Merge branch 'main' into experimental-archive-api

2026-04-29 10:45:15 +02:00 · 2022-06-15 21:46:23 -04:00
parent 056fa71f3e 7c5a83833b
commit ef9442d377
16 changed files with 686 additions and 5 deletions
--- a/ruby/ql/lib/codeql/ruby/Frameworks.qll
+++ b/ruby/ql/lib/codeql/ruby/Frameworks.qll
@@ -16,3 +16,4 @@ private import codeql.ruby.frameworks.Files
 private import codeql.ruby.frameworks.HttpClients
 private import codeql.ruby.frameworks.XmlParsing
 private import codeql.ruby.frameworks.ActionDispatch
+private import codeql.ruby.frameworks.PosixSpawn
--- a/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
@@ -6,6 +6,10 @@
 private import ruby
 private import codeql.ruby.Concepts
 private import codeql.ruby.DataFlow
+private import codeql.ruby.dataflow.FlowSummary
+private import codeql.ruby.Concepts
+private import codeql.ruby.ApiGraphs
+private import codeql.ruby.frameworks.stdlib.Logger::Logger as StdlibLogger

 /**
 * Modeling for `ActiveSupport`.
@@ -32,6 +36,107 @@ module ActiveSupport {

        override DataFlow::Node getCode() { result = this.getReceiver() }
      }
+
+      /**
+       * Flow summary for methods which transform the receiver in some way, possibly preserving taint.
+       */
+      private class StringTransformSummary extends SummarizedCallable {
+        // We're modelling a lot of different methods, so we make up a name for this summary.
+        StringTransformSummary() { this = "ActiveSupportStringTransform" }
+
+        override MethodCall getACall() {
+          result.getMethodName() =
+            [
+              "camelize", "camelcase", "classify", "dasherize", "deconstantize", "demodulize",
+              "foreign_key", "humanize", "indent", "parameterize", "pluralize", "singularize",
+              "squish", "strip_heredoc", "tableize", "titlecase", "titleize", "underscore",
+              "upcase_first"
+            ]
+        }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          input = "Argument[self]" and output = "ReturnValue" and preservesValue = false
+        }
+      }
+    }
+
+    /**
+     * Extensions to the `Enumerable` module.
+     */
+    module Enumerable {
+      private class ArrayIndex extends int {
+        ArrayIndex() { this = any(DataFlow::Content::KnownElementContent c).getIndex().getInt() }
+      }
+
+      private class CompactBlankSummary extends SimpleSummarizedCallable {
+        CompactBlankSummary() { this = "compact_blank" }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          input = "Argument[self].Element[any]" and
+          output = "ReturnValue.Element[?]" and
+          preservesValue = true
+        }
+      }
+
+      private class ExcludingSummary extends SimpleSummarizedCallable {
+        ExcludingSummary() { this = ["excluding", "without"] }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          input = "Argument[self].Element[any]" and
+          output = "ReturnValue.Element[?]" and
+          preservesValue = true
+        }
+      }
+
+      private class InOrderOfSummary extends SimpleSummarizedCallable {
+        InOrderOfSummary() { this = "in_order_of" }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          input = "Argument[self].Element[any]" and
+          output = "ReturnValue.Element[?]" and
+          preservesValue = true
+        }
+      }
+
+      /**
+       * Like `Array#push` but doesn't update the receiver.
+       */
+      private class IncludingSummary extends SimpleSummarizedCallable {
+        IncludingSummary() { this = "including" }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          (
+            exists(ArrayIndex i |
+              input = "Argument[self].Element[" + i + "]" and
+              output = "ReturnValue.Element[" + i + "]"
+            )
+            or
+            input = "Argument[self].Element[?]" and
+            output = "ReturnValue.Element[?]"
+            or
+            exists(int i | i in [0 .. (mc.getNumberOfArguments() - 1)] |
+              input = "Argument[" + i + "]" and
+              output = "ReturnValue.Element[?]"
+            )
+          ) and
+          preservesValue = true
+        }
+      }
+      // TODO: index_by, index_with, pick, pluck (they require Hash dataflow)
+    }
+  }
+
+  /**
+   * `ActiveSupport::Logger`
+   */
+  module Logger {
+    private class ActiveSupportLoggerInstantiation extends StdlibLogger::LoggerInstantiation {
+      ActiveSupportLoggerInstantiation() {
+        this =
+          API::getTopLevelMember("ActiveSupport")
+              .getMember(["Logger", "TaggedLogging"])
+              .getAnInstantiation()
+      }
    }
  }
 }
--- a/ruby/ql/lib/codeql/ruby/frameworks/PosixSpawn.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/PosixSpawn.qll
@@ -0,0 +1,80 @@
+/**
+ * Provides modeling for the `posix-spawn` gem.
+ * Version: 0.3.15
+ */
+
+private import codeql.ruby.Concepts
+private import codeql.ruby.ApiGraphs
+private import codeql.ruby.DataFlow
+private import codeql.ruby.controlflow.CfgNodes
+
+/**
+ * Provides modeling for the `posix-spawn` gem.
+ * Version: 0.3.15
+ */
+module PosixSpawn {
+  private API::Node posixSpawnModule() {
+    result = API::getTopLevelMember("POSIX").getMember("Spawn")
+  }
+
+  /**
+   * A call to `POSIX::Spawn::Child.new` or `POSIX::Spawn::Child.build`.
+   */
+  class ChildCall extends SystemCommandExecution::Range, DataFlow::CallNode {
+    ChildCall() {
+      this =
+        [
+          posixSpawnModule().getMember("Child").getAMethodCall("build"),
+          posixSpawnModule().getMember("Child").getAnInstantiation()
+        ]
+    }
+
+    override DataFlow::Node getAnArgument() {
+      result = this.getArgument(_) and not result.asExpr() instanceof ExprNodes::PairCfgNode
+    }
+
+    override predicate isShellInterpreted(DataFlow::Node arg) { none() }
+  }
+
+  /**
+   * A call to `POSIX::Spawn.spawn` or a related method.
