Automatically extract .gemspec and Gemfile files

They are just Ruby code, after all.
2026-04-26 01:05:15 +02:00 · 2021-09-10 14:58:43 +01:00
parent 12723f0f13
commit ec13133317
10 changed files with 220 additions and 0 deletions
--- a/autobuilder/src/main.rs
+++ b/autobuilder/src/main.rs
@@ -17,6 +17,8 @@ fn main() -> std::io::Result<()> {
        .arg("index-files")
        .arg("--include-extension=.rb")
        .arg("--include-extension=.erb")
+        .arg("--include-extension=.gemspec")
+        .arg("--include=**/Gemfile")
        .arg("--size-limit=5m")
        .arg("--language=ruby")
        .arg("--working-dir=.")
--- a/ql/test/library-tests/ast/Ast.expected
+++ b/ql/test/library-tests/ast/Ast.expected
@@ -1,3 +1,32 @@
+gems/Gemfile:
+#    1| [Toplevel] Gemfile
+#    1|   getStmt: [MethodCall] call to source
+#    1|     getReceiver: [Self] self
+#    1|     getArgument: [StringLiteral] "https://rubygems.org"
+#    1|       getComponent: [StringTextComponent] https://rubygems.org
+#    3|   getStmt: [MethodCall] call to gem
+#    3|     getReceiver: [Self] self
+#    3|     getArgument: [StringLiteral] "foo_gem"
+#    3|       getComponent: [StringTextComponent] foo_gem
+#    3|     getArgument: [StringLiteral] "~> 2.0"
+#    3|       getComponent: [StringTextComponent] ~> 2.0
+#    5|   getStmt: [MethodCall] call to source
+#    5|     getReceiver: [Self] self
+#    5|     getArgument: [StringLiteral] "https://gems.example.com"
+#    5|       getComponent: [StringTextComponent] https://gems.example.com
+#    5|     getBlock: [DoBlock] do ... end
+#    6|       getStmt: [MethodCall] call to gem
+#    6|         getReceiver: [Self] self
+#    6|         getArgument: [StringLiteral] "my_gem"
+#    6|           getComponent: [StringTextComponent] my_gem
+#    6|         getArgument: [StringLiteral] "1.0"
+#    6|           getComponent: [StringTextComponent] 1.0
+#    7|       getStmt: [MethodCall] call to gem
+#    7|         getReceiver: [Self] self
+#    7|         getArgument: [StringLiteral] "another_gem"
+#    7|           getComponent: [StringTextComponent] another_gem
+#    7|         getArgument: [StringLiteral] "3.1.4"
+#    7|           getComponent: [StringTextComponent] 3.1.4
 calls/calls.rb:
 #    1| [Toplevel] calls.rb
 #    2|   getStmt: [MethodCall] call to foo
@@ -2080,6 +2109,65 @@ erb/template.html.erb:
 #   28|         getAnOperand/getLeftOperand: [LocalVariableAccess] xs
 #   28|         getAnOperand/getRightOperand: [LocalVariableAccess] x
 #   29|       getStmt: [LocalVariableAccess] xs
+gems/test.gemspec:
+#    1| [Toplevel] test.gemspec
+#    1|   getStmt: [MethodCall] call to new
+#    1|     getReceiver: [ConstantReadAccess] Specification
+#    1|       getScopeExpr: [ConstantReadAccess] Gem
+#    1|     getBlock: [DoBlock] do ... end
+#    1|       getParameter: [SimpleParameter] s
+#    1|         getDefiningAccess: [LocalVariableAccess] s
+#    2|       getStmt: [AssignExpr] ... = ...
+#    2|         getAnOperand/getLeftOperand: [MethodCall] call to name
+#    2|           getReceiver: [LocalVariableAccess] s
+#    2|         getAnOperand/getRightOperand: [StringLiteral] "test"
+#    2|           getComponent: [StringTextComponent] test
+#    3|       getStmt: [AssignExpr] ... = ...
+#    3|         getAnOperand/getLeftOperand: [MethodCall] call to version
+#    3|           getReceiver: [LocalVariableAccess] s
+#    3|         getAnOperand/getRightOperand: [StringLiteral] "0.0.0"
+#    3|           getComponent: [StringTextComponent] 0.0.0
+#    4|       getStmt: [AssignExpr] ... = ...
