update models

generated models
add data extensions sinks to queries
2026-05-16 04:09:27 +02:00 · 2023-09-25 11:37:23 +01:00 · 2023-08-28 17:17:00 +01:00 · 2023-08-28 16:27:33 +01:00 · 2023-08-25 17:26:22 +01:00 · 2023-08-25 17:25:56 +01:00
80 changed files with 52452 additions and 0 deletions
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/CocoaPods/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/CocoaPods/model.yml
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/active_model_serializers/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/active_model_serializers/model.yml
@@ -0,0 +1 @@
+"extensions": []
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/activerecord-import/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/activerecord-import/model.yml
@@ -0,0 +1,142 @@
+"extensions":
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "OutputToHTML!"
+    - "Method[output_results].Parameter[0]"
+    - "path-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Float"
+    - "Method[round_to]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Float"
+    - "Method[ceil_to]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Float"
+    - "Method[floor_to]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::MysqlAdapter"
+    - "Method[increment_locking_column!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::MysqlAdapter"
+    - "Method[increment_locking_column!]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::MysqlAdapter"
+    - "Method[increment_locking_column!]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::MysqlAdapter"
+    - "Method[add_column_for_on_duplicate_key_update]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::MysqlAdapter"
+    - "Method[sql_for_on_duplicate_key_update_as_array]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::MysqlAdapter"
+    - "Method[sql_for_on_duplicate_key_update_as_array]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::MysqlAdapter"
+    - "Method[sql_for_on_duplicate_key_update_as_hash]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::MysqlAdapter"
+    - "Method[sql_for_on_duplicate_key_update_as_hash]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::SQLite3Adapter"
+    - "Method[next_value_for_sequence]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::SQLite3Adapter"
+    - "Method[add_column_for_on_duplicate_key_update]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::SQLite3Adapter"
+    - "Method[sql_for_conflict_target]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::SQLite3Adapter"
+    - "Method[sql_for_default_conflict_target]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::PostgreSQLAdapter"
+    - "Method[next_value_for_sequence]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::PostgreSQLAdapter"
+    - "Method[add_column_for_on_duplicate_key_update]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::PostgreSQLAdapter"
+    - "Method[sql_for_conflict_target]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::PostgreSQLAdapter"
+    - "Method[sql_for_default_conflict_target]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::AbstractAdapter::InstanceMethods"
+    - "Method[next_value_for_sequence]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::AbstractAdapter::InstanceMethods"
+    - "Method[increment_locking_column!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::AbstractAdapter::InstanceMethods"
+    - "Method[increment_locking_column!]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::AbstractAdapter::InstanceMethods"
+    - "Method[increment_locking_column!]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::ValueSetsBytesParser!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import::ValueSetsRecordsParser!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActiveRecord::Import!"
+    - "Method[base_adapter]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/aws-sdk-ruby/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/aws-sdk-ruby/model.yml
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/bcrypt-ruby/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/bcrypt-ruby/model.yml
@@ -0,0 +1,27 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "MyInvalidSecret"
+    - "BCrypt::Engine!"
+    - "Method[hash_secret].Parameter[0]"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "BCrypt::Engine!"
+    - "Method[cost=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "BCrypt::Engine!"
+    - "Method[valid_salt?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "BCrypt::Password!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/better_errors/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/better_errors/model.yml
@@ -0,0 +1,113 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "BetterErrors::Editor"
+    - "BetterErrors::Editor!"
+    - "Method[for_formatting_string].ReturnValue"
+  - - "BetterErrors::Editor"
+    - "BetterErrors::Editor!"
+    - "Method[for_proc].ReturnValue"
+  - - "BetterErrors::Editor"
+    - "BetterErrors::Editor!"
+    - "Method[default_editor].ReturnValue"
+  - - "BetterErrors::Editor"
+    - "BetterErrors::Editor!"
+    - "Method[editor_from_environment_editor].ReturnValue"
+  - - "BetterErrors::Editor"
+    - "BetterErrors::Editor!"
+    - "Method[editor_from_command].ReturnValue"
+  - - "BetterErrors::Editor"
+    - "BetterErrors::Editor!"
+    - "Method[editor_from_environment_formatting_string].ReturnValue"
+  - - "BetterErrors::Editor"
+    - "BetterErrors!"
+    - "Method[default_editor].ReturnValue"
+  - - "BetterErrors::Editor"
+    - "BetterErrors!"
+    - "Method[editor].ReturnValue"
+  - - "BetterErrors::Editor"
+    - "BetterErrors!"
+    - "Method[editor=].ReturnValue"
+- "addsTo":
+    "extensible": "sourceModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "BetterErrors::ErrorPage"
+    - "Method[request_path].ReturnValue"
+    - "remote"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "BetterErrors::ErrorPage"
+    - "Method[text_heading]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "BetterErrors::ErrorPage"
+    - "Method[text_heading]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "BetterErrors::Middleware"
+    - "Method[text?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "BetterErrors::CodeFormatter!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "BetterErrors::ExceptionHint!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "BetterErrors::Editor!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "BetterErrors::ErrorPage!"
+    - "Method[template_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "BetterErrors::InspectableValue!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "BetterErrors::Middleware!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "BetterErrors::Middleware!"
+    - "Method[allow_ip!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "BetterErrors::REPL::Basic!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "BetterErrors::OriginalExceptionException!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "BetterErrors::ErrorPageStyle!"
+    - "Method[style_tag]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "BetterErrors::REPL!"
+    - "Method[provider=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/bootsnap/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/bootsnap/model.yml
@@ -0,0 +1,162 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "BasicObject"
+    - "Bootsnap::CompileCache::YAML::Psych3"
+    - "Method[input_to_storage].ReturnValue"
+  - - "BasicObject"
+    - "Bootsnap::CompileCache::YAML::Psych4::UnsafeLoad"
+    - "Method[input_to_storage].ReturnValue"
+  - - "BasicObject"
+    - "Bootsnap::CompileCache::YAML::Psych4::SafeLoad"
+    - "Method[input_to_storage].ReturnValue"
+  - - "BasicObject"
+    - "Bootsnap::CompileCache::YAML::Psych4::SafeLoad"
+    - "Method[storage_to_output].ReturnValue"
+  - - "BasicObject"
+    - "Bootsnap::LoadPathCache::Cache"
+    - "Method[find].ReturnValue"
+  - - "BasicObject"
+    - "Bootsnap::CompileCache::YAML::Psych4"
+    - "Method[input_to_storage].ReturnValue"
+  - - "BasicObject"
+    - "Bootsnap::CompileCache::ISeq!"
+    - "Method[input_to_storage].ReturnValue"
+  - - "Bootsnap::LoadPathCache::Path"
+    - "Bootsnap::LoadPathCache::Path"
+    - "Method[to_realpath].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Bootsnap::CompileCache::YAML::Psych3"
+    - "Method[input_to_storage].Parameter[0]"
+    - "unsafe-deserialization"
+  - - "Bootsnap::CompileCache::YAML::Psych3"
+    - "Method[input_to_output].Parameter[0]"
+    - "unsafe-deserialization"
+  - - "Bootsnap::CompileCache::YAML::Psych4::UnsafeLoad"
+    - "Method[input_to_storage].Parameter[0]"
+    - "unsafe-deserialization"
+  - - "Bootsnap::CompileCache::YAML::Psych4::UnsafeLoad"
+    - "Method[input_to_output].Parameter[0]"
+    - "unsafe-deserialization"
+  - - "Bootsnap::CompileCache::YAML::Psych4::SafeLoad"
+    - "Method[input_to_output].Parameter[0]"
+    - "unsafe-deserialization"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Bootsnap::LoadPathCache::Cache"
+    - "Method[find]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Bootsnap::LoadPathCache::Cache"
+    - "Method[expand_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Bootsnap::LoadPathCache::Cache"
+    - "Method[search_index]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Bootsnap::LoadPathCache::Cache"
+    - "Method[maybe_append_extension]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Bootsnap::LoadPathCache::Cache"
+    - "Method[try_index]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Bootsnap::LoadPathCache::Cache"
+    - "Method[try_ext]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Bootsnap::CompileCache::ISeq!"
+    - "Method[fetch]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Bootsnap::CLI"
+    - "Method[cache_dir=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Bootsnap::LoadPathCache::LoadedFeaturesIndex"
+    - "Method[strip_extension_if_elidable]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Bootsnap::LoadPathCache::Store"
+    - "Method[set]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Bootsnap::CompileCache::ISeq::InstructionSequenceMixin"
+    - "Method[load_iseq]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Bootsnap::CompileCache::JSON::Patch"
+    - "Method[load_file]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Bootsnap::CompileCache::YAML::Psych4::Patch"
+    - "Method[load_file]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Bootsnap::CompileCache::YAML::Psych4::Patch"
+    - "Method[unsafe_load_file]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Bootsnap::CompileCache::YAML::Psych3::Patch"
+    - "Method[load_file]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Bootsnap::CompileCache::YAML::Psych3::Patch"
+    - "Method[unsafe_load_file]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Bootsnap::CLI::WorkerPool::Inline!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Bootsnap::CLI::WorkerPool::Inline!"
+    - "Method[new]"
+    - "Argument[jobs:]"
+    - "ReturnValue"
+    - "value"
+  - - "Bootsnap::LoadPathCache::Path!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Bootsnap::LoadPathCache::Path!"
+    - "Method[new]"
+    - "Argument[real:]"
+    - "ReturnValue"
+    - "value"
+  - - "Bootsnap::CompileCache!"
+    - "Method[setup]"
+    - "Argument[4]"
+    - "ReturnValue"
+    - "value"
+  - - "Bootsnap::CompileCache!"
+    - "Method[setup]"
+    - "Argument[readonly:]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/bootstrap-sass/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/bootstrap-sass/model.yml
@@ -0,0 +1,272 @@
+"extensions":
+- "addsTo":
+    "extensible": "sourceModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Converter::Network"
+    - "Method[get_file].ReturnValue"
+    - "remote"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Converter"
+    - "Method[save_file].Parameter[0]"
+    - "path-injection"
+  - - "Converter::Network"
+    - "Method[get_file].Parameter[0]"
+    - "request-forgery"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Converter::Network"
+    - "Method[get_tree_sha]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::CharStringScanner"
+    - "Method[pos=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Converter::LessConversion"
+    - "Method[indent]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[indent]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[convert_less]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[convert_to_scss]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[wrap_at_groups_with_at_root]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Converter::LessConversion"
+    - "Method[replace_division]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Converter::LessConversion"
+    - "Method[sass_fn_exists]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[replace_asset_url]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[replace_asset_url]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[mixin_all_grid_columns]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[mixin_all_grid_columns]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[mixin_all_grid_columns]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[mixin_all_grid_columns]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[mixin_all_grid_columns]"
+    - "Argument[to:]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[mixin_all_grid_columns]"
+    - "Argument[from:]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[mixin_all_grid_columns]"
+    - "Argument[selector:]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[convert_grid_mixins]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Converter::LessConversion"
+    - "Method[replace_calculation_semantics]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Converter::LessConversion"
+    - "Method[replace_file_imports]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[replace_file_imports]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[replace_all]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[replace_all]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[parameterize_mixin_parent_selector]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Converter::LessConversion"
+    - "Method[extract_nested_rule]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Converter::LessConversion"
+    - "Method[apply_mixin_parent_selector]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Converter::LessConversion"
+    - "Method[flatten_mixins]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Converter::LessConversion"
+    - "Method[extract_mixins_from_selectors]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Converter::LessConversion"
+    - "Method[replace_mixins]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[replace_ms_filters]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[unwrap_rule_block]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[replace_mixin_definitions]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[replace_vars]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Converter::LessConversion"
+    - "Method[replace_spin]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[replace_fadein]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[replace_image_urls]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[replace_escaping]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[insert_default_vars]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[convert_less_ampersand]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[unindent]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[varargify_mixin_definitions]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Converter::LessConversion"
+    - "Method[deinterpolate_vararg_mixins]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Converter::LessConversion"
+    - "Method[replace_rules]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Converter::LessConversion"
+    - "Method[replace_in_selector]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Converter::LessConversion"
+    - "Method[replace_properties]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Converter::LessConversion"
+    - "Method[selector_for_pos]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[close_brace_pos]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[open_brace_pos]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Converter::LessConversion"
+    - "Method[replace_substrings_at]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/capistrano/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/capistrano/model.yml
@@ -0,0 +1,240 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Capistrano::Configuration"
+    - "Capistrano::DSL::Env"
+    - "Method[env].ReturnValue"
+  - - "Capistrano::Configuration"
+    - "Capistrano::Configuration!"
+    - "Method[reset!].ReturnValue"
+  - - "Capistrano::Configuration"
+    - "Capistrano::Configuration!"
+    - "Method[env].ReturnValue"
+  - - "Capistrano::VersionValidator"
+    - "Capistrano::VersionValidator"
+    - "Method[verify].ReturnValue"
+  - - "Capistrano::VersionValidator"
+    - "Capistrano::DSL"
+    - "Method[lock].ReturnValue"
+  - - "Capistrano::Configuration::PluginInstaller"
+    - "Capistrano::Configuration"
+    - "Method[installer].ReturnValue"
+  - - "Capistrano::Configuration::Server"
+    - "Capistrano::Configuration"
+    - "Method[server].ReturnValue"
+  - - "Capistrano::Configuration::Server"
+    - "Capistrano::Configuration::Server"
+    - "Method[with].ReturnValue"
+  - - "Capistrano::Configuration::Server"
+    - "Capistrano::Configuration::Server"
+    - "Method[add_roles].ReturnValue"
+  - - "Capistrano::Configuration::Server"
+    - "Capistrano::Configuration::Server"
+    - "Method[add_role].ReturnValue"
+  - - "Capistrano::Configuration::Server"
+    - "Capistrano::Configuration::Servers"
+    - "Method[add_host].ReturnValue"
+  - - "Capistrano::Configuration::Server"
+    - "Capistrano::Configuration::Server!"
+    - "Method[[]].ReturnValue"
+  - - "Capistrano::Configuration::Servers"
+    - "Capistrano::Configuration"
+    - "Method[servers].ReturnValue"
+  - - "Capistrano::Configuration::ValidatedVariables"
+    - "Capistrano::Doctor::VariablesDoctor"
+    - "Method[variables].ReturnValue"
+  - - "Capistrano::Configuration::ValidatedVariables::ValidatedQuestion"
+    - "Capistrano::Configuration::ValidatedVariables"
+    - "Method[assert_valid_later].ReturnValue"
+  - - "Capistrano::Configuration::Server::Properties"
+    - "Capistrano::Configuration::Server"
+    - "Method[properties].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "TestApp"
+    - "Method[run].Parameter[0]"
+    - "command-injection"
+  - - "RaiseNotImplementedMacro"
+    - "Method[raise_not_implemented_on].Parameter[0]"
+    - "code-injection"
+  - - "Capistrano::Plugin"
+    - "Method[eval_rakefile].Parameter[0]"
+    - "path-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "RemoteCommandHelpers"
+    - "Method[test_dir_exists]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RemoteCommandHelpers"
+    - "Method[test_symlink_exists]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RemoteCommandHelpers"
+    - "Method[test_file_exists]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RemoteCommandHelpers"
+    - "Method[exists?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RemoteCommandHelpers"
+    - "Method[exists?]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "RemoteCommandHelpers"
+    - "Method[symlinked?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RemoteCommandHelpers"
+    - "Method[symlinked?]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "TestApp"
+    - "Method[release_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Capistrano::Configuration"
+    - "Method[server]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Capistrano::Configuration"
+    - "Method[add_filter]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Capistrano::Configuration::Filter"
+    - "Method[filter]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Capistrano::Configuration::NullFilter"
+    - "Method[filter]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Capistrano::Configuration::Servers"
+    - "Method[add_host]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Capistrano::Configuration::Servers"
+    - "Method[extract_options]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Capistrano::Configuration::Variables"
+    - "Method[set]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Capistrano::Configuration::Variables"
+    - "Method[set]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Capistrano::Configuration::Variables"
+    - "Method[set]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Capistrano::Configuration::Variables"
+    - "Method[fetch]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Capistrano::Configuration::Variables"
+    - "Method[peek]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Capistrano::Configuration::Variables"
+    - "Method[fetch_for]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Capistrano::DSL::Paths"
+    - "Method[set_release_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Capistrano::Configuration::Server::Properties"
+    - "Method[method_missing]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Capistrano::Configuration::Server::Properties"
+    - "Method[set]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Capistrano::Doctor::OutputHelpers::Row"
+    - "Method[<<]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Capistrano::Doctor::ServersDoctor::RoleWhitespaceChecker"
+    - "Method[include_whitespace?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Capistrano::Doctor::ServersDoctor::ServerDecorator"
+    - "Method[pretty_inspect]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Capistrano::Configuration::Question!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Capistrano::Configuration::Server!"
+    - "Method[[]]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Capistrano::Configuration::ValidatedVariables::ValidatedQuestion!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Capistrano::Doctor::VariablesDoctor!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Capistrano::Doctor::ServersDoctor::ServerDecorator!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Capistrano::VersionValidator!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Capistrano::ImmutableTask!"
+    - "Method[extended]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Capistrano!"
+    - "Method[filter]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/carrierwave/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/carrierwave/model.yml
@@ -0,0 +1,172 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "CarrierWave::Storage::Fog::File"
+    - "CarrierWave::Storage::Fog"
+    - "Method[retrieve!].ReturnValue"
+  - - "CarrierWave::Storage::Fog::File"
+    - "CarrierWave::Storage::Fog"
+    - "Method[retrieve_from_cache!].ReturnValue"
+  - - "CarrierWave::Storage::Fog::File"
+    - "CarrierWave::Storage::Fog"
+    - "Method[store!].ReturnValue"
+  - - "CarrierWave::Storage::Fog::File"
+    - "CarrierWave::Storage::Fog"
+    - "Method[cache!].ReturnValue"
+  - - "CarrierWave::Storage::Fog::File"
+    - "CarrierWave::Storage::Fog::File"
+    - "Method[copy_to].ReturnValue"
+  - - "CarrierWave::SanitizedFile"
+    - "CarrierWave::Storage::File"
+    - "Method[retrieve!].ReturnValue"
+  - - "CarrierWave::SanitizedFile"
+    - "CarrierWave::Storage::File"
+    - "Method[retrieve_from_cache!].ReturnValue"
+  - - "CarrierWave::SanitizedFile"
+    - "CarrierWave::Storage::Fog"
+    - "Method[store!].Parameter[0]"
+  - - "CarrierWave::SanitizedFile"
+    - "CarrierWave::Storage::Fog::File"
+    - "Method[store].Parameter[0]"
+  - - "CarrierWave::SanitizedFile"
+    - "CarrierWave::SanitizedFile"
+    - "Method[move_to].ReturnValue"
+  - - "CarrierWave::Downloader::RemoteFile"
+    - "CarrierWave::Downloader::Base"
+    - "Method[download].ReturnValue"
+  - - "CarrierWave::Mounter::Single"
+    - "CarrierWave::Mount::Extension"
+    - "Method[_mounter].ReturnValue"
+  - - "CarrierWave::Mounter::Single"
+    - "CarrierWave::Mounter!"
+    - "Method[build].ReturnValue"
+  - - "CarrierWave::Mounter::Multiple"
+    - "CarrierWave::Mount::Extension"
+    - "Method[_mounter].ReturnValue"
+  - - "CarrierWave::Mounter::Multiple"
+    - "CarrierWave::Mounter!"
+    - "Method[build].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "CarrierWave::SanitizedFile"
+    - "Method[move!].Parameter[0]"
+    - "path-injection"
+  - - "CarrierWave::SanitizedFile"
+    - "Method[copy!].Parameter[0]"
+    - "path-injection"
+  - - "CarrierWave::Mount"
+    - "Method[uploader_option].Parameter[1]"
+    - "code-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "CarrierWave::Storage::Fog::File"
+    - "Method[content_type=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "CarrierWave::SanitizedFile"
+    - "Method[content_type=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "CarrierWave::SanitizedFile"
+    - "Method[file=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "CarrierWave::Mount"
+    - "Method[build_uploader]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "CarrierWave::RMagick"
+    - "Method[convert]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "CarrierWave::RMagick"
+    - "Method[dimension_from]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "CarrierWave::Compatibility::Paperclip"
+    - "Method[interpolate_paperclip_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "CarrierWave::Uploader::Cache"
+    - "Method[workfile_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "CarrierWave::Uploader::Cache"
+    - "Method[cache_id=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "CarrierWave::Uploader::Cache"
+    - "Method[original_filename=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "CarrierWave::Uploader::Processing"
+    - "Method[forcing_extension]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "CarrierWave::Uploader::Store"
+    - "Method[full_filename]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "CarrierWave::Compatibility::Paperclip::ClassMethods"
+    - "Method[interpolate]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "CarrierWave::Compatibility::Paperclip::ClassMethods"
+    - "Method[interpolate]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "CarrierWave::Uploader::Configuration::ClassMethods"
+    - "Method[cache_storage]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "CarrierWave::Uploader::Configuration::ClassMethods"
+    - "Method[storage]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "CarrierWave::Downloader::Base!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "CarrierWave::Storage::Abstract!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "CarrierWave::Test::SsrfProtectionAwareWebMock::Matcher!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RemoteFile!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "CarrierWave::Uploader::Mountable!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/coffee-rails/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/coffee-rails/model.yml
@@ -0,0 +1 @@
+"extensions": []
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/colorize/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/colorize/model.yml
@@ -0,0 +1,95 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "ColorizedString"
+    - "Colorize::InstanceMethods"
+    - "Method[colorize].ReturnValue"
+  - - "ColorizedString"
+    - "ColorizedString!"
+    - "Method[[]].ReturnValue"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Colorize::ClassMethods"
+    - "Method[enable_readline_support]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Colorize::ClassMethods"
+    - "Method[enable_readline_support=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Colorize::ClassMethods"
+    - "Method[disable_colorization]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Colorize::ClassMethods"
+    - "Method[disable_colorization=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Colorize::ClassMethods"
+    - "Method[prevent_colors]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Colorize::ClassMethods"
+    - "Method[prevent_colors=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Colorize::ClassMethods"
+    - "Method[add_color_code]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Colorize::InstanceMethods"
+    - "Method[colorized_string]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Colorize::InstanceMethods"
+    - "Method[colorized_string]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Colorize::InstanceMethods"
+    - "Method[colorized_string]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Colorize::InstanceMethods"
+    - "Method[colorized_string]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "taint"
+  - - "Colorize::InstanceMethods"
+    - "Method[defaults_colors]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Colorize::InstanceMethods"
+    - "Method[colors_from_params]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Colorize::InstanceMethods"
+    - "Method[colors_from_hash]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Colorize::InstanceMethods"
+    - "Method[color_from_symbol]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ColorizedString!"
+    - "Method[[]]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/database_cleaner/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/database_cleaner/model.yml
@@ -0,0 +1,60 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "DatabaseCleaner::Cleaner"
+    - "DatabaseCleaner::Cleaners"
+    - "Method[add_cleaner].ReturnValue"
+  - - "DatabaseCleaner::NullStrategy"
+    - "DatabaseCleaner::Cleaner"
+    - "Method[strategy].ReturnValue"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "DatabaseCleaner::Cleaner"
+    - "Method[db=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "DatabaseCleaner::Cleaner"
+    - "Method[strategy_db=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "DatabaseCleaner::Cleaner"
+    - "Method[set_strategy_db]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "DatabaseCleaner::Cleaner"
+    - "Method[camelize]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RedisWidget!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "DatabaseCleaner::Cleaner!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "DatabaseCleaner::Cleaner!"
+    - "Method[new]"
+    - "Argument[db:]"
+    - "ReturnValue"
+    - "value"
+  - - "DatabaseCleaner::Cleaner!"
+    - "Method[underscore]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "DatabaseCleaner::Cleaners!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/dd-trace-rb/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/dd-trace-rb/model.yml
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/devise/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/devise/model.yml
@@ -0,0 +1,244 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "User"
+    - "Devise::Mapping!"
+    - "Method[find_scope!].Parameter[0]"
+  - - "Devise::ParameterFilter"
+    - "Devise::Models::Authenticatable::ClassMethods"
+    - "Method[devise_parameter_filter].ReturnValue"
+  - - "Devise::Mapping"
+    - "Devise!"
+    - "Method[add_mapping].ReturnValue"
+  - - "Devise::ParameterSanitizer"
+    - "Devise::Controllers::Helpers"
+    - "Method[devise_parameter_sanitizer].ReturnValue"
+  - - "Devise::Getter"
+    - "Devise!"
+    - "Method[ref].ReturnValue"
+  - - "Devise::Getter"
+    - "Devise!"
+    - "Method[mailer=].ReturnValue"
+  - - "Devise::OmniAuth::Config"
+    - "Devise!"
+    - "Method[omniauth].ReturnValue"
+- "addsTo":
+    "extensible": "sourceModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Devise::FailureApp"
+    - "Method[redirect_url].ReturnValue"
+    - "remote"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "ActionDispatch::Routing::Mapper"
+    - "Method[constraints_for].Parameter[0]"
+    - "code-injection"
+  - - "Devise::ParameterFilter"
+    - "Method[filtered_hash_by_method_for_given_keys].Parameter[1]"
+    - "code-injection"
+  - - "Devise::Models::Authenticatable"
+    - "Method[send_devise_notification].Parameter[0]"
+    - "code-injection"
+  - - "Devise::Models::Authenticatable"
+    - "Method[apply_to_attribute_or_variable].Parameter[0]"
+    - "code-injection"
+  - - "Devise::Models::Authenticatable"
+    - "Method[apply_to_attribute_or_variable].Parameter[1]"
+    - "code-injection"
+  - - "Devise::Mapping!"
+    - "Method[find_by_path!].Parameter[1]"
+    - "code-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "DeviseController"
+    - "Method[devise_i18n_options]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Devise::FailureApp"
+    - "Method[i18n_options]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Devise::FailureApp"
+    - "Method[i18n_message]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Devise::FailureApp"
+    - "Method[route]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ActionDispatch::Routing::Mapper"
+    - "Method[set_omniauth_path_prefix!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Devise::ParameterFilter"
+    - "Method[filtered_hash_by_method_for_given_keys]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Devise::ParameterFilter"
+    - "Method[stringify_params]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Devise!"
+    - "Method[warden]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Devise!"
+    - "Method[warden]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Devise!"
+    - "Method[ref]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Devise!"
+    - "Method[mailer=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Devise::ParameterSanitizer"
+    - "Method[permit]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Devise::ParameterSanitizer"
+    - "Method[permit]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "taint"
+  - - "Devise::ParameterSanitizer"
+    - "Method[permit]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Devise::ParameterSanitizer"
+    - "Method[permit]"
+    - "Argument[except:]"
+    - "ReturnValue"
+    - "taint"
+  - - "Devise::ParameterSanitizer"
+    - "Method[cast_to_hash]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Devise::RegistrationsController"
+    - "Method[update_needs_confirmation?]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Devise::Delegator"
+    - "Method[failure_app]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Devise::Controllers::Rememberable"
+    - "Method[remember_key]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Devise::Controllers::SignInOut"
+    - "Method[bypass_sign_in]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Devise::Controllers::SignInOut"
+    - "Method[bypass_sign_in]"
+    - "Argument[scope:]"
+    - "ReturnValue"
+    - "value"
+  - - "Devise::Controllers::StoreLocation"
+    - "Method[parse_uri]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Devise::Controllers::StoreLocation"
+    - "Method[add_fragment_back_to_path]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Devise::Models::Rememberable"
+    - "Method[remember_me?]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Devise::Models::Timeoutable"
+    - "Method[timedout?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Devise::Controllers::ScopedViews::ClassMethods"
+    - "Method[scoped_views=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Devise::Models::Lockable::ClassMethods"
+    - "Method[unlock_strategy_enabled?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Devise::Models::Lockable::ClassMethods"
+    - "Method[lock_strategy_enabled?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Devise::Hooks::Proxy!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Devise::Models::MissingAttribute!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Devise::OmniAuth::Config!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Devise::ParameterFilter!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Devise::SecretKeyFinder!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Devise::TokenGenerator!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Devise::Orm!"
+    - "Method[active_record?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Devise::Orm!"
+    - "Method[active_record_51?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Devise::Getter!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/dogstatsd-ruby/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/dogstatsd-ruby/model.yml
@@ -0,0 +1,184 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Datadog::Statsd"
+    - "Datadog::Statsd"
+    - "Method[batch].Argument[block].Parameter[0]"
+  - - "Datadog::Statsd::ConnectionCfg"
+    - "Datadog::Statsd::Forwarder!"
+    - "Method[new].Parameter[0]"
+  - - "Datadog::Statsd::ConnectionCfg"
+    - "Datadog::Statsd::Forwarder!"
+    - "Method[new].Parameter[connection_cfg:]"
+  - - "Datadog::Statsd::Telemetry"
+    - "Datadog::Statsd"
+    - "Method[telemetry].ReturnValue"
+  - - "Datadog::Statsd::UDPConnection"
+    - "Datadog::Statsd::ConnectionCfg"
+    - "Method[make_connection].ReturnValue"
+  - - "Datadog::Statsd::UDSConnection"
+    - "Datadog::Statsd::ConnectionCfg"
+    - "Method[make_connection].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Datadog::Statsd::UDPConnection"
+    - "Method[send_message].Parameter[0]"
+    - "code-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "FakeUDPSocket"
+    - "Method[error_on_send]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Datadog::Statsd::Sender"
+    - "Method[add]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Telemetry"
+    - "Method[would_fit_in?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Telemetry"
+    - "Method[sent]"
+    - "Argument[4]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Telemetry"
+    - "Method[sent]"
+    - "Argument[packets:]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Telemetry"
+    - "Method[dropped_queue]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Telemetry"
+    - "Method[dropped_queue]"
+    - "Argument[packets:]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Telemetry"
+    - "Method[dropped_writer]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Telemetry"
+    - "Method[dropped_writer]"
+    - "Argument[packets:]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Serialization::EventSerializer"
+    - "Method[escape]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Serialization::ServiceCheckSerializer"
+    - "Method[escape_message]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Serialization::StatSerializer"
+    - "Method[format]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Serialization::StatSerializer"
+    - "Method[format]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Serialization::StatSerializer"
+    - "Method[format]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Serialization::StatSerializer"
+    - "Method[format]"
+    - "Argument[4]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Serialization::StatSerializer"
+    - "Method[format]"
+    - "Argument[sample_rate:]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Serialization::StatSerializer"
+    - "Method[formated_name]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Serialization::TagSerializer"
+    - "Method[format]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Serialization::TagSerializer"
+    - "Method[to_tags_hash]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Datadog::Statsd::Serialization::TagSerializer"
+    - "Method[escape_tag_content]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Serialization::TagSerializer"
+    - "Method[dd_tags]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Serialization::TagSerializer"
+    - "Method[default_tags]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Connection!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Datadog::Statsd::Connection!"
+    - "Method[new]"
+    - "Argument[logger:]"
+    - "ReturnValue"
+    - "value"
+  - - "Datadog::Statsd::Serialization::TagSerializer!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Serialization::TagSerializer!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Telemetry!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Datadog::Statsd::Telemetry!"
+    - "Method[new]"
+    - "Argument[global_tags:]"
+    - "ReturnValue"
+    - "taint"
+  - - "FakeUDPSocket!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "FakeUDPSocket!"
