Add getURL to HTTP::Client::Request

This member predicate gets dataflow nodes which contribute to the URL of
the request.

Also consolidate the identical tests for each HTTP client.

ruby/ql/lib/codeql/ruby/Concepts.qll

@@ -417,6 +417,12 @@ module HTTP {
       /** Gets a node which returns the body of the response */
       DataFlow::Node getResponseBody() { result = super.getResponseBody() }
 
+      /**
+       * Gets a node that contributes to the URL of the request.
+       * Depending on the framework, a request may have multiple nodes which contribute to the URL.
+       */
+      DataFlow::Node getURL() { result = super.getURL() }
+
       /** Gets a string that identifies the framework used for this request. */
       string getFramework() { result = super.getFramework() }
 
@@ -442,6 +448,12 @@ module HTTP {
         /** Gets a node which returns the body of the response */
         abstract DataFlow::Node getResponseBody();
 
+        /**
+         * Gets a node that contributes to the URL of the request.
+         * Depending on the framework, a request may have multiple nodes which contribute to the URL.
+         */
+        abstract DataFlow::Node getURL();
+
         /** Gets a string that identifies the framework used for this request. */
         abstract string getFramework();
 

ruby/ql/lib/codeql/ruby/frameworks/http_clients/Excon.qll

@@ -18,12 +18,14 @@ private import codeql.ruby.ApiGraphs
  * https://github.com/excon/excon/blob/master/README.md
  */
 class ExconHttpRequest extends HTTP::Client::Request::Range {
-  DataFlow::Node requestUse;
+  DataFlow::CallNode requestUse;
   API::Node requestNode;
   API::Node connectionNode;
+  DataFlow::Node connectionUse;
 
   ExconHttpRequest() {
     requestUse = requestNode.getAnImmediateUse() and
+    connectionUse = connectionNode.getAnImmediateUse() and
     connectionNode =
       [
         // one-off requests
@@ -44,6 +46,17 @@ class ExconHttpRequest extends HTTP::Client::Request::Range {
 
   override DataFlow::Node getResponseBody() { result = requestNode.getAMethodCall("body") }
 
+  override DataFlow::Node getURL() {
+    // For one-off requests, the URL is in the first argument of the request method call.
+    // For connection re-use, the URL is split between the first argument of the `new` call
+    // the `path` keyword argument of the request method call.
+    result = requestUse.getArgument(0) and not result.asExpr().getExpr() instanceof Pair
+    or
+    result = requestUse.getKeywordArgument("path")
+    or
+    result = connectionUse.(DataFlow::CallNode).getArgument(0)
+  }
+
   override predicate disablesCertificateValidation(DataFlow::Node disablingNode) {
     // Check for `ssl_verify_peer: false` in the options hash.
     exists(DataFlow::Node arg, int i |

ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll

@@ -14,9 +14,10 @@ private import codeql.ruby.ApiGraphs
  * ```
  */
 class FaradayHttpRequest extends HTTP::Client::Request::Range {
-  DataFlow::Node requestUse;
   API::Node requestNode;
   API::Node connectionNode;
+  DataFlow::Node connectionUse;
+  DataFlow::CallNode requestUse;
 
   FaradayHttpRequest() {
     connectionNode =
@@ -29,11 +30,17 @@ class FaradayHttpRequest extends HTTP::Client::Request::Range {
     requestNode =
       connectionNode.getReturn(["get", "head", "delete", "post", "put", "patch", "trace"]) and
     requestUse = requestNode.getAnImmediateUse() and
+    connectionUse = connectionNode.getAnImmediateUse() and
     this = requestUse.asExpr().getExpr()
   }
 
   override DataFlow::Node getResponseBody() { result = requestNode.getAMethodCall("body") }
 
+  override DataFlow::Node getURL() {
+    result = requestUse.getArgument(0) or
+    result = connectionUse.(DataFlow::CallNode).getArgument(0)
+  }
+
   override predicate disablesCertificateValidation(DataFlow::Node disablingNode) {
     // `Faraday::new` takes an options hash as its second argument, and we're
     // looking for

ruby/ql/lib/codeql/ruby/frameworks/http_clients/HttpClient.qll

@@ -12,7 +12,7 @@ private import codeql.ruby.ApiGraphs
 class HttpClientRequest extends HTTP::Client::Request::Range {
   API::Node requestNode;
   API::Node connectionNode;
-  DataFlow::Node requestUse;
+  DataFlow::CallNode requestUse;
   string method;
 
   HttpClientRequest() {
@@ -31,6 +31,8 @@ class HttpClientRequest extends HTTP::Client::Request::Range {
     this = requestUse.asExpr().getExpr()
   }
 
+  override DataFlow::Node getURL() { result = requestUse.getArgument(0) }
+
   override DataFlow::Node getResponseBody() {
     // The `get_content` and `post_content` methods return the response body as
     // a string. The other methods return a `HTTPClient::Message` object which

ruby/ql/lib/codeql/ruby/frameworks/http_clients/Httparty.qll

@@ -18,7 +18,7 @@ private import codeql.ruby.ApiGraphs
  */
 class HttpartyRequest extends HTTP::Client::Request::Range {
   API::Node requestNode;
-  DataFlow::Node requestUse;
+  DataFlow::CallNode requestUse;
 
   HttpartyRequest() {
     requestUse = requestNode.getAnImmediateUse() and
@@ -28,6 +28,8 @@ class HttpartyRequest extends HTTP::Client::Request::Range {
     this = requestUse.asExpr().getExpr()
   }
 
+  override DataFlow::Node getURL() { result = requestUse.getArgument(0) }
+
   override DataFlow::Node getResponseBody() {
     // If HTTParty can recognise the response type, it will parse and return it
     // directly from the request call. Otherwise, it will return a `HTTParty::Response`

ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll

@@ -46,7 +46,7 @@ class NetHttpRequest extends HTTP::Client::Request::Range {
    * Gets the node representing the URL of the request.
    * Currently unused, but may be useful in future, e.g. to filter out certain requests.
    */
-  DataFlow::Node getURLArgument() { result = request.getArgument(0) }
+  override DataFlow::Node getURL() { result = request.getArgument(0) }
 
   override DataFlow::Node getResponseBody() { result = responseBody }
 

ruby/ql/lib/codeql/ruby/frameworks/http_clients/OpenURI.qll

@@ -14,7 +14,7 @@ private import codeql.ruby.frameworks.StandardLibrary
  */
 class OpenUriRequest extends HTTP::Client::Request::Range {
   API::Node requestNode;
-  DataFlow::Node requestUse;
+  DataFlow::CallNode requestUse;
 
   OpenUriRequest() {
     requestNode =
@@ -24,6 +24,8 @@ class OpenUriRequest extends HTTP::Client::Request::Range {
     this = requestUse.asExpr().getExpr()
   }
 
+  override DataFlow::Node getURL() { result = requestUse.getArgument(0) }
+
   override DataFlow::Node getResponseBody() {
     result = requestNode.getAMethodCall(["read", "readlines"])
   }
@@ -48,7 +50,7 @@ class OpenUriRequest extends HTTP::Client::Request::Range {
  * ```
  */
 class OpenUriKernelOpenRequest extends HTTP::Client::Request::Range {
-  DataFlow::Node requestUse;
+  DataFlow::CallNode requestUse;
 
   OpenUriKernelOpenRequest() {
     requestUse instanceof KernelMethodCall and
@@ -56,6 +58,8 @@ class OpenUriKernelOpenRequest extends HTTP::Client::Request::Range {
     this = requestUse.asExpr().getExpr()
   }
 
+  override DataFlow::Node getURL() { result = requestUse.getArgument(0) }
+
   override DataFlow::CallNode getResponseBody() {
     result.asExpr().getExpr().(MethodCall).getMethodName() in ["read", "readlines"] and
     requestUse.(DataFlow::LocalSourceNode).flowsTo(result.getReceiver())

ruby/ql/lib/codeql/ruby/frameworks/http_clients/RestClient.qll

@@ -9,7 +9,7 @@ private import codeql.ruby.ApiGraphs
  * ```
  */
 class RestClientHttpRequest extends HTTP::Client::Request::Range {
-  DataFlow::Node requestUse;
+  DataFlow::CallNode requestUse;
   API::Node requestNode;
   API::Node connectionNode;
 
@@ -25,6 +25,8 @@ class RestClientHttpRequest extends HTTP::Client::Request::Range {
     this = requestUse.asExpr().getExpr()
   }
 
+  override DataFlow::Node getURL() { result = requestUse.getArgument(0) }
+
   override DataFlow::Node getResponseBody() { result = requestNode.getAMethodCall("body") }
 
   override predicate disablesCertificateValidation(DataFlow::Node disablingNode) {

ruby/ql/lib/codeql/ruby/frameworks/http_clients/Typhoeus.qll

@@ -9,7 +9,7 @@ private import codeql.ruby.ApiGraphs
  * ```
  */
 class TyphoeusHttpRequest extends HTTP::Client::Request::Range {
-  DataFlow::Node requestUse;
+  DataFlow::CallNode requestUse;
   API::Node requestNode;
 