+#    4|         getAnOperand/getLeftOperand: [MethodCall] call to summary
+#    4|           getReceiver: [LocalVariableAccess] s
+#    4|         getAnOperand/getRightOperand: [StringLiteral] "foo!"
+#    4|           getComponent: [StringTextComponent] foo!
+#    5|       getStmt: [AssignExpr] ... = ...
+#    5|         getAnOperand/getLeftOperand: [MethodCall] call to description
+#    5|           getReceiver: [LocalVariableAccess] s
+#    5|         getAnOperand/getRightOperand: [StringLiteral] "A test"
+#    5|           getComponent: [StringTextComponent] A test
+#    6|       getStmt: [AssignExpr] ... = ...
+#    6|         getAnOperand/getLeftOperand: [MethodCall] call to authors
+#    6|           getReceiver: [LocalVariableAccess] s
+#    6|         getAnOperand/getRightOperand: [ArrayLiteral] [...]
+#    6|           getElement: [StringLiteral] "Mona Lisa"
+#    6|             getComponent: [StringTextComponent] Mona Lisa
+#    7|       getStmt: [AssignExpr] ... = ...
+#    7|         getAnOperand/getLeftOperand: [MethodCall] call to email
+#    7|           getReceiver: [LocalVariableAccess] s
+#    7|         getAnOperand/getRightOperand: [StringLiteral] "mona@example.com"
+#    7|           getComponent: [StringTextComponent] mona@example.com
+#    8|       getStmt: [AssignExpr] ... = ...
+#    8|         getAnOperand/getLeftOperand: [MethodCall] call to files
+#    8|           getReceiver: [LocalVariableAccess] s
+#    8|         getAnOperand/getRightOperand: [ArrayLiteral] [...]
+#    8|           getElement: [StringLiteral] "lib/test.rb"
+#    8|             getComponent: [StringTextComponent] lib/test.rb
+#    9|       getStmt: [AssignExpr] ... = ...
+#    9|         getAnOperand/getLeftOperand: [MethodCall] call to homepage
+#    9|           getReceiver: [LocalVariableAccess] s
+#    9|         getAnOperand/getRightOperand: [StringLiteral] "https://github.com/github/cod..."
+#    9|           getComponent: [StringTextComponent] https://github.com/github/codeql-ruby
+gems/lib/test.rb:
+#    1| [Toplevel] test.rb
+#    1|   getStmt: [ClassDeclaration] Foo
+#    2|     getStmt: [SingletonMethod] greet
+#    2|       getObject: [Self] self
+#    3|       getStmt: [MethodCall] call to puts
+#    3|         getReceiver: [Self] self
+#    3|         getArgument: [StringLiteral] "Hello"
+#    3|           getComponent: [StringTextComponent] Hello
 modules/toplevel.rb:
 #    1| [Toplevel] toplevel.rb
 #    1|   getStmt: [MethodCall] call to puts
--- a/ql/test/library-tests/ast/AstDesugar.expected
+++ b/ql/test/library-tests/ast/AstDesugar.expected
@@ -388,3 +388,78 @@ erb/template.html.erb:
 #   28|     getAnOperand/getRightOperand: [AddExpr] ... + ...
 #   28|       getAnOperand/getLeftOperand: [LocalVariableAccess] xs
 #   28|       getAnOperand/getRightOperand: [LocalVariableAccess] x
+gems/test.gemspec:
+#    2| [AssignExpr] ... = ...
+#    2|   getDesugared: [StmtSequence] ...
+#    2|     getStmt: [SetterMethodCall] call to name=
+#    2|       getReceiver: [LocalVariableAccess] s
+#    2|       getArgument: [AssignExpr] ... = ...
+#    2|         getAnOperand/getLeftOperand: [LocalVariableAccess] __synth__0
+#    2|         getAnOperand/getRightOperand: [StringLiteral] "test"
+#    2|           getComponent: [StringTextComponent] test
+#    2|     getStmt: [LocalVariableAccess] __synth__0
+#    3| [AssignExpr] ... = ...
+#    3|   getDesugared: [StmtSequence] ...
