Merge pull request #10376 from hvitved/ruby/no-ast-by-default

Ruby: Do not expose AST layer through `ruby.qll`
2025-12-24 04:36:35 +01:00 · 2022-09-21 13:15:30 +02:00
parent e53382cffa c6cd2d66f8
commit a9f2e5272f
178 changed files with 192 additions and 184 deletions
--- a/ruby/ql/src/queries/analysis/Definitions.ql
+++ b/ruby/ql/src/queries/analysis/Definitions.ql
@@ -10,7 +10,7 @@
 *    - should `Foo.new` point to `Foo#initialize`?
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.ast.internal.Module
 import codeql.ruby.dataflow.SSA

--- a/ruby/ql/src/queries/diagnostics/ExtractionErrors.ql
+++ b/ruby/ql/src/queries/diagnostics/ExtractionErrors.ql
@@ -5,7 +5,7 @@
 * @id rb/diagnostics/extraction-errors
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.Diagnostics

 /** Gets the SARIF severity to associate an error. */
--- a/ruby/ql/src/queries/diagnostics/SuccessfullyExtractedFiles.ql
+++ b/ruby/ql/src/queries/diagnostics/SuccessfullyExtractedFiles.ql
@@ -6,7 +6,7 @@
 * @id rb/diagnostics/successfully-extracted-files
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.Diagnostics

 from File f
--- a/ruby/ql/src/queries/metrics/FLines.ql
+++ b/ruby/ql/src/queries/metrics/FLines.ql
@@ -6,7 +6,7 @@
 * @id rb/lines-per-file
 */

-import ruby
+import codeql.ruby.AST

 from RubyFile f, int n
 where n = f.getNumberOfLines()
--- a/ruby/ql/src/queries/metrics/FLinesOfCode.ql
+++ b/ruby/ql/src/queries/metrics/FLinesOfCode.ql
@@ -7,7 +7,7 @@
 * @id rb/lines-of-code-in-files
 */

-import ruby
+import codeql.ruby.AST

 from RubyFile f, int n
 where n = f.getNumberOfLinesOfCode()
--- a/ruby/ql/src/queries/metrics/FLinesOfComments.ql
+++ b/ruby/ql/src/queries/metrics/FLinesOfComments.ql
@@ -6,7 +6,7 @@
 * @id rb/lines-of-comments-in-files
 */

-import ruby
+import codeql.ruby.AST

 from RubyFile f, int n
 where n = f.getNumberOfLinesOfComments()
--- a/ruby/ql/src/queries/security/cwe-022/PathInjection.ql
+++ b/ruby/ql/src/queries/security/cwe-022/PathInjection.ql
@@ -15,7 +15,7 @@
 *       external/cwe/cwe-099
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.security.PathInjectionQuery
 import codeql.ruby.DataFlow
 import DataFlow::PathGraph
--- a/ruby/ql/src/queries/security/cwe-078/CommandInjection.ql
+++ b/ruby/ql/src/queries/security/cwe-078/CommandInjection.ql
@@ -13,7 +13,7 @@
 *       external/cwe/cwe-088
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.security.CommandInjectionQuery
 import DataFlow::PathGraph

--- a/ruby/ql/src/queries/security/cwe-078/KernelOpen.ql
+++ b/ruby/ql/src/queries/security/cwe-078/KernelOpen.ql
@@ -14,7 +14,7 @@
 *       external/cwe/cwe-073
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.ApiGraphs
 import codeql.ruby.frameworks.core.Kernel::Kernel
 import codeql.ruby.TaintTracking
--- a/ruby/ql/src/queries/security/cwe-079/ReflectedXSS.ql
+++ b/ruby/ql/src/queries/security/cwe-079/ReflectedXSS.ql
@@ -13,7 +13,7 @@
 *       external/cwe/cwe-116
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.security.ReflectedXSSQuery
 import DataFlow::PathGraph

--- a/ruby/ql/src/queries/security/cwe-079/StoredXSS.ql
+++ b/ruby/ql/src/queries/security/cwe-079/StoredXSS.ql
@@ -12,7 +12,7 @@
 *       external/cwe/cwe-116
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.security.StoredXSSQuery
 import DataFlow::PathGraph

--- a/ruby/ql/src/queries/security/cwe-089/SqlInjection.ql
+++ b/ruby/ql/src/queries/security/cwe-089/SqlInjection.ql
@@ -11,7 +11,7 @@
 *       external/cwe/cwe-089
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.Concepts
 import codeql.ruby.DataFlow
 import codeql.ruby.dataflow.BarrierGuards
--- a/ruby/ql/src/queries/security/cwe-094/CodeInjection.ql
+++ b/ruby/ql/src/queries/security/cwe-094/CodeInjection.ql
@@ -14,7 +14,7 @@
 *       external/cwe/cwe-116
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.security.CodeInjectionQuery
 import DataFlow::PathGraph

