Move files to ruby subfolder

2026-05-05 13:45:19 +02:00 · 2021-10-14 12:14:50 +02:00
parent 1cf90858cc
commit 976daddd36
537 changed files with 1 additions and 1 deletions
--- a/ruby/ql/test/library-tests/dataflow/api-graphs/test1.rb
+++ b/ruby/ql/test/library-tests/dataflow/api-graphs/test1.rb
@@ -0,0 +1,31 @@
+MyModule #$ use=getMember("MyModule")
+print MyModule.foo #$ use=getMember("MyModule").getReturn("foo")
+Kernel.print(e) #$ use=getMember("Kernel").getReturn("print")
+Object::Kernel #$ use=getMember("Kernel")
+Object::Kernel.print(e)  #$ use=getMember("Kernel").getReturn("print")
+begin
+    print MyModule.bar #$ use=getMember("MyModule").getReturn("bar")
+    raise AttributeError #$ use=getMember("AttributeError")
+rescue AttributeError => e #$ use=getMember("AttributeError")
+    Kernel.print(e)  #$ use=getMember("Kernel").getReturn("print")
+end
+Unknown.new.run #$ use=getMember("Unknown").instance.getReturn("run")
+Foo::Bar::Baz #$ use=getMember("Foo").getMember("Bar").getMember("Baz")
+
+Const = [1, 2, 3] #$ use=getMember("Array").getReturn("[]")
+Const.each do |c| #$ use=getMember("Const").getReturn("each")
+    puts c
+end
+
+foo = Foo #$ use=getMember("Foo")
+foo::Bar::Baz #$ use=getMember("Foo").getMember("Bar").getMember("Baz")
+
+FooAlias = Foo #$ use=getMember("Foo")
+FooAlias::Bar::Baz #$ use=getMember("Foo").getMember("Bar").getMember("Baz")
+
+module Outer
+    module Inner
+    end
+end
+
+Outer::Inner.foo #$ use=getMember("Outer").getMember("Inner").getReturn("foo")
--- a/ruby/ql/test/library-tests/dataflow/api-graphs/use.expected
+++ b/ruby/ql/test/library-tests/dataflow/api-graphs/use.expected
--- a/ruby/ql/test/library-tests/dataflow/api-graphs/use.ql
+++ b/ruby/ql/test/library-tests/dataflow/api-graphs/use.ql
@@ -0,0 +1,35 @@
+import ruby
+import codeql.ruby.DataFlow
+import TestUtilities.InlineExpectationsTest
+import codeql.ruby.ApiGraphs
+
+class ApiUseTest extends InlineExpectationsTest {
+  ApiUseTest() { this = "ApiUseTest" }
+
+  override string getARelevantTag() { result = "use" }
+
+  private predicate relevantNode(API::Node a, DataFlow::Node n, Location l) {
+    n = a.getAUse() and
+    l = n.getLocation()
+  }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(API::Node a, DataFlow::Node n | relevantNode(a, n, location) |
+      tag = "use" and
+      // Only report the longest path on this line:
+      value =
+        max(API::Node a2, Location l2, DataFlow::Node n2 |
+          relevantNode(a2, n2, l2) and
+          l2.getFile() = location.getFile() and
+          l2.getStartLine() = location.getStartLine()
+        |
+          a2.getPath()
+          order by
+            size(n2.asExpr().getExpr()), a2.getPath().length() desc, a2.getPath() desc
+        ) and
+      element = n.toString()
+    )
+  }
+}
+
+private int size(AstNode n) { not n instanceof StmtSequence and result = count(n.getAChild*()) }
--- a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.expected
+++ b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.expected
@@ -0,0 +1,5 @@
