFlowCallable c) {
  */
 pragma[nomagic]
 DataFlowCallable viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) {
-  mayBenefitFromCallContext(call, _) and
+  mayBenefitFromCallContext(call) and
   (
     // `ctx` can provide a potentially better type bound
     exists(RelevantCall call0, Callable res |
       call0 = call.asCall() and
       res = result.asCallable() and
       exists(Module m, string name |
-        mayBenefitFromCallContextInitialize(ctx.asCall(), pragma[only_bind_into](call0), _, _,
+        mayBenefitFromCallContextInitialize(ctx.asCall(), pragma[only_bind_into](call0), _,
           pragma[only_bind_into](m), pragma[only_bind_into](name)) and
         res = getInitializeTarget(call0) and
         res = lookupMethod(m, name)
         or
         exists(boolean exact |
-          mayBenefitFromCallContextInstance(ctx.asCall(), pragma[only_bind_into](call0), _, _,
+          mayBenefitFromCallContextInstance(ctx.asCall(), pragma[only_bind_into](call0), _,
             pragma[only_bind_into](m), pragma[only_bind_into](exact), pragma[only_bind_into](name)) and
           res = getTargetInstance(call0, name) and
           res = lookupMethod(m, name, exact)
           or
-          mayBenefitFromCallContextSingleton(ctx.asCall(), pragma[only_bind_into](call0), _, _,
+          mayBenefitFromCallContextSingleton(ctx.asCall(), pragma[only_bind_into](call0), _,
             pragma[only_bind_into](m), pragma[only_bind_into](exact), pragma[only_bind_into](name)) and
           res = getTargetSingleton(call0, name) and
           res = lookupSingletonMethod(m, name, exact)
@@ -1257,15 +1255,15 @@ DataFlowCallable viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) {
     exists(RelevantCall call0, RelevantCall ctx0, DataFlow::Node arg, string name |
       call0 = call.asCall() and
       ctx0 = ctx.asCall() and
-      argMustFlowToReceiver(ctx0, _, arg, call0, _, name) and
-      not mayBenefitFromCallContextInitialize(ctx0, call0, arg, _, _, _) and
-      not mayBenefitFromCallContextInstance(ctx0, call0, arg, _, _, _, name) and
-      not mayBenefitFromCallContextSingleton(ctx0, call0, arg, _, _, _, name) and
+      argMustFlowToReceiver(ctx0, _, arg, call0, name) and
+      not mayBenefitFromCallContextInitialize(ctx0, call0, arg, _, _) and
+      not mayBenefitFromCallContextInstance(ctx0, call0, arg, _, _, name) and
+      not mayBenefitFromCallContextSingleton(ctx0, call0, arg, _, _, name) and
       result.asCallable() = viableSourceCallable(call0)
     )
     or
     // library calls should always be able to resolve
-    argMustFlowToReceiver(ctx.asCall(), _, _, call.asCall(), _, _) and
+    argMustFlowToReceiver(ctx.asCall(), _, _, call.asCall(), _) and
     result = viableLibraryCallable(call)
   )
 }

ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplSpecific.qll

@@ -27,4 +27,8 @@ module RubyDataFlow implements InputSig {
   predicate neverSkipInPathGraph = Private::neverSkipInPathGraph/1;
 
   Node exprNode(DataFlowExpr e) { result = Public::exprNode(e) }
+
+  predicate mayBenefitFromCallContext = Private::mayBenefitFromCallContext/1;
+
+  predicate viableImplInCallContext = Private::viableImplInCallContext/2;
 }

ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll

@@ -230,6 +230,8 @@ module LocalFlow {
         or
         p.(KeywordParameter).getDefaultValue() = nodeFrom.asExpr().getExpr()
       )
+    or
+    nodeTo.(BlockArgumentNode).getParameterNode(true) = nodeFrom
   }
 }
 
@@ -497,6 +499,9 @@ private module Cached {
     TSelfParameterNode(MethodBase m) or
     TLambdaSelfReferenceNode(Callable c) { lambdaCreationExpr(_, _, c) } or
     TBlockParameterNode(MethodBase m) or
+    TBlockArgumentNode(CfgNodes::ExprNodes::CallCfgNode yield) {
+      yield = any(BlockParameterNode b).getAYieldCall()
+    } or
     TSynthHashSplatParameterNode(DataFlowCallable c) {
       isParameterNode(_, c, any(ParameterPosition p | p.isKeyword(_)))
     } or
@@ -645,6 +650,8 @@ private module Cached {
     isStoreTargetNode(n)
     or
     TypeTrackingInput::loadStep(_, n, _)
+    or
+    n instanceof BlockArgumentNode
   }
 
   cached
@@ -770,6 +777,8 @@ predicate nodeIsHidden(Node n) {
   n instanceof LambdaSelfReferenceNode
   or
   n instanceof CaptureNode
+  or
+  n instanceof BlockArgumentNode
 }
 
 /** An SSA definition, viewed as a node in a data flow graph. */
@@ -1277,18 +1286,36 @@ module ArgumentNodes {
     }
   }
 