+   */
+  class SystemCall extends SystemCommandExecution::Range, DataFlow::CallNode {
+    SystemCall() {
+      this =
+        posixSpawnModule()
+            .getAMethodCall(["spawn", "fspawn", "popen4", "pspawn", "system", "_pspawn", "`"])
+    }
+
+    override DataFlow::Node getAnArgument() { this.argument(result) }
+
+    // From the docs:
+    // When only command is given and includes a space character, the command
+    // text is executed by the system shell interpreter.
+    // This means the following signatures are shell interpreted:
+    //
+    // spawn(cmd)
+    // spawn(cmd, opts)
+    // spawn(env, cmd)
+    // spawn(env, cmd, opts)
+    //
+    // env and opts will be hashes. We over-approximate by assuming the argument
+    // is shell interpreted unless there is another argument with a string
+    // constant value.
+    override predicate isShellInterpreted(DataFlow::Node arg) {
+      not exists(DataFlow::Node otherArg |
+        otherArg != arg and
+        this.argument(arg) and
+        this.argument(otherArg) and
+        otherArg.asExpr().getConstantValue().isString(_)
+      )
+    }
+
+    private predicate argument(DataFlow::Node arg) {
+      arg = this.getArgument(_) and
+      not arg.asExpr() instanceof ExprNodes::HashLiteralCfgNode and
+      not arg.asExpr() instanceof ExprNodes::ArrayLiteralCfgNode and
+      not arg.asExpr() instanceof ExprNodes::PairCfgNode
+    }
+  }
+}
--- a/ruby/ql/lib/codeql/ruby/frameworks/stdlib/Logger.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/stdlib/Logger.qll
@@ -16,7 +16,7 @@ private import codeql.ruby.dataflow.internal.DataFlowDispatch
 module Logger {
  /** A reference to a `Logger` instance */
  private DataFlow::Node loggerInstance() {
-    result = API::getTopLevelMember("Logger").getAnInstantiation()
+    result instanceof LoggerInstantiation
    or
    exists(DataFlow::Node inst |
      inst = loggerInstance() and
@@ -33,11 +33,29 @@ module Logger {
    )
  }

+  /**
+   * An instantiation of a logger that responds to the std lib logging methods.
+   * This can be extended to recognize additional instances that conform to the
+   * same interface.
+   */
+  abstract class LoggerInstantiation extends DataFlow::Node { }
+
+  /**
+   * An instantiation of the std lib `Logger` class.
+   */
+  private class StdlibLoggerInstantiation extends LoggerInstantiation {
+    StdlibLoggerInstantiation() { this = API::getTopLevelMember("Logger").getAnInstantiation() }
+  }
+
+  private class LoggerInstance extends DataFlow::Node {
+    LoggerInstance() { this = loggerInstance() }
+  }
+
  /**
   * A call to a `Logger` instance method that causes a message to be logged.
   */
  abstract class LoggerLoggingCall extends Logging::Range, DataFlow::CallNode {
-    LoggerLoggingCall() { this.getReceiver() = loggerInstance() }
+    LoggerLoggingCall() { this.getReceiver() instanceof LoggerInstance }
  }

  /**
--- a/ruby/ql/test/library-tests/frameworks/PosixSpawn.expected
+++ b/ruby/ql/test/library-tests/frameworks/PosixSpawn.expected
@@ -0,0 +1,29 @@
+systemCalls
+| PosixSpawn.rb:1:1:1:32 | call to popen4 | PosixSpawn.rb:1:22:1:25 | "ls" | false |
+| PosixSpawn.rb:1:1:1:32 | call to popen4 | PosixSpawn.rb:1:28:1:31 | "-l" | false |
+| PosixSpawn.rb:2:1:2:31 | call to popen4 | PosixSpawn.rb:2:21:2:24 | "ls" | false |
+| PosixSpawn.rb:2:1:2:31 | call to popen4 | PosixSpawn.rb:2:27:2:30 | "-l" | false |
+| PosixSpawn.rb:7:1:7:40 | call to spawn | PosixSpawn.rb:7:20:7:39 | * ... | true |
+| PosixSpawn.rb:8:1:8:30 | call to spawn | PosixSpawn.rb:8:21:8:29 | "sleep 5" | true |
+| PosixSpawn.rb:9:1:9:23 | call to spawn | PosixSpawn.rb:9:20:9:22 | call to cmd | true |
+| PosixSpawn.rb:10:1:10:29 | call to spawn | PosixSpawn.rb:10:20:10:22 | call to env | false |
+| PosixSpawn.rb:10:1:10:29 | call to spawn | PosixSpawn.rb:10:25:10:28 | "ls" | true |
+| PosixSpawn.rb:15:1:15:60 | call to system | PosixSpawn.rb:15:21:15:25 | "foo" | false |
+| PosixSpawn.rb:15:1:15:60 | call to system | PosixSpawn.rb:15:28:15:32 | "bar" | false |
+| PosixSpawn.rb:15:1:15:60 | call to system | PosixSpawn.rb:15:35:15:44 | "--a-flag" | false |
+| PosixSpawn.rb:15:1:15:60 | call to system | PosixSpawn.rb:15:47:15:52 | call to before | false |
+| PosixSpawn.rb:15:1:15:60 | call to system | PosixSpawn.rb:15:55:15:59 | call to after | false |
+| PosixSpawn.rb:17:1:17:28 | call to fspawn | PosixSpawn.rb:17:21:17:27 | call to command | true |
+| PosixSpawn.rb:18:1:18:28 | call to pspawn | PosixSpawn.rb:18:21:18:27 | call to command | true |
+| PosixSpawn.rb:19:1:19:28 | call to popen4 | PosixSpawn.rb:19:21:19:27 | call to command | true |
+| PosixSpawn.rb:21:1:21:28 | call to ` | PosixSpawn.rb:21:16:21:20 | "foo" | false |
+| PosixSpawn.rb:21:1:21:28 | call to ` | PosixSpawn.rb:21:23:21:27 | "bar" | false |
+childCalls
+| PosixSpawn.rb:4:1:4:77 | call to new | PosixSpawn.rb:4:25:4:39 | call to [] | false |
+| PosixSpawn.rb:4:1:4:77 | call to new | PosixSpawn.rb:4:42:4:51 | ... + ... | false |
+| PosixSpawn.rb:4:1:4:77 | call to new | PosixSpawn.rb:4:54:4:58 | * ... | false |
+| PosixSpawn.rb:5:1:5:80 | call to new | PosixSpawn.rb:5:25:5:32 | * ... | false |
+| PosixSpawn.rb:12:1:12:35 | call to new | PosixSpawn.rb:12:25:12:28 | "ls" | false |
+| PosixSpawn.rb:12:1:12:35 | call to new | PosixSpawn.rb:12:31:12:34 | "-l" | false |