+| barrier-guards.rb:3:4:3:15 | ... == ... | barrier-guards.rb:4:5:4:7 | foo | barrier-guards.rb:3:4:3:6 | foo | true |
+| barrier-guards.rb:9:4:9:24 | call to include? | barrier-guards.rb:10:5:10:7 | foo | barrier-guards.rb:9:21:9:23 | foo | true |
+| barrier-guards.rb:15:4:15:15 | ... != ... | barrier-guards.rb:18:5:18:7 | foo | barrier-guards.rb:15:4:15:6 | foo | false |
+| barrier-guards.rb:21:8:21:19 | ... == ... | barrier-guards.rb:24:5:24:7 | foo | barrier-guards.rb:21:8:21:10 | foo | true |
+| barrier-guards.rb:27:8:27:19 | ... != ... | barrier-guards.rb:28:5:28:7 | foo | barrier-guards.rb:27:8:27:10 | foo | false |
--- a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.ql
+++ b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.ql
@@ -0,0 +1,7 @@
+import codeql.ruby.dataflow.internal.DataFlowPublic
+import codeql.ruby.dataflow.BarrierGuards
+import codeql.ruby.controlflow.CfgNodes
+
+from BarrierGuard g, boolean branch, ExprCfgNode expr
+where g.checks(expr, branch)
+select g, g.getAGuardedNode(), expr, branch
--- a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.rb
+++ b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.rb
@@ -0,0 +1,33 @@
+foo = "foo"
+
+if foo == "foo"
+    foo
+else
+    foo
+end
+
+if ["foo"].include?(foo)
+    foo
+else
+    foo
+end
+
+if foo != "foo"
+    foo
+else
+    foo
+end
+
+unless foo == "foo"
+    foo
+else
+    foo
+end
+
+unless foo != "foo"
+    foo
+else
+    foo
+end
+
+foo
--- a/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected
+++ b/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected
@@ -0,0 +1,36 @@
+edges
+| call_sensitivity.rb:7:13:7:13 | x :  | call_sensitivity.rb:8:11:8:11 | x :  |
+| call_sensitivity.rb:8:11:8:11 | x :  | call_sensitivity.rb:15:20:15:20 | x :  |
+| call_sensitivity.rb:15:9:15:15 | "taint" :  | call_sensitivity.rb:7:13:7:13 | x :  |
+| call_sensitivity.rb:15:20:15:20 | x :  | call_sensitivity.rb:15:28:15:28 | x |
+| call_sensitivity.rb:17:27:17:27 | x :  | call_sensitivity.rb:18:17:18:17 | x :  |
+| call_sensitivity.rb:17:27:17:27 | x :  | call_sensitivity.rb:18:17:18:17 | x :  |
+| call_sensitivity.rb:18:17:18:17 | x :  | call_sensitivity.rb:27:17:27:17 | x :  |
+| call_sensitivity.rb:18:17:18:17 | x :  | call_sensitivity.rb:36:23:36:23 | x :  |
+| call_sensitivity.rb:27:17:27:17 | x :  | call_sensitivity.rb:27:27:27:27 | x |
+| call_sensitivity.rb:28:25:28:31 | "taint" :  | call_sensitivity.rb:17:27:17:27 | x :  |
+| call_sensitivity.rb:36:23:36:23 | x :  | call_sensitivity.rb:36:31:36:31 | x |
+| call_sensitivity.rb:37:25:37:31 | "taint" :  | call_sensitivity.rb:17:27:17:27 | x :  |
+nodes
+| call_sensitivity.rb:5:6:5:12 | "taint" | semmle.label | "taint" |
+| call_sensitivity.rb:7:13:7:13 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:8:11:8:11 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:15:9:15:15 | "taint" :  | semmle.label | "taint" :  |
+| call_sensitivity.rb:15:20:15:20 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:15:28:15:28 | x | semmle.label | x |