--- a/ruby/ql/src/queries/security/cwe-116/IncompleteSanitization.ql
+++ b/ruby/ql/src/queries/security/cwe-116/IncompleteSanitization.ql
@@ -14,7 +14,7 @@
 *       external/cwe/cwe-116
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.DataFlow
 import codeql.ruby.controlflow.CfgNodes
 import codeql.ruby.frameworks.core.String
--- a/ruby/ql/src/queries/security/cwe-117/LogInjection.ql
+++ b/ruby/ql/src/queries/security/cwe-117/LogInjection.ql
@@ -11,7 +11,7 @@
 *       external/cwe/cwe-117
 */

-import ruby
+import codeql.ruby.AST
 import DataFlow::PathGraph
 import codeql.ruby.security.LogInjectionQuery

--- a/ruby/ql/src/queries/security/cwe-1333/RegExpInjection.ql
+++ b/ruby/ql/src/queries/security/cwe-1333/RegExpInjection.ql
@@ -15,7 +15,7 @@
 *       external/cwe/cwe-400
 */

-import ruby
+import codeql.ruby.AST
 import DataFlow::PathGraph
 import codeql.ruby.DataFlow
 import codeql.ruby.security.regexp.RegExpInjectionQuery
--- a/ruby/ql/src/queries/security/cwe-134/TaintedFormatString.ql
+++ b/ruby/ql/src/queries/security/cwe-134/TaintedFormatString.ql
@@ -10,7 +10,7 @@
 *       external/cwe/cwe-134
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.DataFlow
 import codeql.ruby.security.TaintedFormatStringQuery
 import DataFlow::PathGraph
--- a/ruby/ql/src/queries/security/cwe-295/RequestWithoutValidation.ql
+++ b/ruby/ql/src/queries/security/cwe-295/RequestWithoutValidation.ql
@@ -11,7 +11,7 @@
 *       external/cwe/cwe-295
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.Concepts
 import codeql.ruby.DataFlow

--- a/ruby/ql/src/queries/security/cwe-300/InsecureDependencyResolution.ql
+++ b/ruby/ql/src/queries/security/cwe-300/InsecureDependencyResolution.ql
@@ -14,7 +14,7 @@
 *       external/cwe/cwe-829
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.security.InsecureDependencyQuery

 from Expr url, string msg
--- a/ruby/ql/src/queries/security/cwe-312/CleartextLogging.ql
+++ b/ruby/ql/src/queries/security/cwe-312/CleartextLogging.ql
@@ -13,7 +13,7 @@
 *       external/cwe/cwe-532
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.security.CleartextLoggingQuery
 import codeql.ruby.DataFlow
 import DataFlow::PathGraph
--- a/ruby/ql/src/queries/security/cwe-312/CleartextStorage.ql
+++ b/ruby/ql/src/queries/security/cwe-312/CleartextStorage.ql
@@ -13,7 +13,7 @@
 *       external/cwe/cwe-532
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.security.CleartextStorageQuery
 import codeql.ruby.security.CleartextStorageCustomizations::CleartextStorage
 import codeql.ruby.DataFlow
--- a/ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.ql
+++ b/ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.ql
@@ -10,7 +10,7 @@
 *       external/cwe/cwe-327
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.Concepts

 from Cryptography::CryptographicOperation operation, string msgPrefix
--- a/ruby/ql/src/queries/security/cwe-352/CSRFProtectionDisabled.ql
+++ b/ruby/ql/src/queries/security/cwe-352/CSRFProtectionDisabled.ql
@@ -11,7 +11,7 @@
 *       external/cwe/cwe-352
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.Concepts

 from CsrfProtectionSetting s
--- a/ruby/ql/src/queries/security/cwe-502/UnsafeDeserialization.ql
+++ b/ruby/ql/src/queries/security/cwe-502/UnsafeDeserialization.ql
@@ -11,7 +11,7 @@
 *       external/cwe/cwe-502
 */

-import ruby
+import codeql.ruby.AST
 import DataFlow::PathGraph
 import codeql.ruby.DataFlow
 import codeql.ruby.security.UnsafeDeserializationQuery
--- a/ruby/ql/src/queries/security/cwe-601/UrlRedirect.ql
+++ b/ruby/ql/src/queries/security/cwe-601/UrlRedirect.ql
@@ -12,7 +12,7 @@
 * @precision high
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.security.UrlRedirectQuery
 import codeql.ruby.DataFlow::DataFlow::PathGraph