-  class BlockParameterArgumentNode extends BlockParameterNode, ArgumentNode {
-    BlockParameterArgumentNode() { exists(this.getAYieldCall()) }
+  class BlockArgumentNode extends NodeImpl, ArgumentNode, TBlockArgumentNode {
+    CfgNodes::ExprNodes::CallCfgNode yield;
+
+    BlockArgumentNode() { this = TBlockArgumentNode(yield) }
+
+    CfgNodes::ExprNodes::CallCfgNode getYieldCall() { result = yield }
+
+    pragma[nomagic]
+    BlockParameterNode getParameterNode(boolean inSameScope) {
+      result.getAYieldCall() = yield and
+      if nodeGetEnclosingCallable(this) = nodeGetEnclosingCallable(result)
+      then inSameScope = true
+      else inSameScope = false
+    }
 
     // needed for variable capture flow
     override predicate sourceArgumentOf(CfgNodes::ExprNodes::CallCfgNode call, ArgumentPosition pos) {
-      call = this.getAYieldCall() and
+      call = yield and
       pos.isLambdaSelf()
     }
 
     override predicate argumentOf(DataFlowCall call, ArgumentPosition pos) {
       this.sourceArgumentOf(call.asCall(), pos)
     }
+
+    override CfgScope getCfgScope() { result = yield.getScope() }
+
+    override Location getLocationImpl() { result = yield.getLocation() }
+
+    override string toStringImpl() { result = "yield block argument" }
   }
 
   private class SummaryArgumentNode extends FlowSummaryNode, ArgumentNode {
@@ -1699,6 +1726,8 @@ predicate jumpStep(Node pred, Node succ) {
     succ.(FlowSummaryNode).getSummaryNode())
   or
   any(AdditionalJumpStep s).step(pred, succ)
+  or
+  succ.(BlockArgumentNode).getParameterNode(false) = pred
 }
 
 private ContentSet getArrayContent(int n) {
@@ -2037,7 +2066,7 @@ private predicate lambdaCallExpr(
  */
 predicate lambdaSourceCall(CfgNodes::ExprNodes::CallCfgNode call, LambdaCallKind kind, Node receiver) {
   kind = TYieldCallKind() and
-  call = receiver.(BlockParameterNode).getAYieldCall()
+  call = receiver.(BlockArgumentNode).getYieldCall()
   or
   kind = TLambdaCallKind() and
   lambdaCallExpr(call, receiver.asExpr())

ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll

@@ -512,7 +512,7 @@ private module ParamsSummaries {
         "dig", "each", "each_key", "each_pair", "each_value", "except", "keep_if", "merge",
         "merge!", "permit", "reject", "reject!", "require", "reverse_merge", "reverse_merge!",
         "select", "select!", "slice", "slice!", "transform_keys", "transform_keys!",
-        "transform_values", "transform_values!", "with_defaults", "with_defaults!"
+        "transform_values", "transform_values!", "with_defaults", "with_defaults!", "[]"
       ]
   }
 

ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll

@@ -43,7 +43,9 @@ module Kernel {
    * ```
    */
   private predicate isPublicKernelMethod(string method) {
-    method in ["class", "clone", "frozen?", "tap", "then", "yield_self", "send"]
+    method in [
+        "class", "clone", "frozen?", "tap", "then", "yield_self", "send", "public_send", "__send__"
+      ]
   }
 
   /**
@@ -167,7 +169,7 @@ module Kernel {
    * ```
    */
   class SendCallCodeExecution extends CodeExecution::Range, KernelMethodCall {
-    SendCallCodeExecution() { this.getMethodName() = "send" }
+    SendCallCodeExecution() { this.getMethodName() = ["send", "public_send", "__send__"] }
 
     override DataFlow::Node getCode() { result = this.getArgument(0) }
 

ruby/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.8.6-dev
+version: 0.8.7-dev
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme

ruby/ql/lib/upgrades/30e1075bbdc9ce935dbe28dc7175489fe8e69a4c/upgrade.properties

@@ -1,2 +1,3 @@
 description: Removed unused `numlines` relation
 compatibility: full
+numlines.rel: delete