+| call_sensitivity.rb:17:27:17:27 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:17:27:17:27 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:18:17:18:17 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:18:17:18:17 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:27:17:27:17 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:27:27:27:27 | x | semmle.label | x |
+| call_sensitivity.rb:28:25:28:31 | "taint" :  | semmle.label | "taint" :  |
+| call_sensitivity.rb:36:23:36:23 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:36:31:36:31 | x | semmle.label | x |
+| call_sensitivity.rb:37:25:37:31 | "taint" :  | semmle.label | "taint" :  |
+subpaths
+#select
+| call_sensitivity.rb:5:6:5:12 | "taint" | call_sensitivity.rb:5:6:5:12 | "taint" | call_sensitivity.rb:5:6:5:12 | "taint" | $@ | call_sensitivity.rb:5:6:5:12 | "taint" | "taint" |
+| call_sensitivity.rb:15:28:15:28 | x | call_sensitivity.rb:15:9:15:15 | "taint" :  | call_sensitivity.rb:15:28:15:28 | x | $@ | call_sensitivity.rb:15:9:15:15 | "taint" :  | "taint" :  |
+| call_sensitivity.rb:27:27:27:27 | x | call_sensitivity.rb:28:25:28:31 | "taint" :  | call_sensitivity.rb:27:27:27:27 | x | $@ | call_sensitivity.rb:28:25:28:31 | "taint" :  | "taint" :  |
+| call_sensitivity.rb:36:31:36:31 | x | call_sensitivity.rb:37:25:37:31 | "taint" :  | call_sensitivity.rb:36:31:36:31 | x | $@ | call_sensitivity.rb:37:25:37:31 | "taint" :  | "taint" :  |
--- a/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.ql
+++ b/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.ql
@@ -0,0 +1,26 @@
+/**
+ * @kind path-problem
+ */
+
+import ruby
+import codeql.ruby.DataFlow
+import DataFlow::PathGraph
+
+class Conf extends DataFlow::Configuration {
+  Conf() { this = "Conf" }
+
+  override predicate isSource(DataFlow::Node src) {
+    src.asExpr().getExpr().(StringLiteral).getValueText() = "taint"
+  }
+
+  override predicate isSink(DataFlow::Node sink) {
+    exists(MethodCall mc |
+      mc.getMethodName() = "sink" and
+      mc.getAnArgument() = sink.asExpr().getExpr()
+    )
+  }
+}
+
+from DataFlow::PathNode source, DataFlow::PathNode sink, Conf conf
+where conf.hasFlowPath(source, sink)
+select sink, source, sink, "$@", source, source.toString()
--- a/ruby/ql/test/library-tests/dataflow/call-sensitivity/call_sensitivity.rb
+++ b/ruby/ql/test/library-tests/dataflow/call-sensitivity/call_sensitivity.rb
@@ -0,0 +1,38 @@
+def sink s
+    puts s
+end
+
+sink "taint"
+
+def yielder x
+    yield x
+end
+
+yielder "no taint" { |x| sink x } # no flow
+
+yielder "taint" { |x| puts x } # no flow
+
+yielder "taint" { |x| sink x } # flow
+
+def apply_lambda (lambda, x)
+    lambda.call(x)
+end
+
+my_lambda = -> (x) { sink x }
+apply_lambda(my_lambda, "no taint") # no flow
+
+my_lambda = -> (x) { puts x }
+apply_lambda(my_lambda, "taint") # no flow
+
+my_lambda = -> (x) { sink x }
+apply_lambda(my_lambda, "taint") # flow
+
+my_lambda = lambda { |x| sink x }
+apply_lambda(my_lambda, "no taint") # no flow
+
+my_lambda = lambda { |x| puts x }
+apply_lambda(my_lambda, "taint") # no flow
+
+my_lambda = lambda { |x| sink x }
+apply_lambda(my_lambda, "taint") # flow
+
--- a/ruby/ql/test/library-tests/dataflow/local/DataflowStep.expected