+    - "Method[new]"
+    - "Argument[copy_message:]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/dotenv/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/dotenv/model.yml
@@ -0,0 +1,52 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Dotenv::Environment"
+    - "Dotenv"
+    - "Method[ignoring_nonexistent_files].ReturnValue"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Dotenv::Parser"
+    - "Method[parse_value]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Dotenv::Parser"
+    - "Method[unescape_characters]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Dotenv::Parser"
+    - "Method[expand_newlines]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Dotenv::Parser"
+    - "Method[unescape_value]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Dotenv::Parser"
+    - "Method[perform_substitutions]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Dotenv::EnvTemplate"
+    - "Method[template_line]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Dotenv::Parser!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Dotenv::EnvTemplate!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/dynflow/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/dynflow/model.yml
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/faraday/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/faraday/model.yml
@@ -0,0 +1,343 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Client"
+    - "ClientTest"
+    - "Method[client].ReturnValue"
+  - - "Hash"
+    - "Faraday::DecodeMethods"
+    - "Method[prepare_context].ReturnValue"
+  - - "Hash"
+    - "Faraday::DecodeMethods"
+    - "Method[new_context].ReturnValue"
+  - - "Faraday::Connection"
+    - "Faraday::Connection!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "Faraday::Options"
+    - "Faraday::Options"
+    - "Method[update].ReturnValue"
+  - - "Faraday::Options"
+    - "Faraday::Options!"
+    - "Method[from].ReturnValue"
+  - - "Faraday::RackBuilder"
+    - "Faraday::RackBuilder"
+    - "Method[build].Argument[block].Parameter[0]"
+  - - "Faraday::Response"
+    - "Faraday::Adapter"
+    - "Method[call].ReturnValue"
+  - - "Faraday::Utils::Headers"
+    - "Faraday::Utils::Headers!"
+    - "Method[from].ReturnValue"
+  - - "Faraday::Utils::ParamsHash"
+    - "Faraday::Utils::ParamsHash"
+    - "Method[update].ReturnValue"
+  - - "Faraday::Adapter::Test::Stubs"
+    - "ClientTest"
+    - "Method[client].Parameter[0]"
+  - - "Faraday::Adapter::Test::Stubs"
+    - "Faraday::Adapter::Test::Stubs!"
+    - "Method[new].Argument[block].Parameter[0]"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Faraday::AdapterRegistry"
+    - "Method[get].Parameter[0]"
+    - "code-injection"
+  - - "Faraday::Options"
+    - "Method[delete].Parameter[0]"
+    - "code-injection"
+  - - "Faraday::Options"
+    - "Method[fetch].Parameter[0]"
+    - "code-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Faraday"
+    - "Method[[]=]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Faraday"
+    - "Method[body=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Faraday"
+    - "Method[headers=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday"
+    - "Method[params=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday"
+    - "Method[marshal_load]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Utils"
+    - "Method[escape]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Utils"
+    - "Method[URI]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Faraday::Utils"
+    - "Method[default_uri_parser=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Faraday::Utils"
+    - "Method[deep_merge!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Faraday::Utils"
+    - "Method[deep_merge!]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Utils"
+    - "Method[deep_merge]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Faraday::Utils"
+    - "Method[deep_merge]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Utils"
+    - "Method[sort_query_params]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "CustomEncoder"
+    - "Method[encode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Connection"
+    - "Method[headers=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Connection"
+    - "Method[params=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Connection"
+    - "Method[path_prefix=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Faraday::Connection"
+    - "Method[build_url]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Connection"
+    - "Method[build_exclusive_url]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::DecodeMethods"
+    - "Method[prepare_context]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Faraday::DecodeMethods"
+    - "Method[new_context]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::DecodeMethods"
+    - "Method[match_context]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::DecodeMethods"
+    - "Method[add_to_context]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::DecodeMethods"
+    - "Method[add_to_context]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Faraday::DecodeMethods"
+    - "Method[dehash]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Faraday::RackBuilder"
+    - "Method[assert_index]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Faraday::RackBuilder"
+    - "Method[is_adapter?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Adapter"
+    - "Method[request_timeout]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Utils::Headers"
+    - "Method[add_parsed]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Faraday::Utils::ParamsHash"
+    - "Method[convert_key]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Utils::ParamsHash"
+    - "Method[to_query]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Error"
+    - "Method[exc_msg_and_response!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::EncodeMethods"
+    - "Method[encode_pair]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Faraday::EncodeMethods"
+    - "Method[encode_array]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Adapter::Test"
+    - "Method[path_match?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Adapter::Test"
+    - "Method[body_match?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Logging::Formatter"
+    - "Method[dump_headers]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Logging::Formatter"
+    - "Method[dump_body]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Logging::Formatter"
+    - "Method[apply_filters]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Request::Authorization"
+    - "Method[header_from]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::RackBuilder::Handler"
+    - "Method[==]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Request::Json"
+    - "Method[encode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Request::Json"
+    - "Method[on_request]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Request::Json"
+    - "Method[match_content_type]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Request::Json"
+    - "Method[request_type]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Response::Json"
+    - "Method[parse]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Response::Json"
+    - "Method[on_complete]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Response::Json"
+    - "Method[process_response]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Response::Json"
+    - "Method[response_type]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Faraday::Adapter!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Faraday::Adapter!"
+    - "Method[new]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Client!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Faraday::Middleware!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Faraday::RackBuilder::Handler!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Faraday::RackBuilder::Handler!"
+    - "Method[new]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Faraday::Response::Json!"
+    - "Method[new]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "value"
+  - - "Faraday::Response::Json!"
+    - "Method[new]"
+    - "Argument[preserve_raw:]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/graphql-ruby/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/graphql-ruby/model.yml
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/haml/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/haml/model.yml
@@ -0,0 +1,239 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Haml::SyntaxError"
+    - "Haml::Parser"
+    - "Method[error_with_lineno].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Haml::CLI"
+    - "Method[read_file].Parameter[0]"
+    - "path-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Haml::RailsHelpers"
+    - "Method[find_and_preserve]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::RailsHelpers"
+    - "Method[surround]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::RailsHelpers"
+    - "Method[surround]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::RailsHelpers"
+    - "Method[precede]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::RailsHelpers"
+    - "Method[succeed]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::AttributeCompiler"
+    - "Method[compile_id!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::AttributeCompiler"
+    - "Method[compile_class!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::AttributeCompiler"
+    - "Method[compile_data!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::AttributeCompiler"
+    - "Method[compile_boolean!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::AttributeCompiler"
+    - "Method[compile_common!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::AttributeCompiler"
+    - "Method[attribute_builder]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::AttributeParser"
+    - "Method[wrap_bracket]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::AttributeParser"
+    - "Method[each_attr]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::DynamicMerger"
+    - "Method[merge_dynamic]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Haml::TempleEngine"
+    - "Method[precompiled_with_ambles]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::TempleEngine"
+    - "Method[precompiled_with_ambles]"
+    - "Argument[after_preamble:]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::Parser"
+    - "Method[error_with_lineno]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Haml::Parser"
+    - "Method[continuation_script?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::Parser"
+    - "Method[block_keyword]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::Parser"
+    - "Method[closes_flat?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Haml::Parser"
+    - "Method[is_multiline?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Haml::Parser"
+    - "Method[handle_ruby_multiline]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Haml::Parser"
+    - "Method[is_ruby_multiline?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Haml::Parser"
+    - "Method[old=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Haml::StringSplitter"
+    - "Method[call]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Haml::Helpers"
+    - "Method[preserve]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::Util"
+    - "Method[check_encoding]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Haml::Util"
+    - "Method[check_haml_encoding]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Haml::Util"
+    - "Method[inspect_obj]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::Util"
+    - "Method[human_indentation]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::Util"
+    - "Method[contains_interpolation?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::Compiler::ChildrenCompiler"
+    - "Method[rstrip_whitespace!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::Compiler::ScriptCompiler"
+    - "Method[find_and_preserve]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::Filters::TextBase"
+    - "Method[compile_text!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::AttributeCompiler!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::Compiler::DoctypeCompiler!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::Compiler::ScriptCompiler!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::Compiler::ScriptCompiler!"
+    - "Method[find_and_preserve]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::Error!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Haml::Filters::Base!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::Filters::TiltBase!"
+    - "Method[render]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::Filters::TiltBase!"
+    - "Method[render]"
+    - "Argument[indent_width:]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::Helpers!"
+    - "Method[preserve]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Haml::Util!"
+    - "Method[escape_html_safe]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/httparty/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/httparty/model.yml
@@ -0,0 +1,392 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "CustomURIAdaptor"
+    - "CustomURIAdaptor!"
+    - "Method[parse].ReturnValue"
+  - - "HTTParty::Response"
+    - "HTTParty::Response"
+    - "Method[tap].Argument[block].Parameter[0]"
+  - - "HTTParty::Response"
+    - "HTTParty::Response!"
+    - "Method[_load].ReturnValue"
+  - - "HTTParty::Response"
+    - "HTTParty::Request"
+    - "Method[perform].ReturnValue"
+  - - "HTTParty::Response"
+    - "HTTParty::Request"
+    - "Method[handle_unauthorized].ReturnValue"
+  - - "HTTParty::Response"
+    - "HTTParty::Request"
+    - "Method[handle_response].ReturnValue"
+  - - "HTTParty::Response"
+    - "HTTParty::ClassMethods"
+    - "Method[post].ReturnValue"
+  - - "HTTParty::Response"
+    - "HTTParty::ClassMethods"
+    - "Method[options].ReturnValue"
+  - - "HTTParty::Response"
+    - "HTTParty::ClassMethods"
+    - "Method[patch].ReturnValue"
+  - - "HTTParty::Response"
+    - "HTTParty::ClassMethods"
+    - "Method[put].ReturnValue"
+  - - "HTTParty::Response"
+    - "HTTParty::ClassMethods"
+    - "Method[delete].ReturnValue"
+  - - "HTTParty::Response"
+    - "HTTParty::ClassMethods"
+    - "Method[head].ReturnValue"
+  - - "HTTParty::Response"
+    - "HTTParty::ClassMethods"
+    - "Method[copy].ReturnValue"
+  - - "HTTParty::Response"
+    - "HTTParty::ClassMethods"
+    - "Method[get].ReturnValue"
+  - - "HTTParty::Response"
+    - "HTTParty::ClassMethods"
+    - "Method[move].ReturnValue"
+  - - "HTTParty::Response"
+    - "HTTParty::ClassMethods"
+    - "Method[mkcol].ReturnValue"
+  - - "HTTParty::Response"
+    - "HTTParty::ClassMethods"
+    - "Method[lock].ReturnValue"
+  - - "HTTParty::Response"
+    - "HTTParty::ClassMethods"
+    - "Method[unlock].ReturnValue"
+  - - "HTTParty::Response"
+    - "HTTParty::ClassMethods"
+    - "Method[perform_request].ReturnValue"
+  - - "HTTParty::CookieHash"
+    - "TripIt"
+    - "Method[parse_cookie].ReturnValue"
+  - - "HTTParty::Request"
+    - "HTTParty::Request!"
+    - "Method[_load].ReturnValue"
+  - - "HTTParty::Request"
+    - "HTTParty::ClassMethods"
+    - "Method[build_request].ReturnValue"
+  - - "HTTParty::Logger::ApacheFormatter"
+    - "HTTParty::Logger!"
+    - "Method[build].ReturnValue"
+- "addsTo":
+    "extensible": "sourceModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Delicious"
+    - "Method[posts].ReturnValue"
+    - "remote"
+  - - "Delicious"
+    - "Method[recent].ReturnValue"
+    - "remote"
+  - - "StackExchange"
+    - "Method[questions].ReturnValue"
+    - "remote"
+  - - "StackExchange"
+    - "Method[users].ReturnValue"
+    - "remote"
+  - - "TripIt"
+    - "Method[account_settings].ReturnValue"
+    - "remote"
+  - - "Twitter"
+    - "Method[timeline].ReturnValue"
+    - "remote"
+  - - "Twitter"
+    - "Method[post].ReturnValue"
+    - "remote"
+  - - "Rubyurl!"
+    - "Method[shorten].ReturnValue"
+    - "remote"
+  - - "HTTParty!"
+    - "Method[options].ReturnValue"
+    - "remote"
+  - - "HTTParty!"
+    - "Method[patch].ReturnValue"
+    - "remote"
+  - - "HTTParty!"
+    - "Method[put].ReturnValue"
+    - "remote"
+  - - "HTTParty!"
+    - "Method[delete].ReturnValue"
+    - "remote"
+  - - "HTTParty!"
+    - "Method[head].ReturnValue"
+    - "remote"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "MicrosoftGraph"
+    - "Method[request].Parameter[0]"
+    - "request-forgery"
+  - - "HTTParty::Response"
+    - "Method[method_missing].Parameter[0]"
+    - "code-injection"
+  - - "HTTParty::Request!"
+    - "Method[_load].Parameter[0]"
+    - "unsafe-deserialization"
+  - - "HTTParty::Response!"
+    - "Method[_load].Parameter[0]"
+    - "unsafe-deserialization"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "HTTParty!"
+    - "Method[normalize_base_uri]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "HTTParty::Response!"
+    - "Method[underscore]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "CustomURIAdaptor!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::Request"
+    - "Method[decompress]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::Request"
+    - "Method[path=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::Request"
+    - "Method[encode_text]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "HTTParty::ClassMethods"
+    - "Method[base_uri]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "HTTParty::ClassMethods"
+    - "Method[connection_adapter]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ClassMethods"
+    - "Method[query_string_normalizer]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ClassMethods"
+    - "Method[logger]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ClassMethods"
+    - "Method[http_proxy]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ClassMethods"
+    - "Method[default_timeout]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ClassMethods"
+    - "Method[open_timeout]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ClassMethods"
+    - "Method[read_timeout]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ClassMethods"
+    - "Method[write_timeout]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ClassMethods"
+    - "Method[debug_output]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ClassMethods"
+    - "Method[follow_redirects]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ClassMethods"
+    - "Method[no_follow]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ClassMethods"
+    - "Method[maintain_method_across_redirects]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ClassMethods"
+    - "Method[resend_on_redirect]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ClassMethods"
+    - "Method[pem]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ClassMethods"
+    - "Method[pkcs12]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ClassMethods"
+    - "Method[ssl_version]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ClassMethods"
+    - "Method[skip_decompression]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "HTTParty::ClassMethods"
+    - "Method[ciphers]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ClassMethods"
+    - "Method[ssl_ca_file]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ClassMethods"
+    - "Method[ssl_ca_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ClassMethods"
+    - "Method[uri_adapter]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ConnectionAdapter"
+    - "Method[add_timeout?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ConnectionAdapter"
+    - "Method[add_max_retries?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ConnectionAdapter"
+    - "Method[clean_host]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ConnectionAdapter"
+    - "Method[strip_ipv6_brackets]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ConnectionAdapter"
+    - "Method[attach_ssl_certificates]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "HTTParty::Logger::CurlFormatter"
+    - "Method[log]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "HTTParty::Logger::CurlFormatter"
+    - "Method[log]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::HTTPHeader::DigestAuthenticator"
+    - "Method[parse_cookies]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "HTTParty::Request::Body"
+    - "Method[content_body]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "HTTParty::Response::Headers"
+    - "Method[==]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "MicrosoftGraph!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::Decompressor!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::HeadersProcessor!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::HTTPHeader::DigestAuthenticator!"
+    - "Method[new]"
+    - "Argument[4]"
+    - "ReturnValue"
+    - "taint"
+  - - "HTTParty::Request::Body!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::Request::Body!"
+    - "Method[new]"
+    - "Argument[force_multipart:]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::Parser!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::Parser!"
+    - "Method[call]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::TextEncoder!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::TextEncoder!"
+    - "Method[new]"
+    - "Argument[assume_utf16_is_big_endian:]"
+    - "ReturnValue"
+    - "value"
+  - - "HashLike!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ArrayLike!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "HTTParty::ModuleInheritableAttributes!"
+    - "Method[hash_deep_dup]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/jbuilder/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/jbuilder/model.yml
@@ -0,0 +1,167 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Jbuilder"
+    - "Jbuilder"
+    - "Method[set!].Argument[block].Parameter[0]"
+  - - "Jbuilder"
+    - "Jbuilder"
+    - "Method[child!].Argument[block].Parameter[0]"
+  - - "Jbuilder"
+    - "Jbuilder"
+    - "Method[_merge_block].Argument[block].Parameter[0]"
+  - - "Jbuilder"
+    - "Jbuilder!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "JbuilderTemplate"
+    - "Jbuilder"
+    - "Method[child!].Argument[block].Parameter[0]"
+  - - "JbuilderTemplate"
+    - "Jbuilder"
+    - "Method[_merge_block].Argument[block].Parameter[0]"
+  - - "JbuilderTemplate"
+    - "JbuilderTemplate"
+    - "Method[cache!].Argument[block].Parameter[0]"
+  - - "Jbuilder::Blank"
+    - "Jbuilder"
+    - "Method[method_missing].ReturnValue"
+  - - "Jbuilder::Blank"
+    - "Jbuilder"
+    - "Method[set!].ReturnValue"
+  - - "Jbuilder::Blank"
+    - "Jbuilder"
+    - "Method[_merge_block].ReturnValue"
+  - - "Jbuilder::Blank"
+    - "Jbuilder"
+    - "Method[_merge_values].ReturnValue"
+  - - "Jbuilder::Blank"
+    - "Jbuilder"
+    - "Method[_format_keys].ReturnValue"
+  - - "Jbuilder::Blank"
+    - "Jbuilder"
+    - "Method[_set_value].ReturnValue"
+  - - "Jbuilder::Blank"
+    - "JbuilderTemplate"
+    - "Method[set!].ReturnValue"
+  - - "Jbuilder::Blank"
+    - "JbuilderTemplate"
+    - "Method[_set_inline_partial].ReturnValue"
+  - - "Jbuilder::NullError"
+    - "Jbuilder::NullError!"
+    - "Method[build].ReturnValue"
+  - - "Jbuilder::ArrayError"
+    - "Jbuilder::ArrayError!"
+    - "Method[build].ReturnValue"
+  - - "Jbuilder::KeyFormatter"
+    - "Jbuilder"
+    - "Method[key_format!].ReturnValue"
+  - - "Jbuilder::KeyFormatter"
+    - "Jbuilder!"
+    - "Method[key_format].ReturnValue"
+  - - "Jbuilder::MergeError"
+    - "Jbuilder::MergeError!"
+    - "Method[build].ReturnValue"
+  - - "Jbuilder::EnumerableCompat"
+    - "Jbuilder::CollectionRenderer"
+    - "Method[render_collection_with_partial].Parameter[0]"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Jbuilder"
+    - "Method[merge!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jbuilder"
+    - "Method[set!]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Jbuilder"
+    - "Method[ignore_nil!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jbuilder"
+    - "Method[deep_format_keys!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jbuilder"
+    - "Method[_merge_values]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jbuilder"
+    - "Method[_merge_values]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Jbuilder"
+    - "Method[_key]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jbuilder"
+    - "Method[_format_keys]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jbuilder"
+    - "Method[_set_value]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Jbuilder"
+    - "Method[_blank?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "JbuilderTemplate"
+    - "Method[_fragment_name_with_digest]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "JbuilderTemplate"
+    - "Method[_partial_options?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jbuilder::Blank"
+    - "Method[==]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jbuilder!"
+    - "Method[ignore_nil]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jbuilder!"
+    - "Method[deep_format_keys]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jbuilder::CollectionRenderable::ScopedIterator!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Jbuilder::CollectionRenderer!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Jbuilder::CollectionRenderer!"
+    - "Method[new]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "JbuilderHandler!"
+    - "Method[call]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/jekyll/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/jekyll/model.yml
@@ -0,0 +1,873 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Hash"
+    - "Jekyll::LiquidRenderer"
+    - "Method[new_profile_hash].ReturnValue"
+  - - "Jekyll::Cleaner"
+    - "Jekyll::Site"
+    - "Method[site_cleaner].ReturnValue"
+  - - "Jekyll::Collection"
+    - "Jekyll::Site"
+    - "Method[posts].ReturnValue"
+  - - "Jekyll::Configuration"
+    - "Jekyll::Site"
+    - "Method[config=].ReturnValue"
+  - - "Jekyll::Configuration"
+    - "Jekyll::Site"
+    - "Method[load_theme_configuration].ReturnValue"
+  - - "Jekyll::Configuration"
+    - "Jekyll::Utils"
+    - "Method[deep_merge_hashes].Parameter[0]"
+  - - "Jekyll::EntryFilter"
+    - "Jekyll::Collection"
+    - "Method[entry_filter].ReturnValue"
+  - - "Jekyll::Excerpt"
+    - "Jekyll::Document"
+    - "Method[read_post_data].ReturnValue"
+  - - "Jekyll::Excerpt"
+    - "Jekyll::Document"
+    - "Method[generate_excerpt].ReturnValue"
+  - - "Jekyll::FrontmatterDefaults"
+    - "Jekyll::Site"
+    - "Method[frontmatter_defaults].ReturnValue"
+  - - "Jekyll::Page"
+    - "Jekyll::ThemeAssetsReader"
+    - "Method[append_unless_exists].Parameter[1]"
+  - - "Jekyll::PageExcerpt"
+    - "Jekyll::Page"
+    - "Method[generate_excerpt].ReturnValue"
+  - - "Jekyll::Publisher"
+    - "Jekyll::Site"
+    - "Method[publisher].ReturnValue"
+  - - "Jekyll::PostReader"
+    - "Jekyll::Reader"
+    - "Method[post_reader].ReturnValue"
+  - - "Jekyll::Renderer"
+    - "Jekyll::Document"
+    - "Method[renderer].ReturnValue"
+  - - "Jekyll::Renderer"
+    - "Jekyll::Convertible"
+    - "Method[renderer].ReturnValue"
+  - - "Jekyll::StaticFile"
+    - "Jekyll::ThemeAssetsReader"
+    - "Method[append_unless_exists].Parameter[1]"
+  - - "Jekyll::Theme"
+    - "Jekyll::Site"
+    - "Method[configure_theme].ReturnValue"
+  - - "Jekyll::Drops::CollectionDrop"
+    - "Jekyll::Collection"
+    - "Method[to_liquid].ReturnValue"
+  - - "Jekyll::Drops::DocumentDrop"
+    - "Jekyll::Document"
+    - "Method[to_liquid].ReturnValue"
+  - - "Jekyll::Drops::ExcerptDrop"
+    - "Jekyll::Excerpt"
+    - "Method[to_liquid].ReturnValue"
+  - - "Jekyll::Drops::JekyllDrop"
+    - "Jekyll::Drops::UnifiedPayloadDrop"
+    - "Method[jekyll].ReturnValue"
+  - - "Jekyll::Drops::SiteDrop"
+    - "Jekyll::Drops::UnifiedPayloadDrop"
+    - "Method[site].ReturnValue"
+  - - "Jekyll::Drops::StaticFileDrop"
+    - "Jekyll::StaticFile"
+    - "Method[to_liquid].ReturnValue"
+  - - "Jekyll::Drops::ThemeDrop"
+    - "Jekyll::Drops::UnifiedPayloadDrop"
+    - "Method[theme].ReturnValue"
+  - - "Jekyll::Drops::UnifiedPayloadDrop"
+    - "Jekyll::Site"
+    - "Method[site_payload].ReturnValue"
+  - - "Jekyll::Drops::UrlDrop"
+    - "Jekyll::Document"
+    - "Method[url_placeholders].ReturnValue"
+  - - "Jekyll::LiquidRenderer::File"
+    - "Jekyll::LiquidRenderer"
+    - "Method[file].ReturnValue"
+  - - "Jekyll::ThemeBuilder::ERBRenderer"
+    - "Jekyll::ThemeBuilder"
+    - "Method[erb].ReturnValue"
+  - - "Jekyll::Converters::Markdown::KramdownParser"
+    - "Jekyll::Converters::Markdown"
+    - "Method[get_processor].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Profiler"
+    - "Method[report].Parameter[1]"
+    - "code-injection"
+  - - "Jekyll::Cache"
+    - "Method[load].Parameter[0]"
+    - "path-injection"
+  - - "Jekyll::Cache"
+    - "Method[dump].Parameter[0]"
+    - "path-injection"
+  - - "Jekyll::FrontmatterDefaults"
+    - "Method[glob_cache].Parameter[0]"
+    - "path-injection"
+  - - "Jekyll::DataReader"
+    - "Method[read_data_to].Parameter[0]"
+    - "path-injection"
+  - - "Jekyll::LayoutReader"
+    - "Method[within].Parameter[0]"
+    - "path-injection"
+  - - "Jekyll::Convertible"
+    - "Method[[]].Parameter[0]"
+    - "code-injection"
+  - - "Jekyll::Utils"
+    - "Method[has_yaml_header?].Parameter[0]"
+    - "path-injection"
+  - - "Jekyll::Utils"
+    - "Method[safe_glob].Parameter[0]"
+    - "path-injection"
+  - - "Jekyll::Tags::IncludeTag"
+    - "Method[read_file].Parameter[0]"
+    - "path-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Jekyll::Cache"
+    - "Method[path_to]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Converters::Markdown"
+    - "Method[custom_class_allowed?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Collection"
+    - "Method[sanitize_label]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Collection"
+    - "Method[determine_sort_order]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Collection"
+    - "Method[determine_sort_order]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Collection"
+    - "Method[order_with_warning]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Configuration"
+    - "Method[quiet]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Configuration"
+    - "Method[get_config_value_with_override]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Configuration"
+    - "Method[source]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Configuration"
+    - "Method[verbose]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Configuration"
+    - "Method[style_to_permalink]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Document"
+    - "Method[merge_categories!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::EntryFilter"
+    - "Method[derive_base_directory]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::EntryFilter"
+    - "Method[relative_to_source]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Excerpt"
+    - "Method[extract_excerpt]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Excerpt"
+    - "Method[sanctify_liquid_tags]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Excerpt"
+    - "Method[endtag_regex_stash]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::FrontmatterDefaults"
+    - "Method[update_deprecated_types]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::FrontmatterDefaults"
+    - "Method[ensure_time!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::FrontmatterDefaults"
+    - "Method[strip_collections_dir]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::FrontmatterDefaults"
+    - "Method[sanitize_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::LiquidRenderer"
+    - "Method[increment_bytes]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::LiquidRenderer"
+    - "Method[increment_time]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Page"
+    - "Method[process]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::LogAdapter"
+    - "Method[message]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::LogAdapter"
+    - "Method[message]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::LogAdapter"
+    - "Method[log_level=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::LogAdapter"
+    - "Method[formatted_topic]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::DataReader"
+    - "Method[sanitize_filename]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::DataReader"
+    - "Method[convert_row]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::LayoutReader"
+    - "Method[layout_name]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::ThemeAssetsReader"
+    - "Method[append_unless_exists]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::ThemeAssetsReader"
+    - "Method[append_unless_exists]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Regenerator"
+    - "Method[source_modified_or_dest_missing?]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Renderer"
+    - "Method[place_in_layouts]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Site"
+    - "Method[config=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Site"
+    - "Method[incremental?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Site"
+    - "Method[load_theme_configuration]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::ThemeBuilder"
+    - "Method[template_file]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::URL"
+    - "Method[generate_url]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::URL"
+    - "Method[generate_url_from_hash]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::URL"
+    - "Method[generate_url_from_drop]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::URL"
+    - "Method[sanitize_url]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Filters"
+    - "Method[find]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters"
+    - "Method[push]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters"
+    - "Method[inspect]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Filters"
+    - "Method[slugify]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters"
+    - "Method[xml_escape]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Filters"
+    - "Method[normalize_whitespace]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Filters"
+    - "Method[array_to_sentence_string]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Filters"
+    - "Method[array_to_sentence_string]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Filters"
+    - "Method[jsonify]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Filters"
+    - "Method[where]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters"
+    - "Method[where_exp]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters"
+    - "Method[find_exp]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters"
+    - "Method[pop]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters"
+    - "Method[shift]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters"
+    - "Method[unshift]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters"
+    - "Method[sample]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters"
+    - "Method[read_liquid_attribute]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Filters"
+    - "Method[parse_sort_input]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters"
+    - "Method[as_liquid]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::LiquidExtensions"
+    - "Method[lookup_variable]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::LiquidExtensions"
+    - "Method[lookup_variable]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Utils"
+    - "Method[slugify]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Utils"
+    - "Method[deep_merge_hashes]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Utils"
+    - "Method[deep_merge_hashes]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Utils"
+    - "Method[deep_merge_hashes!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Utils"
+    - "Method[deep_merge_hashes!]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Utils"
+    - "Method[value_from_singular_key]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Utils"
+    - "Method[value_from_plural_key]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Utils"
+    - "Method[add_permalink_suffix]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Utils"
+    - "Method[replace_character_sequence_with_hyphen]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Cucumber::Formatter"
+    - "Method[before_step]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Cucumber::Formatter"
+    - "Method[before_step_result]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Converters::Identity"
+    - "Method[convert]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Converters::Identity"
+    - "Method[output_ext]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Drops::DocumentDrop"
+    - "Method[<=>]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Drops::Drop"
+    - "Method[[]=]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Drops::Drop"
+    - "Method[fetch]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Drops::SiteDrop"
+    - "Method[key?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Tags::HighlightBlock"
+    - "Method[render]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Tags::HighlightBlock"
+    - "Method[add_code_tag]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Tags::IncludeTag"
+    - "Method[valid_include_file?]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Tags::IncludeTag"
+    - "Method[outside_site_source?]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Tags::IncludeRelativeTag"
+    - "Method[resource_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Filters::DateFilters"
+    - "Method[date_to_string]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters::DateFilters"
+    - "Method[date_to_long_string]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters::DateFilters"
+    - "Method[date_to_xmlschema]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters::DateFilters"
+    - "Method[date_to_rfc822]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters::DateFilters"
+    - "Method[stringify_date]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters::GroupingFilters"
+    - "Method[group_by]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters::GroupingFilters"
+    - "Method[group_by_exp]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters::URLFilters"
+    - "Method[strip_index]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Filters::URLFilters"
+    - "Method[compute_absolute_url]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters::URLFilters"
+    - "Method[compute_relative_url]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Filters::URLFilters"
+    - "Method[ensure_leading_slash]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Utils::Ansi"
+    - "Method[reset]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Utils::Ansi"
+    - "Method[strip]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Utils::Ansi"
+    - "Method[has?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Commands::Serve::LiveReloadReactor"
+    - "Method[connect]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RuboCop::Cop::Jekyll::AssertEqualLiteralActual"
+    - "Method[literal?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RuboCop::Cop::Jekyll::AssertEqualLiteralActual"
+    - "Method[replace_based_on_line_length]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RuboCop::Cop::Jekyll::AssertEqualLiteralActual"
+    - "Method[replace_based_on_line_length]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "RuboCop::Cop::Jekyll::AssertEqualLiteralActual"
+    - "Method[replace_hash_with_variable]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RuboCop::Cop::Jekyll::AssertEqualLiteralActual"
+    - "Method[replace_hash_with_variable]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "RuboCop::Cop::Jekyll::AssertEqualLiteralActual"
+    - "Method[replace_array_with_variable]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RuboCop::Cop::Jekyll::AssertEqualLiteralActual"
+    - "Method[replace_array_with_variable]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "FooPage!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "FooPage!"