   TyphoeusHttpRequest() {
@@ -20,6 +20,8 @@ class TyphoeusHttpRequest extends HTTP::Client::Request::Range {
     this = requestUse.asExpr().getExpr()
   }
 
+  override DataFlow::Node getURL() { result = requestUse.getArgument(0) }
+
   override DataFlow::Node getResponseBody() { result = requestNode.getAMethodCall("body") }
 
   override predicate disablesCertificateValidation(DataFlow::Node disablingNode) {

ruby/ql/test/library-tests/frameworks/http_clients/Excon.expected

@@ -1,12 +0,0 @@
-| Excon.rb:3:9:3:40 | call to get | Excon.rb:4:1:4:10 | call to body |
-| Excon.rb:6:9:6:60 | call to post | Excon.rb:7:1:7:10 | call to body |
-| Excon.rb:9:9:9:59 | call to put | Excon.rb:10:1:10:10 | call to body |
-| Excon.rb:12:9:12:61 | call to patch | Excon.rb:13:1:13:10 | call to body |
-| Excon.rb:15:9:15:43 | call to delete | Excon.rb:16:1:16:10 | call to body |
-| Excon.rb:18:9:18:41 | call to head | Excon.rb:19:1:19:10 | call to body |
-| Excon.rb:21:9:21:44 | call to options | Excon.rb:22:1:22:10 | call to body |
-| Excon.rb:24:9:24:42 | call to trace | Excon.rb:25:1:25:10 | call to body |
-| Excon.rb:28:9:28:34 | call to get | Excon.rb:29:1:29:10 | call to body |
-| Excon.rb:31:10:31:39 | call to post | Excon.rb:32:1:32:11 | call to body |
-| Excon.rb:35:9:35:34 | call to get | Excon.rb:36:1:36:10 | call to body |
-| Excon.rb:38:10:38:39 | call to post | Excon.rb:39:1:39:11 | call to body |

ruby/ql/test/library-tests/frameworks/http_clients/Excon.ql

@@ -1,4 +0,0 @@
-import codeql.ruby.frameworks.http_clients.Excon
-import codeql.ruby.DataFlow
-
-query DataFlow::Node exconHttpRequests(ExconHttpRequest e) { result = e.getResponseBody() }

ruby/ql/test/library-tests/frameworks/http_clients/Faraday.expected

@@ -1,9 +0,0 @@
-| Faraday.rb:3:9:3:42 | call to get | Faraday.rb:4:1:4:10 | call to body |
-| Faraday.rb:6:9:6:62 | call to post | Faraday.rb:7:1:7:10 | call to body |
-| Faraday.rb:9:9:9:61 | call to put | Faraday.rb:10:1:10:10 | call to body |
-| Faraday.rb:12:9:12:63 | call to patch | Faraday.rb:13:1:13:10 | call to body |
-| Faraday.rb:15:9:15:45 | call to delete | Faraday.rb:16:1:16:10 | call to body |
-| Faraday.rb:18:9:18:43 | call to head | Faraday.rb:19:1:19:10 | call to body |
-| Faraday.rb:24:9:24:44 | call to trace | Faraday.rb:25:1:25:10 | call to body |
-| Faraday.rb:28:9:28:27 | call to get | Faraday.rb:29:1:29:10 | call to body |
-| Faraday.rb:31:10:31:46 | call to post | Faraday.rb:32:1:32:11 | call to body |

ruby/ql/test/library-tests/frameworks/http_clients/Faraday.ql

@@ -1,4 +0,0 @@
-import codeql.ruby.frameworks.http_clients.Faraday
-import codeql.ruby.DataFlow
-
-query DataFlow::Node faradayHttpRequests(FaradayHttpRequest e) { result = e.getResponseBody() }