ruby/ql/lib/upgrades/40be81bc2086eb0368f33c770e0a84817bb340c3/upgrade.properties

@@ -163,3 +163,166 @@ ruby_yield_child.rel: reorder yield_child.rel ( int ruby_yield, int child ) ruby
 ruby_yield_def.rel: reorder yield_def.rel ( int id, int loc ) id loc 
 ruby_tokeninfo.rel: reorder tokeninfo.rel ( int id, int kind, int file, int idx, string value, int loc ) id kind file idx value loc 
 ruby_ast_node_parent.rel: reorder ast_node_parent.rel ( int child, int parent, int parent_index) child parent parent_index
+alias_def.rel: delete
+argument_list_child.rel: delete
+argument_list_def.rel: delete
+array_child.rel: delete
+array_def.rel: delete
+assignment_def.rel: delete
+ast_node_parent.rel: delete
+bare_string_child.rel: delete
+bare_string_def.rel: delete
+bare_symbol_child.rel: delete
+bare_symbol_def.rel: delete
+begin_block_child.rel: delete
+begin_block_def.rel: delete
+begin_child.rel: delete
+begin_def.rel: delete
+binary_def.rel: delete
+block_argument_def.rel: delete
+block_child.rel: delete
+block_def.rel: delete
+block_parameter_def.rel: delete
+block_parameters.rel: delete
+block_parameters_child.rel: delete
+block_parameters_def.rel: delete
+break_child.rel: delete
+break_def.rel: delete
+call_arguments.rel: delete
+call_block.rel: delete
+call_def.rel: delete
+call_receiver.rel: delete
+case_child.rel: delete
+case_def.rel: delete
+case_value.rel: delete
+chained_string_child.rel: delete
+chained_string_def.rel: delete
+class_child.rel: delete
+class_def.rel: delete
+class_superclass.rel: delete
+conditional_def.rel: delete
+delimited_symbol_child.rel: delete
+delimited_symbol_def.rel: delete
+destructured_left_assignment_child.rel: delete
+destructured_left_assignment_def.rel: delete
+destructured_parameter_child.rel: delete
+destructured_parameter_def.rel: delete
+do_block_child.rel: delete
+do_block_def.rel: delete
+do_block_parameters.rel: delete
+do_child.rel: delete
+do_def.rel: delete
+element_reference_child.rel: delete
+element_reference_def.rel: delete
+else_child.rel: delete
+else_def.rel: delete
+elsif_alternative.rel: delete
+elsif_consequence.rel: delete
+elsif_def.rel: delete
+end_block_child.rel: delete
+end_block_def.rel: delete
+ensure_child.rel: delete
+ensure_def.rel: delete
+exception_variable_def.rel: delete
+exceptions_child.rel: delete
+exceptions_def.rel: delete
+for_def.rel: delete
+hash_child.rel: delete
+hash_def.rel: delete
+hash_splat_argument_def.rel: delete
+hash_splat_parameter_def.rel: delete
+hash_splat_parameter_name.rel: delete
+heredoc_body_child.rel: delete
+heredoc_body_def.rel: delete
+if_alternative.rel: delete
+if_consequence.rel: delete
+if_def.rel: delete
+if_modifier_def.rel: delete
+in_def.rel: delete
+interpolation_child.rel: delete
+interpolation_def.rel: delete
+keyword_parameter_def.rel: delete
+keyword_parameter_value.rel: delete
+lambda_def.rel: delete
+lambda_parameters.rel: delete
+lambda_parameters_child.rel: delete
+lambda_parameters_def.rel: delete
+left_assignment_list_child.rel: delete
+left_assignment_list_def.rel: delete
+method_child.rel: delete
+method_def.rel: delete
+method_parameters.rel: delete
+method_parameters_child.rel: delete
+method_parameters_def.rel: delete
+module_child.rel: delete
+module_def.rel: delete
+next_child.rel: delete
+next_def.rel: delete
+operator_assignment_def.rel: delete
+optional_parameter_def.rel: delete
+pair_def.rel: delete
+parenthesized_statements_child.rel: delete
+parenthesized_statements_def.rel: delete
+pattern_def.rel: delete
+program_child.rel: delete
+program_def.rel: delete
+range_begin.rel: delete
+range_def.rel: delete
+range_end.rel: delete
+rational_def.rel: delete
+redo_child.rel: delete
+redo_def.rel: delete
+regex_child.rel: delete
+regex_def.rel: delete
+rescue_body.rel: delete
+rescue_def.rel: delete
+rescue_exceptions.rel: delete
+rescue_modifier_def.rel: delete
+rescue_variable.rel: delete
+rest_assignment_child.rel: delete
+rest_assignment_def.rel: delete
+retry_child.rel: delete
+retry_def.rel: delete
+return_child.rel: delete
+return_def.rel: delete
+right_assignment_list_child.rel: delete
+right_assignment_list_def.rel: delete
+scope_resolution_def.rel: delete
+scope_resolution_scope.rel: delete
+setter_def.rel: delete
+singleton_class_child.rel: delete
+singleton_class_def.rel: delete
+singleton_method_child.rel: delete
+singleton_method_def.rel: delete
+singleton_method_parameters.rel: delete
+splat_argument_def.rel: delete
+splat_parameter_def.rel: delete
+splat_parameter_name.rel: delete
+string_array_child.rel: delete
+string_array_def.rel: delete
+string_child.rel: delete
+string_def.rel: delete
+subshell_child.rel: delete
+subshell_def.rel: delete
+superclass_def.rel: delete
+symbol_array_child.rel: delete
+symbol_array_def.rel: delete
+then_child.rel: delete
+then_def.rel: delete
+tokeninfo.rel: delete
+unary_def.rel: delete
+undef_child.rel: delete
+undef_def.rel: delete
+unless_alternative.rel: delete
+unless_consequence.rel: delete
+unless_def.rel: delete
+unless_modifier_def.rel: delete
+until_def.rel: delete
+until_modifier_def.rel: delete
+when_body.rel: delete
+when_def.rel: delete
+when_pattern.rel: delete
+while_def.rel: delete
+while_modifier_def.rel: delete
+yield_child.rel: delete
+yield_def.rel: delete

ruby/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.8.6
+
+No user-facing changes.
+
 ## 0.8.5
 
 No user-facing changes.

ruby/ql/src/change-notes/released/0.8.6.md

@@ -0,0 +1,3 @@
+## 0.8.6
+
+No user-facing changes.

