Merge pull request #21051 from hvitved/shared/flow-summary-provenance-filtering

Shared: Provenance-based filtering of flow summaries
2026-02-11 20:51:06 +01:00 · 2026-01-26 17:24:34 +01:00
parent 2bd4ccee45 df09f02981
commit b974a84bef
142 changed files with 15884 additions and 21193 deletions
--- a/ruby/ql/docs/flow_summaries.md
+++ b/ruby/ql/docs/flow_summaries.md
@@ -19,7 +19,7 @@ to be tainted in the call to `system`.
 have no source code, so we include a flow summary for it:

 ```ql
-private class ChompSummary extends SimpleSummarizedCallable {
+private class ChompSummary extends SummarizedCallable::RangeSimple {
  ChompSummary() { this = "chomp" }

  override predicate propagatesFlow(string input, string output, boolean preservesValue) {
--- a/ruby/ql/lib/change-notes/2026-01-16-summarized-callable.md
+++ b/ruby/ql/lib/change-notes/2026-01-16-summarized-callable.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.
--- a/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll
@@ -15,65 +15,64 @@ private module Summaries {
  private import codeql.ruby.frameworks.data.ModelsAsData
 }

-deprecated class SummaryComponent = Impl::Private::SummaryComponent;
+class Provenance = Impl::Public::Provenance;

-deprecated module SummaryComponent = Impl::Private::SummaryComponent;
+/** Provides the `Range` class used to define the extent of `SummarizedCallable`. */
+module SummarizedCallable {
+  /** A callable with a flow summary, identified by a unique string. */
+  abstract class Range extends LibraryCallable, Impl::Public::SummarizedCallable {
+    bindingset[this]
+    Range() { any() }

-deprecated class SummaryComponentStack = Impl::Private::SummaryComponentStack;
+    override predicate propagatesFlow(
+      string input, string output, boolean preservesValue, Provenance p, boolean isExact,
+      string model
+    ) {
+      this.propagatesFlow(input, output, preservesValue) and
+      p = "manual" and
+      isExact = true and
+      model = ""
+    }

-deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack;
+    /**
+     * Holds if data may flow from `input` to `output` through this callable.
+     *
+     * `preservesValue` indicates whether this is a value-preserving step or a taint-step.
+     */
+    predicate propagatesFlow(string input, string output, boolean preservesValue) { none() }
+
+    /**
+     * Gets the synthesized parameter that results from an input specification
+     * that starts with `Argument[s]` for this library callable.
+     */
+    DataFlow::ParameterNode getParameter(string s) {
+      exists(ParameterPosition pos |
+        DataFlowImplCommon::parameterNode(result, TLibraryCallable(this), pos) and
+        s = Impl::Input::encodeParameterPosition(pos)
+      )
+    }
+  }
+
+  /**
+   * A callable with a flow summary, identified by a unique string, where all
+   * calls to a method with the same name are considered relevant.
+   */
+  abstract class RangeSimple extends Range {
+    MethodCall mc;
+
+    bindingset[this]
+    RangeSimple() { mc.getMethodName() = this }
+
+    final override MethodCall getACallSimple() { result = mc }
+  }
+}
+
+final private class SummarizedCallableFinal = SummarizedCallable::Range;

 /** A callable with a flow summary, identified by a unique string. */
-abstract class SummarizedCallable extends LibraryCallable, Impl::Public::SummarizedCallable {
-  bindingset[this]
-  SummarizedCallable() { any() }
-
-  /**
-   * DEPRECATED: Use `propagatesFlow` instead.
-   */
-  deprecated predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
-    this.propagatesFlow(input, output, preservesValue, _)
-  }
-
-  override predicate propagatesFlow(
-    string input, string output, boolean preservesValue, string model
-  ) {
-    this.propagatesFlow(input, output, preservesValue) and model = ""
-  }
-
-  /**
-   * Holds if data may flow from `input` to `output` through this callable.
-   *
-   * `preservesValue` indicates whether this is a value-preserving step or a taint-step.
-   */
-  predicate propagatesFlow(string input, string output, boolean preservesValue) { none() }
-
-  /**
-   * Gets the synthesized parameter that results from an input specification
-   * that starts with `Argument[s]` for this library callable.
-   */
-  DataFlow::ParameterNode getParameter(string s) {
-    exists(ParameterPosition pos |
-      DataFlowImplCommon::parameterNode(result, TLibraryCallable(this), pos) and
-      s = Impl::Input::encodeParameterPosition(pos)
-    )
-  }
-}
-
-/**
- * A callable with a flow summary, identified by a unique string, where all
- * calls to a method with the same name are considered relevant.
- */
-abstract class SimpleSummarizedCallable extends SummarizedCallable {
-  MethodCall mc;
-
-  bindingset[this]
-  SimpleSummarizedCallable() { mc.getMethodName() = this }
-
-  final override MethodCall getACallSimple() { result = mc }
-}
-
-deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack;
+final class SummarizedCallable extends SummarizedCallableFinal,
+  Impl::Public::RelevantSummarizedCallable
+{ }

 /**
 * Provides a set of special flow summaries to ensure that callbacks passed into
@@ -103,7 +102,7 @@ private module LibraryCallbackSummaries {
    )
  }

-  private class LibraryLambdaMethod extends SummarizedCallable {
+  private class LibraryLambdaMethod extends SummarizedCallable::Range {
    LibraryLambdaMethod() { this = "<library method accepting a callback>" }

    final override MethodCall getACall() {
@@ -114,7 +113,8 @@ private module LibraryCallbackSummaries {
    }

    override predicate propagatesFlow(
-      string input, string output, boolean preservesValue, string model
+      string input, string output, boolean preservesValue, Provenance p, boolean isExact,
+      string model
    ) {
      (
        input = "Argument[block]" and
@@ -127,6 +127,8 @@ private module LibraryCallbackSummaries {
        )
      ) and
      preservesValue = true and
+      p = "hq-generated" and
+      isExact = true and
      model = "heuristic-callback"
    }
  }
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
@@ -240,7 +240,9 @@ class NormalCall extends DataFlowCall, TNormalCall {
 module ViewComponentRenderModeling {
  private import codeql.ruby.frameworks.ViewComponent

-  private class RenderMethod extends SummarizedCallable, LibraryCallableToIncludeInTypeTracking {
+  private class RenderMethod extends SummarizedCallable::Range,
+    LibraryCallableToIncludeInTypeTracking
+  {
    RenderMethod() { this = "render view component" }

    override MethodCall getACallSimple() { result.getMethodName() = "render" }
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll
@@ -18,6 +18,8 @@ module Input implements InputSig<Location, DataFlowImplSpecific::RubyDataFlow> {

  class SinkBase = Void;

+  predicate callableFromSource(SummarizedCallableBase c) { none() }
+
  ArgumentPosition callbackSelfParameterPosition() { result.isLambdaSelf() }

  ReturnKind getStandardReturnValueKind() { result instanceof NormalReturnKind }
--- a/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
@@ -545,7 +545,7 @@ private module ParamsSummaries {
   * A flow summary for methods on `ActionController::Parameters` which
   * propagate taint from receiver to return value.
   */
-  private class MethodsReturningParamsInstanceSummary extends SummarizedCallable {
+  private class MethodsReturningParamsInstanceSummary extends SummarizedCallable::Range {
    MethodsReturningParamsInstanceSummary() { this = "ActionController::Parameters#<various>" }

    override MethodCall getACall() {
@@ -566,7 +566,7 @@ private module ParamsSummaries {
   * `#with_defaults`
   * Returns a new ActionController::Parameters with all keys from current hash merged into other_hash.
   */
-  private class MergeSummary extends SummarizedCallable {
+  private class MergeSummary extends SummarizedCallable::Range {
    MergeSummary() { this = "ActionController::Parameters#merge" }

    override MethodCall getACall() {
@@ -590,7 +590,7 @@ private module ParamsSummaries {
   * `#reverse_update`
   * Returns a new ActionController::Parameters with all keys from current hash merged into other_hash.
   */
-  private class MergeBangSummary extends SummarizedCallable {
+  private class MergeBangSummary extends SummarizedCallable::Range {
    MergeBangSummary() { this = "ActionController::Parameters#merge!" }

    override MethodCall getACall() {
@@ -609,7 +609,7 @@ private module ParamsSummaries {
  /** Flow summaries for `ActiveDispatch::Http::UploadedFile`, which can be an field of `ActionController::Parameters`. */
  module UploadedFileSummaries {
    /** Flow summary for various string attributes of `UploadedFile`, including `original_filename`, `content_type`, and `headers`. */
-    private class UploadedFileStringAttributeSummary extends SummarizedCallable {
+    private class UploadedFileStringAttributeSummary extends SummarizedCallable::Range {
      UploadedFileStringAttributeSummary() {
        this = "ActionDispatch::Http::UploadedFile#[original_filename,content_type,headers]"
      }
@@ -632,7 +632,7 @@ private module ParamsSummaries {
     * Flow summary for `ActiveDispatch::Http::UploadedFile#read`,
     * which propagates taint from the receiver to the return value or to the second (out string) argument
     */
-    private class UploadedFileReadSummary extends SummarizedCallable {
+    private class UploadedFileReadSummary extends SummarizedCallable::Range {
      UploadedFileReadSummary() { this = "ActionDispatch::Http::UploadedFile#read" }

      override MethodCall getACall() {
--- a/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
@@ -45,7 +45,7 @@ module ActiveSupport {
      /**
       * Flow summary for methods which transform the receiver in some way, possibly preserving taint.