+| PosixSpawn.rb:13:1:13:38 | call to build | PosixSpawn.rb:13:27:13:32 | "echo" | false |
+| PosixSpawn.rb:13:1:13:38 | call to build | PosixSpawn.rb:13:35:13:37 | call to msg | false |
--- a/ruby/ql/test/library-tests/frameworks/PosixSpawn.ql
+++ b/ruby/ql/test/library-tests/frameworks/PosixSpawn.ql
@@ -0,0 +1,15 @@
+import ruby
+import codeql.ruby.frameworks.PosixSpawn
+import codeql.ruby.DataFlow
+
+query predicate systemCalls(
+  PosixSpawn::SystemCall call, DataFlow::Node arg, boolean shellInterpreted
+) {
+  arg = call.getAnArgument() and
+  if call.isShellInterpreted(arg) then shellInterpreted = true else shellInterpreted = false
+}
+
+query predicate childCalls(PosixSpawn::ChildCall call, DataFlow::Node arg, boolean shellInterpreted) {
+  arg = call.getAnArgument() and
+  if call.isShellInterpreted(arg) then shellInterpreted = true else shellInterpreted = false
+}
--- a/ruby/ql/test/library-tests/frameworks/PosixSpawn.rb
+++ b/ruby/ql/test/library-tests/frameworks/PosixSpawn.rb
@@ -0,0 +1,21 @@
+POSIX::Spawn::popen4("ls", "-l")
+POSIX::Spawn.popen4("ls", "-l")
+
+POSIX::Spawn::Child.new({'ENV' => @var}, "foo/"+cmd, *argv, :chdir=>root_dir)
+POSIX::Spawn::Child.new(*command, input: options[:stdin].to_s, timeout: timeout)
+
+POSIX::Spawn.spawn(*(argv+[{:in => f}]))
+POSIX::Spawn::spawn('sleep 5')
+POSIX::Spawn.spawn(cmd)
+POSIX::Spawn.spawn(env, "ls")
+
+POSIX::Spawn::Child.new("ls", "-l")
+POSIX::Spawn::Child.build("echo", msg)
+
+POSIX::Spawn.system("foo", "bar", "--a-flag", before, after)
+
+POSIX::Spawn.fspawn(command)
+POSIX::Spawn.pspawn(command)
+POSIX::Spawn.popen4(command)
+
+POSIX::Spawn.`("foo", "bar")
--- a/ruby/ql/test/library-tests/frameworks/active_support.rb
+++ b/ruby/ql/test/library-tests/frameworks/active_support.rb
@@ -1,3 +0,0 @@
-"Foo::Bar".constantize
-
-a.constantize
--- a/ruby/ql/test/library-tests/frameworks/active_support/ActiveSupport.expected
+++ b/ruby/ql/test/library-tests/frameworks/active_support/ActiveSupport.expected
@@ -1,2 +1,6 @@
+constantizeCalls
 | active_support.rb:1:1:1:22 | call to constantize | active_support.rb:1:1:1:10 | "Foo::Bar" |
 | active_support.rb:3:1:3:13 | call to constantize | active_support.rb:3:1:3:1 | call to a |
+loggerInstantiations
+| active_support.rb:5:1:5:33 | call to new |
+| active_support.rb:6:1:6:40 | call to new |
--- a/ruby/ql/test/library-tests/frameworks/active_support/ActiveSupport.ql
+++ b/ruby/ql/test/library-tests/frameworks/active_support/ActiveSupport.ql
@@ -1,6 +1,9 @@
 import codeql.ruby.frameworks.ActiveSupport
 import codeql.ruby.DataFlow
+import codeql.ruby.frameworks.stdlib.Logger

 query DataFlow::Node constantizeCalls(ActiveSupport::CoreExtensions::String::Constantize c) {
  result = c.getCode()
 }
+
+query predicate loggerInstantiations(Logger::LoggerInstantiation l) { any() }
--- a/ruby/ql/test/library-tests/frameworks/active_support/ActiveSupportDataFlow.expected
+++ b/ruby/ql/test/library-tests/frameworks/active_support/ActiveSupportDataFlow.expected
@@ -0,0 +1,252 @@
+failures
+edges
+| active_support.rb:9:9:9:18 | call to source :  | active_support.rb:10:10:10:10 | x :  |
+| active_support.rb:10:10:10:10 | x :  | active_support.rb:10:10:10:19 | call to camelize |
+| active_support.rb:14:9:14:18 | call to source :  | active_support.rb:15:10:15:10 | x :  |
+| active_support.rb:15:10:15:10 | x :  | active_support.rb:15:10:15:20 | call to camelcase |
+| active_support.rb:19:9:19:18 | call to source :  | active_support.rb:20:10:20:10 | x :  |
+| active_support.rb:20:10:20:10 | x :  | active_support.rb:20:10:20:19 | call to classify |
+| active_support.rb:24:9:24:18 | call to source :  | active_support.rb:25:10:25:10 | x :  |
+| active_support.rb:25:10:25:10 | x :  | active_support.rb:25:10:25:20 | call to dasherize |
+| active_support.rb:29:9:29:18 | call to source :  | active_support.rb:30:10:30:10 | x :  |
+| active_support.rb:30:10:30:10 | x :  | active_support.rb:30:10:30:24 | call to deconstantize |
+| active_support.rb:34:9:34:18 | call to source :  | active_support.rb:35:10:35:10 | x :  |
+| active_support.rb:35:10:35:10 | x :  | active_support.rb:35:10:35:21 | call to demodulize |
+| active_support.rb:39:9:39:18 | call to source :  | active_support.rb:40:10:40:10 | x :  |
+| active_support.rb:40:10:40:10 | x :  | active_support.rb:40:10:40:22 | call to foreign_key |
+| active_support.rb:44:9:44:18 | call to source :  | active_support.rb:45:10:45:10 | x :  |
+| active_support.rb:45:10:45:10 | x :  | active_support.rb:45:10:45:19 | call to humanize |
+| active_support.rb:49:9:49:18 | call to source :  | active_support.rb:50:10:50:10 | x :  |
+| active_support.rb:50:10:50:10 | x :  | active_support.rb:50:10:50:20 | call to indent |
+| active_support.rb:54:9:54:18 | call to source :  | active_support.rb:55:10:55:10 | x :  |
+| active_support.rb:55:10:55:10 | x :  | active_support.rb:55:10:55:23 | call to parameterize |
+| active_support.rb:59:9:59:18 | call to source :  | active_support.rb:60:10:60:10 | x :  |
+| active_support.rb:60:10:60:10 | x :  | active_support.rb:60:10:60:20 | call to pluralize |
+| active_support.rb:64:9:64:18 | call to source :  | active_support.rb:65:10:65:10 | x :  |
+| active_support.rb:65:10:65:10 | x :  | active_support.rb:65:10:65:22 | call to singularize |