ruby/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.5
+lastReleaseVersion: 0.8.6

ruby/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.8.6-dev
+version: 0.8.7-dev
 groups:
   - ruby
   - queries

ruby/ql/test/library-tests/ast/Ast.expected

@@ -1275,6 +1275,19 @@ control/cases.rb:
 #  162|       getKey: [SymbolLiteral] :y
 #  162|         getComponent: [StringTextComponent] y
 #  162|       getValue: [IntegerLiteral] 1
+#  164|   getStmt: [CaseExpr] case ...
+#  165|     getValue: [LocalVariableAccess] foo
+#  166|     getBranch: [WhenClause] when ...
+#  166|       getPattern: [IntegerLiteral] 1
+#  166|       getBody: [StmtSequence] then ...
+#  166|         getStmt: [IntegerLiteral] 2
+#  169|   getStmt: [CaseExpr] case ...
+#  170|     getValue: [LocalVariableAccess] foo
+#  171|     getBranch: [InClause] in ... then ...
+#  171|       getPattern: [IntegerLiteral] 3
+#  171|       getBody: [StmtSequence] then ...
+#  171|         getStmt: [StringLiteral] "three"
+#  171|           getComponent: [StringTextComponent] three
 modules/classes.rb:
 #    2| [Toplevel] classes.rb
 #    3|   getStmt: [ClassDeclaration] Foo
@@ -2888,6 +2901,9 @@ operations/operations.rb:
 #  104|       getElement: [IntegerLiteral] 1
 #  104|       getElement: [IntegerLiteral] 2
 #  104|       getElement: [IntegerLiteral] 3
+#  106|   getStmt: [DivExpr] ... / ...
+#  106|     getAnOperand/getLeftOperand/getReceiver: [LocalVariableAccess] foo
+#  107|     getAnOperand/getArgument/getRightOperand: [IntegerLiteral] 5
 params/params.rb:
 #    1| [Toplevel] params.rb
 #    4|   getStmt: [Method] identifier_method_params

ruby/ql/test/library-tests/ast/TreeSitter.expected

@@ -2756,6 +2756,30 @@ control/cases.rb:
 #  162|         1: [ReservedWord] :
 #  162|         2: [Integer] 1
 #  162|       4: [ReservedWord] }
+#  164|   19: [Case] Case
+#  164|     0: [ReservedWord] case
+#  165|     1: [Identifier] foo
+#  166|     2: [When] When
+#  166|       0: [ReservedWord] when
+#  166|       1: [Pattern] Pattern
+#  166|         0: [Integer] 1
+#  166|       2: [Then] Then
+#  166|         0: [ReservedWord] then
+#  166|         1: [Integer] 2
+#  167|     3: [ReservedWord] end
+#  169|   20: [CaseMatch] CaseMatch
+#  169|     0: [ReservedWord] case
+#  170|     1: [Identifier] foo
+#  171|     2: [InClause] InClause
+#  171|       0: [ReservedWord] in
+#  171|       1: [Integer] 3
+#  171|       2: [Then] Then
+#  171|         0: [ReservedWord] then
+#  171|         1: [String] String
+#  171|           0: [ReservedWord] "
+#  171|           1: [StringContent] three
+#  171|           2: [ReservedWord] "
+#  172|     3: [ReservedWord] end
 #    1| [Comment] # Define some variables used below
 #    7| [Comment] # A case expr with a value and an else branch
 #   17| [Comment] # A case expr without a value or else branch
@@ -5636,6 +5660,10 @@ operations/operations.rb:
 #  104|       4: [ReservedWord] ,
 #  104|       5: [Integer] 3
 #  104|       6: [ReservedWord] ]
+#  106|   73: [Binary] Binary
+#  106|     0: [Identifier] foo
+#  106|     1: [ReservedWord] /
+#  107|     2: [Integer] 5
 #    1| [Comment] # Start with assignments to all the identifiers used below, so that they are
 #    2| [Comment] # interpreted as variables.
 #   22| [Comment] # Unary operations

ruby/ql/test/library-tests/ast/ValueText.expected

@@ -276,6 +276,12 @@ exprValue
 | control/cases.rb:162:10:162:10 | :x | :x | symbol |
 | control/cases.rb:162:16:162:16 | :y | :y | symbol |
 | control/cases.rb:162:19:162:19 | 1 | 1 | int |
+| control/cases.rb:165:3:165:5 | foo | 42 | int |
+| control/cases.rb:166:6:166:6 | 1 | 1 | int |
+| control/cases.rb:166:13:166:13 | 2 | 2 | int |
+| control/cases.rb:170:3:170:5 | foo | 42 | int |
+| control/cases.rb:171:4:171:4 | 3 | 3 | int |
+| control/cases.rb:171:11:171:17 | "three" | three | string |
 | control/conditionals.rb:2:5:2:5 | 0 | 0 | int |
 | control/conditionals.rb:3:5:3:5 | 0 | 0 | int |
 | control/conditionals.rb:4:5:4:5 | 0 | 0 | int |
@@ -921,6 +927,7 @@ exprValue
 | operations/operations.rb:104:25:104:25 | 1 | 1 | int |
 | operations/operations.rb:104:28:104:28 | 2 | 2 | int |
 | operations/operations.rb:104:31:104:31 | 3 | 3 | int |
+| operations/operations.rb:107:1:107:1 | 5 | 5 | int |
 | params/params.rb:41:46:41:46 | 7 | 7 | int |
 | params/params.rb:47:19:47:21 | :bar | :bar | symbol |
 | params/params.rb:47:24:47:24 | 2 | 2 | int |
@@ -1184,6 +1191,12 @@ exprCfgNodeValue
 | control/cases.rb:160:13:160:13 | 2 | 2 | int |
 | control/cases.rb:162:1:162:20 | nil | nil | nil |
 | control/cases.rb:162:19:162:19 | 1 | 1 | int |
+| control/cases.rb:165:3:165:5 | foo | 42 | int |
+| control/cases.rb:166:6:166:6 | 1 | 1 | int |
+| control/cases.rb:166:13:166:13 | 2 | 2 | int |
+| control/cases.rb:170:3:170:5 | foo | 42 | int |
+| control/cases.rb:171:4:171:4 | 3 | 3 | int |
+| control/cases.rb:171:11:171:17 | "three" | three | string |
 | control/conditionals.rb:2:5:2:5 | 0 | 0 | int |
 | control/conditionals.rb:3:5:3:5 | 0 | 0 | int |
 | control/conditionals.rb:4:5:4:5 | 0 | 0 | int |
@@ -1828,6 +1841,7 @@ exprCfgNodeValue
 | operations/operations.rb:104:25:104:25 | 1 | 1 | int |
 | operations/operations.rb:104:28:104:28 | 2 | 2 | int |
 | operations/operations.rb:104:31:104:31 | 3 | 3 | int |
+| operations/operations.rb:107:1:107:1 | 5 | 5 | int |
 | params/params.rb:41:46:41:46 | 7 | 7 | int |
 | params/params.rb:47:19:47:21 | :bar | :bar | symbol |
 | params/params.rb:47:24:47:24 | 2 | 2 | int |

