Ruby: add stacktrace exposure query

ruby/ql/test/query-tests/security/cwe-209/StackTraceExposure.expected

@@ -0,0 +1,10 @@
+edges
+| StackTraceExposure.rb:11:10:11:17 | call to caller :  | StackTraceExposure.rb:12:12:12:13 | bt |
+nodes
+| StackTraceExposure.rb:6:12:6:22 | call to backtrace | semmle.label | call to backtrace |
+| StackTraceExposure.rb:11:10:11:17 | call to caller :  | semmle.label | call to caller :  |
+| StackTraceExposure.rb:12:12:12:13 | bt | semmle.label | bt |
+subpaths
+#select
+| StackTraceExposure.rb:6:12:6:22 | call to backtrace | StackTraceExposure.rb:6:12:6:22 | call to backtrace | StackTraceExposure.rb:6:12:6:22 | call to backtrace | $@ can be exposed to an external user. | StackTraceExposure.rb:6:12:6:22 | call to backtrace | Error information |
+| StackTraceExposure.rb:12:12:12:13 | bt | StackTraceExposure.rb:11:10:11:17 | call to caller :  | StackTraceExposure.rb:12:12:12:13 | bt | $@ can be exposed to an external user. | StackTraceExposure.rb:11:10:11:17 | call to caller | Error information |

ruby/ql/test/query-tests/security/cwe-209/StackTraceExposure.qlref

@@ -0,0 +1 @@
+queries/security/cwe-209/StackTraceExposure.ql

ruby/ql/test/query-tests/security/cwe-209/StackTraceExposure.rb

@@ -0,0 +1,15 @@
+class FooController < ApplicationController
+
+  def show
+    something_that_might_fail()
+  rescue => e
+    render e.backtrace, content_type: "text/plain"
+  end
+
+
+  def show2
+    bt = caller()
+    render bt, content_type: "text/plain"
+  end
+
+end