ruby/ql/test/library-tests/frameworks/http_clients/HttpClient.expected

@@ -1,9 +0,0 @@
-| HttpClient.rb:3:9:3:45 | call to get | HttpClient.rb:4:1:4:10 | call to body |
-| HttpClient.rb:6:9:6:65 | call to post | HttpClient.rb:7:1:7:13 | call to content |
-| HttpClient.rb:9:9:9:64 | call to put | HttpClient.rb:10:1:10:15 | call to http_body |
-| HttpClient.rb:12:9:12:48 | call to delete | HttpClient.rb:13:1:13:10 | call to dump |
-| HttpClient.rb:15:9:15:46 | call to head | HttpClient.rb:16:1:16:10 | call to body |
-| HttpClient.rb:18:9:18:49 | call to options | HttpClient.rb:19:1:19:13 | call to content |
-| HttpClient.rb:21:9:21:47 | call to trace | HttpClient.rb:22:1:22:15 | call to http_body |
-| HttpClient.rb:24:9:24:53 | call to get_content | HttpClient.rb:24:9:24:53 | call to get_content |
-| HttpClient.rb:26:10:26:74 | call to post_content | HttpClient.rb:26:10:26:74 | call to post_content |

ruby/ql/test/library-tests/frameworks/http_clients/HttpClient.ql

@@ -1,4 +0,0 @@
-import codeql.ruby.frameworks.http_clients.HttpClient
-import codeql.ruby.DataFlow
-
-query DataFlow::Node httpClientRequests(HttpClientRequest e) { result = e.getResponseBody() }

