Ruby: include SSA param input step for flowsTo

ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll

@@ -327,7 +327,12 @@ private module Cached {
     FlowSummaryImpl::Private::Steps::summaryThroughStepValue(nodeFrom, nodeTo, _)
   }
 
-  /** This is the local flow predicate that is used in type tracking. */
+  /**
+   * This is the local flow predicate that is used in type tracking.
+   *
+   * This needs to exclude `localFlowSsaParamInput` due to a performance trick
+   * in type tracking, where such steps are treated as call steps.
+   */
   cached
   predicate localFlowStepTypeTracker(Node nodeFrom, Node nodeTo) {
     LocalFlow::localFlowStepCommon(nodeFrom, nodeTo)

ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll

@@ -326,9 +326,11 @@ private module Cached {
     source = sink and
     source instanceof LocalSourceNode
     or
-    exists(Node mid |
-      hasLocalSource(mid, source) and
+    exists(Node mid | hasLocalSource(mid, source) |
       localFlowStepTypeTracker(mid, sink)
+      or
+      // Explicitly include the SSA param input step as type-tracking omits this step.
+      LocalFlow::localFlowSsaParamInput(mid, sink)
     )
   }