+++ b/ruby/ql/test/library-tests/dataflow/local/DataflowStep.expected
@@ -0,0 +1,58 @@
+| local_dataflow.rb:1:1:7:3 | self in foo | local_dataflow.rb:3:8:3:10 | self |
+| local_dataflow.rb:1:9:1:9 | a | local_dataflow.rb:1:9:1:9 | a |
+| local_dataflow.rb:1:9:1:9 | a | local_dataflow.rb:2:7:2:7 | a |
+| local_dataflow.rb:2:3:2:7 | ... = ... | local_dataflow.rb:3:13:3:13 | b |
+| local_dataflow.rb:2:7:2:7 | a | local_dataflow.rb:2:3:2:7 | ... = ... |
+| local_dataflow.rb:2:7:2:7 | a | local_dataflow.rb:2:3:2:7 | ... = ... |
+| local_dataflow.rb:2:7:2:7 | a | local_dataflow.rb:3:10:3:10 | a |
+| local_dataflow.rb:3:7:3:14 | ( ... ) | local_dataflow.rb:3:3:3:14 | ... = ... |
+| local_dataflow.rb:3:10:3:10 | [post] a | local_dataflow.rb:4:11:4:11 | a |
+| local_dataflow.rb:3:10:3:10 | a | local_dataflow.rb:4:11:4:11 | a |
+| local_dataflow.rb:3:13:3:13 | b | local_dataflow.rb:3:7:3:14 | ( ... ) |
+| local_dataflow.rb:3:13:3:13 | b | local_dataflow.rb:6:13:6:13 | b |
+| local_dataflow.rb:4:7:4:11 | ... = ... | local_dataflow.rb:4:3:4:11 | ... = ... |
+| local_dataflow.rb:4:11:4:11 | a | local_dataflow.rb:4:7:4:11 | ... = ... |
+| local_dataflow.rb:4:11:4:11 | a | local_dataflow.rb:5:12:5:12 | a |
+| local_dataflow.rb:5:7:5:13 | ( ... ) | local_dataflow.rb:5:3:5:13 | ... = ... |
+| local_dataflow.rb:5:8:5:12 | ... = ... | local_dataflow.rb:5:7:5:13 | ( ... ) |
+| local_dataflow.rb:5:12:5:12 | a | local_dataflow.rb:5:8:5:12 | ... = ... |
+| local_dataflow.rb:5:12:5:12 | a | local_dataflow.rb:6:8:6:8 | a |
+| local_dataflow.rb:6:7:6:14 | ( ... ) | local_dataflow.rb:6:3:6:14 | ... = ... |
+| local_dataflow.rb:6:8:6:13 | ... = ... | local_dataflow.rb:6:7:6:14 | ( ... ) |
+| local_dataflow.rb:6:10:6:11 | ... + ... | local_dataflow.rb:6:8:6:13 | ... = ... |
+| local_dataflow.rb:9:1:9:15 | ... = ... | local_dataflow.rb:10:14:10:18 | array |
+| local_dataflow.rb:9:9:9:15 | call to [] | local_dataflow.rb:9:1:9:15 | ... = ... |
+| local_dataflow.rb:9:9:9:15 | call to [] | local_dataflow.rb:9:1:9:15 | ... = ... |
+| local_dataflow.rb:10:5:13:3 | for ... in ... | local_dataflow.rb:10:1:13:3 | ... = ... |
+| local_dataflow.rb:10:9:10:9 | x | local_dataflow.rb:12:5:12:5 | x |
+| local_dataflow.rb:10:14:10:18 | array | local_dataflow.rb:10:5:13:3 | for ... in ... |
+| local_dataflow.rb:10:14:10:18 | array | local_dataflow.rb:15:10:15:14 | array |
+| local_dataflow.rb:12:3:12:5 | call to p | local_dataflow.rb:10:19:13:3 | do ... |
+| local_dataflow.rb:15:10:15:14 | array | local_dataflow.rb:15:1:17:3 | for ... in ... |
+| local_dataflow.rb:15:10:15:14 | array | local_dataflow.rb:19:10:19:14 | array |
+| local_dataflow.rb:16:3:16:10 | break | local_dataflow.rb:15:1:17:3 | for ... in ... |
+| local_dataflow.rb:16:9:16:10 | 10 | local_dataflow.rb:16:3:16:10 | break |
+| local_dataflow.rb:19:5:19:5 | x | local_dataflow.rb:20:6:20:6 | x |
+| local_dataflow.rb:19:10:19:14 | array | local_dataflow.rb:19:1:21:3 | for ... in ... |
+| local_dataflow.rb:20:3:20:25 | if ... | local_dataflow.rb:19:16:21:3 | do ... |
+| local_dataflow.rb:20:17:20:21 | break | local_dataflow.rb:19:1:21:3 | for ... in ... |