       */
-      private class StringTransformSummary extends SummarizedCallable {
+      private class StringTransformSummary extends SummarizedCallable::Range {
        // We're modeling a lot of different methods, so we make up a name for this summary.
        StringTransformSummary() { this = "ActiveSupportStringTransform" }

@@ -72,7 +72,7 @@ module ActiveSupport {
     */
    module Object {
      /** Flow summary for methods which can return the receiver. */
-      private class IdentitySummary extends SimpleSummarizedCallable {
+      private class IdentitySummary extends SummarizedCallable::RangeSimple {
        IdentitySummary() { this = ["presence", "deep_dup"] }

        override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -106,7 +106,7 @@ module ActiveSupport {
      }

      /** Flow summary for `Object#to_json`, which serializes the receiver as a JSON string. */
-      private class ToJsonSummary extends SimpleSummarizedCallable {
+      private class ToJsonSummary extends SummarizedCallable::RangeSimple {
        ToJsonSummary() { this = "to_json" }

        override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -124,7 +124,7 @@ module ActiveSupport {
      /**
       * Flow summary for `reverse_merge`, and its alias `with_defaults`.
       */
-      private class ReverseMergeSummary extends SimpleSummarizedCallable {
+      private class ReverseMergeSummary extends SummarizedCallable::RangeSimple {
        ReverseMergeSummary() { this = ["reverse_merge", "with_defaults"] }

        override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -137,7 +137,7 @@ module ActiveSupport {
      /**
       * Flow summary for `reverse_merge!`, and its aliases `with_defaults!` and `reverse_update`.
       */
-      private class ReverseMergeBangSummary extends SimpleSummarizedCallable {
+      private class ReverseMergeBangSummary extends SummarizedCallable::RangeSimple {
        ReverseMergeBangSummary() { this = ["reverse_merge!", "with_defaults!", "reverse_update"] }

        override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -147,7 +147,7 @@ module ActiveSupport {
        }
      }

-      private class TransformSummary extends SimpleSummarizedCallable {
+      private class TransformSummary extends SummarizedCallable::RangeSimple {
        TransformSummary() {
          this =
            [
@@ -188,7 +188,7 @@ module ActiveSupport {
       * mentioned in the arguments to an element in `self`, including elements
       * at unknown keys.
       */
-      private class ExtractSummary extends SummarizedCallable {
+      private class ExtractSummary extends SummarizedCallable::Range {
        MethodCall mc;

        ExtractSummary() {
@@ -232,7 +232,7 @@ module ActiveSupport {
        ArrayIndex() { this = any(DataFlow::Content::KnownElementContent c).getIndex().getInt() }
      }

-      private class CompactBlankSummary extends SimpleSummarizedCallable {
+      private class CompactBlankSummary extends SummarizedCallable::RangeSimple {
        CompactBlankSummary() { this = "compact_blank" }

        override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -242,7 +242,7 @@ module ActiveSupport {
        }
      }

-      private class ExcludingSummary extends SimpleSummarizedCallable {
+      private class ExcludingSummary extends SummarizedCallable::RangeSimple {
        ExcludingSummary() { this = ["excluding", "without"] }

        override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -252,7 +252,7 @@ module ActiveSupport {
        }
      }

-      private class InOrderOfSummary extends SimpleSummarizedCallable {
+      private class InOrderOfSummary extends SummarizedCallable::RangeSimple {
        InOrderOfSummary() { this = "in_order_of" }

        override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -265,7 +265,7 @@ module ActiveSupport {
      /**
       * Like `Array#push` but doesn't update the receiver.
       */
-      private class IncludingSummary extends SimpleSummarizedCallable {
+      private class IncludingSummary extends SummarizedCallable::RangeSimple {
        IncludingSummary() { this = "including" }

        override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -287,7 +287,7 @@ module ActiveSupport {
        }
      }

-      private class IndexBySummary extends SimpleSummarizedCallable {
+      private class IndexBySummary extends SummarizedCallable::RangeSimple {
        IndexBySummary() { this = "index_by" }

        override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -297,7 +297,7 @@ module ActiveSupport {
        }
      }

-      private class IndexWithSummary extends SimpleSummarizedCallable {
+      private class IndexWithSummary extends SummarizedCallable::RangeSimple {
        IndexWithSummary() { this = "index_with" }

        override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -316,7 +316,7 @@ module ActiveSupport {
        result = DataFlow::Content::getKnownElementIndex(mc.getArgument(i)).serialize()
      }

-      private class PickSingleSummary extends SummarizedCallable {
+      private class PickSingleSummary extends SummarizedCallable::Range {
        private MethodCall mc;
        private string key;

@@ -336,7 +336,7 @@ module ActiveSupport {
        }
      }

-      private class PickMultipleSummary extends SummarizedCallable {
+      private class PickMultipleSummary extends SummarizedCallable::Range {
        private MethodCall mc;

        PickMultipleSummary() {
@@ -370,7 +370,7 @@ module ActiveSupport {
        }
      }

-      private class PluckSingleSummary extends SummarizedCallable {
+      private class PluckSingleSummary extends SummarizedCallable::Range {
        private MethodCall mc;
        private string key;

@@ -390,7 +390,7 @@ module ActiveSupport {
        }
      }

-      private class PluckMultipleSummary extends SummarizedCallable {
+      private class PluckMultipleSummary extends SummarizedCallable::Range {
        private MethodCall mc;

        PluckMultipleSummary() {
@@ -424,7 +424,7 @@ module ActiveSupport {
        }
      }

-      private class SoleSummary extends SimpleSummarizedCallable {
+      private class SoleSummary extends SummarizedCallable::RangeSimple {
        SoleSummary() { this = "sole" }

        override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -458,7 +458,7 @@ module ActiveSupport {
     * `ActiveSupport::ERB::Util`
     */
    module Util {
-      private class JsonEscapeSummary extends SimpleSummarizedCallable {
+      private class JsonEscapeSummary extends SummarizedCallable::RangeSimple {
        JsonEscapeSummary() { this = "json_escape" }

        override predicate propagatesFlow(string input, string output, boolean preservesValue) {
--- a/ruby/ql/lib/codeql/ruby/frameworks/Arel.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Arel.qll
@@ -18,7 +18,7 @@ module Arel {
   * Flow summary for `Arel.sql`. This method wraps a SQL string, marking it as
   * safe.
   */
-  private class SqlSummary extends SummarizedCallable {
+  private class SqlSummary extends SummarizedCallable::Range {
    SqlSummary() { this = "Arel.sql" }

    override MethodCall getACall() {
@@ -44,7 +44,7 @@ module Arel {
   * Flow summary for `Arel::Nodes::SqlLiteral.new`. This method wraps a SQL string, marking it as
   * safe.
   */
-  private class SqlLiteralNewSummary extends SummarizedCallable {
+  private class SqlLiteralNewSummary extends SummarizedCallable::Range {
    SqlLiteralNewSummary() { this = "Arel::Nodes::SqlLiteral.new" }

    override MethodCall getACall() {
--- a/ruby/ql/lib/codeql/ruby/frameworks/Core.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Core.qll
@@ -57,7 +57,7 @@ class SubshellHeredocExecution extends SystemCommandExecution::Range {
  override predicate isShellInterpreted(DataFlow::Node arg) { arg = this.getAnArgument() }
 }

-private class SplatSummary extends SummarizedCallable {
+private class SplatSummary extends SummarizedCallable::Range {
  SplatSummary() { this = "*(splat)" }

  override SplatExpr getACallSimple() { any() }
@@ -76,7 +76,7 @@ private class SplatSummary extends SummarizedCallable {
  }
 }

-private class HashSplatSummary extends SummarizedCallable {
+private class HashSplatSummary extends SummarizedCallable::Range {
  HashSplatSummary() { this = "**(hash-splat)" }

  override HashSplatExpr getACallSimple() { any() }
--- a/ruby/ql/lib/codeql/ruby/frameworks/Erb.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Erb.qll
@@ -13,7 +13,7 @@ module Erb {
  /**
   * Flow summary for `ERB.new`. This method wraps a template string, compiling it.
   */
-  private class TemplateSummary extends SummarizedCallable {
+  private class TemplateSummary extends SummarizedCallable::Range {
    TemplateSummary() { this = "ERB.new" }

    override MethodCall getACall() { result = any(ErbTemplateNewCall c).asExpr().getExpr() }
--- a/ruby/ql/lib/codeql/ruby/frameworks/Files.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Files.qll
@@ -103,7 +103,7 @@ module File {
   * A flow summary for several methods on the `File` class that propagate taint
   * from their first argument to the return value.
   */
-  class FilePathConversionSummary extends SummarizedCallable {
+  class FilePathConversionSummary extends SummarizedCallable::Range {
    string methodName;

    FilePathConversionSummary() {
@@ -126,7 +126,7 @@ module File {
   * A flow summary for `File.join`, which propagates taint from every argument to
   * its return value.