+| active_support.rb:69:9:69:18 | call to source :  | active_support.rb:70:10:70:10 | x :  |
+| active_support.rb:70:10:70:10 | x :  | active_support.rb:70:10:70:17 | call to squish |
+| active_support.rb:74:9:74:18 | call to source :  | active_support.rb:75:10:75:10 | x :  |
+| active_support.rb:75:10:75:10 | x :  | active_support.rb:75:10:75:24 | call to strip_heredoc |
+| active_support.rb:79:9:79:18 | call to source :  | active_support.rb:80:10:80:10 | x :  |
+| active_support.rb:80:10:80:10 | x :  | active_support.rb:80:10:80:19 | call to tableize |
+| active_support.rb:84:9:84:18 | call to source :  | active_support.rb:85:10:85:10 | x :  |
+| active_support.rb:85:10:85:10 | x :  | active_support.rb:85:10:85:20 | call to titlecase |
+| active_support.rb:89:9:89:18 | call to source :  | active_support.rb:90:10:90:10 | x :  |
+| active_support.rb:90:10:90:10 | x :  | active_support.rb:90:10:90:19 | call to titleize |
+| active_support.rb:94:9:94:18 | call to source :  | active_support.rb:95:10:95:10 | x :  |
+| active_support.rb:95:10:95:10 | x :  | active_support.rb:95:10:95:21 | call to underscore |
+| active_support.rb:99:9:99:18 | call to source :  | active_support.rb:100:10:100:10 | x :  |
+| active_support.rb:100:10:100:10 | x :  | active_support.rb:100:10:100:23 | call to upcase_first |
+| active_support.rb:104:10:104:17 | call to source :  | active_support.rb:105:9:105:9 | x [element 0] :  |
+| active_support.rb:104:10:104:17 | call to source :  | active_support.rb:105:9:105:9 | x [element 0] :  |
+| active_support.rb:105:9:105:9 | x [element 0] :  | active_support.rb:105:9:105:23 | call to compact_blank [element] :  |
+| active_support.rb:105:9:105:9 | x [element 0] :  | active_support.rb:105:9:105:23 | call to compact_blank [element] :  |
+| active_support.rb:105:9:105:23 | call to compact_blank [element] :  | active_support.rb:106:10:106:10 | y [element] :  |
+| active_support.rb:105:9:105:23 | call to compact_blank [element] :  | active_support.rb:106:10:106:10 | y [element] :  |
+| active_support.rb:106:10:106:10 | y [element] :  | active_support.rb:106:10:106:13 | ...[...] |
+| active_support.rb:106:10:106:10 | y [element] :  | active_support.rb:106:10:106:13 | ...[...] |
+| active_support.rb:110:10:110:18 | call to source :  | active_support.rb:111:9:111:9 | x [element 0] :  |
+| active_support.rb:110:10:110:18 | call to source :  | active_support.rb:111:9:111:9 | x [element 0] :  |
+| active_support.rb:111:9:111:9 | x [element 0] :  | active_support.rb:111:9:111:21 | call to excluding [element] :  |
+| active_support.rb:111:9:111:9 | x [element 0] :  | active_support.rb:111:9:111:21 | call to excluding [element] :  |
+| active_support.rb:111:9:111:21 | call to excluding [element] :  | active_support.rb:112:10:112:10 | y [element] :  |
+| active_support.rb:111:9:111:21 | call to excluding [element] :  | active_support.rb:112:10:112:10 | y [element] :  |
+| active_support.rb:112:10:112:10 | y [element] :  | active_support.rb:112:10:112:13 | ...[...] |
+| active_support.rb:112:10:112:10 | y [element] :  | active_support.rb:112:10:112:13 | ...[...] |
+| active_support.rb:116:10:116:18 | call to source :  | active_support.rb:117:9:117:9 | x [element 0] :  |
+| active_support.rb:116:10:116:18 | call to source :  | active_support.rb:117:9:117:9 | x [element 0] :  |
+| active_support.rb:117:9:117:9 | x [element 0] :  | active_support.rb:117:9:117:19 | call to without [element] :  |
+| active_support.rb:117:9:117:9 | x [element 0] :  | active_support.rb:117:9:117:19 | call to without [element] :  |
+| active_support.rb:117:9:117:19 | call to without [element] :  | active_support.rb:118:10:118:10 | y [element] :  |
+| active_support.rb:117:9:117:19 | call to without [element] :  | active_support.rb:118:10:118:10 | y [element] :  |
+| active_support.rb:118:10:118:10 | y [element] :  | active_support.rb:118:10:118:13 | ...[...] |
+| active_support.rb:118:10:118:10 | y [element] :  | active_support.rb:118:10:118:13 | ...[...] |
+| active_support.rb:122:10:122:18 | call to source :  | active_support.rb:123:9:123:9 | x [element 0] :  |
+| active_support.rb:122:10:122:18 | call to source :  | active_support.rb:123:9:123:9 | x [element 0] :  |
+| active_support.rb:123:9:123:9 | x [element 0] :  | active_support.rb:123:9:123:37 | call to in_order_of [element] :  |
+| active_support.rb:123:9:123:9 | x [element 0] :  | active_support.rb:123:9:123:37 | call to in_order_of [element] :  |
+| active_support.rb:123:9:123:37 | call to in_order_of [element] :  | active_support.rb:124:10:124:10 | y [element] :  |
+| active_support.rb:123:9:123:37 | call to in_order_of [element] :  | active_support.rb:124:10:124:10 | y [element] :  |
+| active_support.rb:124:10:124:10 | y [element] :  | active_support.rb:124:10:124:13 | ...[...] |
+| active_support.rb:124:10:124:10 | y [element] :  | active_support.rb:124:10:124:13 | ...[...] |
+| active_support.rb:128:10:128:18 | call to source :  | active_support.rb:129:9:129:9 | a [element 0] :  |
+| active_support.rb:128:10:128:18 | call to source :  | active_support.rb:129:9:129:9 | a [element 0] :  |
+| active_support.rb:128:10:128:18 | call to source :  | active_support.rb:130:10:130:10 | a [element 0] :  |
+| active_support.rb:128:10:128:18 | call to source :  | active_support.rb:130:10:130:10 | a [element 0] :  |