+    - "Method[new]"
+    - "Argument[name:]"
+    - "ReturnValue"
+    - "value"
+  - - "Drop!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Cache!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Correctness!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Cleaner!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Commands::Serve::SkipAnalyzer!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Commands::Serve::SkipAnalyzer!"
+    - "Method[skip_processing?]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Converter!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Converter!"
+    - "Method[highlighter_prefix]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Converter!"
+    - "Method[highlighter_suffix]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Document!"
+    - "Method[superdirs_regex]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Drops::Drop!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::EntryFilter!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::FrontmatterDefaults!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Inclusion!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Inclusion!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::LiquidRenderer!"
+    - "Method[format_error]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Plugin!"
+    - "Method[priority]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Plugin!"
+    - "Method[safe]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::PluginManager!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Profiler!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::URL!"
+    - "Method[escape_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::URL!"
+    - "Method[unescape_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Hooks!"
+    - "Method[priority_value]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Hooks!"
+    - "Method[register_one]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Hooks!"
+    - "Method[register_one]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Hooks!"
+    - "Method[insert_hook]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::Hooks!"
+    - "Method[insert_hook]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::LiquidRenderer::File!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::LiquidRenderer::Table!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::LogAdapter!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Reader!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Publisher!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::PostReader!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::ThemeAssetsReader!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Tags::IncludeTag!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Jekyll::Tags::Link!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::ThemeBuilder!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Jekyll::ThemeBuilder::ERBRenderer!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/jquery-rails/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/jquery-rails/model.yml
@@ -0,0 +1,15 @@
+"extensions":
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Rails::Dom::Testing::Assertions::SelectorAssertions"
+    - "Method[unescape_js]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rails::Dom::Testing::Assertions::SelectorAssertions"
+    - "Method[escape_id]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/json/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/json/model.yml
@@ -0,0 +1,128 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Exception"
+    - "Exception!"
+    - "Method[json_create].ReturnValue"
+  - - "OpenStruct"
+    - "Kernel"
+    - "Method[JSON].Parameter[0]"
+  - - "OpenStruct"
+    - "OpenStruct!"
+    - "Method[json_create].ReturnValue"
+  - - "Range"
+    - "Range!"
+    - "Method[json_create].ReturnValue"
+  - - "Regexp"
+    - "Regexp!"
+    - "Method[json_create].ReturnValue"
+  - - "Set"
+    - "Kernel"
+    - "Method[JSON].Parameter[0]"
+  - - "Set"
+    - "Set!"
+    - "Method[json_create].ReturnValue"
+  - - "Struct"
+    - "Struct!"
+    - "Method[json_create].ReturnValue"
+  - - "JSONAdditionTest::A"
+    - "JSON"
+    - "Method[generate].Parameter[0]"
+  - - "JSONAdditionTest::B"
+    - "JSON"
+    - "Method[generate].Parameter[0]"
+  - - "JSONAdditionTest::C"
+    - "JSON"
+    - "Method[generate].Parameter[0]"
+  - - "JSON::JSONError"
+    - "JSON::JSONError!"
+    - "Method[wrap].ReturnValue"
+  - - "JSON::Pure::Generator::State"
+    - "JSON::Pure::Generator::State!"
+    - "Method[from_state].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "JSON"
+    - "Method[load_file].Parameter[0]"
+    - "path-injection"
+  - - "JSON"
+    - "Method[load_file!].Parameter[0]"
+    - "path-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "JSON"
+    - "Method[dump]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "JSON"
+    - "Method[utf8_to_json]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "JSON"
+    - "Method[utf8_to_json_ascii]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Fuzzer"
+    - "Method[fuzz]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Kernel"
+    - "Method[JSON]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "JSON::Pure::Generator::State"
+    - "Method[generate]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "JSON::Pure::Generator::State"
+    - "Method[buffer_initial_length=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "JSON::Pure::Generator::State!"
+    - "Method[from_state]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "JSON!"
+    - "Method[create_id=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "JSON!"
+    - "Method[iconv]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "JSON::Pure::Parser"
+    - "Method[convert_encoding]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "JSON::Pure::Generator::GeneratorMethods::Hash"
+    - "Method[json_shift]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "JSON::Pure::Generator::GeneratorMethods::String::Extend"
+    - "Method[json_create]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "JSON::Pure::Parser!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/kaminari/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/kaminari/model.yml
@@ -0,0 +1,57 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Kaminari::PaginatableArray"
+    - "Kaminari!"
+    - "Method[paginate_array].ReturnValue"
+  - - "Kaminari::Helpers::Page"
+    - "Kaminari::Helpers::Paginator"
+    - "Method[page_tag].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Kaminari::Helpers::Paginator"
+    - "Method[method_missing].Parameter[0]"
+    - "code-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Kaminari::PaginatableWithoutCount::LimitValueSetter"
+    - "Method[set_limit_value]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Kaminari::ConfigurationMethods::ClassMethods"
+    - "Method[max_paginates_per]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Kaminari::ConfigurationMethods::ClassMethods"
+    - "Method[paginates_per]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Kaminari::ConfigurationMethods::ClassMethods"
+    - "Method[max_pages]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Kaminari::ConfigurationMethods::ClassMethods"
+    - "Method[max_pages_per]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Kaminari::Helpers::Tag!"
+    - "Method[new]"
+    - "Argument[5]"
+    - "ReturnValue"
+    - "value"
+  - - "Kaminari::Helpers::Tag!"
+    - "Method[new]"
+    - "Argument[internal_params:]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/launchy/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/launchy/model.yml
@@ -0,0 +1,91 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "ThisProject"
+    - "ThisProject!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "Launchy::Argv"
+    - "Launchy::Detect::NixDesktopEnvironment::Kde!"
+    - "Method[browser].ReturnValue"
+  - - "Launchy::Argv"
+    - "Launchy::Detect::NixDesktopEnvironment::Gnome!"
+    - "Method[browser].ReturnValue"
+  - - "Launchy::Argv"
+    - "Launchy::Detect::NixDesktopEnvironment::Xfce!"
+    - "Method[browser].ReturnValue"
+  - - "Launchy::Argv"
+    - "Launchy::Detect::NixDesktopEnvironment::Xdg!"
+    - "Method[browser].ReturnValue"
+  - - "Launchy::Argv"
+    - "Launchy::Detect::NixDesktopEnvironment::NotFound!"
+    - "Method[browser].ReturnValue"
+  - - "Launchy::Detect::RubyEngine"
+    - "Launchy::Detect::RubyEngine!"
+    - "Method[ruby_engine_error_message].Parameter[0]"
+  - - "Launchy::Detect::Runner::Windows"
+    - "Launchy::Detect::Runner!"
+    - "Method[detect].ReturnValue"
+  - - "Launchy::Detect::Runner::Jruby"
+    - "Launchy::Detect::Runner!"
+    - "Method[detect].ReturnValue"
+  - - "Launchy::Detect::Runner::Forkable"
+    - "Launchy::Detect::Runner!"
+    - "Method[detect].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Launchy::DescendantTracker"
+    - "Method[find_child].Parameter[0]"
+    - "code-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "ThisProject"
+    - "Method[ruby_gemspec]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ThisProject"
+    - "Method[java_gemspec]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ThisProject"
+    - "Method[yielding_gemspec]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Launchy::DescendantTracker"
+    - "Method[inherited]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Launchy::Detect::Runner"
+    - "Method[dry_run]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Launchy::Detect::HostOsFamily!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Launchy::Detect::RubyEngine!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Launchy::Detect::RubyEngine!"
+    - "Method[ruby_engine_error_message]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Launchy::Detect::RubyEngine!"
+    - "Method[is_current_engine?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/lograge/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/lograge/model.yml
@@ -0,0 +1,147 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Lograge::Formatters::KeyValue"
+    - "Lograge"
+    - "Method[set_formatter].ReturnValue"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Lograge"
+    - "Method[before_format]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Lograge"
+    - "Method[controller_field]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Lograge::OrderedOptions"
+    - "Method[custom_payload]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Lograge::OrderedOptions"
+    - "Method[custom_payload]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Lograge::Formatters::KeyValueDeep"
+    - "Method[call]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Lograge::Formatters::KeyValueDeep"
+    - "Method[flatten_keys]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Lograge::Formatters::Logstash"
+    - "Method[call]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Lograge::Formatters::KeyValue"
+    - "Method[format]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Lograge::Formatters::KeyValue"
+    - "Method[format]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Lograge::Formatters::KeyValue"
+    - "Method[parse_value]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Lograge::Formatters::KeyValue"
+    - "Method[call]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Lograge::Formatters::Cee"
+    - "Method[call]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Lograge::Formatters::Graylog2"
+    - "Method[short_message]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Lograge::Formatters::L2met"
+    - "Method[format]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Lograge::Formatters::L2met"
+    - "Method[call]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Lograge::Formatters::L2met"
+    - "Method[modify_payload]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Lograge::Formatters::L2met"
+    - "Method[source_field]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Lograge::Formatters::Json"
+    - "Method[call]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Lograge::Formatters::LTSV"
+    - "Method[format]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Lograge::Formatters::LTSV"
+    - "Method[format]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Lograge::Formatters::LTSV"
+    - "Method[escape]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Lograge::Formatters::LTSV"
+    - "Method[call]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Lograge::Formatters::Raw"
+    - "Method[call]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Lograge::LogSubscribers::ActionController"
+    - "Method[strip_query_string]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Lograge::LogSubscribers::ActionController"
+    - "Method[extract_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Lograge::LogSubscribers::ActionController"
+    - "Method[extract_format]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Lograge::Formatters::Helpers::MethodAndPath"
+    - "Method[method_and_path_string]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/minitar/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/minitar/model.yml
@@ -0,0 +1,65 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Archive::Tar::Minitar::Writer"
+    - "Archive::Tar::Minitar::Writer!"
+    - "Method[open].ReturnValue"
+  - - "Archive::Tar::Minitar::Input"
+    - "Archive::Tar::Minitar::Input!"
+    - "Method[open].ReturnValue"
+  - - "Archive::Tar::Minitar::Input"
+    - "Archive::Tar::Minitar::Input!"
+    - "Method[each_entry].ReturnValue"
+  - - "Archive::Tar::Minitar::Input"
+    - "Archive::Tar::Minitar::Reader!"
+    - "Method[each_entry].ReturnValue"
+  - - "Archive::Tar::Minitar::Output"
+    - "Archive::Tar::Minitar::Output!"
+    - "Method[open].ReturnValue"
+  - - "Archive::Tar::Minitar::Output"
+    - "Archive::Tar::Minitar::Output!"
+    - "Method[tar].ReturnValue"
+  - - "Archive::Tar::Minitar::Reader"
+    - "Archive::Tar::Minitar::Reader!"
+    - "Method[open].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Archive::Tar::Minitar::Input!"
+    - "Method[new].Parameter[0]"
+    - "request-forgery"
+  - - "Archive::Tar::Minitar::Output!"
+    - "Method[new].Parameter[0]"
+    - "request-forgery"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Archive::Tar::Minitar::PosixHeader"
+    - "Method[oct]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Archive::Tar::Minitar::PosixHeader"
+    - "Method[oct]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Archive::Tar::Minitar::PosixHeader"
+    - "Method[header]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Archive::Tar::Minitar::Writer::WriteOnlyStream!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Archive::Tar::Minitar::PosixHeader!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/mysql2/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/mysql2/model.yml
@@ -0,0 +1,15 @@
+"extensions":
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Mysql2::Client"
+    - "Method[parse_flags_array]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Mysql2::Error"
+    - "Method[clean_message]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/net-ssh/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/net-ssh/model.yml
@@ -0,0 +1,594 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "String"
+    - "Net::SSH::Buffer"
+    - "Method[to_s].ReturnValue"
+  - - "String"
+    - "Net::SSH::Transport::CTR"
+    - "Method[update].ReturnValue"
+  - - "String"
+    - "Net::SSH::Transport::CTR"
+    - "Method[reset].ReturnValue"
+  - - "String"
+    - "Net::SSH::Connection::Channel"
+    - "Method[[]=].ReturnValue"
+  - - "String"
+    - "Net::SSH::Connection::Channel"
+    - "Method[[]=].Parameter[1]"
+  - - "OpenSSL::BN"
+    - "Net::SSH::Buffer"
+    - "Method[read_bignum].ReturnValue"
+  - - "OpenSSL::BN"
+    - "Net::SSH::Transport::Kex::Curve25519Sha256"
+    - "Method[compute_shared_secret].ReturnValue"
+  - - "OpenSSL::BN"
+    - "Net::SSH::Transport::Kex::EcdhSHA2NistP256"
+    - "Method[compute_shared_secret].ReturnValue"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Buffer"
+    - "Method[append].ReturnValue"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Buffer"
+    - "Method[read_all].Argument[block].Parameter[0]"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Buffer"
+    - "Method[consume!].ReturnValue"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Buffer"
+    - "Method[remainder_as_buffer].ReturnValue"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Buffer"
+    - "Method[read_buffer].ReturnValue"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Buffer"
+    - "Method[write].ReturnValue"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Buffer"
+    - "Method[write_long].ReturnValue"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Buffer"
+    - "Method[write_byte].ReturnValue"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Buffer"
+    - "Method[write_string].ReturnValue"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Buffer"
+    - "Method[write_bool].ReturnValue"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Buffer"
+    - "Method[write_bignum].ReturnValue"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Buffer"
+    - "Method[write_key].ReturnValue"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Transport::Kex::DiffieHellmanGroupExchangeSHA1"
+    - "Method[build_signature_buffer].ReturnValue"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Transport::Algorithms"
+    - "Method[build_client_algorithm_packet].ReturnValue"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Transport::Session"
+    - "Method[service_request].ReturnValue"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Authentication::Methods::Abstract"
+    - "Method[userauth_request].ReturnValue"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Authentication::Methods::Publickey"
+    - "Method[build_request].ReturnValue"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Transport::Kex::Abstract5656"
+    - "Method[build_signature_buffer].ReturnValue"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Transport::Kex::DiffieHellmanGroup1SHA1"
+    - "Method[build_signature_buffer].ReturnValue"
+  - - "Net::SSH::Buffer"
+    - "Net::SSH::Buffer!"
+    - "Method[from].ReturnValue"
+  - - "Net::SSH::Packet"
+    - "Net::SSH::Buffer"
+    - "Method[read_all].Argument[block].Parameter[0]"
+  - - "Net::SSH::Packet"
+    - "Net::SSH::Transport::PacketStream"
+    - "Method[next_packet].ReturnValue"
+  - - "Net::SSH::Packet"
+    - "Net::SSH::Transport::PacketStream"
+    - "Method[poll_next_packet].ReturnValue"
+  - - "Net::SSH::Prompt"
+    - "Net::SSH::Prompt!"
+    - "Method[default].ReturnValue"
+  - - "Net::SSH::Transport::OpenSSLAESCTR"
+    - "Net::SSH::Transport::CipherFactory!"
+    - "Method[get].ReturnValue"
+  - - "OpenSSL::PKey::DH"
+    - "Net::SSH::Transport::Kex::DiffieHellmanGroup1SHA1"
+    - "Method[generate_key].ReturnValue"
+  - - "OpenSSL::PKey::RSA"
+    - "Net::SSH::Buffer"
+    - "Method[read_keyblob].ReturnValue"
+  - - "OpenSSL::PKey::RSA"
+    - "Net::SSH::Buffer"
+    - "Method[read_key].ReturnValue"
+  - - "OpenSSL::PKey::RSA"
+    - "Net::SSH::Buffer"
+    - "Method[read_private_keyblob].ReturnValue"
+  - - "OpenSSL::PKey::RSA"
+    - "Net::SSH::Authentication::Certificate"
+    - "Method[sign!].Parameter[0]"
+  - - "OpenSSL::PKey::RSA"
+    - "Net::SSH::Authentication::Certificate"
+    - "Method[sign!].ReturnValue"
+  - - "OpenSSL::PKey::RSA"
+    - "Net::SSH::Authentication::ED25519::OpenSSHPrivateKeyLoader!"
+    - "Method[read].ReturnValue"
+  - - "OpenSSL::PKey::RSA"
+    - "Net::SSH::Authentication::ED25519::PrivKey!"
+    - "Method[read].ReturnValue"
+  - - "OpenSSL::PKey::DSA"
+    - "Net::SSH::Buffer"
+    - "Method[read_keyblob].ReturnValue"
+  - - "OpenSSL::PKey::DSA"
+    - "Net::SSH::Buffer"
+    - "Method[read_key].ReturnValue"
+  - - "OpenSSL::PKey::DSA"
+    - "Net::SSH::Authentication::Certificate"
+    - "Method[sign!].Parameter[0]"
+  - - "OpenSSL::PKey::DSA"
+    - "Net::SSH::Authentication::Certificate"
+    - "Method[sign!].ReturnValue"
+  - - "Net::SSH::Version"
+    - "Net::SSH::Version!"
+    - "Method[[]].ReturnValue"
+  - - "OpenSSL::PKey::EC"
+    - "Net::SSH::Buffer"
+    - "Method[read_keyblob].ReturnValue"
+  - - "OpenSSL::PKey::EC"
+    - "Net::SSH::Buffer"
+    - "Method[read_key].ReturnValue"
+  - - "OpenSSL::PKey::EC"
+    - "Net::SSH::Buffer"
+    - "Method[read_private_keyblob].ReturnValue"
+  - - "OpenSSL::PKey::EC"
+    - "Net::SSH::Authentication::Certificate"
+    - "Method[sign!].ReturnValue"
+  - - "OpenSSL::PKey::EC"
+    - "Net::SSH::Authentication::ED25519::OpenSSHPrivateKeyLoader!"
+    - "Method[read].ReturnValue"
+  - - "OpenSSL::PKey::EC"
+    - "Net::SSH::Authentication::ED25519::PrivKey!"
+    - "Method[read].ReturnValue"
+  - - "OpenSSL::PKey::EC"
+    - "OpenSSL::PKey::EC!"
+    - "Method[read_keyblob].ReturnValue"
+  - - "Net::SSH::Authentication::Certificate"
+    - "Net::SSH::Buffer"
+    - "Method[read_keyblob].ReturnValue"
+  - - "Net::SSH::Authentication::Certificate"
+    - "Net::SSH::Buffer"
+    - "Method[read_key].ReturnValue"
+  - - "Net::SSH::Authentication::Certificate"
+    - "Net::SSH::Authentication::Certificate"
+    - "Method[sign!].ReturnValue"
+  - - "Net::SSH::Authentication::Certificate"
+    - "Net::SSH::Authentication::Certificate!"
+    - "Method[read_certblob].ReturnValue"
+  - - "Net::SSH::Authentication::KeyManager"
+    - "Net::SSH::Authentication::KeyManager"
+    - "Method[add].ReturnValue"
+  - - "Net::SSH::Authentication::KeyManager"
+    - "Net::SSH::Authentication::KeyManager"
+    - "Method[add_keycert].ReturnValue"
+  - - "Net::SSH::Authentication::KeyManager"
+    - "Net::SSH::Authentication::KeyManager"
+    - "Method[add_key_data].ReturnValue"
+  - - "Net::SSH::Authentication::KeyManager"
+    - "Net::SSH::Authentication::KeyManager"
+    - "Method[each_identity].ReturnValue"
+  - - "Net::SSH::Authentication::Agent"
+    - "Net::SSH::Authentication::KeyManager"
+    - "Method[agent].ReturnValue"
+  - - "Net::SSH::Authentication::Agent"
+    - "Net::SSH::Authentication::Agent!"
+    - "Method[connect].ReturnValue"
+  - - "Net::SSH::Connection::Channel"
+    - "Net::SSH::Connection::Session"
+    - "Method[exec].ReturnValue"
+  - - "Net::SSH::Connection::Channel"
+    - "Net::SSH::Connection::Session"
+    - "Method[open_channel].ReturnValue"
+  - - "Net::SSH::Connection::Channel"
+    - "Net::SSH::Connection::Session"
+    - "Method[cleanup_channel].ReturnValue"
+  - - "Net::SSH::Connection::EventLoop"
+    - "Net::SSH::Connection::EventLoop"
+    - "Method[ev_preprocess].Argument[block].Parameter[0]"
+  - - "Net::SSH::Connection::Session"
+    - "Net::SSH::Test"
+    - "Method[connection].ReturnValue"
+  - - "Net::SSH::Connection::Session"
+    - "Net::SSH::Connection::Session"
+    - "Method[preprocess].Argument[block].Parameter[0]"
+  - - "Net::SSH::Connection::Session"
+    - "Net::SSH::Connection::Session"
+    - "Method[send_global_request].ReturnValue"
+  - - "Net::SSH::Connection::Session"
+    - "Net::SSH!"
+    - "Method[start].ReturnValue"
+  - - "Net::SSH::Prompt::Prompter"
+    - "Net::SSH::Prompt"
+    - "Method[start].ReturnValue"
+  - - "Net::SSH::Service::Forward"
+    - "Net::SSH::Connection::Session"
+    - "Method[forward].ReturnValue"
+  - - "Net::SSH::Verifiers::AcceptNew"
+    - "Net::SSH::Transport::Session"
+    - "Method[select_host_key_verifier].ReturnValue"
+  - - "Net::SSH::Transport::Session"
+    - "Net::SSH::Test"
+    - "Method[transport].ReturnValue"
+  - - "Net::SSH::Verifiers::AcceptNewOrLocalTunnel"
+    - "Net::SSH::Transport::Session"
+    - "Method[select_host_key_verifier].ReturnValue"
+  - - "Net::SSH::Verifiers::Never"
+    - "Net::SSH::Transport::Session"
+    - "Method[select_host_key_verifier].ReturnValue"
+  - - "Net::SSH::Verifiers::Always"
+    - "Net::SSH::Transport::Session"
+    - "Method[select_host_key_verifier].ReturnValue"
+  - - "Net::SSH::Authentication::ED25519::PubKey"
+    - "Net::SSH::Buffer"
+    - "Method[read_keyblob].ReturnValue"
+  - - "Net::SSH::Authentication::ED25519::PubKey"
+    - "Net::SSH::Buffer"
+    - "Method[read_key].ReturnValue"
+  - - "Net::SSH::Authentication::ED25519::PubKey"
+    - "Net::SSH::Authentication::Certificate"
+    - "Method[sign!].ReturnValue"
+  - - "Net::SSH::Authentication::ED25519::PubKey"
+    - "Net::SSH::Authentication::ED25519::PrivKey"
+    - "Method[public_key].ReturnValue"
+  - - "Net::SSH::Authentication::ED25519::PubKey"
+    - "Net::SSH::Authentication::ED25519::PubKey!"
+    - "Method[read_keyblob].ReturnValue"
+  - - "Net::SSH::Authentication::ED25519::PrivKey"
+    - "Net::SSH::Authentication::ED25519::OpenSSHPrivateKeyLoader!"
+    - "Method[read].ReturnValue"
+  - - "Net::SSH::Authentication::ED25519::PrivKey"
+    - "Net::SSH::Authentication::ED25519::PrivKey!"
+    - "Method[read].ReturnValue"
+  - - "Net::SSH::Authentication::Pageant::Socket"
+    - "Net::SSH::Authentication::Agent"
+    - "Method[connect!].ReturnValue"
+  - - "Net::SSH::Authentication::Pageant::Socket"
+    - "Net::SSH::Authentication::Pageant::Socket!"
+    - "Method[open].ReturnValue"
+  - - "Net::SSH::Connection::Session::StringWithExitstatus"
+    - "Net::SSH::Connection::Session"
+    - "Method[exec!].ReturnValue"
+  - - "Net::SSH::Transport::ChaCha20Poly1305Cipher::ImplicitHMac"
+    - "Net::SSH::Transport::ChaCha20Poly1305Cipher"
+    - "Method[implicit_mac].ReturnValue"
+  - - "Net::SSH::Transport::Session::CompatibleVerifier"
+    - "Net::SSH::Transport::Session"
+    - "Method[select_host_key_verifier].ReturnValue"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Net::SSH::Buffer"
+    - "Method[==]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::KnownHosts"
+    - "Method[match]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::KnownHosts"
+    - "Method[match]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Transport::CTR"
+    - "Method[iv=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Authentication::KeyManager"
+    - "Method[use_agent=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Authentication::Agent"
+    - "Method[agent_failed]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Connection::Channel"
+    - "Method[[]=]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Connection::Channel"
+    - "Method[env]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Connection::Channel"
+    - "Method[env]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Connection::Channel"
+    - "Method[exec]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Connection::Channel"
+    - "Method[exec]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Connection::Channel"
+    - "Method[subsystem]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Connection::Channel"
+    - "Method[subsystem]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Connection::Channel"
+    - "Method[request_pty]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Connection::Channel"
+    - "Method[request_pty]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Connection::Channel"
+    - "Method[send_channel_request]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Connection::Channel"
+    - "Method[send_channel_request]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Connection::Channel"
+    - "Method[do_window_adjust]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Connection::EventLoop"
+    - "Method[register]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Connection::Session"
+    - "Method[[]=]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Connection::Session"
+    - "Method[listen_to]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Connection::Session"
+    - "Method[listen_to]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Connection::Session"
+    - "Method[on_open_channel]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Connection::Session"
+    - "Method[on_open_channel]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Connection::Session"
+    - "Method[io_select_wait]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Service::Forward"
+    - "Method[local_socket]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Transport::Algorithms"
+    - "Method[compose_algorithm_list]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Transport::State"
+    - "Method[decompress]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Transport::State"
+    - "Method[increment]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Transport::State"
+    - "Method[compress]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Transport::State"
+    - "Method[update_next_iv]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Transport::Session"
+    - "Method[hint]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Transport::Session"
+    - "Method[select_host_key_verifier]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Transport::HMAC::Abstract"
+    - "Method[key=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Authentication::KeyManager!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Authentication::Agent!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Authentication::ED25519::OpenSSHPrivateKeyLoader::DecryptError!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Authentication::ED25519::OpenSSHPrivateKeyLoader::DecryptError!"
+    - "Method[new]"
+    - "Argument[encrypted_key:]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Authentication::Session!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Connection::Session::NilChannel!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::HostKeyEntries::PubKey!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::HostKeyEntries::PubKey!"
+    - "Method[new]"
+    - "Argument[comment:]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::HostKeyEntries::CertAuthority!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::HostKeyEntries::CertAuthority!"
+    - "Method[new]"
+    - "Argument[comment:]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::HostKeys!"
+    - "Method[new]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::KnownHosts!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Proxy::HTTP!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Proxy::HTTPS!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Proxy::Jump!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Connection::Session::StringWithExitstatus!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Proxy::SOCKS4!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Proxy::SOCKS5!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Transport::ChaCha20Poly1305Cipher!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Transport::ChaCha20Poly1305Cipher!"
+    - "Method[new]"
+    - "Argument[key:]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Authentication::Pageant::Win!"
+    - "Method[set_ptr_data]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Authentication::Pageant::Win!"
+    - "Method[ptr_to_s]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Authentication::Pageant::Win!"
+    - "Method[to_struct_ptr]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Authentication::Pageant::Win!"
+    - "Method[get_cstr]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Transport::KeyExpander!"
+    - "Method[expand_key]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH!"
+    - "Method[_support_deprecated_option_paranoid]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Transport::HMAC::Abstract!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Net::SSH::Transport::Kex::Abstract!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Net::SSH::Transport::Session::CompatibleVerifier!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/newrelic-ruby-agent/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/newrelic-ruby-agent/model.yml
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/nokogiri/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/nokogiri/model.yml
@@ -0,0 +1,556 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Nokogiri::HTML4::Document"
+    - "Nokogiri::XML::Document"
+    - "Method[document].ReturnValue"
+  - - "Nokogiri::HTML4::Document"
+    - "Nokogiri::XML::Node"
+    - "Method[traverse].Argument[block].Parameter[0]"
+  - - "ThisIsATestBuilder"
+    - "Nokogiri::XML::Builder"
+    - "Method[insert].Argument[block].Parameter[0]"
+  - - "ThisIsATestBuilder"
+    - "Nokogiri::XML::Builder!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "ThisIsAnotherTestBuilder"
+    - "Nokogiri::XML::Builder"
+    - "Method[insert].Argument[block].Parameter[0]"
+  - - "ThisIsAnotherTestBuilder"
+    - "Nokogiri::XML::Builder!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "Nokogiri::XML::Document"
+    - "Nokogiri::XML::Document"
+    - "Method[document].ReturnValue"
+  - - "Nokogiri::XML::Document"
+    - "Nokogiri::XML::Node"
+    - "Method[traverse].Argument[block].Parameter[0]"
+  - - "Nokogiri::HTML5::Document"
+    - "Nokogiri::XML::Node"
+    - "Method[traverse].Argument[block].Parameter[0]"
+  - - "Nokogiri::XML::Builder"
+    - "Nokogiri::XML::Builder"
+    - "Method[insert].Argument[block].Parameter[0]"
+  - - "Nokogiri::XML::Builder"
+    - "Nokogiri::XML::Builder!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "Nokogiri::XML::Builder"
+    - "Nokogiri::XML::Builder!"
+    - "Method[with].ReturnValue"
+  - - "Nokogiri::XML::Node"
+    - "Nokogiri::HTML4::Document"
+    - "Method[set_metadata_element].Parameter[0]"
+  - - "Nokogiri::XML::Node"
+    - "Nokogiri::XML::Document"
+    - "Method[add_child].Parameter[0]"
+  - - "Nokogiri::XML::Node"
+    - "Nokogiri::XML::Node"
+    - "Method[add_child].Parameter[0]"
+  - - "Nokogiri::XML::Node"
+    - "Nokogiri::XML::Node"
+    - "Method[traverse].Argument[block].Parameter[0]"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_17].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_15].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_18].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_10].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_11].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_13].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_14].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_19].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_21].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_23].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_24].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_25].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_28].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_29].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_30].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_31].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_32].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_34].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_35].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_36].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_37].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_38].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_45].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_47].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_48].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_49].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_50].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_51].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_54].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_55].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_56].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_57].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_58].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_64].ReturnValue"
+  - - "Nokogiri::CSS::Node"
+    - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_76].ReturnValue"
+  - - "Nokogiri::CSS::XPathVisitor"
+    - "Nokogiri::CSS::Parser"
+    - "Method[xpath_for].Parameter[2]"
+  - - "Nokogiri::CSS::XPathVisitor"
+    - "Nokogiri::CSS::XPathVisitorAlwaysUseBuiltins!"
+    - "Method[new].ReturnValue"
+  - - "Nokogiri::CSS::XPathVisitor"
+    - "Nokogiri::CSS::XPathVisitorOptimallyUseBuiltins!"