--- a/ruby/ql/src/queries/security/cwe-611/Xxe.ql
+++ b/ruby/ql/src/queries/security/cwe-611/Xxe.ql
@@ -13,7 +13,7 @@
 *       external/cwe/cwe-827
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.dataflow.RemoteFlowSources
 import codeql.ruby.TaintTracking
 import codeql.ruby.Concepts
--- a/ruby/ql/src/queries/security/cwe-732/WeakCookieConfiguration.ql
+++ b/ruby/ql/src/queries/security/cwe-732/WeakCookieConfiguration.ql
@@ -11,7 +11,7 @@
 * @precision high
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.Concepts
 import codeql.ruby.Frameworks

--- a/ruby/ql/src/queries/security/cwe-732/WeakFilePermissions.ql
+++ b/ruby/ql/src/queries/security/cwe-732/WeakFilePermissions.ql
@@ -10,7 +10,7 @@
 * @precision low
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.Concepts
 import codeql.ruby.DataFlow
 import DataFlow::PathGraph
--- a/ruby/ql/src/queries/security/cwe-798/HardcodedCredentials.ql
+++ b/ruby/ql/src/queries/security/cwe-798/HardcodedCredentials.ql
@@ -12,7 +12,7 @@
 *       external/cwe/cwe-798
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.DataFlow
 import DataFlow::PathGraph
 import codeql.ruby.TaintTracking
--- a/ruby/ql/src/queries/security/cwe-829/InsecureDownload.ql
+++ b/ruby/ql/src/queries/security/cwe-829/InsecureDownload.ql
@@ -11,7 +11,7 @@
 *       external/cwe/cwe-829
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.DataFlow
 import codeql.ruby.security.InsecureDownloadQuery
 import DataFlow::PathGraph
--- a/ruby/ql/src/queries/security/cwe-912/HttpToFileAccess.ql
+++ b/ruby/ql/src/queries/security/cwe-912/HttpToFileAccess.ql
@@ -11,7 +11,7 @@
 *       external/cwe/cwe-434
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.DataFlow
 import codeql.ruby.DataFlow::DataFlow::PathGraph
 import codeql.ruby.security.HttpToFileAccessQuery
--- a/ruby/ql/src/queries/security/cwe-918/ServerSideRequestForgery.ql
+++ b/ruby/ql/src/queries/security/cwe-918/ServerSideRequestForgery.ql
@@ -10,7 +10,7 @@
 *       external/cwe/cwe-918
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.DataFlow
 import codeql.ruby.security.ServerSideRequestForgeryQuery
 import DataFlow::PathGraph
--- a/ruby/ql/src/queries/summary/LinesOfCode.ql
+++ b/ruby/ql/src/queries/summary/LinesOfCode.ql
@@ -10,6 +10,6 @@
 *       lines-of-code
 */

-import ruby
+import codeql.ruby.AST

 select sum(RubyFile f | exists(f.getRelativePath()) | f.getNumberOfLinesOfCode())
--- a/ruby/ql/src/queries/summary/LinesOfUserCode.ql
+++ b/ruby/ql/src/queries/summary/LinesOfUserCode.ql
@@ -8,7 +8,7 @@
 * @tags summary
 */

-import ruby
+import codeql.ruby.AST

 select sum(RubyFile f |
    f.fromSource() and
--- a/ruby/ql/src/queries/summary/NumberOfFilesExtractedWithErrors.ql
+++ b/ruby/ql/src/queries/summary/NumberOfFilesExtractedWithErrors.ql
@@ -7,7 +7,7 @@
 * @tags summary
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.Diagnostics

 select count(File f |
--- a/ruby/ql/src/queries/summary/NumberOfSuccessfullyExtractedFiles.ql
+++ b/ruby/ql/src/queries/summary/NumberOfSuccessfullyExtractedFiles.ql
@@ -7,7 +7,7 @@
 * @tags summary
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.Diagnostics

 select count(File f |
--- a/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql
+++ b/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql
@@ -10,7 +10,7 @@
 * @precision low
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.dataflow.SSA

 class RelevantLocalVariableWriteAccess extends LocalVariableWriteAccess {
--- a/ruby/ql/src/queries/variables/UninitializedLocal.ql
+++ b/ruby/ql/src/queries/variables/UninitializedLocal.ql
@@ -10,7 +10,7 @@
 * @precision low
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.dataflow.SSA

 class RelevantLocalVariableReadAccess extends LocalVariableReadAccess {
--- a/ruby/ql/src/queries/variables/UnusedParameter.ql
+++ b/ruby/ql/src/queries/variables/UnusedParameter.ql
@@ -10,7 +10,7 @@
 * @precision low
 */

-import ruby
+import codeql.ruby.AST
 import codeql.ruby.dataflow.SSA

 class RelevantParameterVariable extends LocalVariable {