   */
-  class FileJoinSummary extends SummarizedCallable {
+  class FileJoinSummary extends SummarizedCallable::Range {
    FileJoinSummary() { this = "File.join" }

    override MethodCall getACall() {
--- a/ruby/ql/lib/codeql/ruby/frameworks/Ldap.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Ldap.qll
@@ -14,7 +14,7 @@ module NetLdap {
  /**
   * Flow summary for `Net::LDAP.new`. This method establishes a connection to a LDAP server.
   */
-  private class LdapConnSummary extends SummarizedCallable {
+  private class LdapConnSummary extends SummarizedCallable::Range {
    LdapConnSummary() { this = "Net::LDAP.new" }

    override MethodCall getACall() { result = any(NetLdapConnection l).asExpr().getExpr() }
@@ -27,7 +27,7 @@ module NetLdap {
  /**
   * Flow summary for `Net::LDAP.Filter`.
   */
-  private class LdapFilterSummary extends SummarizedCallable {
+  private class LdapFilterSummary extends SummarizedCallable::Range {
    LdapFilterSummary() { this = "Net::LDAP::Filter" }

    override MethodCall getACall() { result = any(NetLdapFilter l).asExpr().getExpr() }
--- a/ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll
@@ -13,7 +13,7 @@ module Mysql2 {
  /**
   * Flow summary for `Mysql2::Client.new()`.
   */
-  private class SqlSummary extends SummarizedCallable {
+  private class SqlSummary extends SummarizedCallable::Range {
    SqlSummary() { this = "Mysql2::Client.new()" }

    override MethodCall getACall() { result = any(Mysql2Connection c).asExpr().getExpr() }
@@ -61,7 +61,7 @@ module Mysql2 {
  /**
   * Flow summary for `Mysql2::Client.escape()`.
   */
-  private class EscapeSummary extends SummarizedCallable {
+  private class EscapeSummary extends SummarizedCallable::Range {
    EscapeSummary() { this = "Mysql2::Client.escape()" }

    override MethodCall getACall() { result = any(Mysql2EscapeSanitization c).asExpr().getExpr() }
--- a/ruby/ql/lib/codeql/ruby/frameworks/Pg.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Pg.qll
@@ -13,7 +13,7 @@ module Pg {
  /**
   * Flow summary for `PG.new()`. This method initializes a database connection.
   */
-  private class SqlSummary extends SummarizedCallable {
+  private class SqlSummary extends SummarizedCallable::Range {
    SqlSummary() { this = "PG.new()" }

    override MethodCall getACall() { result = any(PgConnection c).asExpr().getExpr() }
--- a/ruby/ql/lib/codeql/ruby/frameworks/Rails.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Rails.qll
@@ -330,7 +330,7 @@ private class LocalAssignsHashSyntheticGlobal extends string {
 }

 /** A summary for `render` calls linked to some specific ERB file. */
-private class RenderLocalsSummary extends SummarizedCallable {
+private class RenderLocalsSummary extends SummarizedCallable::Range {
  private LocalAssignsHashSyntheticGlobal glob;

  RenderLocalsSummary() { this = "rails_render_locals()" + glob.getId() }
@@ -345,7 +345,7 @@ private class RenderLocalsSummary extends SummarizedCallable {
 }

 /** A summary for calls to `local_assigns` in a view to access a `render` call `locals` hash. */
-private class AccessLocalsSummary extends SummarizedCallable {
+private class AccessLocalsSummary extends SummarizedCallable::Range {
  private LocalAssignsHashSyntheticGlobal glob;

  AccessLocalsSummary() { this = "rails_local_assigns()" + glob.getId() }
@@ -366,7 +366,7 @@ private string getAMethodNameFromErbFile(ErbFile f) {
  result = any(MethodCall c | c.getLocation().getFile() = f).getMethodName()
 }

-private class AccessLocalsKeySummary extends SummarizedCallable {
+private class AccessLocalsKeySummary extends SummarizedCallable::Range {
  private LocalAssignsHashSyntheticGlobal glob;
  private string methodName;

--- a/ruby/ql/lib/codeql/ruby/frameworks/Sequel.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Sequel.qll
@@ -14,7 +14,7 @@ private import codeql.ruby.Concepts
 */
 module Sequel {
  /** Flow Summary for `Sequel`. */
-  private class SqlSummary extends SummarizedCallable {
+  private class SqlSummary extends SummarizedCallable::Range {
    SqlSummary() { this = "Sequel.connect" }

    override MethodCall getACall() { result = any(SequelConnection c).asExpr().getExpr() }
--- a/ruby/ql/lib/codeql/ruby/frameworks/Sinatra.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Sinatra.qll
@@ -167,7 +167,7 @@ module Sinatra {
   * from the `locals` keyword argument to variables in the ERB template. The
   * second half is modeled by `ErbLocalsAccessSummary`.
   */
-  private class ErbLocalsSummary extends SummarizedCallable {
+  private class ErbLocalsSummary extends SummarizedCallable::Range {
    ErbLocalsSummary() { this = "Sinatra::Base#erb" }

    override MethodCall getACall() { result = any(ErbCall c).asExpr().getExpr() }
@@ -191,7 +191,7 @@ module Sinatra {
   * keyword argument to variables in the ERB template.
   * The first half is modeled by `ErbLocalsSummary`.
   */
-  private class ErbLocalsAccessSummary extends SummarizedCallable {
+  private class ErbLocalsAccessSummary extends SummarizedCallable::Range {
    private ErbLocalsHashSyntheticGlobal global;
    private string local;

--- a/ruby/ql/lib/codeql/ruby/frameworks/Sqlite3.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Sqlite3.qll
@@ -89,7 +89,7 @@ module Sqlite3 {
  /**
   * Flow summary for `SQLite3::Database.quote()`.
   */
-  private class QuoteSummary extends SummarizedCallable {
+  private class QuoteSummary extends SummarizedCallable::Range {
    QuoteSummary() { this = "SQLite3::Database.quote()" }

    override MethodCall getACall() { result = any(SQLite3QuoteSanitization c).asExpr().getExpr() }
--- a/ruby/ql/lib/codeql/ruby/frameworks/Translation.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Translation.qll
@@ -35,7 +35,7 @@ private MethodCall getControllerHelperTranslateCall() {
 }

 /** Flow summary for translation methods. */
-private class TranslateSummary extends SummarizedCallable {
+private class TranslateSummary extends SummarizedCallable::Range {
  TranslateSummary() { this = "I18n.translate" }

  override MethodCall getACall() {
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll
@@ -41,7 +41,7 @@ module Array {
    not e instanceof RangeLiteral
  }

-  private class ArrayLiteralSummary extends SummarizedCallable {
+  private class ArrayLiteralSummary extends SummarizedCallable::Range {
    ArrayLiteralSummary() { this = "Array.[]" }

    override MethodCall getACallSimple() { result = getAStaticArrayCall("[]") }
@@ -55,7 +55,7 @@ module Array {
    }
  }

-  private class NewSummary extends SummarizedCallable {
+  private class NewSummary extends SummarizedCallable::Range {
    NewSummary() { this = "Array.new" }

    override MethodCall getACallSimple() { result = getAStaticArrayCall("new") }
@@ -75,7 +75,7 @@ module Array {
    }
  }

-  private class TryConvertSummary extends SummarizedCallable {
+  private class TryConvertSummary extends SummarizedCallable::Range {
    TryConvertSummary() { this = "Array.try_convert" }

    override MethodCall getACallSimple() { result = getAStaticArrayCall("try_convert") }
@@ -87,7 +87,7 @@ module Array {
    }
  }

-  private class SetIntersectionSummary extends SummarizedCallable {
+  private class SetIntersectionSummary extends SummarizedCallable::Range {
    SetIntersectionSummary() { this = "&" }

    override BitwiseAndExpr getACallSimple() { any() }
@@ -99,7 +99,7 @@ module Array {
    }
  }

-  private class SetUnionSummary extends SummarizedCallable {
+  private class SetUnionSummary extends SummarizedCallable::Range {
    SetUnionSummary() { this = "|" }

    override BitwiseOrExpr getACallSimple() { any() }
@@ -111,7 +111,7 @@ module Array {
    }
  }

-  private class RepetitionSummary extends SummarizedCallable {
+  private class RepetitionSummary extends SummarizedCallable::Range {
    RepetitionSummary() { this = "*" }

    override MulExpr getACallSimple() { any() }
@@ -123,7 +123,7 @@ module Array {
    }
  }

-  private class ConcatenationSummary extends SummarizedCallable {
+  private class ConcatenationSummary extends SummarizedCallable::Range {
    ConcatenationSummary() { this = "+" }

    override AddExpr getACallSimple() { any() }
@@ -140,7 +140,7 @@ module Array {
    }
  }

-  abstract private class DifferenceSummaryShared extends SummarizedCallable {
+  abstract private class DifferenceSummaryShared extends SummarizedCallable::Range {
    bindingset[this]
    DifferenceSummaryShared() { any() }

@@ -158,7 +158,7 @@ module Array {
  }

  /** Flow summary for `Array#<<`. For `Array#append`, see `PushSummary`. */
-  private class AppendOperatorSummary extends SummarizedCallable {
+  private class AppendOperatorSummary extends SummarizedCallable::Range {
    AppendOperatorSummary() { this = "<<" }

    override LShiftExpr getACallSimple() { any() }
@@ -180,7 +180,7 @@ module Array {
  }

  /** A call to `[]`, or its alias, `slice`. */
-  abstract private class ElementReferenceReadSummary extends SummarizedCallable {
+  abstract private class ElementReferenceReadSummary extends SummarizedCallable::Range {
    MethodCall mc;
    ElementReferenceReadMethodName methodName; // adding this as a field helps give a better join order

@@ -306,7 +306,7 @@ module Array {
  }

  /** A call to `[]=`. */
-  abstract private class ElementReferenceStoreSummary extends SummarizedCallable {
+  abstract private class ElementReferenceStoreSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -381,7 +381,7 @@ module Array {
    }
  }

-  private class AssocSummary extends SimpleSummarizedCallable {
+  private class AssocSummary extends SummarizedCallable::RangeSimple {
    AssocSummary() { this = ["assoc", "rassoc"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -391,7 +391,7 @@ module Array {
    }
  }

-  abstract private class AtSummary extends SummarizedCallable {
+  abstract private class AtSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -430,7 +430,7 @@ module Array {
    }
  }

-  private class BSearchSummary extends SimpleSummarizedCallable {
+  private class BSearchSummary extends SummarizedCallable::RangeSimple {
    BSearchSummary() { this = "bsearch" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -440,7 +440,7 @@ module Array {
    }
  }

-  private class BSearchIndexSummary extends SimpleSummarizedCallable {
+  private class BSearchIndexSummary extends SummarizedCallable::RangeSimple {
    BSearchIndexSummary() { this = "bsearch_index" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -450,7 +450,7 @@ module Array {
    }
  }

-  private class ClearSummary extends SimpleSummarizedCallable {
+  private class ClearSummary extends SummarizedCallable::RangeSimple {
    ClearSummary() { this = "clear" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -460,7 +460,7 @@ module Array {
    }
  }

-  private class CollectBangSummary extends SimpleSummarizedCallable {
+  private class CollectBangSummary extends SummarizedCallable::RangeSimple {
    // `map!` is an alias of `collect!`.