+| local_dataflow.rb:24:2:24:8 | break | local_dataflow.rb:23:1:25:3 | while ... |
+| local_dataflow.rb:24:8:24:8 | 5 | local_dataflow.rb:24:2:24:8 | break |
+| local_dataflow.rb:28:5:28:26 | M | local_dataflow.rb:28:1:28:26 | ... = ... |
+| local_dataflow.rb:28:15:28:22 | "module" | local_dataflow.rb:28:5:28:26 | M |
+| local_dataflow.rb:30:5:30:24 | C | local_dataflow.rb:30:1:30:24 | ... = ... |
+| local_dataflow.rb:30:14:30:20 | "class" | local_dataflow.rb:30:5:30:24 | C |
+| local_dataflow.rb:32:5:32:25 | bar | local_dataflow.rb:32:1:32:25 | ... = ... |
+| local_dataflow.rb:32:5:32:25 | bar | local_dataflow.rb:32:1:32:25 | ... = ... |
+| local_dataflow.rb:34:7:34:7 | x | local_dataflow.rb:34:7:34:7 | x |
+| local_dataflow.rb:34:7:34:7 | x | local_dataflow.rb:35:6:35:6 | x |
+| local_dataflow.rb:36:13:36:13 | 7 | local_dataflow.rb:36:6:36:13 | return |
+| local_dataflow.rb:41:7:41:7 | x | local_dataflow.rb:41:7:41:7 | x |
+| local_dataflow.rb:41:7:41:7 | x | local_dataflow.rb:42:6:42:6 | x |
+| local_dataflow.rb:43:13:43:13 | 7 | local_dataflow.rb:43:6:43:13 | return |
+| local_dataflow.rb:45:10:45:10 | 6 | local_dataflow.rb:45:3:45:10 | return |
+| local_dataflow.rb:49:3:53:3 | <captured> | local_dataflow.rb:50:18:50:18 | x |
+| local_dataflow.rb:50:8:50:13 | "next" | local_dataflow.rb:50:3:50:13 | next |
+| local_dataflow.rb:50:18:50:18 | [post] x | local_dataflow.rb:51:20:51:20 | x |
+| local_dataflow.rb:50:18:50:18 | x | local_dataflow.rb:51:20:51:20 | x |
+| local_dataflow.rb:51:9:51:15 | "break" | local_dataflow.rb:51:3:51:15 | break |
--- a/ruby/ql/test/library-tests/dataflow/local/DataflowStep.ql
+++ b/ruby/ql/test/library-tests/dataflow/local/DataflowStep.ql
@@ -0,0 +1,6 @@
+import ruby
+import codeql.ruby.DataFlow
+
+from DataFlow::Node pred, DataFlow::Node succ
+where DataFlow::localFlowStep(pred, succ)
+select pred, succ
--- a/ruby/ql/test/library-tests/dataflow/local/ReturnNodes.expected
+++ b/ruby/ql/test/library-tests/dataflow/local/ReturnNodes.expected
@@ -0,0 +1,9 @@
+| local_dataflow.rb:6:3:6:14 | ... = ... |
+| local_dataflow.rb:32:14:32:21 | "method" |
+| local_dataflow.rb:36:6:36:13 | return |
+| local_dataflow.rb:38:3:38:13 | "reachable" |
+| local_dataflow.rb:43:6:43:13 | return |
+| local_dataflow.rb:45:3:45:10 | return |
+| local_dataflow.rb:50:3:50:13 | next |
+| local_dataflow.rb:51:3:51:15 | break |
+| local_dataflow.rb:52:3:52:10 | "normal" |
--- a/ruby/ql/test/library-tests/dataflow/local/ReturnNodes.ql
+++ b/ruby/ql/test/library-tests/dataflow/local/ReturnNodes.ql
@@ -0,0 +1,4 @@
+import ruby
+import codeql.ruby.dataflow.internal.DataFlowPrivate
+
+select any(ReturningNode node)
--- a/ruby/ql/test/library-tests/dataflow/local/local_dataflow.rb
+++ b/ruby/ql/test/library-tests/dataflow/local/local_dataflow.rb
@@ -0,0 +1,53 @@
+def foo(a)
+  b = a
+  c = (p a; b)
+  d = c = a
+  d = (c = a)
+  e = (a += b)
+end
+
+array = [1,2,3]
+y = for x in array
+do
+  p x
+end
+
+for x in array do
+  break 10
+end
+
+for x in array do
+  if x > 1 then break end
+end
+
+while true
+ break 5
+end
+