+#    3|     getStmt: [SetterMethodCall] call to version=
+#    3|       getReceiver: [LocalVariableAccess] s
+#    3|       getArgument: [AssignExpr] ... = ...
+#    3|         getAnOperand/getLeftOperand: [LocalVariableAccess] __synth__0
+#    3|         getAnOperand/getRightOperand: [StringLiteral] "0.0.0"
+#    3|           getComponent: [StringTextComponent] 0.0.0
+#    3|     getStmt: [LocalVariableAccess] __synth__0
+#    4| [AssignExpr] ... = ...
+#    4|   getDesugared: [StmtSequence] ...
+#    4|     getStmt: [SetterMethodCall] call to summary=
+#    4|       getReceiver: [LocalVariableAccess] s
+#    4|       getArgument: [AssignExpr] ... = ...
+#    4|         getAnOperand/getLeftOperand: [LocalVariableAccess] __synth__0
+#    4|         getAnOperand/getRightOperand: [StringLiteral] "foo!"
+#    4|           getComponent: [StringTextComponent] foo!
+#    4|     getStmt: [LocalVariableAccess] __synth__0
+#    5| [AssignExpr] ... = ...
+#    5|   getDesugared: [StmtSequence] ...
+#    5|     getStmt: [SetterMethodCall] call to description=
+#    5|       getReceiver: [LocalVariableAccess] s
+#    5|       getArgument: [AssignExpr] ... = ...
+#    5|         getAnOperand/getLeftOperand: [LocalVariableAccess] __synth__0
+#    5|         getAnOperand/getRightOperand: [StringLiteral] "A test"
+#    5|           getComponent: [StringTextComponent] A test
+#    5|     getStmt: [LocalVariableAccess] __synth__0
+#    6| [AssignExpr] ... = ...
+#    6|   getDesugared: [StmtSequence] ...
+#    6|     getStmt: [SetterMethodCall] call to authors=
+#    6|       getReceiver: [LocalVariableAccess] s
+#    6|       getArgument: [AssignExpr] ... = ...
+#    6|         getAnOperand/getLeftOperand: [LocalVariableAccess] __synth__0
+#    6|         getAnOperand/getRightOperand: [ArrayLiteral] [...]
+#    6|           getElement: [StringLiteral] "Mona Lisa"
+#    6|             getComponent: [StringTextComponent] Mona Lisa
+#    6|     getStmt: [LocalVariableAccess] __synth__0
+#    7| [AssignExpr] ... = ...
+#    7|   getDesugared: [StmtSequence] ...
+#    7|     getStmt: [SetterMethodCall] call to email=
+#    7|       getReceiver: [LocalVariableAccess] s
+#    7|       getArgument: [AssignExpr] ... = ...
+#    7|         getAnOperand/getLeftOperand: [LocalVariableAccess] __synth__0
+#    7|         getAnOperand/getRightOperand: [StringLiteral] "mona@example.com"
+#    7|           getComponent: [StringTextComponent] mona@example.com
+#    7|     getStmt: [LocalVariableAccess] __synth__0
+#    8| [AssignExpr] ... = ...
+#    8|   getDesugared: [StmtSequence] ...
+#    8|     getStmt: [SetterMethodCall] call to files=
+#    8|       getReceiver: [LocalVariableAccess] s
+#    8|       getArgument: [AssignExpr] ... = ...
+#    8|         getAnOperand/getLeftOperand: [LocalVariableAccess] __synth__0
+#    8|         getAnOperand/getRightOperand: [ArrayLiteral] [...]
+#    8|           getElement: [StringLiteral] "lib/test.rb"
+#    8|             getComponent: [StringTextComponent] lib/test.rb
+#    8|     getStmt: [LocalVariableAccess] __synth__0
+#    9| [AssignExpr] ... = ...
+#    9|   getDesugared: [StmtSequence] ...
+#    9|     getStmt: [SetterMethodCall] call to homepage=
+#    9|       getReceiver: [LocalVariableAccess] s
+#    9|       getArgument: [AssignExpr] ... = ...
+#    9|         getAnOperand/getLeftOperand: [LocalVariableAccess] __synth__0
+#    9|         getAnOperand/getRightOperand: [StringLiteral] "https://github.com/github/cod..."