    CollectBangSummary() { this = ["collect!", "map!"] }

@@ -475,7 +475,7 @@ module Array {
    }
  }

-  private class CombinationSummary extends SimpleSummarizedCallable {
+  private class CombinationSummary extends SummarizedCallable::RangeSimple {
    CombinationSummary() { this = "combination" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -489,7 +489,7 @@ module Array {
    }
  }

-  private class CompactBangSummary extends SimpleSummarizedCallable {
+  private class CompactBangSummary extends SummarizedCallable::RangeSimple {
    CompactBangSummary() { this = "compact!" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -499,7 +499,7 @@ module Array {
    }
  }

-  private class ConcatSummary extends SimpleSummarizedCallable {
+  private class ConcatSummary extends SummarizedCallable::RangeSimple {
    ConcatSummary() { this = "concat" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -509,7 +509,7 @@ module Array {
    }
  }

-  private class DeconstructSummary extends SimpleSummarizedCallable {
+  private class DeconstructSummary extends SummarizedCallable::RangeSimple {
    DeconstructSummary() { this = "deconstruct" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -522,7 +522,7 @@ module Array {
    }
  }

-  abstract private class DeleteSummary extends SummarizedCallable {
+  abstract private class DeleteSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -604,7 +604,7 @@ module Array {
    }
  }

-  abstract private class DeleteAtSummary extends SummarizedCallable {
+  abstract private class DeleteAtSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -667,7 +667,7 @@ module Array {
    }
  }

-  private class DeleteIfSummary extends SummarizedCallable {
+  private class DeleteIfSummary extends SummarizedCallable::Range {
    MethodCall mc;
    int lastBlockParam;

@@ -691,7 +691,7 @@ module Array {
    }
  }

-  private class DifferenceSummary extends DifferenceSummaryShared, SimpleSummarizedCallable {
+  private class DifferenceSummary extends DifferenceSummaryShared, SummarizedCallable::RangeSimple {
    DifferenceSummary() { this = "difference" }
  }

@@ -728,7 +728,7 @@ module Array {
      )
  }

-  private class DigSummary extends SummarizedCallable {
+  private class DigSummary extends SummarizedCallable::Range {
    private RelevantDigMethodCall dig;

    DigSummary() {
@@ -750,7 +750,7 @@ module Array {
    }
  }

-  private class EachSummary extends SummarizedCallable {
+  private class EachSummary extends SummarizedCallable::Range {
    MethodCall mc;
    int lastBlockParam;

@@ -776,7 +776,7 @@ module Array {
    }
  }

-  private class EachIndexSummary extends SimpleSummarizedCallable {
+  private class EachIndexSummary extends SummarizedCallable::RangeSimple {
    EachIndexSummary() { this = ["each_index", "each_key"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -786,7 +786,7 @@ module Array {
    }
  }

-  abstract private class FetchSummary extends SummarizedCallable {
+  abstract private class FetchSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -839,7 +839,7 @@ module Array {
    }
  }

-  abstract private class FillSummary extends SummarizedCallable {
+  abstract private class FillSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -882,7 +882,7 @@ module Array {
   * Note that we model flow from elements up to 3 levels of nesting
   * (`[[[1],[2]]]`), but not beyond that.
   */
-  private class FlattenSummary extends SimpleSummarizedCallable {
+  private class FlattenSummary extends SummarizedCallable::RangeSimple {
    FlattenSummary() { this = "flatten" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -898,7 +898,7 @@ module Array {
    }
  }

-  private class FlattenBangSummary extends SimpleSummarizedCallable {
+  private class FlattenBangSummary extends SummarizedCallable::RangeSimple {
    FlattenBangSummary() { this = "flatten!" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -917,7 +917,7 @@ module Array {
    }
  }

-  private class IndexSummary extends SimpleSummarizedCallable {
+  private class IndexSummary extends SummarizedCallable::RangeSimple {
    IndexSummary() { this = ["index", "rindex"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -927,7 +927,7 @@ module Array {
    }
  }

-  abstract private class InsertSummary extends SummarizedCallable {
+  abstract private class InsertSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -995,7 +995,7 @@ module Array {
    }
  }

-  private class IntersectionSummary extends SummarizedCallable {
+  private class IntersectionSummary extends SummarizedCallable::Range {
    MethodCall mc;

    IntersectionSummary() { this = "intersection" and mc.getMethodName() = this }
@@ -1015,7 +1015,7 @@ module Array {
    override MethodCall getACallSimple() { result = mc }
  }

-  private class KeepIfSummary extends SummarizedCallable {
+  private class KeepIfSummary extends SummarizedCallable::Range {
    MethodCall mc;
    int lastBlockParam;

@@ -1042,7 +1042,7 @@ module Array {
    }
  }

-  abstract private class LastSummary extends SummarizedCallable {
+  abstract private class LastSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -1071,7 +1071,7 @@ module Array {
    }
  }

-  private class PackSummary extends SimpleSummarizedCallable {
+  private class PackSummary extends SummarizedCallable::RangeSimple {
    PackSummary() { this = "pack" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1081,7 +1081,7 @@ module Array {
    }
  }

-  private class PermutationSummary extends SimpleSummarizedCallable {
+  private class PermutationSummary extends SummarizedCallable::RangeSimple {
    PermutationSummary() { this = ["permutation", "repeated_combination", "repeated_permutation"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1096,7 +1096,7 @@ module Array {
    }
  }

-  abstract private class PopSummary extends SummarizedCallable {
+  abstract private class PopSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -1131,7 +1131,7 @@ module Array {
    }
  }

-  private class PrependSummary extends SummarizedCallable {
+  private class PrependSummary extends SummarizedCallable::Range {
    private MethodCall mc;

    // `unshift` is an alias for `prepend`
@@ -1169,7 +1169,7 @@ module Array {
    }
  }

-  private class ProductSummary extends SimpleSummarizedCallable {
+  private class ProductSummary extends SummarizedCallable::RangeSimple {
    ProductSummary() { this = "product" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1185,7 +1185,7 @@ module Array {
    }
  }

-  private class JoinSummary extends SimpleSummarizedCallable {
+  private class JoinSummary extends SummarizedCallable::RangeSimple {
    JoinSummary() { this = ["join"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1195,7 +1195,7 @@ module Array {
    }
  }

-  private class PushSummary extends SimpleSummarizedCallable {
+  private class PushSummary extends SummarizedCallable::RangeSimple {
    // `append` is an alias for `push`
    PushSummary() { this = ["push", "append"] }

@@ -1213,7 +1213,7 @@ module Array {
    }
  }

-  private class RejectBangSummary extends SummarizedCallable {
+  private class RejectBangSummary extends SummarizedCallable::Range {
    MethodCall mc;
    int lastBlockParam;

@@ -1237,7 +1237,7 @@ module Array {
    }
  }

-  private class ReplaceSummary extends SimpleSummarizedCallable {
+  private class ReplaceSummary extends SummarizedCallable::RangeSimple {
    ReplaceSummary() { this = "replace" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1251,7 +1251,7 @@ module Array {
    }
  }

-  private class ReverseSummary extends SimpleSummarizedCallable {
+  private class ReverseSummary extends SummarizedCallable::RangeSimple {
    ReverseSummary() { this = "reverse" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1261,7 +1261,7 @@ module Array {
    }
  }

-  private class ReverseBangSummary extends SimpleSummarizedCallable {
+  private class ReverseBangSummary extends SummarizedCallable::RangeSimple {
    ReverseBangSummary() { this = "reverse!" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1271,7 +1271,7 @@ module Array {
    }
  }

-  abstract private class RotateSummary extends SummarizedCallable {
+  abstract private class RotateSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -1322,7 +1322,7 @@ module Array {
    }
  }

-  abstract private class RotateBangSummary extends SummarizedCallable {
+  abstract private class RotateBangSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -1382,7 +1382,7 @@ module Array {
    }
  }

-  private class SelectBangSummary extends SummarizedCallable {
+  private class SelectBangSummary extends SummarizedCallable::Range {
    MethodCall mc;
    int lastBlockParam;

@@ -1414,7 +1414,7 @@ module Array {
    }
  }

-  abstract private class ShiftSummary extends SummarizedCallable {
+  abstract private class ShiftSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -1502,7 +1502,7 @@ module Array {
    }
  }

-  private class ShuffleSummary extends SimpleSummarizedCallable {
+  private class ShuffleSummary extends SummarizedCallable::RangeSimple {
    ShuffleSummary() { this = "shuffle" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1512,7 +1512,7 @@ module Array {
    }
  }

-  private class ShuffleBangSummary extends SimpleSummarizedCallable {