ruby/ql/test/library-tests/frameworks/http_clients/HttpClients.expected

@@ -0,0 +1,68 @@
+| Excon.rb:3:9:3:40 | call to get | Excon | Excon.rb:3:19:3:39 | "http://example.com/" | Excon.rb:4:1:4:10 | call to body |
+| Excon.rb:6:9:6:60 | call to post | Excon | Excon.rb:6:20:6:40 | "http://example.com/" | Excon.rb:7:1:7:10 | call to body |
+| Excon.rb:9:9:9:59 | call to put | Excon | Excon.rb:9:19:9:39 | "http://example.com/" | Excon.rb:10:1:10:10 | call to body |
+| Excon.rb:12:9:12:61 | call to patch | Excon | Excon.rb:12:21:12:41 | "http://example.com/" | Excon.rb:13:1:13:10 | call to body |
+| Excon.rb:15:9:15:43 | call to delete | Excon | Excon.rb:15:22:15:42 | "http://example.com/" | Excon.rb:16:1:16:10 | call to body |
+| Excon.rb:18:9:18:41 | call to head | Excon | Excon.rb:18:20:18:40 | "http://example.com/" | Excon.rb:19:1:19:10 | call to body |
+| Excon.rb:21:9:21:44 | call to options | Excon | Excon.rb:21:23:21:43 | "http://example.com/" | Excon.rb:22:1:22:10 | call to body |
+| Excon.rb:24:9:24:42 | call to trace | Excon | Excon.rb:24:21:24:41 | "http://example.com/" | Excon.rb:25:1:25:10 | call to body |
+| Excon.rb:28:9:28:34 | call to get | Excon | Excon.rb:27:25:27:44 | "http://example.com" | Excon.rb:29:1:29:10 | call to body |
+| Excon.rb:28:9:28:34 | call to get | Excon | Excon.rb:28:31:28:33 | "/" | Excon.rb:29:1:29:10 | call to body |
+| Excon.rb:31:10:31:39 | call to post | Excon | Excon.rb:27:25:27:44 | "http://example.com" | Excon.rb:32:1:32:11 | call to body |
+| Excon.rb:31:10:31:39 | call to post | Excon | Excon.rb:31:33:31:38 | "/foo" | Excon.rb:32:1:32:11 | call to body |
+| Excon.rb:35:9:35:34 | call to get | Excon | Excon.rb:34:37:34:56 | "http://example.com" | Excon.rb:36:1:36:10 | call to body |
+| Excon.rb:35:9:35:34 | call to get | Excon | Excon.rb:35:31:35:33 | "/" | Excon.rb:36:1:36:10 | call to body |
+| Excon.rb:38:10:38:39 | call to post | Excon | Excon.rb:34:37:34:56 | "http://example.com" | Excon.rb:39:1:39:11 | call to body |
+| Excon.rb:38:10:38:39 | call to post | Excon | Excon.rb:38:33:38:38 | "/foo" | Excon.rb:39:1:39:11 | call to body |
+| Faraday.rb:3:9:3:42 | call to get | Faraday | Faraday.rb:3:21:3:41 | "http://example.com/" | Faraday.rb:4:1:4:10 | call to body |
+| Faraday.rb:6:9:6:62 | call to post | Faraday | Faraday.rb:6:22:6:42 | "http://example.com/" | Faraday.rb:7:1:7:10 | call to body |
+| Faraday.rb:9:9:9:61 | call to put | Faraday | Faraday.rb:9:21:9:41 | "http://example.com/" | Faraday.rb:10:1:10:10 | call to body |
+| Faraday.rb:12:9:12:63 | call to patch | Faraday | Faraday.rb:12:23:12:43 | "http://example.com/" | Faraday.rb:13:1:13:10 | call to body |
+| Faraday.rb:15:9:15:45 | call to delete | Faraday | Faraday.rb:15:24:15:44 | "http://example.com/" | Faraday.rb:16:1:16:10 | call to body |
+| Faraday.rb:18:9:18:43 | call to head | Faraday | Faraday.rb:18:22:18:42 | "http://example.com/" | Faraday.rb:19:1:19:10 | call to body |
+| Faraday.rb:24:9:24:44 | call to trace | Faraday | Faraday.rb:24:23:24:43 | "http://example.com/" | Faraday.rb:25:1:25:10 | call to body |
+| Faraday.rb:28:9:28:27 | call to get | Faraday | Faraday.rb:27:26:27:45 | "http://example.com" | Faraday.rb:29:1:29:10 | call to body |
+| Faraday.rb:28:9:28:27 | call to get | Faraday | Faraday.rb:28:24:28:26 | "/" | Faraday.rb:29:1:29:10 | call to body |
+| Faraday.rb:31:10:31:46 | call to post | Faraday | Faraday.rb:27:26:27:45 | "http://example.com" | Faraday.rb:32:1:32:11 | call to body |
+| Faraday.rb:31:10:31:46 | call to post | Faraday | Faraday.rb:31:26:31:31 | "/foo" | Faraday.rb:32:1:32:11 | call to body |
+| HttpClient.rb:3:9:3:45 | call to get | HTTPClient | HttpClient.rb:3:24:3:44 | "http://example.com/" | HttpClient.rb:4:1:4:10 | call to body |
+| HttpClient.rb:6:9:6:65 | call to post | HTTPClient | HttpClient.rb:6:25:6:45 | "http://example.com/" | HttpClient.rb:7:1:7:13 | call to content |
+| HttpClient.rb:9:9:9:64 | call to put | HTTPClient | HttpClient.rb:9:24:9:44 | "http://example.com/" | HttpClient.rb:10:1:10:15 | call to http_body |
+| HttpClient.rb:12:9:12:48 | call to delete | HTTPClient | HttpClient.rb:12:27:12:47 | "http://example.com/" | HttpClient.rb:13:1:13:10 | call to dump |
+| HttpClient.rb:15:9:15:46 | call to head | HTTPClient | HttpClient.rb:15:25:15:45 | "http://example.com/" | HttpClient.rb:16:1:16:10 | call to body |
+| HttpClient.rb:18:9:18:49 | call to options | HTTPClient | HttpClient.rb:18:28:18:48 | "http://example.com/" | HttpClient.rb:19:1:19:13 | call to content |
+| HttpClient.rb:21:9:21:47 | call to trace | HTTPClient | HttpClient.rb:21:26:21:46 | "http://example.com/" | HttpClient.rb:22:1:22:15 | call to http_body |