ruby/ql/test/library-tests/ast/control/CaseExpr.expected

@@ -12,6 +12,8 @@ caseValues
 | cases.rb:154:1:158:3 | case ... | cases.rb:154:6:154:9 | call to expr |
 | cases.rb:160:1:160:14 | case ... | cases.rb:160:1:160:4 | call to expr |
 | cases.rb:162:1:162:20 | case ... | cases.rb:162:1:162:4 | call to expr |
+| cases.rb:164:1:167:3 | case ... | cases.rb:165:3:165:5 | foo |
+| cases.rb:169:1:172:3 | case ... | cases.rb:170:3:170:5 | foo |
 caseNoValues
 | cases.rb:18:1:22:3 | case ... |
 caseElseBranches
@@ -30,6 +32,8 @@ caseNoElseBranches
 | cases.rb:147:1:152:3 | case ... |
 | cases.rb:154:1:158:3 | case ... |
 | cases.rb:162:1:162:20 | case ... |
+| cases.rb:164:1:167:3 | case ... |
+| cases.rb:169:1:172:3 | case ... |
 caseWhenBranches
 | cases.rb:8:1:15:3 | case ... | cases.rb:9:1:10:7 | when ... | 0 | cases.rb:9:6:9:6 | b | cases.rb:9:7:10:7 | then ... |
 | cases.rb:8:1:15:3 | case ... | cases.rb:11:1:12:7 | when ... | 0 | cases.rb:11:6:11:6 | c | cases.rb:11:10:12:7 | then ... |
@@ -37,6 +41,7 @@ caseWhenBranches
 | cases.rb:18:1:22:3 | case ... | cases.rb:19:1:19:19 | when ... | 0 | cases.rb:19:6:19:10 | ... > ... | cases.rb:19:13:19:19 | then ... |
 | cases.rb:18:1:22:3 | case ... | cases.rb:20:1:20:19 | when ... | 0 | cases.rb:20:6:20:11 | ... == ... | cases.rb:20:13:20:19 | then ... |
 | cases.rb:18:1:22:3 | case ... | cases.rb:21:1:21:19 | when ... | 0 | cases.rb:21:6:21:10 | ... < ... | cases.rb:21:13:21:19 | then ... |
+| cases.rb:164:1:167:3 | case ... | cases.rb:166:1:166:13 | when ... | 0 | cases.rb:166:6:166:6 | 1 | cases.rb:166:8:166:13 | then ... |
 caseAllBranches
 | cases.rb:8:1:15:3 | case ... | 0 | cases.rb:9:1:10:7 | when ... |
 | cases.rb:8:1:15:3 | case ... | 1 | cases.rb:11:1:12:7 | when ... |
@@ -139,3 +144,5 @@ caseAllBranches
 | cases.rb:160:1:160:14 | case ... | 0 | cases.rb:160:1:160:14 | in ... then ... |
 | cases.rb:160:1:160:14 | case ... | 1 | cases.rb:160:1:160:14 | else ... |
 | cases.rb:162:1:162:20 | case ... | 0 | cases.rb:162:1:162:20 | in ... then ... |
+| cases.rb:164:1:167:3 | case ... | 0 | cases.rb:166:1:166:13 | when ... |
+| cases.rb:169:1:172:3 | case ... | 0 | cases.rb:171:1:171:17 | in ... then ... |

ruby/ql/test/library-tests/ast/control/ControlExpr.expected

@@ -12,6 +12,8 @@
 | cases.rb:154:1:158:3 | case ... | CaseExpr |
 | cases.rb:160:1:160:14 | case ... | CaseExpr |
 | cases.rb:162:1:162:20 | case ... | CaseExpr |
+| cases.rb:164:1:167:3 | case ... | CaseExpr |
+| cases.rb:169:1:172:3 | case ... | CaseExpr |
 | conditionals.rb:10:1:12:3 | if ... | IfExpr |
 | conditionals.rb:15:1:19:3 | if ... | IfExpr |
 | conditionals.rb:22:1:30:3 | if ... | IfExpr |

ruby/ql/test/library-tests/ast/control/cases.rb

@@ -159,4 +159,14 @@ end
 
 expr in [1, 2]
 