+  private class ShuffleBangSummary extends SummarizedCallable::RangeSimple {
    ShuffleBangSummary() { this = "shuffle!" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1522,7 +1522,7 @@ module Array {
    }
  }

-  abstract private class SliceBangSummary extends SummarizedCallable {
+  abstract private class SliceBangSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -1684,7 +1684,7 @@ module Array {
    }
  }

-  private class SortBangSummary extends SimpleSummarizedCallable {
+  private class SortBangSummary extends SummarizedCallable::RangeSimple {
    SortBangSummary() { this = "sort!" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1702,7 +1702,7 @@ module Array {
    }
  }

-  private class SortByBangSummary extends SimpleSummarizedCallable {
+  private class SortByBangSummary extends SummarizedCallable::RangeSimple {
    SortByBangSummary() { this = "sort_by!" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1717,7 +1717,7 @@ module Array {
    }
  }

-  private class TransposeSummary extends SimpleSummarizedCallable {
+  private class TransposeSummary extends SummarizedCallable::RangeSimple {
    TransposeSummary() { this = "transpose" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1742,7 +1742,7 @@ module Array {
    }
  }

-  private class UniqBangSummary extends SimpleSummarizedCallable {
+  private class UniqBangSummary extends SummarizedCallable::RangeSimple {
    UniqBangSummary() { this = "uniq!" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1757,7 +1757,7 @@ module Array {
    }
  }

-  private class UnionSummary extends SimpleSummarizedCallable {
+  private class UnionSummary extends SummarizedCallable::RangeSimple {
    UnionSummary() { this = "union" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1773,7 +1773,7 @@ module Array {
    }
  }

-  abstract private class ValuesAtSummary extends SummarizedCallable {
+  abstract private class ValuesAtSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -1829,7 +1829,7 @@ module Array {
 * https://docs.ruby-lang.org/en/3.1/Enumerable.html
 */
 module Enumerable {
-  private class ChunkSummary extends SimpleSummarizedCallable {
+  private class ChunkSummary extends SummarizedCallable::RangeSimple {
    ChunkSummary() { this = "chunk" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1839,7 +1839,7 @@ module Enumerable {
    }
  }

-  private class ChunkWhileSummary extends SimpleSummarizedCallable {
+  private class ChunkWhileSummary extends SummarizedCallable::RangeSimple {
    ChunkWhileSummary() { this = "chunk_while" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1849,7 +1849,7 @@ module Enumerable {
    }
  }

-  private class CollectSummary extends SimpleSummarizedCallable {
+  private class CollectSummary extends SummarizedCallable::RangeSimple {
    // `map` is an alias of `collect`.
    CollectSummary() { this = ["collect", "map"] }

@@ -1865,7 +1865,7 @@ module Enumerable {
    }
  }

-  private class CollectConcatSummary extends SimpleSummarizedCallable {
+  private class CollectConcatSummary extends SummarizedCallable::RangeSimple {
    // `flat_map` is an alias of `collect_concat`.
    CollectConcatSummary() { this = ["collect_concat", "flat_map"] }

@@ -1880,7 +1880,7 @@ module Enumerable {
    }
  }

-  private class CompactSummary extends SimpleSummarizedCallable {
+  private class CompactSummary extends SummarizedCallable::RangeSimple {
    CompactSummary() { this = "compact" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1897,7 +1897,7 @@ module Enumerable {
    }
  }

-  private class CountSummary extends SimpleSummarizedCallable {
+  private class CountSummary extends SummarizedCallable::RangeSimple {
    CountSummary() { this = "count" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1907,7 +1907,7 @@ module Enumerable {
    }
  }

-  private class CycleSummary extends SimpleSummarizedCallable {
+  private class CycleSummary extends SummarizedCallable::RangeSimple {
    CycleSummary() { this = "cycle" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1917,7 +1917,7 @@ module Enumerable {
    }
  }

-  private class DetectSummary extends SimpleSummarizedCallable {
+  private class DetectSummary extends SummarizedCallable::RangeSimple {
    // `find` is an alias of `detect`.
    DetectSummary() { this = ["detect", "find"] }

@@ -1933,7 +1933,7 @@ module Enumerable {
    }
  }

-  abstract private class DropSummary extends SummarizedCallable {
+  abstract private class DropSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -1978,7 +1978,7 @@ module Enumerable {
    }
  }

-  private class DropWhileSummary extends SimpleSummarizedCallable {
+  private class DropWhileSummary extends SummarizedCallable::RangeSimple {
    DropWhileSummary() { this = "drop_while" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1988,7 +1988,7 @@ module Enumerable {
    }
  }

-  private class EachConsSummary extends SimpleSummarizedCallable {
+  private class EachConsSummary extends SummarizedCallable::RangeSimple {
    EachConsSummary() { this = "each_cons" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -1998,7 +1998,7 @@ module Enumerable {
    }
  }

-  private class EachEntrySummary extends SimpleSummarizedCallable {
+  private class EachEntrySummary extends SummarizedCallable::RangeSimple {
    EachEntrySummary() { this = "each_entry" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2013,7 +2013,7 @@ module Enumerable {
    }
  }

-  private class EachSliceSummary extends SimpleSummarizedCallable {
+  private class EachSliceSummary extends SummarizedCallable::RangeSimple {
    EachSliceSummary() { this = "each_slice" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2028,7 +2028,7 @@ module Enumerable {
    }
  }

-  private class EachWithIndexSummary extends SimpleSummarizedCallable {
+  private class EachWithIndexSummary extends SummarizedCallable::RangeSimple {
    EachWithIndexSummary() { this = "each_with_index" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2043,7 +2043,7 @@ module Enumerable {
    }
  }

-  private class EachWithObjectSummary extends SimpleSummarizedCallable {
+  private class EachWithObjectSummary extends SummarizedCallable::RangeSimple {
    EachWithObjectSummary() { this = "each_with_object" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2058,7 +2058,7 @@ module Enumerable {
    }
  }

-  private class FilterMapSummary extends SimpleSummarizedCallable {
+  private class FilterMapSummary extends SummarizedCallable::RangeSimple {
    FilterMapSummary() { this = "filter_map" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2072,7 +2072,7 @@ module Enumerable {
    }
  }

-  private class FindIndexSummary extends SimpleSummarizedCallable {
+  private class FindIndexSummary extends SummarizedCallable::RangeSimple {
    FindIndexSummary() { this = "find_index" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2082,7 +2082,7 @@ module Enumerable {
    }
  }

-  abstract private class FirstSummary extends SummarizedCallable {
+  abstract private class FirstSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -2141,7 +2141,7 @@ module Enumerable {
    GrepMethodName() { this = ["grep", "grep_v"] }
  }

-  abstract private class GrepSummary extends SummarizedCallable {
+  abstract private class GrepSummary extends SummarizedCallable::Range {
    MethodCall mc;
    GrepMethodName methodName; // adding this as a field helps give a better join order

@@ -2176,7 +2176,7 @@ module Enumerable {
    }
  }

-  private class GroupBySummary extends SimpleSummarizedCallable {
+  private class GroupBySummary extends SummarizedCallable::RangeSimple {
    GroupBySummary() { this = "group_by" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2192,7 +2192,7 @@ module Enumerable {
    InjectMethodName() { this = ["inject", "reduce"] }
  }

-  abstract private class InjectSummary extends SummarizedCallable {
+  abstract private class InjectSummary extends SummarizedCallable::Range {
    MethodCall mc;
    InjectMethodName methodName; // adding this as a field helps give a better join order

@@ -2245,7 +2245,7 @@ module Enumerable {
    MinOrMaxByMethodName() { this = ["min_by", "max_by"] }
  }

-  abstract private class MinOrMaxBySummary extends SummarizedCallable {
+  abstract private class MinOrMaxBySummary extends SummarizedCallable::Range {
    MethodCall mc;
    MinOrMaxByMethodName methodName; // adding this as a field helps give a better join order

@@ -2285,7 +2285,7 @@ module Enumerable {
    MinOrMaxMethodName() { this = ["min", "max"] }
  }

-  abstract private class MinOrMaxSummary extends SummarizedCallable {
+  abstract private class MinOrMaxSummary extends SummarizedCallable::Range {
    MethodCall mc;
    MinOrMaxMethodName methodName; // adding this as a field helps give a better join order

@@ -2352,7 +2352,7 @@ module Enumerable {
    }
  }

-  abstract private class MinmaxSummary extends SummarizedCallable {
+  abstract private class MinmaxSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -2388,7 +2388,7 @@ module Enumerable {
    }
  }

-  private class MinmaxBySummary extends SimpleSummarizedCallable {
+  private class MinmaxBySummary extends SummarizedCallable::RangeSimple {
    MinmaxBySummary() { this = "minmax_by" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2398,7 +2398,7 @@ module Enumerable {