+| active_support.rb:129:9:129:9 | a [element 0] :  | active_support.rb:129:9:129:41 | call to including [element 0] :  |
+| active_support.rb:129:9:129:9 | a [element 0] :  | active_support.rb:129:9:129:41 | call to including [element 0] :  |
+| active_support.rb:129:9:129:41 | call to including [element 0] :  | active_support.rb:132:10:132:10 | b [element 0] :  |
+| active_support.rb:129:9:129:41 | call to including [element 0] :  | active_support.rb:132:10:132:10 | b [element 0] :  |
+| active_support.rb:129:9:129:41 | call to including [element] :  | active_support.rb:132:10:132:10 | b [element] :  |
+| active_support.rb:129:9:129:41 | call to including [element] :  | active_support.rb:132:10:132:10 | b [element] :  |
+| active_support.rb:129:9:129:41 | call to including [element] :  | active_support.rb:133:10:133:10 | b [element] :  |
+| active_support.rb:129:9:129:41 | call to including [element] :  | active_support.rb:133:10:133:10 | b [element] :  |
+| active_support.rb:129:9:129:41 | call to including [element] :  | active_support.rb:134:10:134:10 | b [element] :  |
+| active_support.rb:129:9:129:41 | call to including [element] :  | active_support.rb:134:10:134:10 | b [element] :  |
+| active_support.rb:129:9:129:41 | call to including [element] :  | active_support.rb:135:10:135:10 | b [element] :  |
+| active_support.rb:129:9:129:41 | call to including [element] :  | active_support.rb:135:10:135:10 | b [element] :  |
+| active_support.rb:129:21:129:29 | call to source :  | active_support.rb:129:9:129:41 | call to including [element] :  |
+| active_support.rb:129:21:129:29 | call to source :  | active_support.rb:129:9:129:41 | call to including [element] :  |
+| active_support.rb:129:32:129:40 | call to source :  | active_support.rb:129:9:129:41 | call to including [element] :  |
+| active_support.rb:129:32:129:40 | call to source :  | active_support.rb:129:9:129:41 | call to including [element] :  |
+| active_support.rb:130:10:130:10 | a [element 0] :  | active_support.rb:130:10:130:13 | ...[...] |
+| active_support.rb:130:10:130:10 | a [element 0] :  | active_support.rb:130:10:130:13 | ...[...] |
+| active_support.rb:132:10:132:10 | b [element 0] :  | active_support.rb:132:10:132:13 | ...[...] |
+| active_support.rb:132:10:132:10 | b [element 0] :  | active_support.rb:132:10:132:13 | ...[...] |
+| active_support.rb:132:10:132:10 | b [element] :  | active_support.rb:132:10:132:13 | ...[...] |
+| active_support.rb:132:10:132:10 | b [element] :  | active_support.rb:132:10:132:13 | ...[...] |
+| active_support.rb:133:10:133:10 | b [element] :  | active_support.rb:133:10:133:13 | ...[...] |
+| active_support.rb:133:10:133:10 | b [element] :  | active_support.rb:133:10:133:13 | ...[...] |
+| active_support.rb:134:10:134:10 | b [element] :  | active_support.rb:134:10:134:13 | ...[...] |
+| active_support.rb:134:10:134:10 | b [element] :  | active_support.rb:134:10:134:13 | ...[...] |
+| active_support.rb:135:10:135:10 | b [element] :  | active_support.rb:135:10:135:13 | ...[...] |
+| active_support.rb:135:10:135:10 | b [element] :  | active_support.rb:135:10:135:13 | ...[...] |
+nodes
+| active_support.rb:9:9:9:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:10:10:10:10 | x :  | semmle.label | x :  |
+| active_support.rb:10:10:10:19 | call to camelize | semmle.label | call to camelize |
+| active_support.rb:14:9:14:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:15:10:15:10 | x :  | semmle.label | x :  |
+| active_support.rb:15:10:15:20 | call to camelcase | semmle.label | call to camelcase |
+| active_support.rb:19:9:19:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:20:10:20:10 | x :  | semmle.label | x :  |
+| active_support.rb:20:10:20:19 | call to classify | semmle.label | call to classify |
+| active_support.rb:24:9:24:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:25:10:25:10 | x :  | semmle.label | x :  |
+| active_support.rb:25:10:25:20 | call to dasherize | semmle.label | call to dasherize |
+| active_support.rb:29:9:29:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:30:10:30:10 | x :  | semmle.label | x :  |
+| active_support.rb:30:10:30:24 | call to deconstantize | semmle.label | call to deconstantize |
+| active_support.rb:34:9:34:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:35:10:35:10 | x :  | semmle.label | x :  |
+| active_support.rb:35:10:35:21 | call to demodulize | semmle.label | call to demodulize |
+| active_support.rb:39:9:39:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:40:10:40:10 | x :  | semmle.label | x :  |
+| active_support.rb:40:10:40:22 | call to foreign_key | semmle.label | call to foreign_key |
+| active_support.rb:44:9:44:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:45:10:45:10 | x :  | semmle.label | x :  |
+| active_support.rb:45:10:45:19 | call to humanize | semmle.label | call to humanize |
+| active_support.rb:49:9:49:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:50:10:50:10 | x :  | semmle.label | x :  |
+| active_support.rb:50:10:50:20 | call to indent | semmle.label | call to indent |
+| active_support.rb:54:9:54:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:55:10:55:10 | x :  | semmle.label | x :  |
+| active_support.rb:55:10:55:23 | call to parameterize | semmle.label | call to parameterize |