+| HttpClient.rb:24:9:24:53 | call to get_content | HTTPClient | HttpClient.rb:24:32:24:52 | "http://example.com/" | HttpClient.rb:24:9:24:53 | call to get_content |
+| HttpClient.rb:26:10:26:74 | call to post_content | HTTPClient | HttpClient.rb:26:34:26:54 | "http://example.com/" | HttpClient.rb:26:10:26:74 | call to post_content |
+| Httparty.rb:5:1:5:35 | call to get | HTTParty | Httparty.rb:5:14:5:34 | "http://example.com/" | Httparty.rb:5:1:5:35 | call to get |
+| Httparty.rb:7:1:7:55 | call to post | HTTParty | Httparty.rb:7:15:7:35 | "http://example.com/" | Httparty.rb:7:1:7:55 | call to post |
+| Httparty.rb:9:1:9:54 | call to put | HTTParty | Httparty.rb:9:14:9:34 | "http://example.com/" | Httparty.rb:9:1:9:54 | call to put |
+| Httparty.rb:11:1:11:56 | call to patch | HTTParty | Httparty.rb:11:16:11:36 | "http://example.com/" | Httparty.rb:11:1:11:56 | call to patch |
+| Httparty.rb:15:9:15:46 | call to delete | HTTParty | Httparty.rb:15:25:15:45 | "http://example.com/" | Httparty.rb:16:1:16:10 | call to body |
+| Httparty.rb:18:9:18:44 | call to head | HTTParty | Httparty.rb:18:23:18:43 | "http://example.com/" | Httparty.rb:19:1:19:10 | call to body |
+| Httparty.rb:21:9:21:47 | call to options | HTTParty | Httparty.rb:21:26:21:46 | "http://example.com/" | Httparty.rb:22:1:22:10 | call to body |
+| NetHttp.rb:4:1:4:18 | call to get | Net::HTTP | NetHttp.rb:4:15:4:17 | uri | NetHttp.rb:4:1:4:18 | call to get |
+| NetHttp.rb:6:8:6:50 | call to post | Net::HTTP | NetHttp.rb:6:23:6:36 | call to parse | NetHttp.rb:7:1:7:9 | call to body |
+| NetHttp.rb:6:8:6:50 | call to post | Net::HTTP | NetHttp.rb:6:23:6:36 | call to parse | NetHttp.rb:8:1:8:14 | call to read_body |
+| NetHttp.rb:6:8:6:50 | call to post | Net::HTTP | NetHttp.rb:6:23:6:36 | call to parse | NetHttp.rb:9:1:9:11 | call to entity |
+| NetHttp.rb:13:6:13:17 | call to get | Net::HTTP | NetHttp.rb:13:14:13:16 | "/" | NetHttp.rb:18:1:18:7 | call to body |
+| NetHttp.rb:14:6:14:18 | call to post | Net::HTTP | NetHttp.rb:14:15:14:17 | "/" | NetHttp.rb:19:1:19:12 | call to read_body |
+| NetHttp.rb:15:6:15:17 | call to put | Net::HTTP | NetHttp.rb:15:14:15:16 | "/" | NetHttp.rb:20:1:20:9 | call to entity |
+| NetHttp.rb:24:3:24:33 | call to get | Net::HTTP | NetHttp.rb:24:29:24:32 | path | NetHttp.rb:27:1:27:28 | call to body |
+| OpenURI.rb:3:9:3:41 | call to open | OpenURI | OpenURI.rb:3:21:3:40 | "http://example.com" | OpenURI.rb:4:1:4:10 | call to read |
+| OpenURI.rb:6:9:6:34 | call to open | OpenURI | OpenURI.rb:6:14:6:33 | "http://example.com" | OpenURI.rb:7:1:7:15 | call to readlines |
+| OpenURI.rb:9:9:9:38 | call to open | OpenURI | OpenURI.rb:9:18:9:37 | "http://example.com" | OpenURI.rb:10:1:10:10 | call to read |
+| RestClient.rb:3:9:3:45 | call to get | RestClient | RestClient.rb:3:24:3:44 | "http://example.com/" | RestClient.rb:4:1:4:10 | call to body |
+| RestClient.rb:6:9:6:59 | call to post | RestClient | RestClient.rb:6:25:6:44 | "http://example.com" | RestClient.rb:7:1:7:10 | call to body |
+| RestClient.rb:9:9:9:58 | call to put | RestClient | RestClient.rb:9:24:9:43 | "http://example.com" | RestClient.rb:10:1:10:10 | call to body |
+| RestClient.rb:12:9:12:60 | call to patch | RestClient | RestClient.rb:12:26:12:45 | "http://example.com" | RestClient.rb:13:1:13:10 | call to body |
+| RestClient.rb:15:9:15:47 | call to delete | RestClient | RestClient.rb:15:27:15:46 | "http://example.com" | RestClient.rb:16:1:16:10 | call to body |
+| RestClient.rb:18:9:18:45 | call to head | RestClient | RestClient.rb:18:25:18:44 | "http://example.com" | RestClient.rb:19:1:19:10 | call to body |
+| RestClient.rb:21:9:21:48 | call to options | RestClient | RestClient.rb:21:28:21:47 | "http://example.com" | RestClient.rb:22:1:22:10 | call to body |
+| Typhoeus.rb:3:9:3:43 | call to get | Typhoeus | Typhoeus.rb:3:22:3:42 | "http://example.com/" | Typhoeus.rb:4:1:4:10 | call to body |
+| Typhoeus.rb:6:9:6:63 | call to post | Typhoeus | Typhoeus.rb:6:23:6:43 | "http://example.com/" | Typhoeus.rb:7:1:7:10 | call to body |
+| Typhoeus.rb:9:9:9:62 | call to put | Typhoeus | Typhoeus.rb:9:22:9:42 | "http://example.com/" | Typhoeus.rb:10:1:10:10 | call to body |
+| Typhoeus.rb:12:9:12:64 | call to patch | Typhoeus | Typhoeus.rb:12:24:12:44 | "http://example.com/" | Typhoeus.rb:13:1:13:10 | call to body |
+| Typhoeus.rb:15:9:15:46 | call to delete | Typhoeus | Typhoeus.rb:15:25:15:45 | "http://example.com/" | Typhoeus.rb:16:1:16:10 | call to body |
+| Typhoeus.rb:18:9:18:44 | call to head | Typhoeus | Typhoeus.rb:18:23:18:43 | "http://example.com/" | Typhoeus.rb:19:1:19:10 | call to body |
+| Typhoeus.rb:21:9:21:47 | call to options | Typhoeus | Typhoeus.rb:21:26:21:46 | "http://example.com/" | Typhoeus.rb:22:1:22:10 | call to body |