    }
  }

-  private class PartitionSummary extends SimpleSummarizedCallable {
+  private class PartitionSummary extends SummarizedCallable::RangeSimple {
    PartitionSummary() { this = "partition" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2408,7 +2408,7 @@ module Enumerable {
    }
  }

-  private class QuerySummary extends SummarizedCallable {
+  private class QuerySummary extends SummarizedCallable::Range {
    MethodCall mc;
    int lastBlockParam;

@@ -2428,7 +2428,7 @@ module Enumerable {
    }
  }

-  private class RejectSummary extends SummarizedCallable {
+  private class RejectSummary extends SummarizedCallable::Range {
    MethodCall mc;
    int lastBlockParam;

@@ -2452,7 +2452,7 @@ module Enumerable {
    }
  }

-  private class SelectSummary extends SummarizedCallable {
+  private class SelectSummary extends SummarizedCallable::Range {
    MethodCall mc;
    int lastBlockParam;

@@ -2481,7 +2481,7 @@ module Enumerable {
    }
  }

-  private class SliceBeforeAfterSummary extends SimpleSummarizedCallable {
+  private class SliceBeforeAfterSummary extends SummarizedCallable::RangeSimple {
    SliceBeforeAfterSummary() { this = ["slice_before", "slice_after"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2491,7 +2491,7 @@ module Enumerable {
    }
  }

-  private class SliceWhenSummary extends SimpleSummarizedCallable {
+  private class SliceWhenSummary extends SummarizedCallable::RangeSimple {
    SliceWhenSummary() { this = "slice_when" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2501,7 +2501,7 @@ module Enumerable {
    }
  }

-  private class SortSummary extends SimpleSummarizedCallable {
+  private class SortSummary extends SummarizedCallable::RangeSimple {
    SortSummary() { this = "sort" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2512,7 +2512,7 @@ module Enumerable {
    }
  }

-  private class SortBySummary extends SimpleSummarizedCallable {
+  private class SortBySummary extends SummarizedCallable::RangeSimple {
    SortBySummary() { this = "sort_by" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2522,7 +2522,7 @@ module Enumerable {
    }
  }

-  private class SumSummary extends SimpleSummarizedCallable {
+  private class SumSummary extends SummarizedCallable::RangeSimple {
    SumSummary() { this = "sum" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2532,7 +2532,7 @@ module Enumerable {
    }
  }

-  abstract private class TakeSummary extends SummarizedCallable {
+  abstract private class TakeSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -2579,7 +2579,7 @@ module Enumerable {
    }
  }

-  private class TakeWhileSummary extends SimpleSummarizedCallable {
+  private class TakeWhileSummary extends SummarizedCallable::RangeSimple {
    TakeWhileSummary() { this = "take_while" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2596,7 +2596,7 @@ module Enumerable {
    }
  }

-  private class ToASummary extends SimpleSummarizedCallable {
+  private class ToASummary extends SummarizedCallable::RangeSimple {
    // `entries` is an alias of `to_a`.
    // `to_ary` works a bit like `to_a` (close enough for our purposes).
    ToASummary() { this = ["to_a", "entries", "to_ary"] }
@@ -2608,7 +2608,7 @@ module Enumerable {
    }
  }

-  private class UniqSummary extends SimpleSummarizedCallable {
+  private class UniqSummary extends SummarizedCallable::RangeSimple {
    UniqSummary() { this = "uniq" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -2618,7 +2618,7 @@ module Enumerable {
    }
  }

-  abstract private class ZipSummary extends SummarizedCallable {
+  abstract private class ZipSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/Base64.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Base64.qll
@@ -6,7 +6,7 @@ private import ruby
 private import codeql.ruby.dataflow.FlowSummary
 private import codeql.ruby.ApiGraphs

-private class Base64Decode extends SummarizedCallable {
+private class Base64Decode extends SummarizedCallable::Range {
  Base64Decode() { this = "Base64.decode64()" }

  override MethodCall getACall() {
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/Hash.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Hash.qll
@@ -26,7 +26,7 @@ module Hash {
    resolveConstantReadAccess(result.getReceiver()) = TResolved("Hash")
  }

-  private class HashLiteralSummary extends SummarizedCallable {
+  private class HashLiteralSummary extends SummarizedCallable::Range {
    HashLiteralSummary() { this = "Hash.[]" }

    final override MethodCall getACallSimple() { result = getAStaticHashCall("[]") }
@@ -54,7 +54,7 @@ module Hash {
   * Hash[ [ [:foo, 0], [:bar, 1] ] ] # => {:foo=>0, :bar=>1}
   * ```
   */
-  private class HashNewSummary extends SummarizedCallable {
+  private class HashNewSummary extends SummarizedCallable::Range {
    HashNewSummary() { this = "Hash[]" }

    final override MethodCall getACallSimple() {
@@ -83,7 +83,7 @@ module Hash {
   * Hash[:foo, 0, :bar, 1] # => {:foo=>0, :bar=>1}
   * ```
   */
-  private class HashNewSuccessivePairsSummary extends SummarizedCallable {
+  private class HashNewSuccessivePairsSummary extends SummarizedCallable::Range {
    private int i;
    private ConstantValue key;

@@ -110,7 +110,7 @@ module Hash {
    }
  }

-  private class TryConvertSummary extends SummarizedCallable {
+  private class TryConvertSummary extends SummarizedCallable::Range {
    TryConvertSummary() { this = "Hash.try_convert" }

    override MethodCall getACallSimple() { result = getAStaticHashCall("try_convert") }
@@ -122,7 +122,7 @@ module Hash {
    }
  }

-  abstract private class StoreSummary extends SummarizedCallable {
+  abstract private class StoreSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -173,7 +173,7 @@ module Hash {
    }
  }

-  abstract private class AssocSummary extends SummarizedCallable {
+  abstract private class AssocSummary extends SummarizedCallable::Range {
    MethodCall mc;

    bindingset[this]
@@ -199,7 +199,7 @@ module Hash {
    }
  }

-  private class AssocUnknownSummary extends SummarizedCallable {
+  private class AssocUnknownSummary extends SummarizedCallable::Range {
    AssocUnknownSummary() { this = "assoc-unknown-arg" }

    override MethodCall getACallSimple() {
@@ -215,7 +215,7 @@ module Hash {
    }
  }

-  private class EachPairSummary extends SimpleSummarizedCallable {
+  private class EachPairSummary extends SummarizedCallable::RangeSimple {
    EachPairSummary() { this = "each_pair" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -230,7 +230,7 @@ module Hash {
    }
  }

-  private class EachValueSummary extends SimpleSummarizedCallable {
+  private class EachValueSummary extends SummarizedCallable::RangeSimple {
    EachValueSummary() { this = "each_value" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -250,7 +250,7 @@ module Hash {
    result = DataFlow::Content::getKnownElementIndex(mc.getArgument(i)).serialize()
  }

-  private class ExceptSummary extends SummarizedCallable {
+  private class ExceptSummary extends SummarizedCallable::Range {
    MethodCall mc;

    ExceptSummary() {
@@ -282,7 +282,7 @@ module Hash {
  }
 }

-abstract private class FetchValuesSummary extends SummarizedCallable {
+abstract private class FetchValuesSummary extends SummarizedCallable::Range {
  MethodCall mc;

  bindingset[this]
@@ -338,7 +338,7 @@ private class FetchValuesUnknownSummary extends FetchValuesSummary {
  }
 }

-private class MergeSummary extends SimpleSummarizedCallable {
+private class MergeSummary extends SummarizedCallable::RangeSimple {
  MergeSummary() {
    // deep_merge is an ActiveSupport extension
    // https://api.rubyonrails.org/classes/Hash.html#method-i-deep_merge
@@ -357,7 +357,7 @@ private class MergeSummary extends SimpleSummarizedCallable {
  }
 }

-private class MergeBangSummary extends SimpleSummarizedCallable {
+private class MergeBangSummary extends SummarizedCallable::RangeSimple {
  MergeBangSummary() {
    // deep_merge! is an ActiveSupport extension
    // https://api.rubyonrails.org/classes/Hash.html#method-i-deep_merge-21
@@ -376,7 +376,7 @@ private class MergeBangSummary extends SimpleSummarizedCallable {
  }
 }

-private class RassocSummary extends SimpleSummarizedCallable {
+private class RassocSummary extends SummarizedCallable::RangeSimple {
  RassocSummary() { this = "rassoc" }

  override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -386,7 +386,7 @@ private class RassocSummary extends SimpleSummarizedCallable {
  }
 }

-abstract private class SliceSummary extends SummarizedCallable {
+abstract private class SliceSummary extends SummarizedCallable::Range {
  MethodCall mc;

  bindingset[this]
@@ -424,7 +424,7 @@ private class SliceUnknownSummary extends SliceSummary {
  }
 }

-private class ToASummary extends SimpleSummarizedCallable {
+private class ToASummary extends SummarizedCallable::RangeSimple {
  ToASummary() { this = "to_a" }

  override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -434,7 +434,7 @@ private class ToASummary extends SimpleSummarizedCallable {
  }
 }

-private class ToHWithoutBlockSummary extends SimpleSummarizedCallable {
+private class ToHWithoutBlockSummary extends SummarizedCallable::RangeSimple {
  ToHWithoutBlockSummary() { this = ["to_h", "to_hash"] and not exists(mc.getBlock()) }