+    - "Method[new].ReturnValue"
+  - - "Nokogiri::HTML::Document"
+    - "Nokogiri::XML::Node"
+    - "Method[traverse].Argument[block].Parameter[0]"
+  - - "Nokogiri::HTML4::Builder"
+    - "Nokogiri::XML::Builder"
+    - "Method[insert].Argument[block].Parameter[0]"
+  - - "Nokogiri::HTML4::Builder"
+    - "Nokogiri::XML::Builder!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "Nokogiri::HTML::DocumentFragment"
+    - "Nokogiri::XML::Node"
+    - "Method[traverse].Argument[block].Parameter[0]"
+  - - "Nokogiri::HTML::Builder"
+    - "Nokogiri::XML::Builder"
+    - "Method[insert].Argument[block].Parameter[0]"
+  - - "Nokogiri::HTML::Builder"
+    - "Nokogiri::XML::Builder!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "Nokogiri::HTML4::DocumentFragment"
+    - "Nokogiri::HTML4::Document"
+    - "Method[fragment].ReturnValue"
+  - - "Nokogiri::HTML4::DocumentFragment"
+    - "Nokogiri::XML::Document"
+    - "Method[document].ReturnValue"
+  - - "Nokogiri::HTML4::DocumentFragment"
+    - "Nokogiri::XML::Node"
+    - "Method[traverse].Argument[block].Parameter[0]"
+  - - "Nokogiri::HTML4::DocumentFragment"
+    - "Nokogiri::HTML4::DocumentFragment!"
+    - "Method[parse].ReturnValue"
+  - - "Nokogiri::HTML5::DocumentFragment"
+    - "Nokogiri::XML::Document"
+    - "Method[document].ReturnValue"
+  - - "Nokogiri::HTML5::DocumentFragment"
+    - "Nokogiri::HTML5::Document"
+    - "Method[fragment].ReturnValue"
+  - - "Nokogiri::HTML5::DocumentFragment"
+    - "Nokogiri::XML::Node"
+    - "Method[traverse].Argument[block].Parameter[0]"
+  - - "Nokogiri::HTML5::DocumentFragment"
+    - "Nokogiri::HTML5::Node"
+    - "Method[fragment].ReturnValue"
+  - - "Nokogiri::HTML5::DocumentFragment"
+    - "Nokogiri::HTML5::DocumentFragment!"
+    - "Method[parse].ReturnValue"
+  - - "Nokogiri::XML::Attr"
+    - "Nokogiri::XML::Node"
+    - "Method[traverse].Argument[block].Parameter[0]"
+  - - "Nokogiri::XML::AttributeDecl"
+    - "Nokogiri::XML::Node"
+    - "Method[traverse].Argument[block].Parameter[0]"
+  - - "Nokogiri::XML::CDATA"
+    - "Nokogiri::XML::Document"
+    - "Method[document].ReturnValue"
+  - - "Nokogiri::XML::CDATA"
+    - "Nokogiri::XML::Document"
+    - "Method[create_cdata].ReturnValue"
+  - - "Nokogiri::XML::CDATA"
+    - "Nokogiri::XML::Node"
+    - "Method[traverse].Argument[block].Parameter[0]"
+  - - "Nokogiri::XML::CharacterData"
+    - "Nokogiri::XML::Node"
+    - "Method[traverse].Argument[block].Parameter[0]"
+  - - "Nokogiri::XML::DocumentFragment"
+    - "Nokogiri::XML::Document"
+    - "Method[document].ReturnValue"
+  - - "Nokogiri::XML::DocumentFragment"
+    - "Nokogiri::XML::Document"
+    - "Method[fragment].ReturnValue"
+  - - "Nokogiri::XML::DocumentFragment"
+    - "Nokogiri::XML::Node"
+    - "Method[traverse].Argument[block].Parameter[0]"
+  - - "Nokogiri::XML::DocumentFragment"
+    - "Nokogiri::XML::Node"
+    - "Method[coerce].ReturnValue"
+  - - "Nokogiri::XML::DocumentFragment"
+    - "Nokogiri::XML::Node"
+    - "Method[prepend_child].ReturnValue"
+  - - "Nokogiri::XML::DocumentFragment"
+    - "Nokogiri::XML::DocumentFragment!"
+    - "Method[parse].ReturnValue"
+  - - "Nokogiri::XML::DTD"
+    - "Nokogiri::XML::Node"
+    - "Method[traverse].Argument[block].Parameter[0]"
+  - - "Nokogiri::XML::ElementDecl"
+    - "Nokogiri::XML::Node"
+    - "Method[traverse].Argument[block].Parameter[0]"
+  - - "Nokogiri::XML::EntityDecl"
+    - "Nokogiri::XML::Node"
+    - "Method[traverse].Argument[block].Parameter[0]"
+  - - "Nokogiri::XML::EntityReference"
+    - "Nokogiri::XML::Node"
+    - "Method[traverse].Argument[block].Parameter[0]"
+  - - "Nokogiri::XML::NodeSet"
+    - "Nokogiri::XML::Document"
+    - "Method[document].ReturnValue"
+  - - "Nokogiri::XML::NodeSet"
+    - "Nokogiri::XML::Node"
+    - "Method[parse].ReturnValue"
+  - - "Nokogiri::XML::NodeSet"
+    - "Nokogiri::XML::Node"
+    - "Method[ancestors].ReturnValue"
+  - - "Nokogiri::XML::NodeSet"
+    - "Nokogiri::XML::DocumentFragment"
+    - "Method[css].ReturnValue"
+  - - "Nokogiri::XML::NodeSet"
+    - "Nokogiri::XML::EntityReference"
+    - "Method[children].ReturnValue"
+  - - "Nokogiri::XML::NodeSet"
+    - "Nokogiri::XML::NodeSet"
+    - "Method[each].ReturnValue"
+  - - "Nokogiri::XML::NodeSet"
+    - "Nokogiri::XML::NodeSet"
+    - "Method[wrap].ReturnValue"
+  - - "Nokogiri::XML::NodeSet"
+    - "Nokogiri::XML::NodeSet"
+    - "Method[children].ReturnValue"
+  - - "Nokogiri::XML::NodeSet"
+    - "Nokogiri::XML::NodeSet"
+    - "Method[reverse].ReturnValue"
+  - - "Nokogiri::XML::NodeSet"
+    - "Nokogiri::XML::Searchable"
+    - "Method[css].ReturnValue"
+  - - "Nokogiri::XML::NodeSet"
+    - "Nokogiri::XML::Searchable"
+    - "Method[search].ReturnValue"
+  - - "Nokogiri::XML::NodeSet"
+    - "Nokogiri::XML::Searchable"
+    - "Method[xpath].ReturnValue"
+  - - "Nokogiri::XML::NodeSet"
+    - "Nokogiri::XML::Searchable"
+    - "Method[>].ReturnValue"
+  - - "Nokogiri::XML::NodeSet"
+    - "Nokogiri::XML::Searchable"
+    - "Method[css_internal].ReturnValue"
+  - - "Nokogiri::XML::NodeSet"
+    - "Nokogiri::XML::Searchable"
+    - "Method[xpath_internal].ReturnValue"
+  - - "Nokogiri::XML::NodeSet"
+    - "Nokogiri::XML::NodeSet!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "Nokogiri::XML::ProcessingInstruction"
+    - "Nokogiri::XML::Node"
+    - "Method[traverse].Argument[block].Parameter[0]"
+  - - "Nokogiri::XML::Text"
+    - "Nokogiri::XML::Document"
+    - "Method[document].ReturnValue"
+  - - "Nokogiri::XML::Text"
+    - "Nokogiri::XML::Document"
+    - "Method[create_text_node].ReturnValue"
+  - - "Nokogiri::XML::Text"
+    - "Nokogiri::XML::Node"
+    - "Method[add_child].Parameter[0]"
+  - - "Nokogiri::XML::Text"
+    - "Nokogiri::XML::Node"
+    - "Method[traverse].Argument[block].Parameter[0]"
+  - - "Nokogiri::XML::Text"
+    - "Nokogiri::XML::Node"
+    - "Method[coerce].ReturnValue"
+  - - "Nokogiri::XML::Text"
+    - "Nokogiri::XML::Node"
+    - "Method[add_child].ReturnValue"
+  - - "Nokogiri::XML::Text"
+    - "Nokogiri::XML::NodeSet"
+    - "Method[each].ReturnValue"
+  - - "Nokogiri::XML::Builder::NodeBuilder"
+    - "Nokogiri::XML::Builder"
+    - "Method[method_missing].ReturnValue"
+  - - "Nokogiri::XML::Builder::NodeBuilder"
+    - "Nokogiri::XML::Builder"
+    - "Method[text].ReturnValue"
+  - - "Nokogiri::XML::Builder::NodeBuilder"
+    - "Nokogiri::XML::Builder"
+    - "Method[cdata].ReturnValue"
+  - - "Nokogiri::XML::Builder::NodeBuilder"
+    - "Nokogiri::XML::Builder"
+    - "Method[comment].ReturnValue"
+  - - "Nokogiri::XML::Builder::NodeBuilder"
+    - "Nokogiri::XML::Builder"
+    - "Method[insert].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Nokogiri::CSS::Tokenizer"
+    - "Method[load_file].Parameter[0]"
+    - "path-injection"
+  - - "Nokogiri::XML::Builder"
+    - "Method[method_missing].Parameter[0]"
+    - "code-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Nokogiri::HTML4::Document"
+    - "Method[meta_encoding=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Nokogiri::HTML4::Document"
+    - "Method[title=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Nokogiri::HTML4::Document"
+    - "Method[set_metadata_element]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Nokogiri::XML::Document"
+    - "Method[add_child]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Nokogiri::XML::Node"
+    - "Method[add_child]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Nokogiri::XML::Node"
+    - "Method[replace]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Nokogiri::XML::Node"
+    - "Method[coerce]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Nokogiri::XML::Node"
+    - "Method[prepend_child]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Nokogiri::XML::Node"
+    - "Method[inner_html=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Nokogiri::XML::Node"
+    - "Method[children=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Nokogiri::XML::Node"
+    - "Method[swap]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Nokogiri::XML::Node"
+    - "Method[write_html_to]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Nokogiri::XML::Node"
+    - "Method[write_xhtml_to]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Nokogiri::XML::Node"
+    - "Method[write_xml_to]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Nokogiri::XML::Node"
+    - "Method[keywordify]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Nokogiri::XML::Node"
+    - "Method[write_format_to]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Nokogiri::CSS::Node"
+    - "Method[to_xpath]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_none]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Nokogiri::CSS::Parser"
+    - "Method[unescape_css_identifier]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Nokogiri::CSS::Parser"
+    - "Method[unescape_css_string]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_9]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_11]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_26]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Nokogiri::CSS::Parser"
+    - "Method[_reduce_45]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Nokogiri::CSS::XPathVisitor"
+    - "Method[css_class]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Nokogiri::CSS::XPathVisitor"
+    - "Method[css_class]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Nokogiri::HTML5::Node"
+    - "Method[write_to]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Nokogiri::XML::DocumentFragment"
+    - "Method[errors=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Nokogiri::XML::Text"
+    - "Method[content=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Nokogiri::XML::Builder::NodeBuilder"
+    - "Method[[]=]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Nokogiri::XML::SAX::Parser"
+    - "Method[check_encoding]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Nokogiri::CSS::Node!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Nokogiri::CSS::XPathVisitor!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Nokogiri::CSS::XPathVisitor!"
+    - "Method[new]"
+    - "Argument[doctype:]"
+    - "ReturnValue"
+    - "value"
+  - - "Nokogiri::EncodingHandler!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Nokogiri::XML::Node::SaveOptions!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Nokogiri::XML::Builder::NodeBuilder!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Nokogiri::XML::ParseOptions!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Nokogiri::XML::Reader!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/octokit.rb/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/octokit.rb/model.yml
@@ -0,0 +1,178 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Octokit::Client"
+    - "Octokit::Configurable"
+    - "Method[configure].Argument[block].Parameter[0]"
+  - - "Octokit::EnterpriseAdminClient"
+    - "Octokit::Configurable"
+    - "Method[configure].Argument[block].Parameter[0]"
+  - - "Octokit::EnterpriseManagementConsoleClient"
+    - "Octokit::Configurable"
+    - "Method[configure].Argument[block].Parameter[0]"
+  - - "Octokit::Gist"
+    - "Octokit::Gist!"
+    - "Method[from_url].ReturnValue"
+  - - "Octokit::RateLimit"
+    - "Octokit::Error"
+    - "Method[build_error_context].ReturnValue"
+  - - "Octokit::RateLimit"
+    - "Octokit::Client::RateLimit"
+    - "Method[rate_limit].ReturnValue"
+  - - "Octokit::RateLimit"
+    - "Octokit::Client::RateLimit"
+    - "Method[rate_limit!].ReturnValue"
+  - - "Octokit::RateLimit"
+    - "Octokit::RateLimit!"
+    - "Method[from_response].ReturnValue"
+  - - "Octokit::Repository"
+    - "Octokit::EnterpriseAdminClient::SearchIndexing"
+    - "Method[queue_index].Parameter[0]"
+  - - "Octokit::Repository"
+    - "Octokit::Repository!"
+    - "Method[from_url].ReturnValue"
+  - - "Octokit::ClientError"
+    - "Octokit::Error!"
+    - "Method[from_response].ReturnValue"
+  - - "Octokit::BadRequest"
+    - "Octokit::Error!"
+    - "Method[from_response].ReturnValue"
+  - - "Octokit::MethodNotAllowed"
+    - "Octokit::Error!"
+    - "Method[from_response].ReturnValue"
+  - - "Octokit::NotAcceptable"
+    - "Octokit::Error!"
+    - "Method[from_response].ReturnValue"
+  - - "Octokit::Conflict"
+    - "Octokit::Error!"
+    - "Method[from_response].ReturnValue"
+  - - "Octokit::UnsupportedMediaType"
+    - "Octokit::Error!"
+    - "Method[from_response].ReturnValue"
+  - - "Octokit::UnavailableForLegalReasons"
+    - "Octokit::Error!"
+    - "Method[from_response].ReturnValue"
+  - - "Octokit::ServerError"
+    - "Octokit::Error!"
+    - "Method[from_response].ReturnValue"
+  - - "Octokit::InternalServerError"
+    - "Octokit::Error!"
+    - "Method[from_response].ReturnValue"
+  - - "Octokit::NotImplemented"
+    - "Octokit::Error!"
+    - "Method[from_response].ReturnValue"
+  - - "Octokit::BadGateway"
+    - "Octokit::Error!"
+    - "Method[from_response].ReturnValue"
+  - - "Octokit::ServiceUnavailable"
+    - "Octokit::Error!"
+    - "Method[from_response].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Octokit::Client::CodeScanning"
+    - "Method[compress_sarif_data].Parameter[0]"
+    - "path-injection"
+  - - "Octokit::EnterpriseManagementConsoleClient::ManagementConsole"
+    - "Method[add_authorized_key].Parameter[0]"
+    - "path-injection"
+  - - "Octokit::EnterpriseManagementConsoleClient::ManagementConsole"
+    - "Method[remove_authorized_key].Parameter[0]"
+    - "path-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Octokit::Client"
+    - "Method[user_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Octokit::Client"
+    - "Method[user_path]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Octokit::Client"
+    - "Method[login=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Octokit::Client"
+    - "Method[password=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Octokit::Client"
+    - "Method[access_token=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Octokit::Client"
+    - "Method[bearer_token=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Octokit::Client"
+    - "Method[client_id=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Octokit::Client"
+    - "Method[client_secret=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Octokit::EnterpriseManagementConsoleClient"
+    - "Method[management_console_password=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Octokit::EnterpriseManagementConsoleClient"
+    - "Method[management_console_endpoint=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Octokit::Error"
+    - "Method[redact_url]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Octokit::Middleware::FollowRedirects"
+    - "Method[update_env]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Octokit::Middleware::FollowRedirects"
+    - "Method[safe_escape]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Octokit::Client::Organizations"
+    - "Method[remove_organization_membership]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Octokit::Gist!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Octokit::Organization!"
+    - "Method[path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Octokit::User!"
+    - "Method[path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Octokit::Middleware::RedirectLimitReached!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/oj/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/oj/model.yml
@@ -0,0 +1,57 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "JSON::Ext::Generator::State"
+    - "JSON::Ext::Generator::State!"
+    - "Method[from_state].ReturnValue"
+  - - "Oj::MimicDumpOption"
+    - "JSON!"
+    - "Method[dump_default_options].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "JSON::Ext::Generator::State"
+    - "Method[method_missing].Parameter[0]"
+    - "code-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "JSON::Ext::Generator::State"
+    - "Method[[]=]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "JSON::Ext::Generator::State"
+    - "Method[generate]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "JSON::Ext::Generator::State"
+    - "Method[buffer_initial_length=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "JSON!"
+    - "Method[parser=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "JSON!"
+    - "Method[generator=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Oj::ScHandler"
+    - "Method[hash_key]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "JSON::Ext::Parser!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/omniauth/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/omniauth/model.yml
@@ -0,0 +1,191 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "OmniAuth::Form"
+    - "OmniAuth::Form"
+    - "Method[label_field].ReturnValue"
+  - - "OmniAuth::Form"
+    - "OmniAuth::Form"
+    - "Method[input_field].ReturnValue"
+  - - "OmniAuth::Form"
+    - "OmniAuth::Form"
+    - "Method[text_field].ReturnValue"
+  - - "OmniAuth::Form"
+    - "OmniAuth::Form"
+    - "Method[password_field].ReturnValue"
+  - - "OmniAuth::Form"
+    - "OmniAuth::Form"
+    - "Method[fieldset].ReturnValue"
+  - - "OmniAuth::Form"
+    - "OmniAuth::Form"
+    - "Method[footer].ReturnValue"
+  - - "OmniAuth::Form"
+    - "OmniAuth::Form!"
+    - "Method[build].ReturnValue"
+  - - "OmniAuth::AuthHash"
+    - "OmniAuth::Strategy"
+    - "Method[auth_hash].ReturnValue"
+  - - "OmniAuth::Strategy::Options"
+    - "OmniAuth::Strategy::ClassMethods"
+    - "Method[configure].Argument[block].Parameter[0]"
+  - - "OmniAuth::Strategy::Options"
+    - "OmniAuth::Strategy::ClassMethods"
+    - "Method[default_options].ReturnValue"
+- "addsTo":
+    "extensible": "sourceModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "OmniAuth::Strategy"
+    - "Method[ssl?].ReturnValue"
+    - "remote"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "OmniAuth::Strategy"
+    - "Method[log].Parameter[0]"
+    - "code-injection"
+  - - "OmniAuth::Strategy::ClassMethods"
+    - "Method[compile_stack].Parameter[1]"
+    - "code-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "OmniAuth::Form"
+    - "Method[button]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "OmniAuth::Form"
+    - "Method[html]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "OmniAuth::Builder"
+    - "Method[on_failure]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Builder"
+    - "Method[on_failure]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Builder"
+    - "Method[before_options_phase]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Builder"
+    - "Method[before_options_phase]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Builder"
+    - "Method[before_request_phase]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Builder"
+    - "Method[before_request_phase]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Builder"
+    - "Method[before_callback_phase]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Builder"
+    - "Method[before_callback_phase]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Builder"
+    - "Method[options]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Configuration"
+    - "Method[on_failure]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Configuration"
+    - "Method[on_failure]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Configuration"
+    - "Method[before_options_phase]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Configuration"
+    - "Method[before_options_phase]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Configuration"
+    - "Method[before_request_phase]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Configuration"
+    - "Method[before_request_phase]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Configuration"
+    - "Method[before_callback_phase]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Configuration"
+    - "Method[before_callback_phase]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Configuration"
+    - "Method[request_validation_phase]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Configuration"
+    - "Method[request_validation_phase]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Configuration"
+    - "Method[add_camelization]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "OmniAuth::Utils"
+    - "Method[camelize]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "OmniAuth::Utils"
+    - "Method[deep_merge]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::Utils"
+    - "Method[deep_merge]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "OmniAuth::Strategy::ClassMethods"
+    - "Method[option]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "OmniAuth::FailureEndpoint!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/pages-gem/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/pages-gem/model.yml
@@ -0,0 +1 @@
+"extensions": []
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/psych/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/psych/model.yml
@@ -0,0 +1,567 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Object"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Object"
+    - "Psych!"
+    - "Method[safe_dump].Parameter[0]"
+  - - "Psych::Omap"
+    - "Psych::Visitors::ToRuby"
+    - "Method[register].Parameter[1]"
+  - - "Psych::Omap"
+    - "Psych::Visitors::ToRuby"
+    - "Method[register].ReturnValue"
+  - - "Psych::Omap"
+    - "Psych::Visitors::ToRuby"
+    - "Method[visit_Psych_Nodes_Sequence].ReturnValue"
+  - - "Psych::Omap"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Hash"
+    - "Psych!"
+    - "Method[load].ReturnValue"
+  - - "Hash"
+    - "Psych!"
+    - "Method[load].Parameter[5]"
+  - - "Hash"
+    - "Psych!"
+    - "Method[unsafe_load].Parameter[2]"
+  - - "Hash"
+    - "Psych!"
+    - "Method[safe_load].Parameter[5]"
+  - - "Hash"
+    - "Psych!"
+    - "Method[parse_file].Parameter[1]"
+  - - "Hash"
+    - "Psych!"
+    - "Method[load_stream].Parameter[2]"
+  - - "Hash"
+    - "Psych!"
+    - "Method[load].Parameter[fallback:]"
+  - - "Hash"
+    - "Psych!"
+    - "Method[unsafe_load].Parameter[fallback:]"
+  - - "Hash"
+    - "Psych!"
+    - "Method[safe_load].Parameter[fallback:]"
+  - - "Hash"
+    - "Psych!"
+    - "Method[parse_file].Parameter[fallback:]"
+  - - "Hash"
+    - "Psych!"
+    - "Method[load_stream].Parameter[fallback:]"
+  - - "Hash"
+    - "Psych!"
+    - "Method[safe_load].ReturnValue"
+  - - "PsychStructWithIvar"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::Exception"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::Coder"
+    - "Psych::Coder"
+    - "Method[map].Argument[block].Parameter[0]"
+  - - "Psych::Coder"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[emit_coder].Parameter[0]"
+  - - "Psych::Stream"
+    - "Psych::Streaming"
+    - "Method[start].Argument[block].Parameter[0]"
+  - - "Psych::Parser"
+    - "Psych!"
+    - "Method[parser].ReturnValue"
+  - - "Psych::TreeBuilder"
+    - "Psych::Streaming::ClassMethods"
+    - "Method[new].Parameter[0]"
+  - - "Psych::Tagged"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::Foo"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::JSON::Stream"
+    - "Psych::Streaming"
+    - "Method[start].Argument[block].Parameter[0]"
+  - - "Psych::JSON::TreeBuilder"
+    - "Psych::Streaming::ClassMethods"
+    - "Method[new].Parameter[0]"
+  - - "Psych::Nodes::Alias"
+    - "Psych::TreeBuilder"
+    - "Method[set_location].Parameter[0]"
+  - - "Psych::Nodes::Alias"
+    - "Psych::TreeBuilder"
+    - "Method[alias].ReturnValue"
+  - - "Psych::Nodes::Alias"
+    - "Psych::Visitors::JSONTree"
+    - "Method[accept].ReturnValue"
+  - - "Psych::Nodes::Alias"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[accept].ReturnValue"
+  - - "Psych::Nodes::Alias"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[dump_coder].ReturnValue"
+  - - "Psych::Nodes::Alias"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[emit_coder].ReturnValue"
+  - - "Psych::Nodes::Alias"
+    - "Psych::Visitors::RestrictedYAMLTree"
+    - "Method[accept].ReturnValue"
+  - - "Psych::Nodes::Document"
+    - "Psych::TreeBuilder"
+    - "Method[push].Parameter[0]"
+  - - "Psych::Nodes::Document"
+    - "Psych::TreeBuilder"
+    - "Method[set_start_location].Parameter[0]"
+  - - "Psych::Nodes::Document"
+    - "Psych::TreeBuilder"
+    - "Method[start_document].ReturnValue"
+  - - "Psych::Nodes::Document"
+    - "Psych::TreeBuilder"
+    - "Method[end_document].ReturnValue"
+  - - "Psych::Nodes::Document"
+    - "Psych::TreeBuilder"
+    - "Method[push].ReturnValue"
+  - - "Psych::Nodes::Document"
+    - "Psych::TreeBuilder"
+    - "Method[pop].ReturnValue"
+  - - "Psych::Nodes::Document"
+    - "Psych::Handlers::DocumentStream"
+    - "Method[start_document].ReturnValue"
+  - - "Psych::Nodes::Document"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[push].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::TreeBuilder"
+    - "Method[set_location].Parameter[0]"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::TreeBuilder"
+    - "Method[scalar].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::JSONTree"
+    - "Method[accept].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[accept].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[register].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[visit_Encoding].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[visit_Regexp].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[visit_Date].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[visit_DateTime].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[visit_Time].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[visit_Integer].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[visit_Float].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[visit_BigDecimal].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[visit_String].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[visit_Module].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[visit_Class].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[visit_NilClass].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[visit_Symbol].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[dump_coder].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[emit_coder].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::ToRuby"
+    - "Method[accept].Parameter[0]"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::RestrictedYAMLTree"
+    - "Method[visit_Symbol].ReturnValue"
+  - - "Psych::Nodes::Scalar"
+    - "Psych::Visitors::YAMLTree::Registrar"
+    - "Method[register].ReturnValue"
+  - - "Psych::Nodes::Stream"
+    - "Psych::TreeBuilder"
+    - "Method[end_document].ReturnValue"
+  - - "Psych::Nodes::Stream"
+    - "Psych::TreeBuilder"
+    - "Method[start_stream].ReturnValue"
+  - - "Psych::Nodes::Stream"
+    - "Psych::TreeBuilder"
+    - "Method[end_stream].ReturnValue"
+  - - "Psych::Nodes::Stream"
+    - "Psych::TreeBuilder"
+    - "Method[push].ReturnValue"
+  - - "Psych::Nodes::Stream"
+    - "Psych::TreeBuilder"
+    - "Method[pop].ReturnValue"
+  - - "Psych::Nodes::Stream"
+    - "Psych::Visitors::Visitor"
+    - "Method[accept].Parameter[0]"
+  - - "Psych::Nodes::Stream"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[start].ReturnValue"
+  - - "Psych::Nodes::Stream"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[push].ReturnValue"
+  - - "Psych::Nodes::Stream"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[finish].ReturnValue"
+  - - "Psych::Nodes::Stream"
+    - "Psych::Visitors::YAMLTree"
+    - "Method[tree].ReturnValue"
+  - - "Psych::Visitors::JSONTree"
+    - "Psych::Visitors::JSONTree!"
+    - "Method[create].ReturnValue"
+  - - "Psych::Visitors::YAMLTree"
+    - "Psych::Visitors::YAMLTree!"
+    - "Method[create].ReturnValue"
+  - - "Psych::Visitors::ToRuby"
+    - "Psych::Visitors::ToRuby!"
+    - "Method[create].ReturnValue"
+  - - "Psych::TestArray::X"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestCoder::InitApi"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestCoder::InitApi"
+    - "Psych!"
+    - "Method[to_json].Parameter[0]"
+  - - "Psych::TestCoder::TaggingCoder"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestCoder::ScalarCoder"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestCoder::Represent"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestCoder::RepresentWithInit"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestCoder::RepresentWithSeq"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestHash::X"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestHash::HashWithIvar"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestCoder::RepresentWithMap"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestHash::HashWithCustomInit"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestHash::HashWithCustomInitNoIvar"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestCoder::RepresentWithObject"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestCoder::Referential"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestCoder::CustomEncode"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestJSONTree::Bar"
+    - "Psych!"
+    - "Method[to_json].Parameter[0]"
+  - - "Psych::TestMarshalable::PsychCustomMarshalable"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestSafeLoad::Foo"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestSerializeSubclasses::SomeObject"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestSerializeSubclasses::StructSubclass"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestString::X"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestString::Z"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+  - - "Psych::TestStruct::StructSubclass"
+    - "Psych!"
+    - "Method[dump].Parameter[0]"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Psych!"
+    - "Method[load_file].Parameter[0]"
+    - "path-injection"
+  - - "Psych!"
+    - "Method[parse_file].Parameter[0]"
+    - "path-injection"
+  - - "Psych!"
+    - "Method[unsafe_load_file].Parameter[0]"
+    - "path-injection"
+  - - "Psych!"
+    - "Method[safe_load_file].Parameter[0]"
+    - "path-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Psych::Coder"
+    - "Method[[]=]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Coder"
+    - "Method[represent_scalar]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Coder"
+    - "Method[represent_seq]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Coder"
+    - "Method[represent_map]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Coder"
+    - "Method[represent_object]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Coder"
+    - "Method[scalar=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Coder"
+    - "Method[map=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Coder"
+    - "Method[seq=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::ScalarScanner"
+    - "Method[tokenize]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::TreeBuilder"
+    - "Method[push]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::TreeBuilder"
+    - "Method[event_location]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Nodes::Node"
+    - "Method[yaml]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Visitors::DepthFirst"
+    - "Method[nary]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Psych::Visitors::DepthFirst"
+    - "Method[terminal]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Psych::Visitors::YAMLTree"
+    - "Method[register]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Visitors::ToRuby"
+    - "Method[register]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Visitors::ToRuby"
+    - "Method[revive_hash]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Visitors::ToRuby"
+    - "Method[deduplicate]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Visitors::ToRuby"
+    - "Method[init_with]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Visitors::YAMLTree::Registrar"
+    - "Method[register]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Object!"
+    - "Method[yaml_tag]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Handlers::DocumentStream!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Handlers::DocumentStream!"
+    - "Method[new]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Nodes::Alias!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Nodes::Mapping!"
+    - "Method[new]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Nodes::Scalar!"
+    - "Method[new]"
+    - "Argument[5]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Nodes::Sequence!"
+    - "Method[new]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Nodes::Stream!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::ScalarScanner!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::ScalarScanner!"
+    - "Method[new]"
+    - "Argument[strict_integer:]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Visitors::DepthFirst!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Visitors::ToRuby!"
+    - "Method[new]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Visitors::ToRuby!"
+    - "Method[new]"
+    - "Argument[freeze:]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych!"
+    - "Method[load]"
+    - "Argument[5]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych!"
+    - "Method[load]"
+    - "Argument[fallback:]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych!"
+    - "Method[unsafe_load]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Psych!"
+    - "Method[unsafe_load]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych!"
+    - "Method[unsafe_load]"
+    - "Argument[fallback:]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych!"
+    - "Method[safe_load]"
+    - "Argument[5]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych!"
+    - "Method[safe_load]"
+    - "Argument[fallback:]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych!"
+    - "Method[parse_file]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych!"
+    - "Method[parse_file]"
+    - "Argument[fallback:]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych!"
+    - "Method[load_stream]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych!"
+    - "Method[load_stream]"
+    - "Argument[fallback:]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych!"
+    - "Method[add_tag]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Psych::Visitors::RestrictedYAMLTree!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/puma/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/puma/model.yml
@@ -0,0 +1,791 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Hash"
+    - "TestPuma::ResponseTimeWrk"
+    - "Method[run_summaries].Parameter[0]"
+  - - "Hash"
+    - "TestPuma::ResponseTimeBase"
+    - "Method[overall_summary].Parameter[0]"
+  - - "Object"
+    - "Puma::Events"
+    - "Method[register].Parameter[1]"
+  - - "Puma::Events"
+    - "Puma::UserFileDefaultOptions"
+    - "Method[[]].ReturnValue"
+  - - "Puma::Events"
+    - "Puma::UserFileDefaultOptions"
+    - "Method[fetch].ReturnValue"
+  - - "TestPuma::PumaInfo"
+    - "TestPuma::ResponseTimeBase"
+    - "Method[run].ReturnValue"
+  - - "Puma::Cluster"
+    - "Puma!"