ruby/ql/test/library-tests/frameworks/http_clients/HttpClients.ql

@@ -0,0 +1,10 @@
+import codeql.ruby.Concepts
+import codeql.ruby.DataFlow
+
+query predicate httpRequests(
+  HTTP::Client::Request r, string framework, DataFlow::Node url, DataFlow::Node responseBody
+) {
+  r.getFramework() = framework and
+  r.getURL() = url and
+  r.getResponseBody() = responseBody
+}

ruby/ql/test/library-tests/frameworks/http_clients/Httparty.expected

@@ -1,7 +0,0 @@
-| Httparty.rb:5:1:5:35 | call to get | Httparty.rb:5:1:5:35 | call to get |
-| Httparty.rb:7:1:7:55 | call to post | Httparty.rb:7:1:7:55 | call to post |
-| Httparty.rb:9:1:9:54 | call to put | Httparty.rb:9:1:9:54 | call to put |
-| Httparty.rb:11:1:11:56 | call to patch | Httparty.rb:11:1:11:56 | call to patch |
-| Httparty.rb:15:9:15:46 | call to delete | Httparty.rb:16:1:16:10 | call to body |
-| Httparty.rb:18:9:18:44 | call to head | Httparty.rb:19:1:19:10 | call to body |
-| Httparty.rb:21:9:21:47 | call to options | Httparty.rb:22:1:22:10 | call to body |

ruby/ql/test/library-tests/frameworks/http_clients/Httparty.ql

@@ -1,4 +0,0 @@
-import codeql.ruby.frameworks.http_clients.Httparty
-import codeql.ruby.DataFlow
-
-query DataFlow::Node httpartyRequests(HttpartyRequest e) { result = e.getResponseBody() }

ruby/ql/test/library-tests/frameworks/http_clients/NetHttp.expected

@@ -1,8 +0,0 @@
-| NetHttp.rb:4:1:4:18 | call to get | NetHttp.rb:4:1:4:18 | call to get |
-| NetHttp.rb:6:8:6:50 | call to post | NetHttp.rb:7:1:7:9 | call to body |
-| NetHttp.rb:6:8:6:50 | call to post | NetHttp.rb:8:1:8:14 | call to read_body |
-| NetHttp.rb:6:8:6:50 | call to post | NetHttp.rb:9:1:9:11 | call to entity |
-| NetHttp.rb:13:6:13:17 | call to get | NetHttp.rb:18:1:18:7 | call to body |
-| NetHttp.rb:14:6:14:18 | call to post | NetHttp.rb:19:1:19:12 | call to read_body |
-| NetHttp.rb:15:6:15:17 | call to put | NetHttp.rb:20:1:20:9 | call to entity |
-| NetHttp.rb:24:3:24:33 | call to get | NetHttp.rb:27:1:27:28 | call to body |