  override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -444,7 +444,7 @@ private class ToHWithoutBlockSummary extends SimpleSummarizedCallable {
  }
 }

-private class ToHWithBlockSummary extends SimpleSummarizedCallable {
+private class ToHWithBlockSummary extends SummarizedCallable::RangeSimple {
  ToHWithBlockSummary() { this = "to_h" and exists(mc.getBlock()) }

  override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -459,7 +459,7 @@ private class ToHWithBlockSummary extends SimpleSummarizedCallable {
  }
 }

-private class TransformKeysSummary extends SimpleSummarizedCallable {
+private class TransformKeysSummary extends SummarizedCallable::RangeSimple {
  TransformKeysSummary() { this = "transform_keys" }

  override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -469,7 +469,7 @@ private class TransformKeysSummary extends SimpleSummarizedCallable {
  }
 }

-private class TransformKeysBangSummary extends SimpleSummarizedCallable {
+private class TransformKeysBangSummary extends SummarizedCallable::RangeSimple {
  TransformKeysBangSummary() { this = "transform_keys!" }

  override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -481,7 +481,7 @@ private class TransformKeysBangSummary extends SimpleSummarizedCallable {
  }
 }

-private class TransformValuesSummary extends SimpleSummarizedCallable {
+private class TransformValuesSummary extends SummarizedCallable::RangeSimple {
  TransformValuesSummary() { this = "transform_values" }

  override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -496,7 +496,7 @@ private class TransformValuesSummary extends SimpleSummarizedCallable {
  }
 }

-private class TransformValuesBangSummary extends SimpleSummarizedCallable {
+private class TransformValuesBangSummary extends SummarizedCallable::RangeSimple {
  TransformValuesBangSummary() { this = "transform_values!" }

  override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -514,7 +514,7 @@ private class TransformValuesBangSummary extends SimpleSummarizedCallable {
  }
 }

-private class ValuesSummary extends SimpleSummarizedCallable {
+private class ValuesSummary extends SummarizedCallable::RangeSimple {
  ValuesSummary() { this = "values" }

  override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -526,7 +526,7 @@ private class ValuesSummary extends SimpleSummarizedCallable {

 // We don't (yet) track data flow through hash keys, but this is still useful in cases where a
 // whole hash(like) object is tainted, such as `ActionController#params`.
-private class KeysSummary extends SimpleSummarizedCallable {
+private class KeysSummary extends SummarizedCallable::RangeSimple {
  KeysSummary() { this = "keys" }

  override predicate propagatesFlow(string input, string output, boolean preservesValue) {
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
@@ -195,7 +195,7 @@ module Kernel {
    override predicate runsArbitraryCode() { none() }
  }

-  private class TapSummary extends SimpleSummarizedCallable {
+  private class TapSummary extends SummarizedCallable::RangeSimple {
    TapSummary() { this = "tap" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -226,7 +226,7 @@ module Kernel {
   * A call to `Array()`, that converts it's singular argument to an array.
   * This summary is based on https://ruby-doc.org/3.2.1/Kernel.html#method-i-Array
   */
-  private class KernelArraySummary extends SummarizedCallable {
+  private class KernelArraySummary extends SummarizedCallable::Range {
    KernelArraySummary() { this = "Array()" }

    override MethodCall getACallSimple() {
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/Object.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Object.qll
@@ -33,7 +33,7 @@ module Object {
      ]
  }

-  private class DupSummary extends SimpleSummarizedCallable {
+  private class DupSummary extends SummarizedCallable::RangeSimple {
    DupSummary() { this = "dup" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/String.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/String.qll
@@ -110,16 +110,16 @@ module String {
  }

  /** A `String` callable with a flow summary. */
-  abstract class SummarizedCallable extends FlowSummary::SummarizedCallable {
+  abstract class SummarizedCallable extends FlowSummary::SummarizedCallable::Range {
    bindingset[this]
    SummarizedCallable() { any() }
  }

-  abstract private class SimpleSummarizedCallable extends SummarizedCallable,
-    FlowSummary::SimpleSummarizedCallable
+  abstract private class SummarizedCallableSimple extends SummarizedCallable,
+    FlowSummary::SummarizedCallable::RangeSimple
  {
    bindingset[this]
-    SimpleSummarizedCallable() { any() }
+    SummarizedCallableSimple() { any() }
  }

  private class NewSummary extends SummarizedCallable {
@@ -154,7 +154,7 @@ module String {
  /**
   * A flow summary for the `String#%` method.
   */
-  private class FormatSummary extends SimpleSummarizedCallable {
+  private class FormatSummary extends SummarizedCallableSimple {
    FormatSummary() { this = "%" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -168,7 +168,7 @@ module String {
  /**
   * A flow summary for the `String#b` method.
   */
-  private class BSummary extends SimpleSummarizedCallable {
+  private class BSummary extends SummarizedCallableSimple {
    BSummary() { this = "b" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -179,7 +179,7 @@ module String {
  /**
   * A flow summary for the `String#byteslice` method.
   */
-  private class BytesliceSummary extends SimpleSummarizedCallable {
+  private class BytesliceSummary extends SummarizedCallableSimple {
    BytesliceSummary() { this = "byteslice" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -190,7 +190,7 @@ module String {
  /**
   * A flow summary for `String#capitalize(!)`.
   */
-  private class CapitalizeSummary extends SimpleSummarizedCallable {
+  private class CapitalizeSummary extends SummarizedCallableSimple {
    CapitalizeSummary() { this = ["capitalize", "capitalize!"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -203,7 +203,7 @@ module String {
  /**
   * A flow summary for `String#center`, `String#ljust` and `String#rjust`.
   */
-  private class CenterSummary extends SimpleSummarizedCallable {
+  private class CenterSummary extends SummarizedCallableSimple {
    CenterSummary() { this = ["center", "ljust", "rjust"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -218,7 +218,7 @@ module String {
  /**
   * A flow summary for the `String#chomp`, `String#chomp!`, `String#chop` and `String#chop!` methods.
   */
-  private class ChompSummary extends SimpleSummarizedCallable {
+  private class ChompSummary extends SummarizedCallableSimple {
    ChompSummary() { this = ["chomp", "chomp!", "chop", "chop!"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -236,7 +236,7 @@ module String {
   * We can't currently write this summary because there is no `DataFlow::Content` node to refer to (unlike with `Array#clear`).
   * We need a `DataFlow::Content` node in order to override `clearsContent`.
   */
-  private class ClearSummary extends SimpleSummarizedCallable {
+  private class ClearSummary extends SummarizedCallableSimple {
    ClearSummary() { none() }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -247,7 +247,7 @@ module String {
  /**
   * A flow summary for `String#concat` and `String#prepend`.
   */
-  private class ConcatSummary extends SimpleSummarizedCallable {
+  private class ConcatSummary extends SummarizedCallableSimple {
    ConcatSummary() {
      // `concat` and `prepend` omitted because they clash with the summaries for
      // `Array#concat` and `Array#prepend`.
@@ -265,7 +265,7 @@ module String {
  /**
   * A flow summary for `String#delete(!)`, `String#delete_prefix(!)` and `String#delete_suffix(!)`.
   */
-  private class DeleteSummary extends SimpleSummarizedCallable {
+  private class DeleteSummary extends SummarizedCallableSimple {
    DeleteSummary() { this = ["delete", "delete_prefix", "delete_suffix"] + ["", "!"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -276,7 +276,7 @@ module String {
  /**
   * A flow summary for `String#downcase(!)`, `String#upcase` and `String#swapcase(!)`.
   */
-  private class DowncaseSummary extends SimpleSummarizedCallable {
+  private class DowncaseSummary extends SummarizedCallableSimple {
    DowncaseSummary() { this = ["downcase", "upcase", "swapcase"] + ["", "!"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -287,7 +287,7 @@ module String {
  /**
   * A flow summary for `String#dump` and `String#undump`.
   */
-  private class DumpSummary extends SimpleSummarizedCallable {
+  private class DumpSummary extends SummarizedCallableSimple {
    DumpSummary() { this = ["dump", "undump"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -337,7 +337,7 @@ module String {
  /**
   * A flow summary for `String#encode(!)` and `String#unicode_normalize(!)`.
   */
-  private class EncodeSummary extends SimpleSummarizedCallable {
+  private class EncodeSummary extends SummarizedCallableSimple {
    EncodeSummary() { this = ["encode", "unicode_normalize"] + ["", "!"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -348,7 +348,7 @@ module String {
  /**
   * A flow summary for `String#force_encoding`.