+# string flows to x
+x = module M; "module" end
+# string flows to x
+x = class C; "class" end
+# string does not flow to x because "def" evaluates to a method symbol
+x = def bar; "method" end
+
+def m x 
+  if x == 4
+     return 7
+  end
+  "reachable"
+end
+
+def m x 
+  if x == 4
+     return 7
+  end
+  return 6
+  "unreachable"
+end
+
+m do
+  next "next" if x < 4 
+  break "break" if x < 9
+  "normal"
+end
--- a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected
+++ b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected
@@ -0,0 +1,35 @@
+edges
+| summaries.rb:1:11:1:26 | call to identity :  | summaries.rb:2:6:2:12 | tainted |
+| summaries.rb:1:11:1:26 | call to identity :  | summaries.rb:4:24:4:30 | tainted :  |
+| summaries.rb:1:11:1:26 | call to identity :  | summaries.rb:16:36:16:42 | tainted :  |
+| summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:1:11:1:26 | call to identity :  |
+| summaries.rb:4:12:7:3 | call to apply_block :  | summaries.rb:9:6:9:13 | tainted2 |
+| summaries.rb:4:24:4:30 | tainted :  | summaries.rb:4:12:7:3 | call to apply_block :  |
+| summaries.rb:4:24:4:30 | tainted :  | summaries.rb:4:36:4:36 | x :  |
+| summaries.rb:4:36:4:36 | x :  | summaries.rb:5:8:5:8 | x |
+| summaries.rb:11:17:11:17 | x :  | summaries.rb:12:8:12:8 | x |
+| summaries.rb:16:12:16:43 | call to apply_lambda :  | summaries.rb:18:6:18:13 | tainted3 |
+| summaries.rb:16:36:16:42 | tainted :  | summaries.rb:11:17:11:17 | x :  |
+| summaries.rb:16:36:16:42 | tainted :  | summaries.rb:16:12:16:43 | call to apply_lambda :  |
+nodes
+| summaries.rb:1:11:1:26 | call to identity :  | semmle.label | call to identity :  |
+| summaries.rb:1:20:1:26 | "taint" :  | semmle.label | "taint" :  |
+| summaries.rb:2:6:2:12 | tainted | semmle.label | tainted |
+| summaries.rb:4:12:7:3 | call to apply_block :  | semmle.label | call to apply_block :  |
+| summaries.rb:4:24:4:30 | tainted :  | semmle.label | tainted :  |
+| summaries.rb:4:36:4:36 | x :  | semmle.label | x :  |
+| summaries.rb:5:8:5:8 | x | semmle.label | x |
+| summaries.rb:9:6:9:13 | tainted2 | semmle.label | tainted2 |
+| summaries.rb:11:17:11:17 | x :  | semmle.label | x :  |
+| summaries.rb:12:8:12:8 | x | semmle.label | x |
+| summaries.rb:16:12:16:43 | call to apply_lambda :  | semmle.label | call to apply_lambda :  |
+| summaries.rb:16:36:16:42 | tainted :  | semmle.label | tainted :  |
+| summaries.rb:18:6:18:13 | tainted3 | semmle.label | tainted3 |
+subpaths
+invalidSpecComponent
+#select
+| summaries.rb:2:6:2:12 | tainted | summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:2:6:2:12 | tainted | $@ | summaries.rb:1:20:1:26 | "taint" :  | "taint" :  |
+| summaries.rb:5:8:5:8 | x | summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:5:8:5:8 | x | $@ | summaries.rb:1:20:1:26 | "taint" :  | "taint" :  |
+| summaries.rb:9:6:9:13 | tainted2 | summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:9:6:9:13 | tainted2 | $@ | summaries.rb:1:20:1:26 | "taint" :  | "taint" :  |
+| summaries.rb:12:8:12:8 | x | summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:12:8:12:8 | x | $@ | summaries.rb:1:20:1:26 | "taint" :  | "taint" :  |