+    - "Method[stats_object=].ReturnValue"
+  - - "Puma::Configuration"
+    - "Puma::CLI"
+    - "Method[setup_options].ReturnValue"
+  - - "Puma::Configuration"
+    - "Puma::RackHandler"
+    - "Method[config].ReturnValue"
+  - - "Puma::ErrorLogger"
+    - "Puma::ErrorLogger!"
+    - "Method[stdio].ReturnValue"
+  - - "Puma::LogWriter"
+    - "Puma::UserFileDefaultOptions"
+    - "Method[[]].ReturnValue"
+  - - "Puma::LogWriter"
+    - "Puma::UserFileDefaultOptions"
+    - "Method[fetch].ReturnValue"
+  - - "Puma::LogWriter"
+    - "Puma::LogWriter!"
+    - "Method[stdio].ReturnValue"
+  - - "Puma::LogWriter"
+    - "Puma::LogWriter!"
+    - "Method[null].ReturnValue"
+  - - "Puma::LogWriter"
+    - "Puma::LogWriter!"
+    - "Method[strings].ReturnValue"
+  - - "Puma::Server"
+    - "Puma::Runner"
+    - "Method[start_control].ReturnValue"
+  - - "Puma::Server"
+    - "Puma::Runner"
+    - "Method[start_server].ReturnValue"
+  - - "Puma::Single"
+    - "Puma!"
+    - "Method[stats_object=].ReturnValue"
+  - - "Puma::Rack::URLMap"
+    - "Puma::Rack::Builder"
+    - "Method[generate_map].ReturnValue"
+  - - "Puma::Configuration::ConfigMiddleware"
+    - "Puma::Configuration"
+    - "Method[app].ReturnValue"
+  - - "Puma::MiniSSL::Socket"
+    - "Puma::MiniSSL::Server"
+    - "Method[accept].ReturnValue"
+  - - "Puma::MiniSSL::Socket"
+    - "Puma::MiniSSL::Server"
+    - "Method[accept_nonblock].ReturnValue"
+  - - "Puma::MiniSSL::Context"
+    - "Puma::Server"
+    - "Method[add_ssl_listener].Parameter[2]"
+  - - "Puma::MiniSSL::Context"
+    - "Puma::Binder"
+    - "Method[localhost_authority_context].ReturnValue"
+  - - "Puma::MiniSSL::Context"
+    - "Puma::MiniSSL::ContextBuilder"
+    - "Method[context].ReturnValue"
+  - - "Puma::Util::HeaderHash"
+    - "Puma::CommonLogger"
+    - "Method[log_hijacking].Parameter[2]"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "TestPuma::BenchBase"
+    - "Method[run_wrk_parse].Parameter[0]"
+    - "command-injection"
+  - - "Puma::DSL"
+    - "Method[_load_from].Parameter[0]"
+    - "path-injection"
+  - - "Puma::StateFile"
+    - "Method[load].Parameter[0]"
+    - "path-injection"
+  - - "Puma::StateFile"
+    - "Method[save].Parameter[0]"
+    - "path-injection"
+  - - "Puma::Rack::Builder!"
+    - "Method[parse_file].Parameter[0]"
+    - "path-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Puma::DSL"
+    - "Method[load]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[rackup]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[app]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[app]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[app]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[environment]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[set_default_host]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[get]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[activate_control_app]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[bind]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[bind_to_activated_sockets]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[clean_thread_locals]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[drain_on_shutdown]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[on_restart]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[on_restart]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[restart_command]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[pidfile]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[quiet]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[log_requests]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[custom_logger]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[rack_url_scheme]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[early_hints]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[stdout_redirect]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[log_formatter]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[log_formatter]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[state_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[state_permission]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[before_fork]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[before_fork]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[on_worker_boot]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[on_worker_boot]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[on_worker_shutdown]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[on_worker_shutdown]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[on_worker_fork]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[on_worker_fork]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[after_worker_fork]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[after_worker_fork]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[on_refork]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[on_refork]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[on_thread_start]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[on_thread_start]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[on_thread_exit]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[on_thread_exit]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[out_of_band]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[out_of_band]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[directory]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[preload_app!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[lowlevel_error_handler]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[lowlevel_error_handler]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[lowlevel_error_handler]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[prune_bundler]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[raise_exception_on_sigterm]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[tag]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::DSL"
+    - "Method[worker_culling_strategy]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[queue_requests]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[shutdown_debug]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[set_remote_address]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[mutate_stdout_and_stderr_to_sync_on_write]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[http_content_length_limit]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::DSL"
+    - "Method[process_hook]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::Events"
+    - "Method[on_restart]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Events"
+    - "Method[on_restart]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Events"
+    - "Method[on_booted]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Events"
+    - "Method[on_booted]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Events"
+    - "Method[register]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Events"
+    - "Method[register]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Events"
+    - "Method[register]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Events"
+    - "Method[on_stopped]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Events"
+    - "Method[on_stopped]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Cluster"
+    - "Method[cull_start_index]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma!"
+    - "Method[stats_object=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma!"
+    - "Method[set_thread_name]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::CLI"
+    - "Method[configure_control_url]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::RackHandler"
+    - "Method[set_host_port_to_config]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::ErrorLogger"
+    - "Method[title]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::ErrorLogger"
+    - "Method[request_parsed?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::UserFileDefaultOptions"
+    - "Method[[]=]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::UserFileDefaultOptions"
+    - "Method[fetch]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Server"
+    - "Method[inherit_binder]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Server"
+    - "Method[reactor_wakeup]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::Server"
+    - "Method[notify_safely]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::Rack::Builder"
+    - "Method[map]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Rack::Builder"
+    - "Method[map]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Rack::Builder"
+    - "Method[run]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Rack::Builder"
+    - "Method[warmup]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Rack::Builder"
+    - "Method[warmup]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Rack::Builder"
+    - "Method[warmup]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::MiniSSL::Context"
+    - "Method[keystore=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::MiniSSL::Context"
+    - "Method[truststore=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::MiniSSL::Context"
+    - "Method[keystore_type=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::MiniSSL::Context"
+    - "Method[truststore_type=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::MiniSSL::Context"
+    - "Method[cipher_suites=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::MiniSSL::Context"
+    - "Method[protocols=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::MiniSSL::Context"
+    - "Method[key=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::MiniSSL::Context"
+    - "Method[key_password_command=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::MiniSSL::Context"
+    - "Method[cert=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::MiniSSL::Context"
+    - "Method[ca=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::MiniSSL::Context"
+    - "Method[cert_pem=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::MiniSSL::Context"
+    - "Method[key_pem=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::MiniSSL::Context"
+    - "Method[no_tlsv1=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::MiniSSL::Context"
+    - "Method[no_tlsv1_1=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Binder"
+    - "Method[socket_activation_fd]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::Binder"
+    - "Method[synthesize_binds_from_activated_fs]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Binder"
+    - "Method[inherit_tcp_listener]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Binder"
+    - "Method[inherit_ssl_listener]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Binder"
+    - "Method[inherit_unix_listener]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::CommonLogger"
+    - "Method[write]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::CommonLogger"
+    - "Method[log]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::CommonLogger"
+    - "Method[log]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::CommonLogger"
+    - "Method[log]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::CommonLogger"
+    - "Method[log]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::CommonLogger"
+    - "Method[log_hijacking]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::CommonLogger"
+    - "Method[log_hijacking]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::CommonLogger"
+    - "Method[extract_content_length]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::Client"
+    - "Method[set_timeout]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::Client"
+    - "Method[expect_proxy_proto=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::PluginRegistry"
+    - "Method[register]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::PluginRegistry"
+    - "Method[add_background]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::Reactor"
+    - "Method[register]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::Plugin"
+    - "Method[in_background]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::Plugin"
+    - "Method[in_background]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::Request"
+    - "Method[normalize_env]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::Request"
+    - "Method[illegal_header_key?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::Request"
+    - "Method[illegal_header_value?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::Rack::Options"
+    - "Method[handler_opts]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::LogWriter::DefaultFormatter"
+    - "Method[call]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::LogWriter::PidFormatter"
+    - "Method[call]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Puma::App::Status!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::CommonLogger!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::UserFileDefaultOptions!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Launcher::BundlePruner!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Configuration::ConfigMiddleware!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::MiniSSL::ContextBuilder!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Reactor!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Reactor!"
+    - "Method[new]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::Util::HeaderHash!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Puma::MiniSSL::Server!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/rack-cors/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/rack-cors/model.yml
@@ -0,0 +1,59 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Rack::Cors"
+    - "Rack::Cors!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "Rack::Cors::Result"
+    - "Rack::Cors"
+    - "Method[select_logger].ReturnValue"
+  - - "Rack::Cors::Result"
+    - "Rack::Cors::Result!"
+    - "Method[hit].ReturnValue"
+  - - "Rack::Cors::Result"
+    - "Rack::Cors::Result!"
+    - "Method[miss].ReturnValue"
+  - - "Rack::Cors::Result"
+    - "Rack::Cors::Result!"
+    - "Method[preflight].ReturnValue"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Rack::Cors"
+    - "Method[select_logger]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Cors"
+    - "Method[evaluate_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Cors::Result"
+    - "Method[miss]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Cors::Resource"
+    - "Method[matches_path?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Cors::Resource"
+    - "Method[match?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Cors::Resource"
+    - "Method[origin_for_response_header]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Cors::Resource"
+    - "Method[compile]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/rack-mini-profiler/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/rack-mini-profiler/model.yml
@@ -0,0 +1,242 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Rack::MiniProfiler::Context"
+    - "Rack::MiniProfiler"
+    - "Method[current=].Parameter[0]"
+  - - "Rack::MiniProfiler::Context"
+    - "Rack::MiniProfiler"
+    - "Method[current=].ReturnValue"
+  - - "Rack::MiniProfiler::ClientSettings"
+    - "Rack::MiniProfiler"
+    - "Method[tool_disabled_message].Parameter[0]"
+  - - "Rack::MiniProfiler::ClientSettings"
+    - "Rack::MiniProfiler"
+    - "Method[help].Parameter[0]"
+  - - "Rack::MiniProfiler::TimerStruct::Client"
+    - "Rack::MiniProfiler::TimerStruct::Base"
+    - "Method[[]=].ReturnValue"
+  - - "Rack::MiniProfiler::TimerStruct::Client"
+    - "Rack::MiniProfiler::TimerStruct::Client!"
+    - "Method[init_from_form_data].ReturnValue"
+  - - "Rack::MiniProfiler::TimerStruct::Custom"
+    - "Rack::MiniProfiler::TimerStruct::Base"
+    - "Method[[]=].ReturnValue"
+  - - "Rack::MiniProfiler::TimerStruct::Custom"
+    - "Rack::MiniProfiler::TimerStruct::Request"
+    - "Method[add_custom].ReturnValue"
+  - - "Rack::MiniProfiler::TimerStruct::Request"
+    - "Rack::MiniProfiler::TimerStruct::Base"
+    - "Method[[]=].ReturnValue"
+  - - "Rack::MiniProfiler::TimerStruct::Request"
+    - "Rack::MiniProfiler::TimerStruct::Base"
+    - "Method[[]].ReturnValue"
+  - - "Rack::MiniProfiler::TimerStruct::Request"
+    - "Rack::MiniProfiler::TimerStruct::Request"
+    - "Method[add_child].ReturnValue"
+  - - "Rack::MiniProfiler::TimerStruct::Request"
+    - "Rack::MiniProfiler::TimerStruct::Request!"
+    - "Method[createRoot].ReturnValue"
+  - - "Rack::MiniProfiler::TimerStruct::Page"
+    - "SampleStorage"
+    - "Method[create_fake_snapshot].ReturnValue"
+  - - "Rack::MiniProfiler::TimerStruct::Page"
+    - "Rack::MiniProfiler::TimerStruct::Base"
+    - "Method[[]=].ReturnValue"
+  - - "Rack::MiniProfiler::TimerStruct::Page"
+    - "Rack::MiniProfiler::TimerStruct::Request!"
+    - "Method[createRoot].ReturnValue"
+  - - "Rack::MiniProfiler::TimerStruct::Sql"
+    - "Rack::MiniProfiler::TimerStruct::Base"
+    - "Method[[]=].ReturnValue"
+  - - "Rack::MiniProfiler::TimerStruct::Sql"
+    - "Rack::MiniProfiler::TimerStruct::Request"
+    - "Method[add_sql].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Rack::MiniProfiler"
+    - "Method[inject].Parameter[1]"
+    - "html-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Process"
+    - "Method[clock_set]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::MiniProfiler"
+    - "Method[current=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::MiniProfiler"
+    - "Method[inject]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::MiniProfiler"
+    - "Method[inject]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::MiniProfiler"
+    - "Method[make_link]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::MiniProfiler"
+    - "Method[public_base_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::MiniProfiler::ClientSettings"
+    - "Method[handle_cookie]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::MiniProfiler::TimerStruct::Client!"
+    - "Method[instrument]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::MiniProfiler::TimerStruct::Request"
+    - "Method[add_child]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::MiniProfiler::TimerStruct::Request"
+    - "Method[move_sql]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::MiniProfiler::TimerStruct::Request"
+    - "Method[move_custom]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::MiniProfiler::TimerStruct::Request"
+    - "Method[move_custom]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::MiniProfiler::TimerStruct::Request"
+    - "Method[record_time]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::MiniProfiler::TimerStruct::Request"
+    - "Method[add_custom]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::MiniProfiler::TimerStruct::Request"
+    - "Method[add_sql]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::MiniProfiler::TimerStruct::Request!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::MiniProfiler::TimerStruct::Request!"
+    - "Method[createRoot]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::MiniProfiler::TimerStruct::Request!"
+    - "Method[createRoot]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::MiniProfiler::TimerStruct::Sql"
+    - "Method[report_reader_duration]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::MiniProfilerRailsMethods"
+    - "Method[should_move?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::MiniProfilerRailsMethods"
+    - "Method[should_move?]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::MiniProfiler::Config"
+    - "Method[authorization_mode=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::MiniProfiler::Config"
+    - "Method[assets_url=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::MiniProfiler::RedisStore"
+    - "Method[user_key]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::MiniProfiler::RedisStore"
+    - "Method[prefixed_id]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::MiniProfiler::RedisStore"
+    - "Method[group_snapshot_zset_key]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::MiniProfiler::RedisStore"
+    - "Method[group_snapshot_hash_key]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::MiniProfiler::ProfilingMethods"
+    - "Method[clean_method_name]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::MiniProfiler::FileStore::FileCache"
+    - "Method[path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::MiniProfiler::MemcacheStore!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::MiniProfiler::FileStore::FileCache!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::MiniProfiler::RedisStore!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::MiniProfiler::TimerStruct::Base!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::MiniProfilerRails!"
+    - "Method[shorten_identifier]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::MiniProfiler::TimerStruct::Page!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/rack/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/rack/model.yml
@@ -0,0 +1,623 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Hash"
+    - "Rack::MockResponse"
+    - "Method[parse_cookies_from_header].ReturnValue"
+  - - "Hash"
+    - "Rack::MockResponse"
+    - "Method[identify_cookie_attributes].ReturnValue"
+  - - "Rack::Request"
+    - "Rack::Files"
+    - "Method[serving].Parameter[0]"
+  - - "Rack::Request"
+    - "Rack::Events"
+    - "Method[make_request].ReturnValue"
+  - - "Rack::Request"
+    - "Rack::MethodOverride"
+    - "Method[method_override_param].Parameter[0]"
+  - - "Rack::Request"
+    - "Rack::Auth::AbstractRequest"
+    - "Method[request].ReturnValue"
+  - - "Rack::Headers"
+    - "Rack::Headers!"
+    - "Method[[]].ReturnValue"
+  - - "Rack::QueryParser"
+    - "Rack::QueryParser!"
+    - "Method[make_default].ReturnValue"
+  - - "Rack::Response"
+    - "Rack::Response!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "Rack::Response"
+    - "Rack::Response!"
+    - "Method[[]].ReturnValue"
+  - - "Rack::URLMap"
+    - "Rack::Builder"
+    - "Method[generate_map].ReturnValue"
+  - - "Rack::Events::BufferedResponse"
+    - "Rack::Events"
+    - "Method[make_response].ReturnValue"
+  - - "Rack::MockRequest::FatalWarner"
+    - "Rack::MethodOverride"
+    - "Method[method_override_param].ReturnValue"
+  - - "Rack::MockRequest::FatalWarner"
+    - "Rack::Request::Env"
+    - "Method[get_header].ReturnValue"
+  - - "Rack::MockRequest::FatalWarner"
+    - "Rack::Request::Env"
+    - "Method[set_header].ReturnValue"
+  - - "Rack::MockRequest::FatalWarner"
+    - "Rack::Request::Helpers"
+    - "Method[request_method].ReturnValue"
+  - - "Rack::MockRequest::FatalWarner"
+    - "Rack::Request::Helpers"
+    - "Method[content_type].ReturnValue"
+  - - "Rack::MockRequest::FatalWarner"
+    - "Rack::Request::Helpers"
+    - "Method[GET].ReturnValue"
+  - - "Rack::MockRequest::FatalWarner"
+    - "Rack::Request::Helpers"
+    - "Method[POST].ReturnValue"
+  - - "Rack::Multipart::ParamList"
+    - "Rack::QueryParser"
+    - "Method[normalize_params].ReturnValue"
+  - - "Rack::Multipart::ParamList"
+    - "Rack::QueryParser"
+    - "Method[_normalize_params].ReturnValue"
+  - - "Rack::Multipart::ParamList"
+    - "Rack::Multipart::ParamList!"
+    - "Method[make_params].ReturnValue"
+  - - "Rack::Auth::Basic::Request"
+    - "Rack::Auth::Basic"
+    - "Method[valid?].Parameter[0]"
+  - - "Rack::Multipart::Parser::BoundedIO"
+    - "Rack::Multipart::Parser"
+    - "Method[parse].Parameter[0]"
+  - - "Rack::Lint::Wrapper::InputWrapper"
+    - "Rack::MethodOverride"
+    - "Method[method_override_param].ReturnValue"
+  - - "Rack::Lint::Wrapper::InputWrapper"
+    - "Rack::Request::Env"
+    - "Method[get_header].ReturnValue"
+  - - "Rack::Lint::Wrapper::InputWrapper"
+    - "Rack::Request::Env"
+    - "Method[set_header].ReturnValue"
+  - - "Rack::Lint::Wrapper::InputWrapper"
+    - "Rack::Request::Helpers"
+    - "Method[request_method].ReturnValue"
+  - - "Rack::Lint::Wrapper::InputWrapper"
+    - "Rack::Request::Helpers"
+    - "Method[content_type].ReturnValue"
+  - - "Rack::Lint::Wrapper::InputWrapper"
+    - "Rack::Request::Helpers"
+    - "Method[POST].ReturnValue"
+  - - "Rack::Lint::Wrapper::ErrorWrapper"
+    - "Rack::MethodOverride"
+    - "Method[method_override_param].ReturnValue"
+  - - "Rack::Lint::Wrapper::ErrorWrapper"
+    - "Rack::Request::Env"
+    - "Method[get_header].ReturnValue"
+  - - "Rack::Lint::Wrapper::ErrorWrapper"
+    - "Rack::Request::Env"
+    - "Method[set_header].ReturnValue"
+  - - "Rack::Lint::Wrapper::ErrorWrapper"
+    - "Rack::Request::Helpers"
+    - "Method[request_method].ReturnValue"
+  - - "Rack::Lint::Wrapper::ErrorWrapper"
+    - "Rack::Request::Helpers"
+    - "Method[content_type].ReturnValue"
+  - - "Rack::Lint::Wrapper::ErrorWrapper"
+    - "Rack::Request::Helpers"
+    - "Method[POST].ReturnValue"
+- "addsTo":
+    "extensible": "sourceModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Rack::Request"
+    - "Method[params].ReturnValue"
+    - "remote"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Rack::Files"
+    - "Method[filesize].Parameter[0]"
+    - "path-injection"
+  - - "Rack::Reloader"
+    - "Method[safe_load].Parameter[0]"
+    - "path-injection"
+  - - "Rack::Builder!"
+    - "Method[load_file].Parameter[0]"
+    - "path-injection"
+  - - "Rack::Builder!"
+    - "Method[parse_file].Parameter[0]"
+    - "path-injection"
+  - - "Rack::Builder!"
+    - "Method[new_from_string].Parameter[0]"
+    - "code-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Rack::MockResponse"
+    - "Method[=~]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Headers"
+    - "Method[downcase_key]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::QueryParser"
+    - "Method[normalize_params]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::QueryParser"
+    - "Method[_normalize_params]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::QueryParser"
+    - "Method[_normalize_params]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::QueryParser!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Events"
+    - "Method[make_response]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::MethodOverride"
+    - "Method[method_override]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Response"
+    - "Method[set_header]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Response"
+    - "Method[redirect]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Builder"
+    - "Method[map]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Builder"
+    - "Method[map]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Builder"
+    - "Method[run]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Builder"
+    - "Method[run]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Builder"
+    - "Method[run]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Builder"
+    - "Method[warmup]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Builder"
+    - "Method[warmup]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Builder"
+    - "Method[warmup]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Request::Env"
+    - "Method[set_header]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Request::Env"
+    - "Method[add_header]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Request::Helpers"
+    - "Method[[]=]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Request::Helpers"
+    - "Method[update_param]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Request::Helpers"
+    - "Method[script_name=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Request::Helpers"
+    - "Method[path_info=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Request::Helpers"
+    - "Method[host_with_port]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Request::Helpers"
+    - "Method[wrap_ipv6]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Request::Helpers"
+    - "Method[split_header]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Request::Helpers"
+    - "Method[allowed_scheme]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Multipart::ParamList"
+    - "Method[<<]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Multipart::ParamList!"
+    - "Method[normalize_params]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Multipart::Parser"
+    - "Method[dequote]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Multipart::Parser"
+    - "Method[normalize_filename]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Multipart::Parser"
+    - "Method[tag_multipart_encoding]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Cascade"
+    - "Method[add]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::CommonLogger"
+    - "Method[log]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::CommonLogger"
+    - "Method[log]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::CommonLogger"
+    - "Method[log]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::CommonLogger"
+    - "Method[log]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::CommonLogger"
+    - "Method[extract_content_length]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::ConditionalGet"
+    - "Method[fresh?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::ConditionalGet"
+    - "Method[fresh?]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::ConditionalGet"
+    - "Method[etag_matches?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::ConditionalGet"
+    - "Method[etag_matches?]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::ConditionalGet"
+    - "Method[modified_since?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Directory"
+    - "Method[filesize_format]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::ETag"
+    - "Method[etag_status?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Sendfile"
+    - "Method[variation]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Sendfile"
+    - "Method[map_accel_path]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Mime"
+    - "Method[match?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Mime"
+    - "Method[match?]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Mime"
+    - "Method[mime_type]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Utils"
+    - "Method[best_q_match]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Utils"
+    - "Method[select_best_encoding]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Utils"
+    - "Method[set_cookie_header!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Multipart::Generator"
+    - "Method[content_for_tempfile]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Multipart::Generator"
+    - "Method[content_for_other]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Multipart::Generator"
+    - "Method[content_for_other]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Response::Raw"
+    - "Method[set_header]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Response::Helpers"
+    - "Method[location=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Response::Helpers"
+    - "Method[append]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Response::Helpers"
+    - "Method[add_header]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Response::Helpers"
+    - "Method[etag=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Response::Helpers"
+    - "Method[content_type=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Response::Helpers"
+    - "Method[set_cookie_header=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Response::Helpers"
+    - "Method[cache_control=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Multipart::Parser::Collector"
+    - "Method[on_mime_body]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Auth::AbstractRequest!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Config!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Config!"
+    - "Method[new]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::CommonLogger!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::ConditionalGet!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::ContentLength!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::ContentType!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Deflater!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::ETag!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Head!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Events!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Lint!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Events::EventedBodyProxy!"
+    - "Method[new]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Events::BufferedResponse!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::MethodOverride!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Deflater::GzipStream!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::MockRequest!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Files::BaseIterator!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Multipart::UploadedFile!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Multipart::UploadedFile!"
+    - "Method[new]"
+    - "Argument[4]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Multipart::UploadedFile!"
+    - "Method[new]"
+    - "Argument[content_type:]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::NullLogger!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::RewindableInput::Middleware!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Recursive!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Runtime!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::ShowExceptions!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Lint::Wrapper::InputWrapper!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::TempfileReaper!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Lint::Wrapper::ErrorWrapper!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Response::Raw!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/rb-readline/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/rb-readline/model.yml
@@ -0,0 +1,548 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Installer"
+    - "ToplevelInstaller"
+    - "Method[init_installers].ReturnValue"
+  - - "ConfigTable::BoolItem"
+    - "ConfigTable"
+    - "Method[add].ReturnValue"
+  - - "ConfigTable::BoolItem"
+    - "ConfigTable"
+    - "Method[add].Parameter[0]"
+  - - "ConfigTable::BoolItem"
+    - "ConfigTable::MetaConfigEnvironment"
+    - "Method[add_bool_config].ReturnValue"
+  - - "ConfigTable::PathItem"
+    - "ConfigTable"
+    - "Method[add].ReturnValue"
+  - - "ConfigTable::PathItem"
+    - "ConfigTable"
+    - "Method[add].Parameter[0]"
+  - - "ConfigTable::PathItem"
+    - "ConfigTable::MetaConfigEnvironment"
+    - "Method[add_path_config].ReturnValue"
+  - - "ConfigTable::ExecItem"
+    - "ConfigTable"
+    - "Method[add].ReturnValue"
+  - - "ConfigTable::PackageSelectionItem"
+    - "ConfigTable"
+    - "Method[add].ReturnValue"
+  - - "Installer::Shebang"
+    - "Installer"
+    - "Method[new_shebang].ReturnValue"
+  - - "Installer::Shebang"
+    - "Installer::Shebang!"
+    - "Method[parse].ReturnValue"
+  - - "Installer::Shebang"
+    - "Installer::Shebang!"
+    - "Method[load].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "RbReadline"
+    - "Method[rl_completion_matches].Parameter[1]"
+    - "code-injection"
+  - - "RbReadline"
+    - "Method[rl_variable_bind].Parameter[1]"
+    - "code-injection"
+  - - "ConfigTable"
+    - "Method[load_script].Parameter[0]"
+    - "path-injection"
+  - - "FileOperations"
+    - "Method[install].Parameter[0]"
+    - "path-injection"
+  - - "FileOperations"
+    - "Method[install].Parameter[1]"
+    - "path-injection"
+  - - "FileOperations"
+    - "Method[remove_tree0].Parameter[0]"
+    - "path-injection"
+  - - "FileOperations"
+    - "Method[move_file].Parameter[1]"
+    - "path-injection"
+  - - "FileOperations"
+    - "Method[move_file].Parameter[0]"
+    - "path-injection"
+  - - "FileOperations"
+    - "Method[diff?].Parameter[1]"
+    - "path-injection"
+  - - "FileOperations"
+    - "Method[files_of].Parameter[0]"
+    - "path-injection"
+  - - "FileOperations"
+    - "Method[directories_of].Parameter[0]"
+    - "path-injection"
+  - - "Installer"
+    - "Method[update_shebang_line].Parameter[0]"
+    - "path-injection"
+  - - "Installer::Shebang!"
+    - "Method[load].Parameter[0]"
+    - "path-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "RbReadline"
+    - "Method[rl_filename_completion_function]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[rl_username_completion_function]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RbReadline"
+    - "Method[compute_lcd_of_matches]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "RbReadline"
+    - "Method[_rl_set_insert_mode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RbReadline"
+    - "Method[_rl_move_cursor_relative]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RbReadline"
+    - "Method[_rl_move_cursor_relative]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[_rl_move_vert]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RbReadline"
+    - "Method[rl_setstate]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[rl_unsetstate]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[rl_isstate]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[sh_set_lines_and_columns]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[rl_function_of_keyseq]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[rl_variable_bind]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "RbReadline"
+    - "Method[cr_faster]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[cr_faster]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[meta_char]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[ctrl_char]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[isprint]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[whitespace]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[w_offset]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "RbReadline"
+    - "Method[m_offset]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "RbReadline"
+    - "Method[update_line]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[update_line]"
+    - "Argument[4]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[update_line]"
+    - "Argument[5]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[_rl_col_width]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[_rl_col_width]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[endsrch_char]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[_rl_isearch_cleanup]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[_rl_clear_to_eol]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[space_to_eol]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[rl_delete_text]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[rl_delete_text]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[__rl_fix_point]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RbReadline"
+    - "Method[replace_history_data]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "RbReadline"
+    - "Method[_rl_char_value]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[rl_character_len]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[remove_duplicate_matches]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RbReadline"
+    - "Method[make_quoted_replacement]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RbReadline"
+    - "Method[printable_part]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RbReadline"
+    - "Method[_rl_internal_pager]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[history_arg_extract]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[trans]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RbReadline"
+    - "Method[history_search_pos]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "RbReadline"
+    - "Method[noninc_search_from_pos]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "RbReadline"
+    - "Method[_rl_nsearch_cleanup]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[stifle_history]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RbReadline"
+    - "Method[_rl_adjust_point]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[_rl_find_next_mbchar]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "RbReadline"
+    - "Method[_rl_find_next_mbchar]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[_rl_find_prev_mbchar]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "RbReadline"
+    - "Method[_rl_compare_chars]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[_rl_compare_chars]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "RbReadline"
+    - "Method[_rl_read_mbstring]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable"
+    - "Method[add]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "FileOperations"
+    - "Method[diff?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "HookScriptAPI"
+    - "Method[set_config]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "HookScriptAPI"
+    - "Method[srcfile]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ToplevelInstaller"
+    - "Method[valid_task?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ToplevelInstallerMulti"
+    - "Method[packages=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ToplevelInstallerMulti"
+    - "Method[extract_selection]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Installer"
+    - "Method[traverse]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Installer"
+    - "Method[new_shebang]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Installer"
+    - "Method[globs2re]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Installer"
+    - "Method[dive_into]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Installer::Shebang!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::MetaConfigEnvironment"
+    - "Method[add_config]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::MetaConfigEnvironment"
+    - "Method[set_config_default]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::MetaConfigEnvironment"
+    - "Method[declare_packages]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::MetaConfigEnvironment"
+    - "Method[add_bool_config]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::MetaConfigEnvironment"
+    - "Method[add_path_config]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::PathItem"
+    - "Method[check]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::PackageSelectionItem"
+    - "Method[check]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::Item"
+    - "Method[resolve]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ConfigTable::Item"
+    - "Method[set]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::Item"
+    - "Method[check]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::SelectItem"
+    - "Method[check]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ConfigTable::Item!"
+    - "Method[new]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::SelectItem!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "ConfigTable::ExecItem!"
+    - "Method[new]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::ExecItem!"
+    - "Method[new]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::PackageSelectionItem!"
+    - "Method[new]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::MetaConfigEnvironment!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Readline::History!"
+    - "Method[[]=]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Readline!"
+    - "Method[input=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Readline!"
+    - "Method[output=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Readline!"
+    - "Method[completion_proc=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Readline!"
+    - "Method[completion_case_fold=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Readline!"
