From 91bde8d85d0a1507e2699501773f094e856132ff Mon Sep 17 00:00:00 2001
From: Alex Ford <alexrford@github.com>
Date: Wed, 23 Jun 2021 18:31:36 +0100
Subject: [PATCH] Support ActiveRecord SQL executing calls where there is a
 self receiver (implicit or explicit)

---
 ql/src/codeql_ruby/frameworks/ActiveRecord.qll | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ql/src/codeql_ruby/frameworks/ActiveRecord.qll b/ql/src/codeql_ruby/frameworks/ActiveRecord.qll
index 53c57fb308d..fc6573a1518 100644
--- a/ql/src/codeql_ruby/frameworks/ActiveRecord.qll
+++ b/ql/src/codeql_ruby/frameworks/ActiveRecord.qll
@@ -52,6 +52,13 @@ class ActiveRecordModelClassMethodCall extends MethodCall {
     or
     // e.g. Foo.joins(:bars).where(...)
     this.getReceiver() instanceof ActiveRecordModelClassMethodCall
+    or
+    // e.g. self.where(...) within an ActiveRecordModelClass
+    (
+      this.getReceiver() instanceof Self
+      and
+      this.getEnclosingModule() instanceof ActiveRecordModelClass
+    )
   }
 }