+| summaries.rb:18:6:18:13 | tainted3 | summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:18:6:18:13 | tainted3 | $@ | summaries.rb:1:20:1:26 | "taint" :  | "taint" :  |
--- a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql
+++ b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql
@@ -0,0 +1,77 @@
+/**
+ * @kind path-problem
+ */
+
+import ruby
+import codeql.ruby.dataflow.FlowSummary
+import DataFlow::PathGraph
+import codeql.ruby.TaintTracking
+import codeql.ruby.dataflow.internal.FlowSummaryImpl
+
+query predicate invalidSpecComponent(SummarizedCallable sc, string s, string c) {
+  (sc.propagatesFlowExt(s, _, _) or sc.propagatesFlowExt(_, s, _)) and
+  Private::External::invalidSpecComponent(s, c)
+}
+
+private class SummarizedCallableIdentity extends SummarizedCallable {
+  SummarizedCallableIdentity() { this = "identity" }
+
+  override MethodCall getACall() { result.getMethodName() = this }
+
+  override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+    input = "Argument[0]" and
+    output = "ReturnValue" and
+    preservesValue = true
+  }
+}
+
+private class SummarizedCallableApplyBlock extends SummarizedCallable {
+  SummarizedCallableApplyBlock() { this = "apply_block" }
+
+  override MethodCall getACall() { result.getMethodName() = this }
+
+  override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+    input = "Argument[0]" and
+    output = "Parameter[0] of BlockArgument" and
+    preservesValue = true
+    or
+    input = "ReturnValue of BlockArgument" and
+    output = "ReturnValue" and
+    preservesValue = true
+  }
+}
+
+private class SummarizedCallableApplyLambda extends SummarizedCallable {
+  SummarizedCallableApplyLambda() { this = "apply_lambda" }
+
+  override MethodCall getACall() { result.getMethodName() = this }
+
+  override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+    input = "Argument[1]" and
+    output = "Parameter[0] of Argument[0]" and
+    preservesValue = true
+    or
+    input = "ReturnValue of Argument[0]" and
+    output = "ReturnValue" and
+    preservesValue = true
+  }
+}
+
+class Conf extends TaintTracking::Configuration {
+  Conf() { this = "FlowSummaries" }
+
+  override predicate isSource(DataFlow::Node src) {
+    src.asExpr().getExpr().(StringLiteral).getValueText() = "taint"
+  }
+
+  override predicate isSink(DataFlow::Node sink) {
+    exists(MethodCall mc |
+      mc.getMethodName() = "sink" and
+      mc.getAnArgument() = sink.asExpr().getExpr()
+    )
+  }
+}
+
+from DataFlow::PathNode source, DataFlow::PathNode sink, Conf conf
+where conf.hasFlowPath(source, sink)
+select sink, source, sink, "$@", source, source.toString()
--- a/ruby/ql/test/library-tests/dataflow/summaries/summaries.rb
+++ b/ruby/ql/test/library-tests/dataflow/summaries/summaries.rb
@@ -0,0 +1,18 @@
+tainted = identity "taint"
+sink tainted
+
+tainted2 = apply_block tainted do |x|
+  sink x
+  x
+end
+
+sink tainted2
+
+my_lambda = -> (x) {
+  sink x
+  x
+}
+
+tainted3 = apply_lambda(my_lambda, tainted)
+
+sink(tainted3)