+    - "Method[basic_word_break_characters=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Readline!"
+    - "Method[completer_word_break_characters=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Readline!"
+    - "Method[basic_quote_characters=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Readline!"
+    - "Method[completer_quote_characters=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Readline!"
+    - "Method[filename_quote_characters=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/redcarpet/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/redcarpet/model.yml
@@ -0,0 +1,112 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Redcarpet::Markdown"
+    - "Redcarpet::CLI!"
+    - "Method[parser_object].ReturnValue"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Redcarpet::Render::StripDown"
+    - "Method[table_cell]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redcarpet::Render::StripDown"
+    - "Method[header]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redcarpet::Render::StripDown"
+    - "Method[link]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redcarpet::Render::StripDown"
+    - "Method[link]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redcarpet::Render::StripDown"
+    - "Method[image]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redcarpet::Render::StripDown"
+    - "Method[image]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redcarpet::Render::StripDown"
+    - "Method[paragraph]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redcarpet::Render::StripDown"
+    - "Method[table]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redcarpet::Render::StripDown"
+    - "Method[table]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redcarpet::Render::StripDown"
+    - "Method[table_row]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redcarpet::Render::ManPage"
+    - "Method[list]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redcarpet::Render::ManPage"
+    - "Method[emphasis]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redcarpet::Render::ManPage"
+    - "Method[header]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redcarpet::Render::ManPage"
+    - "Method[paragraph]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redcarpet::Render::ManPage"
+    - "Method[normal_text]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redcarpet::Render::ManPage"
+    - "Method[block_code]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redcarpet::Render::ManPage"
+    - "Method[codespan]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redcarpet::Render::ManPage"
+    - "Method[double_emphasis]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redcarpet::Render::ManPage"
+    - "Method[list_item]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redcarpet::Render::Safe"
+    - "Method[html_escape]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/redis-namespace/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/redis-namespace/model.yml
@@ -0,0 +1,37 @@
+"extensions":
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Redis::Namespace"
+    - "Method[wrapped_send].Parameter[1]"
+    - "code-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Redis::Namespace"
+    - "Method[redis=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Namespace"
+    - "Method[ruby2_keywords_hash]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Namespace"
+    - "Method[clone_args]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Namespace"
+    - "Method[add_namespace]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Namespace"
+    - "Method[rem_namespace]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/redis-rb/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/redis-rb/model.yml
@@ -0,0 +1,871 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Redis"
+    - "Redis"
+    - "Method[with].Argument[block].Parameter[0]"
+  - - "Redis"
+    - "Redis::HashRing"
+    - "Method[add_node].Parameter[0]"
+  - - "Redis"
+    - "Redis::Commands::Transactions"
+    - "Method[watch].Argument[block].Parameter[0]"
+  - - "Redis::Cluster"
+    - "Redis"
+    - "Method[with].Argument[block].Parameter[0]"
+  - - "Redis::Cluster"
+    - "Redis::Commands::Transactions"
+    - "Method[watch].Argument[block].Parameter[0]"
+  - - "Redis::PipelinedConnection"
+    - "Redis::Commands::Transactions"
+    - "Method[watch].Argument[block].Parameter[0]"
+  - - "Redis::PipelinedConnection"
+    - "Redis::PipelinedConnection"
+    - "Method[pipelined].Argument[block].Parameter[0]"
+  - - "Redis::PipelinedConnection"
+    - "Redis::PipelinedConnection"
+    - "Method[synchronize].Argument[block].Parameter[0]"
+  - - "Redis::MultiConnection"
+    - "Redis::Commands::Transactions"
+    - "Method[watch].Argument[block].Parameter[0]"
+  - - "Redis::MultiConnection"
+    - "Redis::PipelinedConnection"
+    - "Method[pipelined].Argument[block].Parameter[0]"
+  - - "Redis::MultiConnection"
+    - "Redis::PipelinedConnection"
+    - "Method[synchronize].Argument[block].Parameter[0]"
+  - - "Redis::FutureNotReady"
+    - "Redis::Future"
+    - "Method[value].ReturnValue"
+  - - "Redis::FutureNotReady"
+    - "Redis::Future"
+    - "Method[_set].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Transactions"
+    - "Method[unwatch].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Transactions"
+    - "Method[exec].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Transactions"
+    - "Method[discard].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::PipelinedConnection"
+    - "Method[send_command].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::PipelinedConnection"
+    - "Method[send_blocking_command].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::MultiConnection"
+    - "Method[send_blocking_command].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands"
+    - "Method[call].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands"
+    - "Method[method_missing].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands"
+    - "Method[sentinel].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Bitmaps"
+    - "Method[setbit].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Bitmaps"
+    - "Method[getbit].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Bitmaps"
+    - "Method[bitcount].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Bitmaps"
+    - "Method[bitop].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Bitmaps"
+    - "Method[bitpos].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Cluster"
+    - "Method[cluster].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Cluster"
+    - "Method[asking].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Connection"
+    - "Method[select].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Connection"
+    - "Method[auth].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Connection"
+    - "Method[ping].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Connection"
+    - "Method[echo].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Geo"
+    - "Method[geoadd].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Geo"
+    - "Method[geohash].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Geo"
+    - "Method[georadius].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Geo"
+    - "Method[georadiusbymember].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Geo"
+    - "Method[geopos].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Geo"
+    - "Method[geodist].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Hashes"
+    - "Method[hlen].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Hashes"
+    - "Method[hset].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Hashes"
+    - "Method[hsetnx].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Hashes"
+    - "Method[hmset].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Hashes"
+    - "Method[mapped_hmset].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Hashes"
+    - "Method[hget].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Hashes"
+    - "Method[hmget].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Hashes"
+    - "Method[mapped_hmget].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Hashes"
+    - "Method[hrandfield].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Hashes"
+    - "Method[hdel].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Hashes"
+    - "Method[hexists].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Hashes"
+    - "Method[hincrby].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Hashes"
+    - "Method[hincrbyfloat].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Hashes"
+    - "Method[hkeys].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Hashes"
+    - "Method[hvals].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Hashes"
+    - "Method[hgetall].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Hashes"
+    - "Method[hscan].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::HyperLogLog"
+    - "Method[pfadd].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::HyperLogLog"
+    - "Method[pfcount].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::HyperLogLog"
+    - "Method[pfmerge].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[restore].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[copy].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[object].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[move].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[type].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[scan].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[persist].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[expire].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[expireat].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[ttl].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[pexpire].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[pexpireat].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[pttl].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[dump].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[migrate].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[del].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[unlink].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[exists].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[exists?].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[keys].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[randomkey].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[rename].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[renamenx].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[sort].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Keys"
+    - "Method[_scan].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[llen].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[lmove].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[blmove].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[lpush].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[lpushx].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[rpush].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[rpushx].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[lpop].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[rpop].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[rpoplpush].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[blpop].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[brpop].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[brpoplpush].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[blmpop].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[lmpop].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[lindex].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[linsert].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[lrange].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[lrem].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[lset].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[ltrim].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Lists"
+    - "Method[_bpop].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Pubsub"
+    - "Method[publish].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Pubsub"
+    - "Method[pubsub].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Scripting"
+    - "Method[script].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Scripting"
+    - "Method[eval].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Scripting"
+    - "Method[evalsha].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Scripting"
+    - "Method[_eval].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Server"
+    - "Method[config].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Server"
+    - "Method[client].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Server"
+    - "Method[debug].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Server"
+    - "Method[bgrewriteaof].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Server"
+    - "Method[bgsave].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Server"
+    - "Method[dbsize].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Server"
+    - "Method[flushall].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Server"
+    - "Method[flushdb].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Server"
+    - "Method[info].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Server"
+    - "Method[lastsave].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Server"
+    - "Method[save].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Server"
+    - "Method[slaveof].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Server"
+    - "Method[slowlog].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Server"
+    - "Method[sync].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Server"
+    - "Method[time].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Sets"
+    - "Method[scard].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Sets"
+    - "Method[sadd].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Sets"
+    - "Method[sadd?].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Sets"
+    - "Method[srem].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Sets"
+    - "Method[srem?].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Sets"
+    - "Method[spop].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Sets"
+    - "Method[srandmember].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Sets"
+    - "Method[smove].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Sets"
+    - "Method[sismember].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Sets"
+    - "Method[smismember].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Sets"
+    - "Method[smembers].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Sets"
+    - "Method[sdiff].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Sets"
+    - "Method[sdiffstore].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Sets"
+    - "Method[sinter].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Sets"
+    - "Method[sinterstore].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Sets"
+    - "Method[sunion].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Sets"
+    - "Method[sunionstore].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Sets"
+    - "Method[sscan].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zcard].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zadd].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zincrby].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zrem].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zpopmax].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zpopmin].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[bzmpop].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zmpop].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[bzpopmax].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[bzpopmin].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zscore].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zmscore].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zrandmember].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zrange].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zrangestore].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zrevrange].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zrank].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zrevrank].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zremrangebyrank].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zlexcount].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zrangebylex].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zrevrangebylex].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zrangebyscore].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zrevrangebyscore].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zremrangebyscore].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zcount].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zinter].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zinterstore].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zunion].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zunionstore].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zdiff].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zdiffstore].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[zscan].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[_zsets_operation].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::SortedSets"
+    - "Method[_zsets_operation_store].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Streams"
+    - "Method[xinfo].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Streams"
+    - "Method[xadd].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Streams"
+    - "Method[xtrim].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Streams"
+    - "Method[xdel].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Streams"
+    - "Method[xrange].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Streams"
+    - "Method[xrevrange].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Streams"
+    - "Method[xlen].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Streams"
+    - "Method[xread].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Streams"
+    - "Method[xgroup].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Streams"
+    - "Method[xreadgroup].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Streams"
+    - "Method[xack].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Streams"
+    - "Method[xclaim].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Streams"
+    - "Method[xautoclaim].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Streams"
+    - "Method[xpending].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Streams"
+    - "Method[_xread].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[set].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[get].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[decr].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[decrby].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[incr].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[incrby].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[incrbyfloat].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[setex].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[psetex].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[setnx].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[mset].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[mapped_mset].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[msetnx].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[mapped_msetnx].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[mget].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[mapped_mget].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[setrange].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[getrange].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[append].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[getset].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[getdel].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[getex].ReturnValue"
+  - - "Redis::Future"
+    - "Redis::Commands::Strings"
+    - "Method[strlen].ReturnValue"
+  - - "Redis::MultiFuture"
+    - "Redis::Commands::Transactions"
+    - "Method[multi].ReturnValue"
+  - - "Redis::MultiFuture"
+    - "Redis::PipelinedConnection"
+    - "Method[multi].ReturnValue"
+  - - "Redis::MultiFuture"
+    - "Redis::PipelinedConnection"
+    - "Method[synchronize].ReturnValue"
+  - - "Redis::Subscription"
+    - "Redis::Subscription!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "Lint::BlockingCommands::FakeDuration"
+    - "Redis::Distributed"
+    - "Method[blmove].Parameter[4]"
+  - - "Lint::BlockingCommands::FakeDuration"
+    - "Redis::Distributed"
+    - "Method[blmove].Parameter[timeout:]"
+  - - "Lint::BlockingCommands::FakeDuration"
+    - "Redis::Commands::Lists"
+    - "Method[blmove].Parameter[4]"
+  - - "Lint::BlockingCommands::FakeDuration"
+    - "Redis::Commands::Lists"
+    - "Method[blmove].Parameter[timeout:]"
+  - - "Lint::BlockingCommands::FakeDuration"
+    - "Redis::Commands::Lists"
+    - "Method[brpoplpush].Parameter[2]"
+  - - "Lint::BlockingCommands::FakeDuration"
+    - "Redis::Commands::Lists"
+    - "Method[brpoplpush].Parameter[timeout:]"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Redis"
+    - "Method[_subscription].Parameter[0]"
+    - "code-injection"
+  - - "Redis::Distributed"
+    - "Method[_eval].Parameter[0]"
+    - "code-injection"
+  - - "Redis::Distributed"
+    - "Method[on_each_node].Parameter[0]"
+    - "code-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "ConsistencyTester"
+    - "Method[check_consistency]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redis::Distributed"
+    - "Method[key_tag]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Redis::PipelinedConnection"
+    - "Method[send_command]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::PipelinedConnection"
+    - "Method[send_command]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::PipelinedConnection"
+    - "Method[send_blocking_command]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::PipelinedConnection"
+    - "Method[send_blocking_command]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::MultiConnection"
+    - "Method[send_blocking_command]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::MultiConnection"
+    - "Method[send_blocking_command]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Future"
+    - "Method[_set]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Commands::Hashes"
+    - "Method[hmget]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Commands::Hashes"
+    - "Method[hmget]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Commands::Keys"
+    - "Method[_scan]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Commands::Keys"
+    - "Method[_scan]"
+    - "Argument[6]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Commands::Lists"
+    - "Method[_bpop]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Commands::Lists"
+    - "Method[_bpop]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Commands::Strings"
+    - "Method[mget]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Commands::Strings"
+    - "Method[mget]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::MultiFuture"
+    - "Method[_set]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Subscription"
+    - "Method[subscribe]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Subscription"
+    - "Method[subscribe]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Subscription"
+    - "Method[unsubscribe]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Subscription"
+    - "Method[unsubscribe]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Subscription"
+    - "Method[psubscribe]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Subscription"
+    - "Method[psubscribe]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Subscription"
+    - "Method[punsubscribe]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Subscription"
+    - "Method[punsubscribe]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Subscription"
+    - "Method[message]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Subscription"
+    - "Method[message]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Subscription"
+    - "Method[pmessage]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Subscription"
+    - "Method[pmessage]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Distributed::CannotDistribute!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::PipelinedConnection!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Redis::Future!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/require_all/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/require_all/model.yml
@@ -0,0 +1,30 @@
+"extensions":
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "RequireAll"
+    - "Method[__require].Parameter[0]"
+    - "code-injection"
+  - - "RequireAll"
+    - "Method[__autoload].Parameter[1]"
+    - "path-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "SpecHelper"
+    - "Method[fixture_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "SpecHelper"
+    - "Method[fixture_path]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "SpecHelper"
+    - "Method[relative_fixture_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/rest-client/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/rest-client/model.yml
@@ -0,0 +1,246 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "String"
+    - "RestClient::Exception"
+    - "Method[http_body].ReturnValue"
+  - - "String"
+    - "RestClient::Response"
+    - "Method[body].ReturnValue"
+  - - "String"
+    - "RestClient::Response"
+    - "Method[to_s].ReturnValue"
+  - - "String"
+    - "RestClient::Response"
+    - "Method[to_str].ReturnValue"
+  - - "String"
+    - "RestClient::Response"
+    - "Method[body_truncated].ReturnValue"
+  - - "RestClient::Request"
+    - "RestClient::Request"
+    - "Method[process_result].Argument[block].Parameter[1]"
+  - - "RestClient::Windows::RootCerts"
+    - "RestClient::Windows::RootCerts!"
+    - "Method[instance].ReturnValue"
+  - - "RestClient::Response"
+    - "Helpers"
+    - "Method[response_from_res_double].ReturnValue"
+  - - "RestClient::Response"
+    - "RestClient::Request"
+    - "Method[process_result].ReturnValue"
+  - - "RestClient::Response"
+    - "RestClient::Request"
+    - "Method[process_result].Argument[block].Parameter[0]"
+  - - "RestClient::Response"
+    - "RestClient::Response"
+    - "Method[body].ReturnValue"
+  - - "RestClient::Response"
+    - "RestClient::Response"
+    - "Method[to_s].ReturnValue"
+  - - "RestClient::Response"
+    - "RestClient::AbstractResponse"
+    - "Method[return!].ReturnValue"
+  - - "RestClient::Response"
+    - "RestClient::Response!"
+    - "Method[create].ReturnValue"
+  - - "RestClient::Response"
+    - "RestClient::Response!"
+    - "Method[fix_encoding].Parameter[0]"
+  - - "RestClient::Response"
+    - "RestClient::Response!"
+    - "Method[fix_encoding].ReturnValue"
+  - - "RestClient::RawResponse"
+    - "RestClient::Request"
+    - "Method[process_result].ReturnValue"
+  - - "RestClient::RawResponse"
+    - "RestClient::AbstractResponse"
+    - "Method[return!].ReturnValue"
+  - - "RestClient::ParamsArray"
+    - "RestClient::Payload"
+    - "Method[generate].ReturnValue"
+  - - "RestClient::ParamsArray"
+    - "RestClient::Payload"
+    - "Method[generate].Parameter[0]"
+  - - "RestClient::ParamsArray"
+    - "RestClient::Payload::Streamed"
+    - "Method[build_stream].ReturnValue"
+  - - "RestClient::Payload::Streamed"
+    - "RestClient::Payload"
+    - "Method[generate].ReturnValue"
+  - - "RestClient::Payload::Streamed"
+    - "RestClient::Payload::Streamed"
+    - "Method[build_stream].ReturnValue"
+  - - "RestClient::Payload::Base"
+    - "RestClient::Payload"
+    - "Method[generate].ReturnValue"
+  - - "RestClient::Payload::Base"
+    - "RestClient::Payload::Streamed"
+    - "Method[build_stream].ReturnValue"
+  - - "RestClient::Payload::UrlEncoded"
+    - "RestClient::Payload"
+    - "Method[generate].ReturnValue"
+  - - "RestClient::Payload::UrlEncoded"
+    - "RestClient::Payload::Streamed"
+    - "Method[build_stream].ReturnValue"
+  - - "RestClient::Payload::Multipart"
+    - "RestClient::Payload"
+    - "Method[generate].ReturnValue"
+  - - "RestClient::Payload::Multipart"
+    - "RestClient::Payload::Streamed"
+    - "Method[build_stream].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "RestClient!"
+    - "Method[get].Parameter[0]"
+    - "request-forgery"
+  - - "RestClient!"
+    - "Method[delete].Parameter[0]"
+    - "request-forgery"
+  - - "RestClient!"
+    - "Method[head].Parameter[0]"
+    - "request-forgery"
+  - - "RestClient!"
+    - "Method[post].Parameter[0]"
+    - "request-forgery"
+  - - "RestClient!"
+    - "Method[put].Parameter[0]"
+    - "request-forgery"
+  - - "RestClient!"
+    - "Method[patch].Parameter[0]"
+    - "request-forgery"
+  - - "RestClient!"
+    - "Method[options].Parameter[0]"
+    - "request-forgery"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "RestClient::Request"
+    - "Method[process_url_params]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RestClient::Request"
+    - "Method[process_cookie_args!]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "RestClient::Request"
+    - "Method[process_cookie_args!]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "RestClient::Request"
+    - "Method[normalize_url]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RestClient::Request"
+    - "Method[normalize_method]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RestClient::Request"
+    - "Method[maybe_convert_extension]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RestClient!"
+    - "Method[create_log]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RestClient!"
+    - "Method[log=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RestClient!"
+    - "Method[add_before_execution_proc]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RestClient!"
+    - "Method[add_before_execution_proc]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "RestClient::Windows::RootCerts!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RestClient::Payload"
+    - "Method[generate]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RestClient::Payload::Streamed"
+    - "Method[build_stream]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RestClient::Response!"
+    - "Method[create]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RestClient::Response!"
+    - "Method[fix_encoding]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RestClient::Payload::Multipart"
+    - "Method[handle_key]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RestClient::Resource"
+    - "Method[concat_urls]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RestClient::Resource"
+    - "Method[concat_urls]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "RestClient::Resource!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "RestClient::Request!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RestClient::Payload::Base!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RestClient::Exception!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "RestClient::Exceptions::Timeout!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "RestClient::ServerBrokeConnection!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RestClient::SSLCertificateNotVerified!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/rollbar-gem/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/rollbar-gem/model.yml
@@ -0,0 +1,622 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "User"
+    - "HomeController"
+    - "Method[custom_current_user].ReturnValue"
+  - - "Rollbar::Configuration"
+    - "Rollbar::Plugin"
+    - "Method[configuration].ReturnValue"
+  - - "Rollbar::Item"
+    - "Rollbar::Notifier"
+    - "Method[build_item_with_payload].ReturnValue"
+  - - "Rollbar::Item"
+    - "Rollbar::Notifier"
+    - "Method[build_item].ReturnValue"
+  - - "Rollbar::LazyStore"
+    - "Rollbar::Notifier"
+    - "Method[reset!].ReturnValue"
+  - - "Rollbar::LazyStore"
+    - "Rollbar::Util!"
+    - "Method[deep_merge].ReturnValue"
+  - - "Rollbar::LoggerProxy"
+    - "Rollbar::Notifier"
+    - "Method[logger].ReturnValue"
+  - - "Rollbar::Notifier"
+    - "Rollbar::Notifier"
+    - "Method[scope!].ReturnValue"
+  - - "Rollbar::Delay::Sidekiq"
+    - "Rollbar::Configuration"
+    - "Method[use_sidekiq].ReturnValue"
+  - - "Rollbar::Delay::Sidekiq"
+    - "Rollbar::Configuration"
+    - "Method[use_sidekiq=].ReturnValue"
+  - - "Rollbar::JSON::JsOptionsState"
+    - "Rollbar::JSON::Value"
+    - "Method[to_json].Parameter[0]"
+  - - "Rollbar::Notifier::TraceWithBindings"
+    - "Rollbar::Notifier"
+    - "Method[trace_with_bindings].ReturnValue"
+  - - "Rollbar::Middleware::Js::SecureHeadersFalse"
+    - "Rollbar::Middleware::Js"
+    - "Method[secure_headers].ReturnValue"
+  - - "Rollbar::Middleware::Js::SecureHeaders3To5"
+    - "Rollbar::Middleware::Js"
+    - "Method[secure_headers].ReturnValue"
+  - - "Rollbar::Middleware::Js::SecureHeaders6"
+    - "Rollbar::Middleware::Js"
+    - "Method[secure_headers].ReturnValue"
+  - - "Delayed::Backend::Test::Job"
+    - "Delayed::Backend::Test::Job!"
+    - "Method[create].ReturnValue"
+  - - "Delayed::Backend::Test::Job"
+    - "Delayed::Backend::Test::Job!"
+    - "Method[create!].ReturnValue"
+- "addsTo":
+    "extensible": "sourceModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Rollbar::RequestDataExtractor"
+    - "Method[rollbar_request_cookies].ReturnValue"
+    - "remote"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Rollbar::Configuration"
+    - "Method[[]].Parameter[0]"
+    - "code-injection"
+  - - "Rollbar::LazyStore"
+    - "Method[method_missing].Parameter[0]"
+    - "code-injection"
+  - - "Rollbar::LoggerProxy"
+    - "Method[log].Parameter[0]"
+    - "code-injection"
+  - - "Rollbar::Notifier"
+    - "Method[update_file].Parameter[1]"
+    - "path-injection"
+  - - "Rollbar::Plugin"
+    - "Method[require_dependency].Parameter[0]"
+    - "path-injection"
+  - - "Rollbar::ConfiguredOptions"
+    - "Method[method_missing].Parameter[0]"
+    - "code-injection"
+  - - "Rollbar::LanguageSupport"
+    - "Method[const_get].Parameter[1]"
+    - "code-injection"
+  - - "Rollbar::Item::Backtrace"
+    - "Method[read_file].Parameter[0]"
+    - "path-injection"
+  - - "Rollbar::Middleware::Js"
+    - "Method[html_safe_if_needed].Parameter[0]"
+    - "html-injection"
+  - - "Rollbar::Util::Hash!"
+    - "Method[map_value].Parameter[1]"
+    - "code-injection"
+  - - "YAML!"
+    - "Method[load_dj].Parameter[0]"
+    - "path-injection"
+  - - "YAML!"
+    - "Method[load_dj].Parameter[0]"
+    - "unsafe-deserialization"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "HomeController"
+    - "Method[build_hash_with_locals]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "RollbarAPI"
+    - "Method[result]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "RollbarAPI"
+    - "Method[result]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "RollbarAPI"
+    - "Method[result]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "SinatraDummy"
+    - "Method[build_hash_with_locals]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "EncodingHelpers"
+    - "Method[force_to_ascii]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "FixtureHelpers"
+    - "Method[fixture_file]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Configuration"
+    - "Method[use_eventmachine=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Configuration"
+    - "Method[send_extra_frame_data=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Configuration"
+    - "Method[logger_level=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Configuration"
+    - "Method[hook]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Configuration"
+    - "Method[hook]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Item"
+    - "Method[scrub]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Item"
+    - "Method[add_access_token_to_payload]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::LazyStore"
+    - "Method[==]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Logger"
+    - "Method[blank?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Notifier"
+    - "Method[add_original_message]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Notifier"
+    - "Method[add_original_host]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Notifier"
+    - "Method[add_original_uuid]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Notifier"
+    - "Method[use_exception_level_filters?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Notifier"
+    - "Method[lookup_exception_level]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Notifier"
+    - "Method[log_and_return_item_data]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Notifier"
+    - "Method[pack_ruby260_bytes]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Notifier"
+    - "Method[failsafe_reason]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Notifier"
+    - "Method[failsafe_exception_reason]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Notifier"
+    - "Method[failsafe_body]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Plugin"
+    - "Method[execute]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Plugin"
+    - "Method[execute]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Plugin"
+    - "Method[revert]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Plugin"
+    - "Method[revert]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Plugin"
+    - "Method[dependency]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Plugin"
+    - "Method[dependency]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "DeployAPI::Report"
+    - "Method[valid_data?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "DeployAPI::Report"
+    - "Method[authorized?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::JSON"
+    - "Method[load]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::LanguageSupport"
+    - "Method[version?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::RequestDataExtractor"
+    - "Method[extract_person_data_from_controller]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::RequestDataExtractor"
+    - "Method[rollbar_request_method]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::RequestDataExtractor"
+    - "Method[rollbar_url]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::RequestDataExtractor"
+    - "Method[rollbar_user_ip]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::RequestDataExtractor"
+    - "Method[user_ip_at_configured_key]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::RequestDataExtractor"
+    - "Method[find_not_private_ip]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Encoding::Encoder"
+    - "Method[force_encoding]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Item::Frame"
+    - "Method[skip_extra_frame_data?]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Item::Frame"
+    - "Method[code_data]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Item::Frame"
+    - "Method[post_data]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Middleware::Rack"
+    - "Method[framework_error]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Middleware::Js"
+    - "Method[html_safe_if_needed]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Middleware::Js"
+    - "Method[html?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Middleware::Js"
+    - "Method[add_js?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Middleware::Js"
+    - "Method[add_js?]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Middleware::Js"
+    - "Method[build_response]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Middleware::Js"
+    - "Method[build_body_with_js]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Middleware::Js"
+    - "Method[add_person_data]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Middleware::Js"
+    - "Method[script_tag]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Middleware::Sinatra"
+    - "Method[framework_error]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Scrubbers::URL"
+    - "Method[ascii_encode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Scrubbers::URL"
+    - "Method[filter_user]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Scrubbers::URL"
+    - "Method[filter_password]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Scrubbers::URL"
+    - "Method[filter_query]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Scrubbers::URL"
+    - "Method[restore_square_brackets]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Scrubbers::URL"
+    - "Method[filter_key?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Scrubbers::URL"
+    - "Method[filter_key?]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Scrubbers::URL"
+    - "Method[filter_key?]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Scrubbers::URL"
+    - "Method[filter_key?]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Scrubbers::Params"
+    - "Method[call]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Scrubbers::Params"
+    - "Method[scrub]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Scrubbers::Params"
+    - "Method[rollbar_filtered_param_value]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Truncation::FramesStrategy"
+    - "Method[truncate_trace]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Truncation::MinBodyStrategy"
+    - "Method[truncate_trace_data]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Truncation::RemoveAnyKeyStrategy"
+    - "Method[extract_title]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Truncation::RemoveAnyKeyStrategy"
+    - "Method[extract_title_from_trace]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Truncation::RemoveExtraStrategy"
+    - "Method[delete_message_extra]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Truncation::RemoveExtraStrategy"
+    - "Method[delete_trace_chain_extra]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Truncation::RemoveExtraStrategy"
+    - "Method[delete_trace_extra]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Truncation::Mixin"
+    - "Method[select_frames]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Middleware::Rails::RollbarMiddleware"
+    - "Method[request_data=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Middleware::Rails::RollbarMiddleware"
+    - "Method[context]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Middleware::Js::SecureHeadersResolver"
+    - "Method[csp_needs_nonce?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Middleware::Js::SecureHeaders3To5"
+    - "Method[opt_out?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Middleware::Rails::ShowExceptions"
+    - "Method[extract_scope_from]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Encoding::Encoder!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Item::Frame!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Item!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::LoggerProxy!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::JSON::Value!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Middleware::Rack!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Middleware::Rails::RollbarMiddleware!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Middleware::Js!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Delayed::JobData!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Sidekiq!"
+    - "Method[skip_report?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Sidekiq!"
+    - "Method[job_hash_from_msg]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Truncation::RemoveAnyKeyStrategy!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Encoding!"
+    - "Method[encode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Util::Hash!"
+    - "Method[map_value]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Util::IPAnonymizer!"
+    - "Method[anonymize_ip]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Util::IPObfuscator!"
+    - "Method[obfuscate_ip]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Util!"
+    - "Method[deep_copy]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Util!"
+    - "Method[deep_copy]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rollbar::Util!"
+    - "Method[deep_merge]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Util!"
+    - "Method[truncate]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Util!"
+    - "Method[clone_obj]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rollbar::Util!"
+    - "Method[uuid_rollbar_url]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/ruby-jwt/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/ruby-jwt/model.yml
@@ -0,0 +1,127 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "JWT::Algos::AlgoWrapper"
+    - "JWT::Encode"
+    - "Method[resolve_algorithm].ReturnValue"
+  - - "JWT::Algos::AlgoWrapper"
+    - "JWT::Algos"
+    - "Method[create].ReturnValue"
+  - - "JWT::Configuration::Container"
+    - "JWT::Configuration"
+    - "Method[configuration].ReturnValue"
+  - - "JWT::Configuration::Container"
+    - "JWT::Configuration"
+    - "Method[configure].Argument[block].Parameter[0]"
+  - - "JWT::Configuration::JwkConfiguration"
+    - "JWT::Configuration::Container"
+    - "Method[reset!].ReturnValue"
+  - - "JWT::JWK::Set"
+    - "JWT::JWK::Set"
+    - "Method[select!].ReturnValue"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "JWT::Encode"
+    - "Method[resolve_algorithm]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "JWT::Decode"
+    - "Method[sort_by_alg_header]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "JWT::Decode"
+    - "Method[parse_and_decode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "JWT::X5cKeyFinder"
+    - "Method[parse_certificates]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "JWT::JWK::EC"
+    - "Method[[]=]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "JWT::JWK::EC"
+    - "Method[decode_octets]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "JWT::JWK::HMAC"
+    - "Method[[]=]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "JWT::JWK::KeyBase"
+    - "Method[[]=]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "JWT::JWK::KeyBase"
+    - "Method[==]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "JWT::JWK::KeyBase"
+    - "Method[<=>]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "JWT::JWK::RSA"
+    - "Method[[]=]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "JWT::Algos::HmacRbNaCl"
+    - "Method[key_for_rbnacl]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "JWT::Algos::AlgoWrapper!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "JWT::Decode!"