ruby/ql/test/library-tests/frameworks/http_clients/NetHttp.ql

@@ -1,4 +0,0 @@
-import codeql.ruby.frameworks.http_clients.NetHttp
-import codeql.ruby.DataFlow
-
-query DataFlow::Node netHttpRequests(NetHttpRequest e) { result = e.getResponseBody() }

ruby/ql/test/library-tests/frameworks/http_clients/OpenURI.expected

@@ -1,6 +0,0 @@
-openUriRequests
-| OpenURI.rb:9:9:9:38 | call to open | OpenURI.rb:10:1:10:10 | call to read |
-| OpenURI.rb:12:9:12:45 | call to open | OpenURI.rb:13:1:13:10 | call to read |
-openUriKernelOpenRequests
-| OpenURI.rb:3:9:3:41 | call to open | OpenURI.rb:4:1:4:10 | call to read |
-| OpenURI.rb:6:9:6:34 | call to open | OpenURI.rb:7:1:7:15 | call to readlines |

ruby/ql/test/library-tests/frameworks/http_clients/OpenURI.ql

@@ -1,8 +0,0 @@
-import codeql.ruby.frameworks.http_clients.OpenURI
-import codeql.ruby.DataFlow
-
-query DataFlow::Node openUriRequests(OpenUriRequest e) { result = e.getResponseBody() }
-
-query DataFlow::Node openUriKernelOpenRequests(OpenUriKernelOpenRequest e) {
-  result = e.getResponseBody()
-}

ruby/ql/test/library-tests/frameworks/http_clients/RestClient.expected

@@ -1,8 +0,0 @@
-| RestClient.rb:3:9:3:45 | call to get | RestClient.rb:4:1:4:10 | call to body |
-| RestClient.rb:6:9:6:59 | call to post | RestClient.rb:7:1:7:10 | call to body |
-| RestClient.rb:9:9:9:58 | call to put | RestClient.rb:10:1:10:10 | call to body |
-| RestClient.rb:12:9:12:60 | call to patch | RestClient.rb:13:1:13:10 | call to body |
-| RestClient.rb:15:9:15:47 | call to delete | RestClient.rb:16:1:16:10 | call to body |
-| RestClient.rb:18:9:18:45 | call to head | RestClient.rb:19:1:19:10 | call to body |
-| RestClient.rb:21:9:21:48 | call to options | RestClient.rb:22:1:22:10 | call to body |
-| RestClient.rb:25:9:25:21 | call to get | RestClient.rb:26:1:26:10 | call to body |

ruby/ql/test/library-tests/frameworks/http_clients/RestClient.ql

@@ -1,6 +0,0 @@
-import codeql.ruby.frameworks.http_clients.RestClient
-import codeql.ruby.DataFlow
-
-query DataFlow::Node restClientHttpRequests(RestClientHttpRequest e) {
-  result = e.getResponseBody()
-}

ruby/ql/test/library-tests/frameworks/http_clients/Typhoeus.expected

@@ -1,7 +0,0 @@
-| Typhoeus.rb:3:9:3:43 | call to get | Typhoeus.rb:4:1:4:10 | call to body |
-| Typhoeus.rb:6:9:6:63 | call to post | Typhoeus.rb:7:1:7:10 | call to body |
-| Typhoeus.rb:9:9:9:62 | call to put | Typhoeus.rb:10:1:10:10 | call to body |
-| Typhoeus.rb:12:9:12:64 | call to patch | Typhoeus.rb:13:1:13:10 | call to body |
-| Typhoeus.rb:15:9:15:46 | call to delete | Typhoeus.rb:16:1:16:10 | call to body |
-| Typhoeus.rb:18:9:18:44 | call to head | Typhoeus.rb:19:1:19:10 | call to body |
-| Typhoeus.rb:21:9:21:47 | call to options | Typhoeus.rb:22:1:22:10 | call to body |

ruby/ql/test/library-tests/frameworks/http_clients/Typhoeus.ql

@@ -1,4 +0,0 @@
-import codeql.ruby.frameworks.http_clients.Typhoeus
-import codeql.ruby.DataFlow
-
-query DataFlow::Node typhoeusHttpRequests(TyphoeusHttpRequest e) { result = e.getResponseBody() }