From 9dfea8006d5c465f24514413b68cde2ee67c4726 Mon Sep 17 00:00:00 2001
From: Tom Hvitved <hvitved@github.com>
Date: Wed, 27 Jan 2021 10:44:49 +0100
Subject: [PATCH] Add `UninitializedLocal.ql` query

---
 .../queries/variables/UninitializedLocal.ql   | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 ql/src/queries/variables/UninitializedLocal.ql

diff --git a/ql/src/queries/variables/UninitializedLocal.ql b/ql/src/queries/variables/UninitializedLocal.ql
new file mode 100644
index 00000000000..307eac0dee0
--- /dev/null
+++ b/ql/src/queries/variables/UninitializedLocal.ql
@@ -0,0 +1,32 @@
+/**
+ * @name Potentially uninitialized local variable
+ * @description Using a local variable before it is initialized gives the variable a default
+ *              'nil' value.
+ * @kind problem
+ * @problem.severity error
+ * @id rb/uninitialized-local-variable
+ * @tags reliability
+ *       correctness
+ * @precision low
+ */
+
+import ruby
+import codeql_ruby.dataflow.SSA
+
+class RelevantLocalVariableReadAccess extends LocalVariableReadAccess {
+  RelevantLocalVariableReadAccess() {
+    not exists(Call c |
+      c.getReceiver() = this and
+      c.getMethodName() = "nil?"
+    )
+  }
+}
+
+from RelevantLocalVariableReadAccess read, LocalVariable v
+where
+  v = read.getVariable() and
+  exists(Ssa::Definition def |
+    def.getAnUltimateDefinition() instanceof Ssa::UninitializedDefinition and
+    exists(def.getARead(read))
+  )
+select read, "Local variable $@ may be used before it is initialized.", v, v.getName()