+| active_support.rb:59:9:59:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:60:10:60:10 | x :  | semmle.label | x :  |
+| active_support.rb:60:10:60:20 | call to pluralize | semmle.label | call to pluralize |
+| active_support.rb:64:9:64:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:65:10:65:10 | x :  | semmle.label | x :  |
+| active_support.rb:65:10:65:22 | call to singularize | semmle.label | call to singularize |
+| active_support.rb:69:9:69:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:70:10:70:10 | x :  | semmle.label | x :  |
+| active_support.rb:70:10:70:17 | call to squish | semmle.label | call to squish |
+| active_support.rb:74:9:74:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:75:10:75:10 | x :  | semmle.label | x :  |
+| active_support.rb:75:10:75:24 | call to strip_heredoc | semmle.label | call to strip_heredoc |
+| active_support.rb:79:9:79:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:80:10:80:10 | x :  | semmle.label | x :  |
+| active_support.rb:80:10:80:19 | call to tableize | semmle.label | call to tableize |
+| active_support.rb:84:9:84:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:85:10:85:10 | x :  | semmle.label | x :  |
+| active_support.rb:85:10:85:20 | call to titlecase | semmle.label | call to titlecase |
+| active_support.rb:89:9:89:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:90:10:90:10 | x :  | semmle.label | x :  |
+| active_support.rb:90:10:90:19 | call to titleize | semmle.label | call to titleize |
+| active_support.rb:94:9:94:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:95:10:95:10 | x :  | semmle.label | x :  |
+| active_support.rb:95:10:95:21 | call to underscore | semmle.label | call to underscore |
+| active_support.rb:99:9:99:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:100:10:100:10 | x :  | semmle.label | x :  |
+| active_support.rb:100:10:100:23 | call to upcase_first | semmle.label | call to upcase_first |
+| active_support.rb:104:10:104:17 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:104:10:104:17 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:105:9:105:9 | x [element 0] :  | semmle.label | x [element 0] :  |
+| active_support.rb:105:9:105:9 | x [element 0] :  | semmle.label | x [element 0] :  |
+| active_support.rb:105:9:105:23 | call to compact_blank [element] :  | semmle.label | call to compact_blank [element] :  |
+| active_support.rb:105:9:105:23 | call to compact_blank [element] :  | semmle.label | call to compact_blank [element] :  |
+| active_support.rb:106:10:106:10 | y [element] :  | semmle.label | y [element] :  |
+| active_support.rb:106:10:106:10 | y [element] :  | semmle.label | y [element] :  |
+| active_support.rb:106:10:106:13 | ...[...] | semmle.label | ...[...] |
+| active_support.rb:106:10:106:13 | ...[...] | semmle.label | ...[...] |
+| active_support.rb:110:10:110:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:110:10:110:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:111:9:111:9 | x [element 0] :  | semmle.label | x [element 0] :  |
+| active_support.rb:111:9:111:9 | x [element 0] :  | semmle.label | x [element 0] :  |
+| active_support.rb:111:9:111:21 | call to excluding [element] :  | semmle.label | call to excluding [element] :  |
+| active_support.rb:111:9:111:21 | call to excluding [element] :  | semmle.label | call to excluding [element] :  |
+| active_support.rb:112:10:112:10 | y [element] :  | semmle.label | y [element] :  |
+| active_support.rb:112:10:112:10 | y [element] :  | semmle.label | y [element] :  |
+| active_support.rb:112:10:112:13 | ...[...] | semmle.label | ...[...] |
+| active_support.rb:112:10:112:13 | ...[...] | semmle.label | ...[...] |
+| active_support.rb:116:10:116:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:116:10:116:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:117:9:117:9 | x [element 0] :  | semmle.label | x [element 0] :  |
+| active_support.rb:117:9:117:9 | x [element 0] :  | semmle.label | x [element 0] :  |
+| active_support.rb:117:9:117:19 | call to without [element] :  | semmle.label | call to without [element] :  |
+| active_support.rb:117:9:117:19 | call to without [element] :  | semmle.label | call to without [element] :  |
+| active_support.rb:118:10:118:10 | y [element] :  | semmle.label | y [element] :  |
+| active_support.rb:118:10:118:10 | y [element] :  | semmle.label | y [element] :  |
+| active_support.rb:118:10:118:13 | ...[...] | semmle.label | ...[...] |
+| active_support.rb:118:10:118:13 | ...[...] | semmle.label | ...[...] |
+| active_support.rb:122:10:122:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:122:10:122:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:123:9:123:9 | x [element 0] :  | semmle.label | x [element 0] :  |
+| active_support.rb:123:9:123:9 | x [element 0] :  | semmle.label | x [element 0] :  |
+| active_support.rb:123:9:123:37 | call to in_order_of [element] :  | semmle.label | call to in_order_of [element] :  |
+| active_support.rb:123:9:123:37 | call to in_order_of [element] :  | semmle.label | call to in_order_of [element] :  |
+| active_support.rb:124:10:124:10 | y [element] :  | semmle.label | y [element] :  |
+| active_support.rb:124:10:124:10 | y [element] :  | semmle.label | y [element] :  |
+| active_support.rb:124:10:124:13 | ...[...] | semmle.label | ...[...] |