+    - "Method[new]"
+    - "Argument[4]"
+    - "ReturnValue"
+    - "value"
+  - - "JWT::Decode!"
+    - "Method[new]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "JWT::JWK::HMAC!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "JWT::JWK::KeyFinder!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "JWT::JWK::KeyBase!"
+    - "Method[inherited]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "JWT::JWK::KidAsKeyDigest!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "JWT::JWK::Thumbprint!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/ruby-pg/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/ruby-pg/model.yml
@@ -0,0 +1,217 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "PG::Connection"
+    - "PG::Connection"
+    - "Method[transaction].Argument[block].Parameter[0]"
+  - - "PG::Connection"
+    - "PG::TestingHelpers"
+    - "Method[run_with_scheduler].Argument[block].Parameter[0]"
+  - - "PG::Connection"
+    - "PG::TestingHelpers"
+    - "Method[run_with_gate].Argument[block].Parameter[0]"
+  - - "PG::Connection"
+    - "PG::TestingHelpers::PostgresServer"
+    - "Method[connect].ReturnValue"
+  - - "PG::Connection"
+    - "PG::BasicTypeRegistry::Checker"
+    - "Method[build_coder_maps].ReturnValue"
+  - - "PG::Connection"
+    - "PG!"
+    - "Method[connect].ReturnValue"
+  - - "PG::BasicTypeRegistry"
+    - "PG::BasicTypeRegistry::Checker"
+    - "Method[build_coder_maps].Parameter[1]"
+  - - "PG::BasicTypeRegistry"
+    - "PG::BasicTypeRegistry::Checker"
+    - "Method[build_coder_maps].Parameter[registry:]"
+  - - "PG::BasicTypeRegistry"
+    - "PG::BasicTypeRegistry"
+    - "Method[register_coder].ReturnValue"
+  - - "PG::BasicTypeRegistry"
+    - "PG::BasicTypeRegistry"
+    - "Method[register_type].ReturnValue"
+  - - "PG::BasicTypeRegistry"
+    - "PG::BasicTypeRegistry"
+    - "Method[alias_type].ReturnValue"
+  - - "PG::BasicTypeRegistry"
+    - "PG::BasicTypeRegistry"
+    - "Method[register_default_types].ReturnValue"
+  - - "PG::BasicTypeRegistry"
+    - "PG::BasicTypeMapForQueries!"
+    - "Method[new].Parameter[1]"
+  - - "PG::BasicTypeRegistry"
+    - "PG::BasicTypeMapForQueries!"
+    - "Method[new].Parameter[registry:]"
+  - - "PG::BasicTypeRegistry"
+    - "PG::BasicTypeMapBasedOnResult!"
+    - "Method[new].Parameter[1]"
+  - - "PG::BasicTypeRegistry"
+    - "PG::BasicTypeMapBasedOnResult!"
+    - "Method[new].Parameter[registry:]"
+  - - "PG::BasicTypeRegistry"
+    - "PG::BasicTypeMapForResults!"
+    - "Method[new].Parameter[1]"
+  - - "PG::BasicTypeRegistry"
+    - "PG::BasicTypeMapForResults!"
+    - "Method[new].Parameter[registry:]"
+  - - "PG::BasicTypeRegistry"
+    - "PG::BasicTypeRegistry::CoderMapsBundle!"
+    - "Method[new].Parameter[1]"
+  - - "PG::BasicTypeRegistry"
+    - "PG::BasicTypeRegistry::CoderMapsBundle!"
+    - "Method[new].Parameter[registry:]"
+  - - "Helpers::TcpGateSwitcher"
+    - "PG::TestingHelpers"
+    - "Method[run_with_gate].Argument[block].Parameter[1]"
+  - - "Helpers::TcpGateSwitcher"
+    - "PG::TestingHelpers"
+    - "Method[gate_setup].ReturnValue"
+  - - "PG::TestingHelpers::ConnStillUsableMatcher"
+    - "PG::TestingHelpers"
+    - "Method[still_be_usable].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "PG::Connection"
+    - "Method[copy_data].Parameter[0]"
+    - "command-injection"
+  - - "PG::Connection"
+    - "Method[async_connect_or_reset].Parameter[0]"
+    - "code-injection"
+  - - "PG::TestingHelpers"
+    - "Method[wait_for_polling_ok].Parameter[1]"
+    - "code-injection"
+  - - "PG::Coder"
+    - "Method[marshal_load].Parameter[0]"
+    - "unsafe-deserialization"
+  - - "PG::TestingHelpers::Loggable"
+    - "Method[log_and_run].Parameter[0]"
+    - "path-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "PG::TestingHelpers::PostgresServer"
+    - "Method[pg_bin_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "PG::BasicTypeRegistry::Checker"
+    - "Method[build_coder_maps]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "PG!"
+    - "Method[make_shareable]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "PG::TextDecoder::Date"
+    - "Method[decode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "PG::TextDecoder::JSON"
+    - "Method[decode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "PG::TextEncoder::Inet"
+    - "Method[encode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "PG::TextEncoder::Date"
+    - "Method[encode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "PG::TextEncoder::JSON"
+    - "Method[encode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "PG::TextEncoder::TimestampWithoutTimeZone"
+    - "Method[encode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "PG::TextEncoder::TimestampUtc"
+    - "Method[encode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "PG::TextEncoder::TimestampWithTimeZone"
+    - "Method[encode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Helpers::TcpGateScheduler::Connection"
+    - "Method[write]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Helpers::TcpGateScheduler::Connection"
+    - "Method[write]"
+    - "Argument[transfer_until:]"
+    - "ReturnValue"
+    - "value"
+  - - "Helpers::TcpGateScheduler::Connection"
+    - "Method[other_side_of?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Helpers::TcpGateScheduler::Connection"
+    - "Method[other_side_of?]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Helpers::TcpGateScheduler::Connection"
+    - "Method[read]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Helpers::TcpGateScheduler::Connection"
+    - "Method[read]"
+    - "Argument[transfer_until:]"
+    - "ReturnValue"
+    - "value"
+  - - "PG::Connection!"
+    - "Method[quote_connstr]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "PG::Connection!"
+    - "Method[connect_hash_to_string]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "PG::BasicTypeMapForResults::WarningTypeMap!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Helpers::TcpGateScheduler::Connection!"
+    - "Method[new]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "value"
+  - - "Helpers::TcpGateScheduler::Connection!"
+    - "Method[new]"
+    - "Argument[debug:]"
+    - "ReturnValue"
+    - "value"
+  - - "WalShipper::Dispatcher!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "PG::TestingHelpers::PostgresServer!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/rubyzip/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/rubyzip/model.yml
@@ -0,0 +1,617 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Time"
+    - "Zip::Entry"
+    - "Method[time].ReturnValue"
+  - - "Time"
+    - "Zip::Entry"
+    - "Method[time=].Parameter[0]"
+  - - "Time"
+    - "Zip::Entry"
+    - "Method[atime=].Parameter[0]"
+  - - "Time"
+    - "Zip::Entry"
+    - "Method[ctime=].Parameter[0]"
+  - - "Time"
+    - "Zip::Entry"
+    - "Method[atime].ReturnValue"
+  - - "Time"
+    - "Zip::Entry"
+    - "Method[ctime].ReturnValue"
+  - - "Time"
+    - "Zip::DOSTime!"
+    - "Method[from_time].Parameter[0]"
+  - - "Zip::DecryptedIo"
+    - "Zip::InputStream"
+    - "Method[get_decrypted_io].ReturnValue"
+  - - "Zip::Deflater"
+    - "Zip::OutputStream"
+    - "Method[init_next_entry].ReturnValue"
+  - - "Zip::Deflater"
+    - "Zip::OutputStream"
+    - "Method[get_compressor].ReturnValue"
+  - - "Zip::Entry"
+    - "Zip::Entry"
+    - "Method[create_file].Argument[block].Parameter[0]"
+  - - "Zip::Entry"
+    - "Zip::Entry"
+    - "Method[create_directory].Argument[block].Parameter[0]"
+  - - "Zip::Entry"
+    - "Zip::EntrySet"
+    - "Method[delete].ReturnValue"
+  - - "Zip::Entry"
+    - "Zip::EntrySet"
+    - "Method[delete].Parameter[0]"
+  - - "Zip::Entry"
+    - "Zip::EntrySet"
+    - "Method[include?].Parameter[0]"
+  - - "Zip::Entry"
+    - "Zip::File"
+    - "Method[add].Parameter[0]"
+  - - "Zip::Entry"
+    - "Zip::File"
+    - "Method[get_output_stream].Parameter[0]"
+  - - "Zip::Entry"
+    - "Zip::File"
+    - "Method[remove].ReturnValue"
+  - - "Zip::Entry"
+    - "Zip::File"
+    - "Method[check_entry_exists].ReturnValue"
+  - - "Zip::Entry"
+    - "Zip::InputStream"
+    - "Method[get_next_entry].ReturnValue"
+  - - "Zip::Entry"
+    - "Zip::InputStream"
+    - "Method[rewind].ReturnValue"
+  - - "Zip::Entry"
+    - "Zip::InputStream"
+    - "Method[open_entry].ReturnValue"
+  - - "Zip::Entry"
+    - "Zip::OutputStream"
+    - "Method[put_next_entry].Parameter[0]"
+  - - "Zip::Entry"
+    - "Zip::OutputStream"
+    - "Method[init_next_entry].Parameter[0]"
+  - - "Zip::Entry"
+    - "Zip::OutputStream"
+    - "Method[put_next_entry].ReturnValue"
+  - - "Zip::EntrySet"
+    - "Zip::EntrySet"
+    - "Method[dup].ReturnValue"
+  - - "Zip::TraditionalEncrypter"
+    - "Zip::OutputStream!"
+    - "Method[new].Parameter[2]"
+  - - "Zip::TraditionalEncrypter"
+    - "Zip::OutputStream!"
+    - "Method[new].Parameter[encrypter:]"
+  - - "Zip::TraditionalDecrypter"
+    - "Zip::InputStream!"
+    - "Method[new].Parameter[2]"
+  - - "Zip::TraditionalDecrypter"
+    - "Zip::InputStream!"
+    - "Method[new].Parameter[decrypter:]"
+  - - "Zip::ExtraField"
+    - "Zip::Entry"
+    - "Method[read_extra_field].ReturnValue"
+  - - "Zip::ExtraField"
+    - "Zip::File"
+    - "Method[get_output_stream].Parameter[3]"
+  - - "Zip::ExtraField"
+    - "Zip::File"
+    - "Method[get_output_stream].Parameter[extra:]"
+  - - "Zip::ExtraField"
+    - "Zip::Entry!"
+    - "Method[new].Parameter[extra:]"
+  - - "Zip::ExtraField"
+    - "Zip::Entry!"
+    - "Method[new].Parameter[9]"
+  - - "Zip::File"
+    - "ZipFileGenerator"
+    - "Method[write].ReturnValue"
+  - - "Zip::File"
+    - "ZipDialog"
+    - "Method[each].ReturnValue"
+  - - "Zip::File"
+    - "ZipDialog"
+    - "Method[refresh].ReturnValue"
+  - - "Zip::File"
+    - "ZipDialog"
+    - "Method[load].ReturnValue"
+  - - "Zip::File"
+    - "ZipDialog"
+    - "Method[zipfile].ReturnValue"
+  - - "Zip::File"
+    - "ZipDialog"
+    - "Method[add_files].ReturnValue"
+  - - "Zip::File"
+    - "ZipDialog"
+    - "Method[extract_files].ReturnValue"
+  - - "Zip::InputStream"
+    - "Zip::Entry"
+    - "Method[get_input_stream].ReturnValue"
+  - - "Zip::InputStream"
+    - "Zip::Entry"
+    - "Method[write_to_zip_output_stream].ReturnValue"
+  - - "Zip::PassThruCompressor"
+    - "Zip::OutputStream"
+    - "Method[init_next_entry].ReturnValue"
+  - - "Zip::PassThruCompressor"
+    - "Zip::OutputStream"
+    - "Method[get_compressor].ReturnValue"
+  - - "Zip::StreamableDirectory"
+    - "Zip::Entry"
+    - "Method[create_file].Argument[block].Parameter[0]"
+  - - "Zip::StreamableDirectory"
+    - "Zip::Entry"
+    - "Method[create_directory].Argument[block].Parameter[0]"
+  - - "Zip::StreamableDirectory"
+    - "Zip::File"
+    - "Method[remove].ReturnValue"
+  - - "Zip::StreamableDirectory"
+    - "Zip::File"
+    - "Method[check_entry_exists].ReturnValue"
+  - - "Zip::FileSystem::DirectoryIterator"
+    - "Zip::FileSystem::Dir"
+    - "Method[new].ReturnValue"
+  - - "Zip::FileSystem::DirectoryIterator"
+    - "Zip::FileSystem::Dir"
+    - "Method[open].Argument[block].Parameter[0]"
+  - - "Zip::FileSystem::File::Stat"
+    - "Zip::FileSystem::File"
+    - "Method[stat].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "ZipFileGenerator"
+    - "Method[recursively_deflate_directory].Parameter[0]"
+    - "path-injection"
+  - - "MainApp"
+    - "Method[open_zip].Parameter[0]"
+    - "path-injection"
+  - - "Zip::Entry"
+    - "Method[create_file].Parameter[0]"
+    - "path-injection"
+  - - "Zip::InputStream"
+    - "Method[get_io].Parameter[0]"
+    - "path-injection"
+  - - "Zip::FileSplit"
+    - "Method[split].Parameter[0]"
+    - "path-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "ZipFileGenerator"
+    - "Method[put_into_archive]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::CentralDirectory"
+    - "Method[write_to_stream]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::CentralDirectory"
+    - "Method[write_e_o_c_d]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::CentralDirectory"
+    - "Method[write_64_e_o_c_d]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::CentralDirectory"
+    - "Method[write_64_e_o_c_d]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::CentralDirectory"
+    - "Method[write_64_e_o_c_d]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::CentralDirectory"
+    - "Method[write_64_eocd_locator]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::CentralDirectory"
+    - "Method[write_64_eocd_locator]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::CentralDirectory"
+    - "Method[unpack_64_e_o_c_d]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::CentralDirectory"
+    - "Method[unpack_e_o_c_d]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::NullEncrypter"
+    - "Method[encrypt]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::Entry"
+    - "Method[<=>]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::Entry"
+    - "Method[compression_method=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::Entry"
+    - "Method[file_type_is?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::Entry"
+    - "Method[write_c_dir_entry]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::DOSTime"
+    - "Method[dos_equals]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::NullDecrypter"
+    - "Method[decrypt]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::EntrySet"
+    - "Method[<<]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::EntrySet"
+    - "Method[delete]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::EntrySet"
+    - "Method[to_key]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::TraditionalEncrypter"
+    - "Method[encode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::TraditionalEncrypter"
+    - "Method[header]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::TraditionalEncrypter"
+    - "Method[data_descriptor]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::TraditionalEncrypter"
+    - "Method[data_descriptor]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::TraditionalEncrypter"
+    - "Method[data_descriptor]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::TraditionalDecrypter"
+    - "Method[decode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::File"
+    - "Method[add]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::File"
+    - "Method[replace]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::InputStream"
+    - "Method[get_io]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::PassThruCompressor"
+    - "Method[<<]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::OutputStream"
+    - "Method[put_next_entry]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::FileSplit"
+    - "Method[get_segment_size_for_split]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::FileSplit"
+    - "Method[get_partial_zip_file_name]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::FileSplit"
+    - "Method[get_partial_zip_file_name]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::FileSplit"
+    - "Method[put_split_signature]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "ExtraField::UniversalTime"
+    - "Method[atime=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ExtraField::UniversalTime"
+    - "Method[ctime=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ExtraField::UniversalTime"
+    - "Method[mtime=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ExtraField::Unknown"
+    - "Method[merge]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ExtraField::Zip64"
+    - "Method[merge]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::FileSystem::DirectoryIterator"
+    - "Method[seek]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::FileSystem::File"
+    - "Method[expand_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::FileSystem::File"
+    - "Method[dirname]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::FileSystem::File"
+    - "Method[unix_mode_cmp]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::FileSystem::File"
+    - "Method[exists?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::FileSystem::File"
+    - "Method[directory?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::FileSystem::ZipFileNameMapper"
+    - "Method[expand_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::FileSystem::ZipFileNameMapper"
+    - "Method[expand_to_entry]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::DOSTime::JRubyCMP"
+    - "Method[<=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::DOSTime::JRubyCMP"
+    - "Method[>=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::IOExtras::AbstractInputStream"
+    - "Method[read]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::IOExtras::AbstractOutputStream"
+    - "Method[putc]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::IOExtras::FakeIO"
+    - "Method[kind_of?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::ExtraField::UniversalTime"
+    - "Method[atime=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::ExtraField::UniversalTime"
+    - "Method[ctime=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::ExtraField::UniversalTime"
+    - "Method[mtime=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::ExtraField::Unknown"
+    - "Method[merge]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::ExtraField::Zip64"
+    - "Method[merge]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::FileSystem::File::Stat"
+    - "Method[kind_of?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Zip::DecryptedIo!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::Deflater!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::Decompressor!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::Decompressor!"
+    - "Method[register]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::CentralDirectory!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::CompressionMethodError!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::DecompressionError!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ExtraField::NTFS!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::ExtraField::NTFS!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ExtraField::OldUnix!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::ExtraField::OldUnix!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::DestinationExistsError!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::EntryExistsError!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::EntryNameError!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::EntrySizeError!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::StreamingError!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ExtraField::IUnix!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::ExtraField::IUnix!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ExtraField::Zip64!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::ExtraField::Zip64!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::FileSystem::Dir!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::FileSystem::File!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::FileSystem::File::Stat!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::StreamableDirectory!"
+    - "Method[new]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "value"
+  - - "ZipFileGenerator!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::Dirtyable!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Zip::Dirtyable!"
+    - "Method[new]"
+    - "Argument[dirty_on_create:]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/sass-rails/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/sass-rails/model.yml
@@ -0,0 +1 @@
+"extensions": []
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/sentry-ruby/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/sentry-ruby/model.yml
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/sequel/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/sequel/model.yml
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/sidekiq/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/sidekiq/model.yml
@@ -0,0 +1,528 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Logger"
+    - "Sidekiq::Config"
+    - "Method[logger=].ReturnValue"
+  - - "Logger"
+    - "Sidekiq::Config"
+    - "Method[logger].ReturnValue"
+  - - "Logger"
+    - "Sidekiq::Web::CsrfProtection"
+    - "Method[logger].ReturnValue"
+  - - "Hash"
+    - "Sidekiq::Metrics::Query::JobResult"
+    - "Method[series_avg].ReturnValue"
+  - - "Sidekiq::Config"
+    - "Sidekiq!"
+    - "Method[configure_server].Argument[block].Parameter[0]"
+  - - "Sidekiq::Config"
+    - "Sidekiq!"
+    - "Method[configure_embed].Argument[block].Parameter[0]"
+  - - "Sidekiq::Config"
+    - "Sidekiq!"
+    - "Method[configure_client].Argument[block].Parameter[0]"
+  - - "Sidekiq::Config"
+    - "Sidekiq!"
+    - "Method[default_configuration].ReturnValue"
+  - - "Sidekiq::Config"
+    - "Sidekiq!"
+    - "Method[configure_embed].ReturnValue"
+  - - "Sidekiq::Client"
+    - "Sidekiq::Job::ClassMethods"
+    - "Method[build_client].ReturnValue"
+  - - "Sidekiq::Stats"
+    - "Sidekiq::Monitor::Status"
+    - "Method[stats].ReturnValue"
+  - - "Sidekiq::Stats"
+    - "Sidekiq::WebHelpers"
+    - "Method[stats].ReturnValue"
+  - - "Sidekiq::Embedded"
+    - "Sidekiq!"
+    - "Method[configure_embed].ReturnValue"
+  - - "Sidekiq::Logger"
+    - "Sidekiq::Config"
+    - "Method[logger].ReturnValue"
+  - - "Sidekiq::Logger"
+    - "Sidekiq!"
+    - "Method[logger].ReturnValue"
+  - - "Sidekiq::Logger"
+    - "Sidekiq::Component"
+    - "Method[logger].ReturnValue"
+  - - "Sidekiq::Logger"
+    - "Sidekiq::Job"
+    - "Method[logger].ReturnValue"
+  - - "Sidekiq::ProcessSet"
+    - "Sidekiq::Monitor::Status"
+    - "Method[process_set].ReturnValue"
+  - - "Sidekiq::ProcessSet"
+    - "Sidekiq::WebHelpers"
+    - "Method[processes].ReturnValue"
+  - - "Sidekiq::ProcessSet"
+    - "Sidekiq::WebHelpers"
+    - "Method[sorted_processes].ReturnValue"
+  - - "Sidekiq::Process"
+    - "Sidekiq::ProcessSet!"
+    - "Method[[]].ReturnValue"
+  - - "Sidekiq::WorkSet"
+    - "Sidekiq::WebHelpers"
+    - "Method[workset].ReturnValue"
+  - - "Sidekiq::Job::Setter"
+    - "Sidekiq::Job::ClassMethods"
+    - "Method[set].ReturnValue"
+  - - "Sidekiq::Middleware::Chain"
+    - "Sidekiq::Config"
+    - "Method[client_middleware].ReturnValue"
+  - - "Sidekiq::Middleware::Chain"
+    - "Sidekiq::Config"
+    - "Method[server_middleware].ReturnValue"
+  - - "Sidekiq::Middleware::Chain"
+    - "Sidekiq!"
+    - "Method[configure_server].ReturnValue"
+  - - "Sidekiq::Middleware::Chain"
+    - "Sidekiq!"
+    - "Method[configure_client].ReturnValue"
+  - - "Sidekiq::Middleware::Chain"
+    - "Sidekiq::Middleware::Chain"
+    - "Method[copy_for].ReturnValue"
+  - - "Sidekiq::Middleware::Chain"
+    - "Sidekiq::Middleware::Chain!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "Sidekiq::Rails::Reloader"
+    - "Sidekiq!"
+    - "Method[configure_server].ReturnValue"
+  - - "Sidekiq::RedisClientAdapter::CompatClient"
+    - "Sidekiq::RedisClientAdapter"
+    - "Method[new_client].ReturnValue"
+  - - "Sidekiq::Metrics::Query::Result"
+    - "Sidekiq::Metrics::Query"
+    - "Method[top_jobs].ReturnValue"
+  - - "Sidekiq::Metrics::Query::Result"
+    - "Sidekiq::Metrics::Query"
+    - "Method[for_job].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Sidekiq::CLI"
+    - "Method[parse_config].Parameter[0]"
+    - "path-injection"
+  - - "Sidekiq::Monitor::Status"
+    - "Method[display].Parameter[0]"
+    - "code-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Sidekiq::CLI"
+    - "Method[set_environment]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::Monitor::Status"
+    - "Method[delimit]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::Monitor::Status"
+    - "Method[split_multiline]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::Monitor::Status"
+    - "Method[tags_for]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::Config"
+    - "Method[on]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::Config"
+    - "Method[on]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::Config"
+    - "Method[logger=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::Config"
+    - "Method[register]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::Config"
+    - "Method[queues=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::Config"
+    - "Method[average_scheduled_poll_interval=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::Web::CsrfProtection"
+    - "Method[logger]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::Web::CsrfProtection"
+    - "Method[session]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::Web::CsrfProtection"
+    - "Method[decode_token]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::Metrics::Query::JobResult"
+    - "Method[add_hist]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::WebHelpers"
+    - "Method[truncate]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::WebHelpers"
+    - "Method[singularize]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::WebHelpers"
+    - "Method[t]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::WebHelpers"
+    - "Method[t]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebHelpers"
+    - "Method[busy_weights]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebHelpers"
+    - "Method[relative_time]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebHelpers"
+    - "Method[job_params]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebHelpers"
+    - "Method[job_params]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebHelpers"
+    - "Method[qparams]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebHelpers"
+    - "Method[to_query_string]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebHelpers"
+    - "Method[to_display]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebHelpers"
+    - "Method[format_memory]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebHelpers"
+    - "Method[number_with_delimiter]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::WebHelpers"
+    - "Method[retry_or_delete_or_kill]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebHelpers"
+    - "Method[delete_or_add_queue]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq!"
+    - "Method[load_json]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq!"
+    - "Method[dump_json]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq!"
+    - "Method[strict_args!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::RedisClientAdapter"
+    - "Method[client_opts]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::Metrics::Query::Result"
+    - "Method[prepend_bucket]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::JobRetry"
+    - "Method[retry_attempts_from]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::JobRetry"
+    - "Method[retry_attempts_from]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::JobRecord"
+    - "Method[parse]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::JobRecord"
+    - "Method[deserialize_argument]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::RingBuffer"
+    - "Method[<<]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::TransactionAwareClient"
+    - "Method[push]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::LoggingUtils"
+    - "Method[local_level=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::Scheduled::Poller"
+    - "Method[poll_interval_average]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::Scheduled::Poller"
+    - "Method[scaled_poll_interval]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::Logger::Formatters::Pretty"
+    - "Method[call]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::Logger::Formatters::Pretty"
+    - "Method[call]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::Logger::Formatters::WithoutTimestamp"
+    - "Method[call]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::Logger::Formatters::WithoutTimestamp"
+    - "Method[call]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::Job::Options::ClassMethods"
+    - "Method[sidekiq_retry_in]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::Job::Options::ClassMethods"
+    - "Method[sidekiq_retry_in]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::Job::Options::ClassMethods"
+    - "Method[sidekiq_retries_exhausted]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::Job::Options::ClassMethods"
+    - "Method[sidekiq_retries_exhausted]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::Deploy!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::Embedded!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::JobLogger!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::Stats::History!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::Queue!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::JobRecord!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::JobRecord!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::CurrentAttributes::Save!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::CurrentAttributes::Load!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::Metrics::Middleware!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::Rails::Reloader!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::SortedEntry!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::WebApplication!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::Web::CsrfProtection!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::WebRoute!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::Process!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::Context!"
+    - "Method[add]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Sidekiq::WebRouter"
+    - "Method[route]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebRouter"
+    - "Method[route]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebRouter"
+    - "Method[get]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebRouter"
+    - "Method[get]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebRouter"
+    - "Method[delete]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebRouter"
+    - "Method[delete]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebRouter"
+    - "Method[head]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebRouter"
+    - "Method[head]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebRouter"
+    - "Method[post]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebRouter"
+    - "Method[post]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebRouter"
+    - "Method[put]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebRouter"
+    - "Method[put]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebRouter"
+    - "Method[patch]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sidekiq::WebRouter"
+    - "Method[patch]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/sinatra/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/sinatra/model.yml
@@ -0,0 +1,489 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Hash"
+    - "Sinatra::ContentFor"
+    - "Method[content_blocks].ReturnValue"
+  - - "Module"
+    - "Sinatra::Namespace::SharedMethods"
+    - "Method[namespace].ReturnValue"
+  - - "Module"
+    - "Sinatra::Namespace!"
+    - "Method[new].ReturnValue"
+  - - "Sinatra::Base"
+    - "Sinatra::Base"
+    - "Method[process_route].Argument[block].Parameter[0]"
+  - - "Sinatra::Base"
+    - "Sinatra::Base!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "Parent"
+    - "Sinatra::Base"
+    - "Method[process_route].Argument[block].Parameter[0]"
+  - - "Parent"
+    - "Sinatra::Base!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "Subclass"
+    - "Sinatra::Base"
+    - "Method[process_route].Argument[block].Parameter[0]"
+  - - "Subclass"
+    - "Sinatra::Base!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "Sinatra::IndifferentHash"
+    - "Sinatra::IndifferentHash"
+    - "Method[merge!].ReturnValue"
+  - - "Sinatra::IndifferentHash"
+    - "Sinatra::IndifferentHash"
+    - "Method[compact].ReturnValue"
+  - - "Sinatra::IndifferentHash"
+    - "Sinatra::IndifferentHash"
+    - "Method[merge].ReturnValue"
+  - - "Sinatra::IndifferentHash"
+    - "Sinatra::ConfigFile"
+    - "Method[config_for_env].ReturnValue"
+  - - "Sinatra::IndifferentHash"
+    - "Sinatra::IndifferentHash!"
+    - "Method[[]].ReturnValue"
+  - - "Sinatra::Application"
+    - "Sinatra::Base"
+    - "Method[process_route].Argument[block].Parameter[0]"
+  - - "Sinatra::Application"
+    - "Sinatra::Base!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "BaseTest::TestApp"
+    - "Sinatra::Base"
+    - "Method[process_route].Argument[block].Parameter[0]"
+  - - "BaseTest::TestApp"
+    - "Sinatra::Base!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "BaseTest::TestKeywordArgumentInitializerApp"
+    - "Sinatra::Base"
+    - "Method[process_route].Argument[block].Parameter[0]"
+  - - "BaseTest::TestMiddleware"
+    - "Sinatra::Base"
+    - "Method[process_route].Argument[block].Parameter[0]"
+  - - "BaseTest::TestMiddleware"
+    - "Sinatra::Base!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "BaseTest::TestMiddlewareContentLength"
+    - "Sinatra::Base"
+    - "Method[process_route].Argument[block].Parameter[0]"
+  - - "BaseTest::TestMiddlewareContentLength"
+    - "Sinatra::Base!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "ExtensionsTest::BizzleApp"
+    - "Sinatra::Base"
+    - "Method[process_route].Argument[block].Parameter[0]"
+  - - "ExtensionsTest::BizzleApp"
+    - "Sinatra::Base!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "HelpersTest::HelpersOverloadingIncludeAndOverride"
+    - "Sinatra::Base"
+    - "Method[process_route].Argument[block].Parameter[0]"
+  - - "HelpersTest::HelpersOverloadingIncludeAndOverride"
+    - "Sinatra::Base!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "HelpersTest::ServerApp"
+    - "Sinatra::Base"
+    - "Method[process_route].Argument[block].Parameter[0]"
+  - - "HelpersTest::ServerApp"
+    - "Sinatra::Base!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "Sinatra::Request::AcceptEntry"
+    - "Sinatra::Request"
+    - "Method[preferred_type].ReturnValue"
+  - - "Sinatra::Cookies::Jar"
+    - "Sinatra::Cookies"
+    - "Method[cookies].ReturnValue"
+  - - "Sinatra::Helpers::Stream"
+    - "Sinatra::Helpers"
+    - "Method[body].ReturnValue"
+  - - "Sinatra::Helpers::Stream"
+    - "Sinatra::Helpers"
+    - "Method[body].Parameter[0]"
+  - - "Sinatra::Helpers::Stream"
+    - "Sinatra::Helpers"
+    - "Method[stream].ReturnValue"
+  - - "Sinatra::Extension::DontCall"
+    - "Sinatra::Extension"
+    - "Method[method_missing].ReturnValue"
+  - - "Sinatra::RespondWith::Format"
+    - "Sinatra::RespondWith::Format"
+    - "Method[finish].Argument[block].Parameter[0]"
+- "addsTo":
+    "extensible": "sourceModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Sinatra::Request"
+    - "Method[params].ReturnValue"
+    - "remote"
+  - - "Sinatra::Runner"
+    - "Method[get_https_url].ReturnValue"
+    - "remote"
+  - - "Sinatra::Runner"
+    - "Method[get_url].ReturnValue"
+    - "remote"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Sinatra::Templates"
+    - "Method[render].Parameter[0]"
+    - "code-injection"
+  - - "Sinatra::Namespace::NamespacedMethods"
+    - "Method[method_missing].Parameter[0]"
+    - "code-injection"
+  - - "Sinatra::Namespace::NamespacedMethods"
+    - "Method[invoke_hook].Parameter[0]"
+    - "code-injection"
+  - - "Sinatra::Namespace::NamespacedMethods"
+    - "Method[prefixed].Parameter[0]"
+    - "code-injection"
+  - - "Rack::Protection::EncryptedCookie::Marshal"
+    - "Method[decode].Parameter[0]"
+    - "unsafe-deserialization"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "OkJson"
+    - "Method[encode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "OkJson"
+    - "Method[unquote]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "OkJson"
+    - "Method[eat]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "OkJson"
+    - "Method[tok]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "OkJson"
+    - "Method[nulltok]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "OkJson"
+    - "Method[truetok]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "OkJson"
+    - "Method[falsetok]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "OkJson"
+    - "Method[abbrev]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "OkJson"
+    - "Method[subst]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "OkJson"
+    - "Method[subst]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "OkJson"
+    - "Method[surrogate?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "OkJson"
+    - "Method[valenc]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "OkJson"
+    - "Method[arrenc]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "OkJson"
+    - "Method[numenc]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sinatra::JSON"
+    - "Method[resolve_content_type]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sinatra::JSON"
+    - "Method[resolve_encoder]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sinatra::Templates"
+    - "Method[compile_template]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Sinatra::Namespace::NamespacedMethods"
+    - "Method[prefixed_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sinatra::Namespace::NamespacedMethods"
+    - "Method[prefixed_path]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Sinatra::Base!"
