Merge pull request #11337 from hmac/actionmailbox

Ruby: Model ActionMailbox

ruby/ql/test/library-tests/frameworks/action_mailbox/ActionMailbox.expected

@@ -0,0 +1,12 @@
+messageInstances
+| action_mailbox.rb:3:5:3:8 | call to mail |
+| action_mailbox.rb:4:5:4:8 | call to mail |
+| action_mailbox.rb:6:5:6:10 | call to mail |
+| action_mailbox.rb:10:5:10:8 | call to mail |
+| action_mailbox.rb:16:9:16:12 | call to mail |
+remoteFlowSources
+| action_mailbox.rb:3:5:3:13 | call to body |
+| action_mailbox.rb:4:5:4:11 | call to to |
+| action_mailbox.rb:6:5:6:13 | call to to |
+| action_mailbox.rb:10:5:10:18 | call to text_part |
+| action_mailbox.rb:16:9:16:23 | call to raw_source |

ruby/ql/test/library-tests/frameworks/action_mailbox/ActionMailbox.ql

@@ -0,0 +1,7 @@
+private import codeql.ruby.frameworks.ActionMailbox
+private import codeql.ruby.DataFlow
+private import codeql.ruby.dataflow.RemoteFlowSources
+
+query predicate messageInstances(ActionMailbox::Mail c) { any() }
+
+query predicate remoteFlowSources(RemoteFlowSource r) { any() }

ruby/ql/test/library-tests/frameworks/action_mailbox/action_mailbox.rb

@@ -0,0 +1,24 @@
+class A < ActionMailbox::Base
+  def process
+    mail.body
+    mail.to
+    m = inbound_email
+    m.mail.to
+  end
+
+  def other_method
+    mail.text_part
+  end
+end
+
+class B < A
+    def process
+        mail.raw_source
+    end
+end
+
+class C # not a mailbox class
+    def process
+        mail.subject
+    end
+end