+| active_support.rb:124:10:124:13 | ...[...] | semmle.label | ...[...] |
+| active_support.rb:128:10:128:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:128:10:128:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:129:9:129:9 | a [element 0] :  | semmle.label | a [element 0] :  |
+| active_support.rb:129:9:129:9 | a [element 0] :  | semmle.label | a [element 0] :  |
+| active_support.rb:129:9:129:41 | call to including [element 0] :  | semmle.label | call to including [element 0] :  |
+| active_support.rb:129:9:129:41 | call to including [element 0] :  | semmle.label | call to including [element 0] :  |
+| active_support.rb:129:9:129:41 | call to including [element] :  | semmle.label | call to including [element] :  |
+| active_support.rb:129:9:129:41 | call to including [element] :  | semmle.label | call to including [element] :  |
+| active_support.rb:129:21:129:29 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:129:21:129:29 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:129:32:129:40 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:129:32:129:40 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:130:10:130:10 | a [element 0] :  | semmle.label | a [element 0] :  |
+| active_support.rb:130:10:130:10 | a [element 0] :  | semmle.label | a [element 0] :  |
+| active_support.rb:130:10:130:13 | ...[...] | semmle.label | ...[...] |
+| active_support.rb:130:10:130:13 | ...[...] | semmle.label | ...[...] |
+| active_support.rb:132:10:132:10 | b [element 0] :  | semmle.label | b [element 0] :  |
+| active_support.rb:132:10:132:10 | b [element 0] :  | semmle.label | b [element 0] :  |
+| active_support.rb:132:10:132:10 | b [element] :  | semmle.label | b [element] :  |
+| active_support.rb:132:10:132:10 | b [element] :  | semmle.label | b [element] :  |
+| active_support.rb:132:10:132:13 | ...[...] | semmle.label | ...[...] |
+| active_support.rb:132:10:132:13 | ...[...] | semmle.label | ...[...] |
+| active_support.rb:133:10:133:10 | b [element] :  | semmle.label | b [element] :  |
+| active_support.rb:133:10:133:10 | b [element] :  | semmle.label | b [element] :  |
+| active_support.rb:133:10:133:13 | ...[...] | semmle.label | ...[...] |
+| active_support.rb:133:10:133:13 | ...[...] | semmle.label | ...[...] |
+| active_support.rb:134:10:134:10 | b [element] :  | semmle.label | b [element] :  |
+| active_support.rb:134:10:134:10 | b [element] :  | semmle.label | b [element] :  |
+| active_support.rb:134:10:134:13 | ...[...] | semmle.label | ...[...] |
+| active_support.rb:134:10:134:13 | ...[...] | semmle.label | ...[...] |
+| active_support.rb:135:10:135:10 | b [element] :  | semmle.label | b [element] :  |
+| active_support.rb:135:10:135:10 | b [element] :  | semmle.label | b [element] :  |
+| active_support.rb:135:10:135:13 | ...[...] | semmle.label | ...[...] |
+| active_support.rb:135:10:135:13 | ...[...] | semmle.label | ...[...] |
+subpaths
+#select
+| active_support.rb:106:10:106:13 | ...[...] | active_support.rb:104:10:104:17 | call to source :  | active_support.rb:106:10:106:13 | ...[...] | $@ | active_support.rb:104:10:104:17 | call to source :  | call to source :  |
+| active_support.rb:112:10:112:13 | ...[...] | active_support.rb:110:10:110:18 | call to source :  | active_support.rb:112:10:112:13 | ...[...] | $@ | active_support.rb:110:10:110:18 | call to source :  | call to source :  |
+| active_support.rb:118:10:118:13 | ...[...] | active_support.rb:116:10:116:18 | call to source :  | active_support.rb:118:10:118:13 | ...[...] | $@ | active_support.rb:116:10:116:18 | call to source :  | call to source :  |
+| active_support.rb:124:10:124:13 | ...[...] | active_support.rb:122:10:122:18 | call to source :  | active_support.rb:124:10:124:13 | ...[...] | $@ | active_support.rb:122:10:122:18 | call to source :  | call to source :  |
+| active_support.rb:130:10:130:13 | ...[...] | active_support.rb:128:10:128:18 | call to source :  | active_support.rb:130:10:130:13 | ...[...] | $@ | active_support.rb:128:10:128:18 | call to source :  | call to source :  |
+| active_support.rb:132:10:132:13 | ...[...] | active_support.rb:128:10:128:18 | call to source :  | active_support.rb:132:10:132:13 | ...[...] | $@ | active_support.rb:128:10:128:18 | call to source :  | call to source :  |
+| active_support.rb:132:10:132:13 | ...[...] | active_support.rb:129:21:129:29 | call to source :  | active_support.rb:132:10:132:13 | ...[...] | $@ | active_support.rb:129:21:129:29 | call to source :  | call to source :  |
+| active_support.rb:132:10:132:13 | ...[...] | active_support.rb:129:32:129:40 | call to source :  | active_support.rb:132:10:132:13 | ...[...] | $@ | active_support.rb:129:32:129:40 | call to source :  | call to source :  |
+| active_support.rb:133:10:133:13 | ...[...] | active_support.rb:129:21:129:29 | call to source :  | active_support.rb:133:10:133:13 | ...[...] | $@ | active_support.rb:129:21:129:29 | call to source :  | call to source :  |
+| active_support.rb:133:10:133:13 | ...[...] | active_support.rb:129:32:129:40 | call to source :  | active_support.rb:133:10:133:13 | ...[...] | $@ | active_support.rb:129:32:129:40 | call to source :  | call to source :  |