+#    9|           getComponent: [StringTextComponent] https://github.com/github/codeql-ruby
+#    9|     getStmt: [LocalVariableAccess] __synth__0
--- a/ql/test/library-tests/ast/gems/Gemfile
+++ b/ql/test/library-tests/ast/gems/Gemfile
@@ -0,0 +1,9 @@
+source 'https://rubygems.org'
+
+gem 'foo_gem', '~> 2.0'
+
+source 'https://gems.example.com' do
+  gem 'my_gem', '1.0'
+  gem 'another_gem', '3.1.4'
+end
+
--- a/ql/test/library-tests/ast/gems/lib/test.rb
+++ b/ql/test/library-tests/ast/gems/lib/test.rb
@@ -0,0 +1,5 @@
+class Foo
+  def self.greet
+    puts "Hello"
+  end
+end
--- a/ql/test/library-tests/ast/gems/test.expected
+++ b/ql/test/library-tests/ast/gems/test.expected
@@ -0,0 +1,23 @@
+| Gemfile:1:1:1:29 | call to source |
+| Gemfile:3:1:3:23 | call to gem |
+| Gemfile:5:1:8:3 | call to source |
+| Gemfile:6:3:6:21 | call to gem |
+| Gemfile:7:3:7:28 | call to gem |
+| lib/test.rb:3:5:3:16 | call to puts |
+| test.gemspec:1:1:10:3 | call to new |
+| test.gemspec:2:3:2:8 | call to name |
+| test.gemspec:2:3:2:8 | call to name= |
+| test.gemspec:3:3:3:11 | call to version |
+| test.gemspec:3:3:3:11 | call to version= |
+| test.gemspec:4:3:4:11 | call to summary |
+| test.gemspec:4:3:4:11 | call to summary= |
+| test.gemspec:5:3:5:15 | call to description |
+| test.gemspec:5:3:5:15 | call to description= |
+| test.gemspec:6:3:6:11 | call to authors |
+| test.gemspec:6:3:6:11 | call to authors= |
+| test.gemspec:7:3:7:9 | call to email |
+| test.gemspec:7:3:7:9 | call to email= |
+| test.gemspec:8:3:8:9 | call to files |
+| test.gemspec:8:3:8:9 | call to files= |
+| test.gemspec:9:3:9:12 | call to homepage |
+| test.gemspec:9:3:9:12 | call to homepage= |
--- a/ql/test/library-tests/ast/gems/test.gemspec
+++ b/ql/test/library-tests/ast/gems/test.gemspec
@@ -0,0 +1,10 @@
+Gem::Specification.new do |s|
+  s.name        = 'test'
+  s.version     = '0.0.0'
+  s.summary     = "foo!"
+  s.description = "A test"
+  s.authors     = ["Mona Lisa"]
+  s.email       = 'mona@example.com'
+  s.files       = ["lib/test.rb"]
+  s.homepage    = 'https://github.com/github/codeql-ruby'
+end
--- a/ql/test/library-tests/ast/gems/test.ql
+++ b/ql/test/library-tests/ast/gems/test.ql
@@ -0,0 +1,4 @@
+import ruby
+
+// Just enough to test that we extracted the Gemfile and the .gemspec file.
+select any(Call c)
--- a/tools/qltest.cmd
+++ b/tools/qltest.cmd
@@ -4,6 +4,8 @@ type NUL && "%CODEQL_DIST%\codeql.exe" database index-files ^
    --prune=**/*.testproj ^
    --include-extension=.rb ^
    --include-extension=.erb ^
+    --include-extension=.gemspec ^
+    --include=**/Gemfile ^
    --size-limit=5m ^
    --language=ruby ^
    "%CODEQL_EXTRACTOR_RUBY_WIP_DATABASE%"
--- a/tools/qltest.sh
+++ b/tools/qltest.sh
@@ -6,6 +6,8 @@ exec "${CODEQL_DIST}/codeql" database index-files \
    --prune="**/*.testproj" \
    --include-extension=.rb \
    --include-extension=.erb \
+    --include-extension=.gemspec \
+    --include="**/Gemfile" \
    --size-limit=5m \
    --language=ruby \
    --working-dir=.\