   */
-  private class ForceEncodingSummary extends SimpleSummarizedCallable {
+  private class ForceEncodingSummary extends SummarizedCallableSimple {
    ForceEncodingSummary() { this = "force_encoding" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -359,7 +359,7 @@ module String {
  /**
   * A flow summary for `String#freeze`.
   */
-  private class FreezeSummary extends SimpleSummarizedCallable {
+  private class FreezeSummary extends SummarizedCallableSimple {
    FreezeSummary() { this = "freeze" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -370,7 +370,7 @@ module String {
  /**
   * A flow summary for `String#gsub(!)` and `String#sub(!)`.
   */
-  private class GsubSummary extends SimpleSummarizedCallable {
+  private class GsubSummary extends SummarizedCallableSimple {
    GsubSummary() { this = ["sub", "gsub"] + ["", "!"] }

    // str.gsub(pattern, replacement) -> new_str
@@ -389,7 +389,7 @@ module String {
  /**
   * A flow summary for `String#insert`.
   */
-  private class InsertSummary extends SimpleSummarizedCallable {
+  private class InsertSummary extends SummarizedCallableSimple {
    InsertSummary() {
      this = "insert" and
      // Disabled because it clashes with the summary for Array#insert.
@@ -406,7 +406,7 @@ module String {
  /**
   * A flow summary for `String#inspect`.
   */
-  private class InspectSummary extends SimpleSummarizedCallable {
+  private class InspectSummary extends SummarizedCallableSimple {
    InspectSummary() { this = "inspect" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -417,7 +417,7 @@ module String {
  /**
   * A flow summary for `String#strip(!)`, `String#lstrip(!)` and `String#rstrip(!)`.
   */
-  private class StripSummary extends SimpleSummarizedCallable {
+  private class StripSummary extends SummarizedCallableSimple {
    StripSummary() { this = ["strip", "lstrip", "rstrip"] + ["", "!"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -428,7 +428,7 @@ module String {
  /**
   * A flow summary for `String#next(!)` and `String#succ(!)`.
   */
-  private class NextSummary extends SimpleSummarizedCallable {
+  private class NextSummary extends SummarizedCallableSimple {
    NextSummary() { this = ["next", "succ"] + ["", "!"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -439,7 +439,7 @@ module String {
  /**
   * A flow summary for `String#partition` and `String#rpartition`.
   */
-  private class PartitionSummary extends SimpleSummarizedCallable {
+  private class PartitionSummary extends SummarizedCallableSimple {
    PartitionSummary() { this = ["partition", "rpartition"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -452,7 +452,7 @@ module String {
  /**
   * A flow summary for `String#replace`.
   */
-  private class ReplaceSummary extends SimpleSummarizedCallable {
+  private class ReplaceSummary extends SummarizedCallableSimple {
    ReplaceSummary() { this = "replace" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -466,7 +466,7 @@ module String {
  /**
   * A flow summary for `String#reverse(!)`.
   */
-  private class ReverseSummary extends SimpleSummarizedCallable {
+  private class ReverseSummary extends SummarizedCallableSimple {
    ReverseSummary() { this = ["reverse", "reverse!"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -560,7 +560,7 @@ module String {
  /**
   * A flow summary for `String#shellescape`.
   */
-  private class ShellescapeSummary extends SimpleSummarizedCallable {
+  private class ShellescapeSummary extends SummarizedCallableSimple {
    ShellescapeSummary() { this = "shellescape" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -571,7 +571,7 @@ module String {
  /**
   * A flow summary for `String#shellsplit`.
   */
-  private class ShellSplitSummary extends SimpleSummarizedCallable {
+  private class ShellSplitSummary extends SummarizedCallableSimple {
    ShellSplitSummary() { this = "shellsplit" }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -584,7 +584,7 @@ module String {
  /**
   * A flow summary for `String#slice(!)`, `String#split` and `String#[]`.
   */
-  private class SliceSummary extends SimpleSummarizedCallable {
+  private class SliceSummary extends SummarizedCallableSimple {
    SliceSummary() { this = ["slice", "slice!", "split", "[]"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -595,7 +595,7 @@ module String {
  /**
   * A flow summary for `String#squeeze(!)`.
   */
-  private class SqueezeSummary extends SimpleSummarizedCallable {
+  private class SqueezeSummary extends SummarizedCallableSimple {
    SqueezeSummary() { this = ["squeeze", "squeeze!"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -606,7 +606,7 @@ module String {
  /**
   * A flow summary for `String#to_s` and `String.to_str`.
   */
-  private class ToStrSummary extends SimpleSummarizedCallable {
+  private class ToStrSummary extends SummarizedCallableSimple {
    ToStrSummary() { this = ["to_str", "to_s"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -617,7 +617,7 @@ module String {
  /**
   * A flow summary for `String#tr`.
   */
-  private class TrSummary extends SimpleSummarizedCallable {
+  private class TrSummary extends SummarizedCallableSimple {
    TrSummary() { this = ["tr", "tr_s"] + ["", "!"] }

    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
--- a/ruby/ql/lib/codeql/ruby/frameworks/data/ModelsAsData.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/data/ModelsAsData.qll
@@ -32,7 +32,7 @@ private class RemoteFlowSourceFromCsv extends RemoteFlowSource::Range {
  override string getSourceType() { result = "Remote flow (from model)" }
 }

-private class SummarizedCallableFromModel extends SummarizedCallable {
+private class SummarizedCallableFromModel extends SummarizedCallable::Range {
  string type;
  string path;

@@ -49,9 +49,13 @@ private class SummarizedCallableFromModel extends SummarizedCallable {
  }

  override predicate propagatesFlow(
-    string input, string output, boolean preservesValue, string model
+    string input, string output, boolean preservesValue, Provenance p, boolean isExact, string model
  ) {
-    exists(string kind | ModelOutput::relevantSummaryModel(type, path, input, output, kind, model) |
+    exists(string kind |
+      ModelOutput::relevantSummaryModel(type, path, input, output, kind, model) and
+      p = "manual" and
+      isExact = true
+    |
      kind = "value" and
      preservesValue = true
      or
--- a/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/Utils.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/Utils.qll
@@ -10,7 +10,7 @@ private import codeql.ruby.dataflow.FlowSummary
 */
 module Utils {
  /** Flow summary for `Rack::Utils.parse_query`, which parses a query string. */
-  private class ParseQuerySummary extends SummarizedCallable {
+  private class ParseQuerySummary extends SummarizedCallable::Range {
    ParseQuerySummary() { this = "Rack::Utils.parse_query" }

    override MethodCall getACall() {
--- a/ruby/ql/lib/codeql/ruby/typetracking/internal/TypeTrackingImpl.qll
+++ b/ruby/ql/lib/codeql/ruby/typetracking/internal/TypeTrackingImpl.qll
@@ -223,7 +223,7 @@ private module SummaryTypeTrackerInput implements SummaryTypeTracker::Input {
    predicate propagatesFlow(
      SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue
    ) {
-      super.propagatesFlow(input, output, preservesValue, _)
+      super.propagatesFlow(input, output, preservesValue, _, _, _)
    }
  }

--- a/ruby/ql/test/library-tests/dataflow/flow-summaries/semantics.ql
+++ b/ruby/ql/test/library-tests/dataflow/flow-summaries/semantics.ql
@@ -12,7 +12,7 @@ private import codeql.ruby.dataflow.FlowSummary
 /**
 * A convenience class for defining value (c.f. taint) flow summaries.
 */
-abstract private class Summary extends SimpleSummarizedCallable {
+abstract private class Summary extends SummarizedCallable::RangeSimple {
  bindingset[this]
  Summary() { any() }

--- a/ruby/ql/test/library-tests/dataflow/regressions/Regressions.ql
+++ b/ruby/ql/test/library-tests/dataflow/regressions/Regressions.ql
@@ -1,6 +1,6 @@
 private import codeql.ruby.dataflow.FlowSummary

-private class ReverseSummary extends SimpleSummarizedCallable {
+private class ReverseSummary extends SummarizedCallable::RangeSimple {
  ReverseSummary() { this = "reverse" }

  override predicate propagatesFlow(string input, string output, boolean preservesValue) {
--- a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql
+++ b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql
@@ -18,7 +18,7 @@ query predicate invalidSpecComponent(SummarizedCallable sc, string s, string c)

 query predicate warning = ModelOutput::getAWarning/0;

-private class SummarizedCallableIdentity extends SummarizedCallable {
+private class SummarizedCallableIdentity extends SummarizedCallable::Range {
  SummarizedCallableIdentity() { this = "identity" }

  override MethodCall getACall() { result.getMethodName() = this }
@@ -30,7 +30,7 @@ private class SummarizedCallableIdentity extends SummarizedCallable {
  }
 }

-private class SummarizedCallableApplyBlock extends SummarizedCallable {
+private class SummarizedCallableApplyBlock extends SummarizedCallable::Range {
  SummarizedCallableApplyBlock() { this = "apply_block" }

  override MethodCall getACall() { result.getMethodName() = this }
@@ -46,7 +46,7 @@ private class SummarizedCallableApplyBlock extends SummarizedCallable {
  }
 }

-private class SummarizedCallableApplyLambda extends SummarizedCallable {
+private class SummarizedCallableApplyLambda extends SummarizedCallable::Range {
  SummarizedCallableApplyLambda() { this = "apply_lambda" }

  override MethodCall getACall() { result.getMethodName() = this }