+| active_support.rb:134:10:134:13 | ...[...] | active_support.rb:129:21:129:29 | call to source :  | active_support.rb:134:10:134:13 | ...[...] | $@ | active_support.rb:129:21:129:29 | call to source :  | call to source :  |
+| active_support.rb:134:10:134:13 | ...[...] | active_support.rb:129:32:129:40 | call to source :  | active_support.rb:134:10:134:13 | ...[...] | $@ | active_support.rb:129:32:129:40 | call to source :  | call to source :  |
+| active_support.rb:135:10:135:13 | ...[...] | active_support.rb:129:21:129:29 | call to source :  | active_support.rb:135:10:135:13 | ...[...] | $@ | active_support.rb:129:21:129:29 | call to source :  | call to source :  |
+| active_support.rb:135:10:135:13 | ...[...] | active_support.rb:129:32:129:40 | call to source :  | active_support.rb:135:10:135:13 | ...[...] | $@ | active_support.rb:129:32:129:40 | call to source :  | call to source :  |
--- a/ruby/ql/test/library-tests/frameworks/active_support/ActiveSupportDataFlow.ql
+++ b/ruby/ql/test/library-tests/frameworks/active_support/ActiveSupportDataFlow.ql
@@ -0,0 +1,11 @@
+/**
+ * @kind path-problem
+ */
+
+import ruby
+import TestUtilities.InlineFlowTest
+import PathGraph
+
+from DataFlow::PathNode source, DataFlow::PathNode sink, DefaultValueFlowConf conf
+where conf.hasFlowPath(source, sink)
+select sink, source, sink, "$@", source, source.toString()
--- a/ruby/ql/test/library-tests/frameworks/active_support/active_support.rb
+++ b/ruby/ql/test/library-tests/frameworks/active_support/active_support.rb
@@ -0,0 +1,136 @@
+"Foo::Bar".constantize
+
+a.constantize
+
+ActiveSupport::Logger.new(STDOUT)
+ActiveSupport::TaggedLogging.new(STDOUT)
+
+def m_camelize
+    x = source "a"
+    sink x.camelize # $hasTaintFlow=a
+end
+
+def m_camelcase
+    x = source "a"
+    sink x.camelcase # $hasTaintFlow=a
+end
+
+def m_classify
+    x = source "a"
+    sink x.classify # $hasTaintFlow=a
+end
+
+def m_dasherize
+    x = source "a"
+    sink x.dasherize # $hasTaintFlow=a
+end
+
+def m_deconstantize
+    x = source "a"
+    sink x.deconstantize # $hasTaintFlow=a
+end
+
+def m_demodulize
+    x = source "a"
+    sink x.demodulize # $hasTaintFlow=a
+end
+
+def m_foreign_key
+    x = source "a"
+    sink x.foreign_key # $hasTaintFlow=a
+end
+
+def m_humanize
+    x = source "a"
+    sink x.humanize # $hasTaintFlow=a
+end
+
+def m_indent
+    x = source "a"
+    sink x.indent(1) # $hasTaintFlow=a
+end
+
+def m_parameterize
+    x = source "a"
+    sink x.parameterize # $hasTaintFlow=a
+end
+
+def m_pluralize
+    x = source "a"
+    sink x.pluralize # $hasTaintFlow=a
+end
+
+def m_singularize
+    x = source "a"
+    sink x.singularize # $hasTaintFlow=a
+end
+
+def m_squish
+    x = source "a"
+    sink x.squish # $hasTaintFlow=a
+end
+
+def m_strip_heredoc
+    x = source "a"
+    sink x.strip_heredoc # $hasTaintFlow=a
+end
+
+def m_tableize
+    x = source "a"
+    sink x.tableize # $hasTaintFlow=a
+end
+
+def m_titlecase
+    x = source "a"
+    sink x.titlecase # $hasTaintFlow=a
+end
+
+def m_titleize
+    x = source "a"
+    sink x.titleize # $hasTaintFlow=a
+end
+
+def m_underscore
+    x = source "a"
+    sink x.underscore # $hasTaintFlow=a
+end
+
+def m_upcase_first
+    x = source "a"
+    sink x.upcase_first # $hasTaintFlow=a
+end
+
+def m_compact_blank
+    x = [source 1]
+    y = x.compact_blank
+    sink y[0] # $hasValueFlow=1
+end
+
+def m_excluding
+    x = [source(1), 2]
+    y = x.excluding 2
+    sink y[0] # $hasValueFlow=1
+end
+
+def m_without
+    x = [source(1), 2]
+    y = x.without 2
+    sink y[0] # $hasValueFlow=1
+end
+
+def m_in_order_of
+    x = [source(1), 2]
+    y = x.in_order_of(:itself, [2,1])
+    sink y[0] # $hasValueFlow=1
+end
+
+def m_including
+    a = [source(1), 2]
+    b = a.including(source(3), source(4))
+    sink a[0] # $ hasValueFlow=1
+    sink a[1]
+    sink b[0] # $ hasValueFlow=1 $ hasValueFlow=3 $ hasValueFlow=4
+    sink b[1] # $ hasValueFlow=3 $ hasValueFlow=4
+    sink b[2] # $ hasValueFlow=3 $ hasValueFlow=4
+    sink b[3] # $ hasValueFlow=3 $ hasValueFlow=4
+end
--- a/ruby/ql/test/library-tests/frameworks/stdlib/Logger.expected
+++ b/ruby/ql/test/library-tests/frameworks/stdlib/Logger.expected
@@ -21,3 +21,5 @@
 | Logging.rb:73:5:73:63 | call to log | Logging.rb:73:36:73:45 | "message1" |
 | Logging.rb:74:5:74:76 | call to log | Logging.rb:74:36:74:45 | "message2" |
 | Logging.rb:74:5:74:76 | call to log | Logging.rb:74:48:74:58 | "progname2" |
+| Logging.rb:81:1:81:21 | call to debug | Logging.rb:81:16:81:20 | "msg" |
+| Logging.rb:82:1:82:21 | call to debug | Logging.rb:82:16:82:20 | "msg" |
--- a/ruby/ql/test/library-tests/frameworks/stdlib/Logger.ql
+++ b/ruby/ql/test/library-tests/frameworks/stdlib/Logger.ql
@@ -1,4 +1,5 @@
 import codeql.ruby.frameworks.stdlib.Logger::Logger
+import codeql.ruby.frameworks.ActiveSupport::ActiveSupport::Logger
 import codeql.ruby.DataFlow

 query DataFlow::Node loggerLoggingCallInputs(LoggerLoggingCall c) { result = c.getAnInput() }
--- a/ruby/ql/test/library-tests/frameworks/stdlib/Logging.rb
+++ b/ruby/ql/test/library-tests/frameworks/stdlib/Logging.rb
@@ -74,3 +74,9 @@ class LoggerTest
    @@cls_logger.log(Logger::WARN, "message2", "progname2") { "not logged" }
  end
 end
+
+logger_1 = ActiveSupport::Logger.new(STDOUT)
+logger_2 = ActiveSupport::TaggedLogging.new(ActiveSupport::Logger.new(STDOUT))
+
+logger_1.debug("msg")
+logger_2.debug("msg")