From 689a32e34f9d7fc4fe7f374f49644607f5866ac3 Mon Sep 17 00:00:00 2001
From: Alex Eyers-Taylor <alexet@github.com>
Date: Tue, 1 Apr 2025 16:16:13 +0100
Subject: [PATCH] Ruby: Avoid a forced CP.

---
 .../lib/codeql/ruby/frameworks/http_clients/NetHttp.qll   | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll
index e09917ae21a..2769a905e78 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll
@@ -54,6 +54,14 @@ class NetHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode {
   override DataFlow::Node getAUrlPart() {
     result = request.getArgument(0)
     or
+    result = this.getAUrlPartFromConstructor()
+  }
+
+  /**
+   * Gets a node that contributes to the URL of the request
+   * indirectly, through the constructor.
+   */
+  private DataFlow::Node getAUrlPartFromConstructor() {
     // Net::HTTP.new(...).get(...)
     exists(API::Node new |
       new = API::getTopLevelMember("Net").getMember("HTTP").getInstance() and