-expr => {x: v, y: 1}
+expr => {x: v, y: 1}
+
+case 
+  foo
+when 1 then 2
+end
+
+case
+  foo
+in 3 then "three"
+end

ruby/ql/test/library-tests/ast/operations/binary.expected

@@ -45,6 +45,7 @@ binaryOperations
 | operations.rb:101:21:101:23 | ... \|\| ... | \|\| | operations.rb:101:1:101:19 | MemberConstant | operations.rb:101:25:101:25 | 8 | LogicalOrExpr |
 | operations.rb:102:27:102:29 | ... \|\| ... | \|\| | operations.rb:102:1:102:25 | OtherConstant | operations.rb:102:31:102:31 | 7 | LogicalOrExpr |
 | operations.rb:103:13:103:15 | ... \|\| ... | \|\| | operations.rb:103:1:103:11 | CONSTANT4 | operations.rb:103:17:103:17 | 7 | LogicalOrExpr |
+| operations.rb:106:1:107:1 | ... / ... | / | operations.rb:106:1:106:3 | foo | operations.rb:107:1:107:1 | 5 | DivExpr |
 binaryArithmeticOperations
 | operations.rb:32:1:32:7 | ... + ... | + | operations.rb:32:1:32:1 | w | operations.rb:32:5:32:7 | 234 | AddExpr |
 | operations.rb:33:1:33:6 | ... - ... | - | operations.rb:33:1:33:1 | x | operations.rb:33:5:33:6 | 17 | SubExpr |
@@ -62,6 +63,7 @@ binaryArithmeticOperations
 | operations.rb:92:7:92:8 | ... / ... | / | operations.rb:92:3:92:5 | @@y | operations.rb:92:10:92:10 | 4 | DivExpr |
 | operations.rb:96:13:96:14 | ... * ... | * | operations.rb:96:1:96:11 | $global_var | operations.rb:96:16:96:16 | 6 | MulExpr |
 | operations.rb:99:11:99:12 | ... + ... | + | operations.rb:99:1:99:9 | CONSTANT2 | operations.rb:99:14:99:14 | 6 | AddExpr |
+| operations.rb:106:1:107:1 | ... / ... | / | operations.rb:106:1:106:3 | foo | operations.rb:107:1:107:1 | 5 | DivExpr |
 binaryLogicalOperations
 | operations.rb:40:1:40:10 | ... && ... | && | operations.rb:40:1:40:3 | foo | operations.rb:40:8:40:10 | bar | LogicalAndExpr |
 | operations.rb:41:1:41:11 | ... and ... | and | operations.rb:41:1:41:3 | baz | operations.rb:41:9:41:11 | qux | LogicalAndExpr |

ruby/ql/test/library-tests/ast/operations/operation.expected

@@ -243,3 +243,5 @@
 | operations.rb:104:24:104:32 | * ... | * | operations.rb:104:24:104:32 | [...] | SplatExpr |
 | operations.rb:104:24:104:32 | ... = ... | = | operations.rb:104:24:104:32 | * ... | AssignExpr |
 | operations.rb:104:24:104:32 | ... = ... | = | operations.rb:104:24:104:32 | __synth__3 | AssignExpr |
+| operations.rb:106:1:107:1 | ... / ... | / | operations.rb:106:1:106:3 | foo | DivExpr |
+| operations.rb:106:1:107:1 | ... / ... | / | operations.rb:107:1:107:1 | 5 | DivExpr |

ruby/ql/test/library-tests/ast/operations/operations.rb

@@ -102,3 +102,6 @@ Foo::MemberConstant ||= 8
 foo(1).bar::OtherConstant ||= 7
 ::CONSTANT4 ||= 7
 FOO, ::BAR, foo::FOO = [1, 2, 3]
+
+foo /
+5

ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected

@@ -81,6 +81,17 @@ edges
 | call_sensitivity.rb:178:11:178:19 | call to taint | call_sensitivity.rb:174:19:174:19 | x |
 | call_sensitivity.rb:187:11:187:20 | ( ... ) | call_sensitivity.rb:104:18:104:18 | x |
 | call_sensitivity.rb:187:12:187:19 | call to taint | call_sensitivity.rb:187:11:187:20 | ( ... ) |
+| call_sensitivity.rb:189:19:189:19 | x | call_sensitivity.rb:190:9:190:9 | x |
+| call_sensitivity.rb:190:9:190:9 | x | call_sensitivity.rb:194:23:194:23 | x |
+| call_sensitivity.rb:193:19:193:19 | x | call_sensitivity.rb:194:17:194:17 | x |
+| call_sensitivity.rb:194:17:194:17 | x | call_sensitivity.rb:189:19:189:19 | x |
+| call_sensitivity.rb:194:23:194:23 | x | call_sensitivity.rb:195:11:195:11 | x |
+| call_sensitivity.rb:195:11:195:11 | x | call_sensitivity.rb:199:30:199:30 | x |
+| call_sensitivity.rb:195:11:195:11 | x | call_sensitivity.rb:203:26:203:26 | x |
+| call_sensitivity.rb:199:15:199:24 | ( ... ) | call_sensitivity.rb:193:19:193:19 | x |
+| call_sensitivity.rb:199:16:199:23 | call to taint | call_sensitivity.rb:199:15:199:24 | ( ... ) |
+| call_sensitivity.rb:199:30:199:30 | x | call_sensitivity.rb:200:8:200:8 | x |
+| call_sensitivity.rb:203:26:203:26 | x | call_sensitivity.rb:204:8:204:8 | x |
 nodes
 | call_sensitivity.rb:9:6:9:14 | ( ... ) | semmle.label | ( ... ) |
 | call_sensitivity.rb:9:7:9:13 | call to taint | semmle.label | call to taint |
@@ -168,6 +179,18 @@ nodes
 | call_sensitivity.rb:178:11:178:19 | call to taint | semmle.label | call to taint |
 | call_sensitivity.rb:187:11:187:20 | ( ... ) | semmle.label | ( ... ) |
 | call_sensitivity.rb:187:12:187:19 | call to taint | semmle.label | call to taint |
+| call_sensitivity.rb:189:19:189:19 | x | semmle.label | x |
+| call_sensitivity.rb:190:9:190:9 | x | semmle.label | x |
+| call_sensitivity.rb:193:19:193:19 | x | semmle.label | x |
+| call_sensitivity.rb:194:17:194:17 | x | semmle.label | x |
+| call_sensitivity.rb:194:23:194:23 | x | semmle.label | x |
+| call_sensitivity.rb:195:11:195:11 | x | semmle.label | x |
+| call_sensitivity.rb:199:15:199:24 | ( ... ) | semmle.label | ( ... ) |
+| call_sensitivity.rb:199:16:199:23 | call to taint | semmle.label | call to taint |
+| call_sensitivity.rb:199:30:199:30 | x | semmle.label | x |
+| call_sensitivity.rb:200:8:200:8 | x | semmle.label | x |
+| call_sensitivity.rb:203:26:203:26 | x | semmle.label | x |
+| call_sensitivity.rb:204:8:204:8 | x | semmle.label | x |
 subpaths
 #select
 | call_sensitivity.rb:9:6:9:14 | ( ... ) | call_sensitivity.rb:9:7:9:13 | call to taint | call_sensitivity.rb:9:6:9:14 | ( ... ) | $@ | call_sensitivity.rb:9:7:9:13 | call to taint | call to taint |
@@ -193,25 +216,28 @@ subpaths
 | call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:125:12:125:19 | call to taint | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:125:12:125:19 | call to taint | call to taint |
 | call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:178:11:178:19 | call to taint | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:178:11:178:19 | call to taint | call to taint |
 | call_sensitivity.rb:105:10:105:10 | x | call_sensitivity.rb:187:12:187:19 | call to taint | call_sensitivity.rb:105:10:105:10 | x | $@ | call_sensitivity.rb:187:12:187:19 | call to taint | call to taint |
+| call_sensitivity.rb:200:8:200:8 | x | call_sensitivity.rb:199:16:199:23 | call to taint | call_sensitivity.rb:200:8:200:8 | x | $@ | call_sensitivity.rb:199:16:199:23 | call to taint | call to taint |
+| call_sensitivity.rb:204:8:204:8 | x | call_sensitivity.rb:199:16:199:23 | call to taint | call_sensitivity.rb:204:8:204:8 | x | $@ | call_sensitivity.rb:199:16:199:23 | call to taint | call to taint |
 mayBenefitFromCallContext
-| call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:50:3:52:5 | method1 |
-| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:54:3:56:5 | method2 |
-| call_sensitivity.rb:59:5:59:18 | call to method2 | call_sensitivity.rb:58:3:60:5 | call_method2 |
-| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:62:3:64:5 | method3 |
-| call_sensitivity.rb:67:5:67:25 | call to method3 | call_sensitivity.rb:66:3:68:5 | call_method3 |
-| call_sensitivity.rb:81:5:81:18 | call to method1 | call_sensitivity.rb:80:3:82:5 | method5 |
-| call_sensitivity.rb:89:5:89:23 | call to singleton_method1 | call_sensitivity.rb:88:3:90:5 | singleton_method2 |
-| call_sensitivity.rb:93:5:93:28 | call to singleton_method2 | call_sensitivity.rb:92:3:94:5 | call_singleton_method2 |
-| call_sensitivity.rb:97:5:97:26 | call to singleton_method1 | call_sensitivity.rb:96:3:98:5 | singleton_method3 |
-| call_sensitivity.rb:101:5:101:35 | call to singleton_method3 | call_sensitivity.rb:100:3:102:5 | call_singleton_method3 |
-| call_sensitivity.rb:105:5:105:10 | call to sink | call_sensitivity.rb:104:3:107:5 | initialize |
-| call_sensitivity.rb:106:5:106:13 | call to method1 | call_sensitivity.rb:104:3:107:5 | initialize |
-| call_sensitivity.rb:110:5:110:9 | call to new | call_sensitivity.rb:109:3:111:5 | call_new |
-| call_sensitivity.rb:137:5:137:18 | call to method2 | call_sensitivity.rb:136:3:138:5 | call_method2 |
-| call_sensitivity.rb:141:5:141:25 | call to method3 | call_sensitivity.rb:140:3:142:5 | call_method3 |
-| call_sensitivity.rb:149:5:149:28 | call to singleton_method2 | call_sensitivity.rb:148:3:150:5 | call_singleton_method2 |
-| call_sensitivity.rb:153:5:153:35 | call to singleton_method3 | call_sensitivity.rb:152:3:154:5 | call_singleton_method3 |
-| call_sensitivity.rb:175:3:175:12 | call to new | call_sensitivity.rb:174:1:176:3 | create |
+| call_sensitivity.rb:51:5:51:10 | call to sink |
+| call_sensitivity.rb:55:5:55:13 | call to method1 |
+| call_sensitivity.rb:59:5:59:18 | call to method2 |
+| call_sensitivity.rb:63:5:63:16 | call to method1 |
+| call_sensitivity.rb:67:5:67:25 | call to method3 |
+| call_sensitivity.rb:81:5:81:18 | call to method1 |
+| call_sensitivity.rb:89:5:89:23 | call to singleton_method1 |
+| call_sensitivity.rb:93:5:93:28 | call to singleton_method2 |
+| call_sensitivity.rb:97:5:97:26 | call to singleton_method1 |
+| call_sensitivity.rb:101:5:101:35 | call to singleton_method3 |
+| call_sensitivity.rb:105:5:105:10 | call to sink |
+| call_sensitivity.rb:106:5:106:13 | call to method1 |
+| call_sensitivity.rb:110:5:110:9 | call to new |
+| call_sensitivity.rb:137:5:137:18 | call to method2 |
+| call_sensitivity.rb:141:5:141:25 | call to method3 |
+| call_sensitivity.rb:149:5:149:28 | call to singleton_method2 |
+| call_sensitivity.rb:153:5:153:35 | call to singleton_method3 |
+| call_sensitivity.rb:175:3:175:12 | call to new |
+| call_sensitivity.rb:194:3:196:5 | call to invoke_block1 |
 viableImplInCallContext
 | call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:5:1:7:3 | sink |
 | call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:5:1:7:3 | sink |
@@ -267,3 +293,5 @@ viableImplInCallContext
 | call_sensitivity.rb:153:5:153:35 | call to singleton_method3 | call_sensitivity.rb:171:1:171:34 | call to call_singleton_method3 | call_sensitivity.rb:96:3:98:5 | singleton_method3 |
 | call_sensitivity.rb:175:3:175:12 | call to new | call_sensitivity.rb:178:1:178:20 | call to create | call_sensitivity.rb:104:3:107:5 | initialize |
 | call_sensitivity.rb:175:3:175:12 | call to new | call_sensitivity.rb:179:1:179:20 | call to create | call_sensitivity.rb:156:3:158:5 | initialize |
+| call_sensitivity.rb:194:3:196:5 | call to invoke_block1 | call_sensitivity.rb:199:1:201:3 | call to invoke_block2 | call_sensitivity.rb:189:1:191:3 | invoke_block1 |
+| call_sensitivity.rb:194:3:196:5 | call to invoke_block1 | call_sensitivity.rb:203:1:205:3 | call to invoke_block2 | call_sensitivity.rb:189:1:191:3 | invoke_block1 |

ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.ql

@@ -9,7 +9,7 @@ import DefaultFlowTest
 import TaintFlow::PathGraph
 import codeql.ruby.dataflow.internal.DataFlowDispatch as DataFlowDispatch
 
-query predicate mayBenefitFromCallContext = DataFlowDispatch::mayBenefitFromCallContext/2;
+query predicate mayBenefitFromCallContext = DataFlowDispatch::mayBenefitFromCallContext/1;
 
 query predicate viableImplInCallContext = DataFlowDispatch::viableImplInCallContext/2;
 

ruby/ql/test/library-tests/dataflow/call-sensitivity/call_sensitivity.rb

@@ -185,3 +185,21 @@ class C < A
 end
 
 c = C.new (taint 32)
+
+def invoke_block1 x
+  yield x
+end
+
+def invoke_block2 x
+  invoke_block1 x do |x|
+    yield x
+  end
+end
+
+invoke_block2 (taint 37) do |x|
+  sink x # $ hasValueFlow=37
+end
+
+invoke_block2 "safe" do |x|
+  sink x # $ SPURIOUS hasValueFlow=37
+end

ruby/ql/test/library-tests/dataflow/global/TypeTrackingInlineTest.expected

@@ -1,4 +1,5 @@
 testFailures
+| blocks.rb:4:10:4:10 | r | Fixed missing result:hasValueFlow=1 |
 | captured_variables.rb:50:10:50:10 | x | Fixed missing result:hasValueFlow=2 |
 | captured_variables.rb:68:25:68:68 | # $ hasValueFlow=3 $ MISSING: hasValueFlow=4 | Missing result:hasValueFlow=3 |
 | captured_variables.rb:72:21:72:66 | # $ hasValueFlow=4 $ SPURIOUS: hasValueFlow=3  | Fixed spurious result:hasValueFlow=3 |

ruby/ql/test/library-tests/dataflow/global/blocks.rb

@@ -1,7 +1,7 @@
 class A
   def m1(&block)
-    r = block.call() # $ MISSING: hasValueFlow=1
-    sink r
+    r = block.call()
+    sink r # $ MISSING: hasValueFlow=1
   end
 
   def m2