+    - "Method[force_encoding]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sinatra::IndifferentHash"
+    - "Method[convert_key]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sinatra::IndifferentHash"
+    - "Method[replace]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sinatra::IndifferentHash"
+    - "Method[convert_value]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sinatra::ConfigFile"
+    - "Method[config_for_env]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sinatra::ConfigFile"
+    - "Method[from_environment_key]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sinatra::Helpers::Stream"
+    - "Method[callback]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sinatra::Helpers::Stream"
+    - "Method[callback]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sinatra::Helpers"
+    - "Method[etag_matches?]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sinatra::Helpers"
+    - "Method[mime_type]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sinatra::Helpers"
+    - "Method[body]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sinatra::Helpers"
+    - "Method[body]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Sinatra::Helpers"
+    - "Method[body]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Sinatra::Helpers"
+    - "Method[uri]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sinatra::Helpers"
+    - "Method[content_type]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sinatra::Helpers"
+    - "Method[content_type]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sinatra::ShowExceptions"
+    - "Method[bad_request?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sinatra::Response"
+    - "Method[body=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sinatra::Capture"
+    - "Method[capture]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sinatra::Capture"
+    - "Method[capture]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sinatra::Reloader"
+    - "Method[after_reload]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sinatra::Reloader"
+    - "Method[after_reload]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sinatra::TestHelpers"
+    - "Method[app=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Protection::AuthenticityToken"
+    - "Method[decode_token]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Protection::AuthenticityToken"
+    - "Method[unmask_token]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Protection::AuthenticityToken"
+    - "Method[xor_byte_strings]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Protection::AuthenticityToken"
+    - "Method[set_token]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Protection::AuthenticityToken"
+    - "Method[real_token]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Protection::Base"
+    - "Method[session]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Protection::Base"
+    - "Method[origin]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Protection::EncryptedCookie"
+    - "Method[persistent_session_id!]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Protection::EncryptedCookie"
+    - "Method[secure?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Protection::FormToken"
+    - "Method[accepts?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Protection::EscapedParams"
+    - "Method[escape]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Protection::EscapedParams"
+    - "Method[handle]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Protection::EscapedParams"
+    - "Method[escape_hash]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Protection::EscapedParams"
+    - "Method[escape_string]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Protection::SessionHijacking"
+    - "Method[encode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Protection::EncryptedCookie::Base64"
+    - "Method[encode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Protection::EncryptedCookie::Identity"
+    - "Method[encode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Protection::EncryptedCookie::Identity"
+    - "Method[decode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sinatra::Reloader::Watcher::List"
+    - "Method[watch]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Rack::Protection::EncryptedCookie::Base64::JSON"
+    - "Method[encode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sinatra::ShowExceptions!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sinatra::Extension::DontCall!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Rack::Protection::Encryptor!"
+    - "Method[base64_encode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Sinatra::RespondWith!"
+    - "Method[jrubyify]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "TestEnvInspector!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Sinatra::Wrapper!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/spring/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/spring/model.yml
@@ -0,0 +1,178 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Spring::CommandWrapper"
+    - "Spring::Client::Binstub!"
+    - "Method[rails_command].ReturnValue"
+  - - "Spring::CommandWrapper"
+    - "Spring!"
+    - "Method[register_command].ReturnValue"
+  - - "Spring::Env"
+    - "Spring::Server"
+    - "Method[default_env].ReturnValue"
+  - - "Spring::Commands::RailsConsole"
+    - "Spring!"
+    - "Method[register_command].Parameter[1]"
+  - - "Spring::Commands::Rake"
+    - "Spring!"
+    - "Method[register_command].Parameter[1]"
+  - - "Spring::Commands::RailsGenerate"
+    - "Spring!"
+    - "Method[register_command].Parameter[1]"
+  - - "Spring::Commands::RailsDestroy"
+    - "Spring!"
+    - "Method[register_command].Parameter[1]"
+  - - "Spring::Commands::RailsRunner"
+    - "Spring!"
+    - "Method[register_command].Parameter[1]"
+  - - "Spring::Commands::RailsTest"
+    - "Spring!"
+    - "Method[register_command].Parameter[1]"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Spring::Client::Status"
+    - "Method[print_process].Parameter[0]"
+    - "command-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Spring!"
+    - "Method[watch_method=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Spring::Server"
+    - "Method[rails_env_for]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Spring::Commands::RailsConsole"
+    - "Method[env]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Spring::Commands::Rake"
+    - "Method[env]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Spring::Application"
+    - "Method[state]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Spring::ProcessTitleUpdater"
+    - "Method[pluralize]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Spring::OkJson"
+    - "Method[encode]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Spring::OkJson"
+    - "Method[unquote]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Spring::OkJson"
+    - "Method[eat]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Spring::OkJson"
+    - "Method[abbrev]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Spring::OkJson"
+    - "Method[subst]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Spring::OkJson"
+    - "Method[subst]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Spring::OkJson"
+    - "Method[surrogate?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Spring::OkJson"
+    - "Method[valenc]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Spring::OkJson"
+    - "Method[arrenc]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Spring::OkJson"
+    - "Method[numenc]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Spring::Client::Help"
+    - "Method[display]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Spring::Watcher::Abstract"
+    - "Method[on_debug]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Spring::Watcher::Abstract"
+    - "Method[on_debug]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Spring::Watcher::Abstract"
+    - "Method[on_stale]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Spring::Watcher::Abstract"
+    - "Method[on_stale]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "taint"
+  - - "Spring::Client::Help!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Spring::UnknownProject!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Spring::Env!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Spring::MissingApplication!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Spring::ProcessTitleUpdater!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Spring::ProcessTitleUpdater!"
+    - "Method[new]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/sqlite3-ruby/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/sqlite3-ruby/model.yml
@@ -0,0 +1,335 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Array"
+    - "SQLite3::Database"
+    - "Method[execute2].Argument[block].Parameter[0]"
+  - - "Array"
+    - "SQLite3::ResultSet"
+    - "Method[columns].ReturnValue"
+  - - "Array"
+    - "SQLite3::ResultSet"
+    - "Method[types].ReturnValue"
+  - - "Array"
+    - "SQLite3::Statement"
+    - "Method[columns].ReturnValue"
+  - - "Array"
+    - "SQLite3::Statement"
+    - "Method[types].ReturnValue"
+  - - "Array"
+    - "SQLite3::Statement"
+    - "Method[get_metadata].ReturnValue"
+  - - "SQLite3::Database"
+    - "SQLite3::Database"
+    - "Method[transaction].Argument[block].Parameter[0]"
+  - - "SQLite3::Database"
+    - "SQLite3::Database!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "SQLite3::ResultSet"
+    - "SQLite3::Database"
+    - "Method[query].ReturnValue"
+  - - "SQLite3::ResultSet"
+    - "SQLite3::Database"
+    - "Method[query].Argument[block].Parameter[0]"
+  - - "SQLite3::ResultSet"
+    - "SQLite3::Statement"
+    - "Method[execute].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Database"
+    - "Method[execute].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Database"
+    - "Method[query].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Database"
+    - "Method[query].Argument[block].Parameter[0]"
+  - - "SQLite3::Statement"
+    - "SQLite3::Database"
+    - "Method[prepare].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Database"
+    - "Method[execute2].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Statement"
+    - "Method[execute].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[stats].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[set_boolean_pragma].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[get_query_pragma].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[set_enum_pragma].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[set_int_pragma].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[application_id=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[auto_vacuum=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[automatic_index=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[busy_timeout=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[cache_size=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[cache_spill=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[case_sensitive_like=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[cell_size_check=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[checkpoint_fullfsync=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[collation_list].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[compile_options].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[count_changes=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[database_list].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[default_cache_size=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[default_synchronous=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[default_temp_store=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[defer_foreign_keys=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[encoding=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[foreign_key_check].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[foreign_key_list].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[foreign_keys=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[full_column_names=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[fullfsync=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[ignore_check_constraints=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[incremental_vacuum].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[index_info].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[index_list].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[index_xinfo].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[integrity_check].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[journal_mode=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[journal_size_limit=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[legacy_file_format=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[locking_mode=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[max_page_count=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[mmap_size=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[page_size=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[parser_trace=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[query_only=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[quick_check].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[read_uncommitted=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[recursive_triggers=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[reverse_unordered_selects=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[schema_cookie=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[schema_version=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[secure_delete=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[short_column_names=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[shrink_memory].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[soft_heap_limit=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[synchronous=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[temp_store=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[threads=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[user_cookie=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[user_version=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[vdbe_addoptrace=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[vdbe_debug=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[vdbe_listing=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[vdbe_trace=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[wal_autocheckpoint=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[wal_checkpoint=].ReturnValue"
+  - - "SQLite3::Statement"
+    - "SQLite3::Pragmas"
+    - "Method[writable_schema=].ReturnValue"
+  - - "SQLite3::Translator"
+    - "SQLite3::Database"
+    - "Method[translator].ReturnValue"
+  - - "TC_Integration_Aggregate::AccumulateAggregator"
+    - "SQLite3::Database"
+    - "Method[define_aggregator].Parameter[1]"
+  - - "TC_Integration_Aggregate::AccumulateAggregator2"
+    - "SQLite3::Database"
+    - "Method[define_aggregator].Parameter[1]"
+  - - "SQLite3::ResultSet::ArrayWithTypes"
+    - "SQLite3::ResultSet"
+    - "Method[each].Argument[block].Parameter[0]"
+  - - "SQLite3::ResultSet::ArrayWithTypes"
+    - "SQLite3::ResultSet"
+    - "Method[next].ReturnValue"
+  - - "SQLite3::ResultSet::ArrayWithTypesAndFields"
+    - "SQLite3::ResultSet"
+    - "Method[each].Argument[block].Parameter[0]"
+  - - "SQLite3::ResultSet::ArrayWithTypesAndFields"
+    - "SQLite3::ResultSet"
+    - "Method[next].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "SQLite3::Database"
+    - "Method[execute].Parameter[0]"
+    - "sql-injection"
+  - - "SQLite3::Database"
+    - "Method[execute2].Parameter[0]"
+    - "sql-injection"
+  - - "SQLite3::Database"
+    - "Method[query].Parameter[0]"
+    - "sql-injection"
+  - - "SQLite3::Database"
+    - "Method[get_first_row].Parameter[0]"
+    - "sql-injection"
+  - - "SQLite3::Database"
+    - "Method[get_first_value].Parameter[0]"
+    - "sql-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "SQLite3::Database"
+    - "Method[type_translation=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "SQLite3::Database"
+    - "Method[authorizer]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "SQLite3::Database"
+    - "Method[authorizer]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "SQLite3::Translator"
+    - "Method[add_translator]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "SQLite3::Translator"
+    - "Method[add_translator]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "SQLite3::Database::FunctionProxy"
+    - "Method[[]=]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "SQLite3::Value!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "SQLite3::ResultSet!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/therubyracer/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/therubyracer/model.yml
@@ -0,0 +1,112 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "V8::Array"
+    - "V8::Conversion::NativeObject"
+    - "Method[to_ruby].ReturnValue"
+  - - "V8::Function"
+    - "V8::Conversion::NativeObject"
+    - "Method[to_ruby].ReturnValue"
+  - - "V8::Object"
+    - "V8::Context"
+    - "Method[[]=].ReturnValue"
+  - - "V8::Object"
+    - "V8::Context"
+    - "Method[[]=].Parameter[1]"
+  - - "V8::Object"
+    - "V8::Context"
+    - "Method[enter].ReturnValue"
+  - - "V8::Object"
+    - "V8::Conversion::NativeObject"
+    - "Method[to_ruby].ReturnValue"
+  - - "V8::Context"
+    - "V8::Context!"
+    - "Method[new].Argument[block].Parameter[0]"
+  - - "V8::Context"
+    - "V8::Context!"
+    - "Method[current=].ReturnValue"
+  - - "V8::Error"
+    - "V8!"
+    - "Method[Error].ReturnValue"
+  - - "V8::Weak::Ref"
+    - "V8::Weak::WeakValueMap"
+    - "Method[[]=].ReturnValue"
+  - - "V8::Weak::WeakValueMap"
+    - "V8::Conversion::Identity"
+    - "Method[v8_idmap].ReturnValue"
+  - - "V8::Weak::WeakValueMap"
+    - "V8::Conversion::Identity"
+    - "Method[rb_idmap].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "V8::Context"
+    - "Method[load].Parameter[0]"
+    - "path-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "V8::Object"
+    - "Method[[]=]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "V8::Context"
+    - "Method[[]=]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "V8::Context"
+    - "Method[link]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "V8::Conversion::Identity"
+    - "Method[equate]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "V8::Conversion::Method::MethodCache"
+    - "Method[[]=]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "V8::Access::Invocation::Aritize"
+    - "Method[aritize]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "V8::Context!"
+    - "Method[current=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "V8::Conversion::Code::InvocationHandler!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "V8::Conversion::Constructor!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "V8::StackTrace!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "V8::Error!"
+    - "Method[new]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "V8::StackFrame!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/turbolinks-rails/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/turbolinks-rails/model.yml
@@ -0,0 +1,15 @@
+"extensions":
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Turbolinks::Redirection"
+    - "Method[visit_location_with_turbolinks]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Turbolinks::Redirection"
+    - "Method[store_turbolinks_location_in_session]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/tzinfo-data/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/tzinfo-data/model.yml
@@ -0,0 +1,98 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "TZInfo::Data::TZDataFixedOffsetRules"
+    - "TZInfo::Data::TZDataParser"
+    - "Method[get_rules].ReturnValue"
+  - - "TZInfo::Data::TZDataTransitions"
+    - "TZInfo::Data::TZDataZone"
+    - "Method[find_transitions].ReturnValue"
+  - - "TZInfo::Data::TZDataTransition"
+    - "TZInfo::Data::TZDataTransition"
+    - "Method[clone_with_at].ReturnValue"
+  - - "TZInfo::Data::TZDataActivatedRule"
+    - "TZInfo::Data::TZDataRule"
+    - "Method[activate].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "TZInfo::Data::TZDataParserUtils"
+    - "Method[open_file].Parameter[0]"
+    - "path-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "TZInfo::Data::TZDataParserUtils"
+    - "Method[quote_str]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "TZInfo::Data::TZDataTransitions"
+    - "Method[<<]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "TZInfo::Data::TZDataTransitions"
+    - "Method[quote_zone_id]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "TZInfo::Data::TZDataZone"
+    - "Method[add_observance]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "TZInfo::Data::TZDataRule"
+    - "Method[parse_letter]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "TZInfo::Data::TZDataRuleSet"
+    - "Method[add_rule]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "TZInfo::Data::TZDataFormat"
+    - "Method[expand]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "TZInfo::Data::TZDataCountry"
+    - "Method[add_zone]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "TZInfo::Data::TZDataRules!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "TZInfo::Data::TZDataFixedOffsetRules!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "TZInfo::Data::TZDataRule!"
+    - "Method[new]"
+    - "Argument[7]"
+    - "ReturnValue"
+    - "value"
+  - - "TZInfo::Data::TZDataDefinition!"
+    - "Method[indent]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "TZInfo::Data::TZDataLink!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "TZInfo::Data::TZDataFormat!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/unicorn/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/unicorn/model.yml
@@ -0,0 +1,514 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "Installer"
+    - "ToplevelInstaller"
+    - "Method[init_installers].ReturnValue"
+  - - "Unicorn::HttpServer"
+    - "Unicorn::HttpServer"
+    - "Method[start].ReturnValue"
+  - - "Unicorn::Worker"
+    - "Unicorn::HttpServer"
+    - "Method[worker_spawn].Parameter[0]"
+  - - "Unicorn::Worker"
+    - "Unicorn::HttpServer"
+    - "Method[worker_loop].Parameter[0]"
+  - - "Unicorn::TmpIO"
+    - "Unicorn::TeeInput"
+    - "Method[new_tmpio].ReturnValue"
+  - - "ConfigTable::BoolItem"
+    - "ConfigTable"
+    - "Method[add].ReturnValue"
+  - - "ConfigTable::BoolItem"
+    - "ConfigTable"
+    - "Method[add].Parameter[0]"
+  - - "ConfigTable::BoolItem"
+    - "ConfigTable::MetaConfigEnvironment"
+    - "Method[add_bool_config].ReturnValue"
+  - - "ConfigTable::PathItem"
+    - "ConfigTable"
+    - "Method[add].ReturnValue"
+  - - "ConfigTable::PathItem"
+    - "ConfigTable"
+    - "Method[add].Parameter[0]"
+  - - "ConfigTable::PathItem"
+    - "ConfigTable::MetaConfigEnvironment"
+    - "Method[add_path_config].ReturnValue"
+  - - "ConfigTable::ExecItem"
+    - "ConfigTable"
+    - "Method[add].ReturnValue"
+  - - "ConfigTable::PackageSelectionItem"
+    - "ConfigTable"
+    - "Method[add].ReturnValue"
+  - - "Installer::Shebang"
+    - "Installer"
+    - "Method[new_shebang].ReturnValue"
+  - - "Installer::Shebang"
+    - "Installer::Shebang!"
+    - "Method[parse].ReturnValue"
+  - - "Installer::Shebang"
+    - "Installer::Shebang!"
+    - "Method[load].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "ConfigTable"
+    - "Method[load_script].Parameter[0]"
+    - "path-injection"
+  - - "FileOperations"
+    - "Method[install].Parameter[0]"
+    - "path-injection"
+  - - "FileOperations"
+    - "Method[install].Parameter[1]"
+    - "path-injection"
+  - - "FileOperations"
+    - "Method[remove_tree0].Parameter[0]"
+    - "path-injection"
+  - - "FileOperations"
+    - "Method[move_file].Parameter[1]"
+    - "path-injection"
+  - - "FileOperations"
+    - "Method[move_file].Parameter[0]"
+    - "path-injection"
+  - - "FileOperations"
+    - "Method[diff?].Parameter[1]"
+    - "path-injection"
+  - - "FileOperations"
+    - "Method[files_of].Parameter[0]"
+    - "path-injection"
+  - - "FileOperations"
+    - "Method[directories_of].Parameter[0]"
+    - "path-injection"
+  - - "Installer"
+    - "Method[update_shebang_line].Parameter[0]"
+    - "path-injection"
+  - - "Unicorn::HttpServer"
+    - "Method[unlink_pid_safe].Parameter[0]"
+    - "path-injection"
+  - - "Unicorn::HttpServer"
+    - "Method[valid_pid?].Parameter[0]"
+    - "path-injection"
+  - - "Unicorn::HttpServer"
+    - "Method[redirect_io].Parameter[1]"
+    - "path-injection"
+  - - "Unicorn::Worker"
+    - "Method[user].Parameter[2]"
+    - "path-injection"
+  - - "Installer::Shebang!"
+    - "Method[load].Parameter[0]"
+    - "path-injection"
+  - - "Unicorn!"
+    - "Method[builder].Parameter[0]"
+    - "path-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "ConfigTable"
+    - "Method[add]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "FileOperations"
+    - "Method[diff?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "HookScriptAPI"
+    - "Method[set_config]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "HookScriptAPI"
+    - "Method[srcfile]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ToplevelInstaller"
+    - "Method[valid_task?]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ToplevelInstallerMulti"
+    - "Method[packages=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ToplevelInstallerMulti"
+    - "Method[extract_selection]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Installer"
+    - "Method[traverse]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Installer"
+    - "Method[new_shebang]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Installer"
+    - "Method[globs2re]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Installer"
+    - "Method[dive_into]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Unicorn::HttpServer"
+    - "Method[logger=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::HttpServer"
+    - "Method[check_client_connection=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::HttpServer"
+    - "Method[pid=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::HttpServer"
+    - "Method[client_body_buffer_size=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::HttpServer"
+    - "Method[e100_response_write]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Unicorn::Worker"
+    - "Method[==]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Unicorn::Worker"
+    - "Method[tick=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Installer::Shebang!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::TeeInput"
+    - "Method[tee]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::MetaConfigEnvironment"
+    - "Method[add_config]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::MetaConfigEnvironment"
+    - "Method[set_config_default]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::MetaConfigEnvironment"
+    - "Method[declare_packages]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::MetaConfigEnvironment"
+    - "Method[add_bool_config]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::MetaConfigEnvironment"
+    - "Method[add_path_config]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::PathItem"
+    - "Method[check]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::PackageSelectionItem"
+    - "Method[check]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[logger]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[early_hints]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[before_fork]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[before_fork]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[after_fork]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[after_fork]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[after_worker_exit]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[after_worker_exit]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[after_worker_ready]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[after_worker_ready]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[before_exec]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[before_exec]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[timeout]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[worker_exec]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[worker_processes]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[default_middleware]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[listeners]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[listen]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Unicorn::Configurator"
+    - "Method[pid]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[preload_app]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[rewindable_input]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[client_body_buffer_size]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[check_client_connection]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[stderr_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[stdout_path]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[working_directory]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Unicorn::Configurator"
+    - "Method[expand_addr]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[set_int]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[set_path]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[check_bool]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[set_bool]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::Configurator"
+    - "Method[set_hook]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::StreamInput"
+    - "Method[read]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::HttpResponse"
+    - "Method[append_header]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Unicorn::HttpResponse"
+    - "Method[append_header]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "Unicorn::HttpResponse"
+    - "Method[append_header]"
+    - "Argument[2]"
+    - "ReturnValue"
+    - "taint"
+  - - "ConfigTable::Item"
+    - "Method[resolve]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "ConfigTable::Item"
+    - "Method[set]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::Item"
+    - "Method[check]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::SelectItem"
+    - "Method[check]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Unicorn::SocketHelper"
+    - "Method[accf_arg]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "Unicorn::SocketHelper"
+    - "Method[bind_listen]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::SocketHelper"
+    - "Method[sock_name]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::HttpParser!"
+    - "Method[check_client_connection=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::HttpParser!"
+    - "Method[input_class=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::PrereadInput!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::TeeInput!"
+    - "Method[client_body_buffer_size=]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::Item!"
+    - "Method[new]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::SelectItem!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "taint"
+  - - "ConfigTable::ExecItem!"
+    - "Method[new]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::ExecItem!"
+    - "Method[new]"
+    - "Argument[block]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::PackageSelectionItem!"
+    - "Method[new]"
+    - "Argument[3]"
+    - "ReturnValue"
+    - "value"
+  - - "ConfigTable::MetaConfigEnvironment!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "Unicorn::OobGC!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
--- a/ruby/ql/lib/codeql/ruby/frameworks/models/web-console/model.yml
+++ b/ruby/ql/lib/codeql/ruby/frameworks/models/web-console/model.yml
@@ -0,0 +1,94 @@
+"extensions":
+- "addsTo":
+    "extensible": "typeModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "WebConsole::ExceptionMapper"
+    - "WebConsole::ExceptionMapper!"
+    - "Method[find_binding].ReturnValue"
+  - - "WebConsole::Evaluator"
+    - "WebConsole::Session"
+    - "Method[switch_binding_to].ReturnValue"
+  - - "WebConsole::Request"
+    - "WebConsole::Middleware"
+    - "Method[create_regular_or_whiny_request].ReturnValue"
+  - - "WebConsole::Request"
+    - "WebConsole::Interceptor!"
+    - "Method[call].Parameter[0]"
+  - - "WebConsole::WhinyRequest"
+    - "WebConsole::Middleware"
+    - "Method[create_regular_or_whiny_request].ReturnValue"
+- "addsTo":
+    "extensible": "sinkModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "WebConsole::Testing::ERBPrecompiler"
+    - "Method[method_missing].Parameter[0]"
+    - "code-injection"
+  - - "WebConsole::Testing::ERBPrecompiler!"
+    - "Method[new].Parameter[0]"
+    - "path-injection"
+- "addsTo":
+    "extensible": "summaryModel"
+    "pack": "codeql/ruby-all"
+  "data":
+  - - "WebConsole::ExceptionMapper!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "WebConsole::ExceptionMapper!"
+    - "Method[find_binding]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "WebConsole::Evaluator"
+    - "Method[format_exception]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
+  - - "WebConsole::WhinyRequest"
+    - "Method[whine_unless]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "WebConsole::Permissions"
+    - "Method[coerce_network_to_ipaddr]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "WebConsole::Injector!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "WebConsole::Context!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "WebConsole::Middleware!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "WebConsole::Evaluator!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "WebConsole::Request::GetSecureIp!"
+    - "Method[new]"
+    - "Argument[1]"
+    - "ReturnValue"
+    - "value"
+  - - "WebConsole::SourceLocation!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "value"
+  - - "WebConsole::Testing::FakeMiddleware!"
+    - "Method[new]"
+    - "Argument[0]"
+    - "ReturnValue"
+    - "taint"
--- a/ruby/ql/lib/codeql/ruby/security/CodeInjectionCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/CodeInjectionCustomizations.qll
@@ -4,6 +4,7 @@ private import codeql.ruby.Concepts
 private import codeql.ruby.Frameworks
 private import codeql.ruby.dataflow.RemoteFlowSources
 private import codeql.ruby.dataflow.BarrierGuards
+private import codeql.ruby.frameworks.data.internal.ApiGraphModels

 /**
 * Provides default sources, sinks and sanitizers for detecting
@@ -36,6 +37,10 @@ module CodeInjection {
    DataFlow::FlowState getAFlowState() { result = [FlowState::substring(), FlowState::full()] }
  }

+  private class DataExtensionSqlExecutionSink extends Sink {
+    DataExtensionSqlExecutionSink() { this = ModelOutput::getASinkNode("code-injection").asSink() }
+  }
+
  /**
   * A sanitizer for "Code injection" vulnerabilities.
   */
--- a/ruby/ql/lib/codeql/ruby/security/CommandInjectionCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/CommandInjectionCustomizations.qll
@@ -9,6 +9,7 @@ private import codeql.ruby.dataflow.RemoteFlowSources
 private import codeql.ruby.Concepts
 private import codeql.ruby.Frameworks
 private import codeql.ruby.ApiGraphs
+private import codeql.ruby.frameworks.data.internal.ApiGraphModels

 module CommandInjection {
  /**
@@ -24,6 +25,10 @@ module CommandInjection {
   */
  abstract class Sink extends DataFlow::Node { }

+  private class DataExtensionSink extends Sink {
+    DataExtensionSink() { this = ModelOutput::getASinkNode("command-injection").asSink() }
+  }
+
  /**
   * A sanitizer for command-injection vulnerabilities.
   */
--- a/ruby/ql/lib/codeql/ruby/security/PathInjectionCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/PathInjectionCustomizations.qll
@@ -11,6 +11,7 @@ private import codeql.ruby.Concepts
 private import codeql.ruby.DataFlow
 private import codeql.ruby.dataflow.BarrierGuards
 private import codeql.ruby.dataflow.RemoteFlowSources
+private import codeql.ruby.frameworks.data.internal.ApiGraphModels

 module PathInjection {
  /**
@@ -23,6 +24,10 @@ module PathInjection {
   */
  abstract class Sink extends DataFlow::Node { }

+  private class DataExtensionSink extends Sink {
+    DataExtensionSink() { this = ModelOutput::getASinkNode("path-injection").asSink() }
+  }
+
  /**
   * A sanitizer for path injection vulnerabilities.
   */
--- a/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll
@@ -10,6 +10,7 @@ private import codeql.ruby.DataFlow
 private import codeql.ruby.dataflow.RemoteFlowSources
 private import codeql.ruby.Concepts
 private import codeql.ruby.dataflow.Sanitizers
+private import codeql.ruby.frameworks.data.internal.ApiGraphModels

 /**
 * Provides default sources, sinks and sanitizers for reasoning about
@@ -26,6 +27,10 @@ module ServerSideRequestForgery {
   */
  abstract class Sink extends DataFlow::Node { }

+  private class DataExtensionSink extends Sink {
+    DataExtensionSink() { this = ModelOutput::getASinkNode("request-forgery").asSink() }
+  }
+
  /**
   * A sanitizer for server side request forgery vulnerabilities.
   */
--- a/ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll
@@ -8,6 +8,7 @@ private import codeql.ruby.DataFlow
 private import codeql.ruby.dataflow.BarrierGuards
 private import codeql.ruby.dataflow.RemoteFlowSources
 private import codeql.ruby.ApiGraphs
+private import codeql.ruby.frameworks.data.internal.ApiGraphModels

 /**
 * Provides default sources, sinks and sanitizers for detecting SQL injection
@@ -20,6 +21,10 @@ module SqlInjection {
  /** A data flow sink for SQL injection vulnerabilities. */
  abstract class Sink extends DataFlow::Node { }

+  private class DataExtensionSqlExecutionSink extends Sink {
+    DataExtensionSqlExecutionSink() { this = ModelOutput::getASinkNode("sql-injection").asSink() }
+  }
+
  /** A sanitizer for SQL injection vulnerabilities. */
  abstract class Sanitizer extends DataFlow::Node { }

--- a/ruby/ql/lib/codeql/ruby/security/UnsafeDeserializationCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/UnsafeDeserializationCustomizations.qll
@@ -11,6 +11,7 @@ private import codeql.ruby.dataflow.RemoteFlowSources
 private import codeql.ruby.frameworks.ActiveJob
 private import codeql.ruby.frameworks.core.Module
 private import codeql.ruby.frameworks.core.Kernel
+private import codeql.ruby.frameworks.data.internal.ApiGraphModels

 module UnsafeDeserialization {
  /**
@@ -26,6 +27,10 @@ module UnsafeDeserialization {
   */
  abstract class Sink extends DataFlow::Node { }

+  private class DataExtensionSink extends Sink {
+    DataExtensionSink() { this = ModelOutput::getASinkNode("unsafe-deserialization").asSink() }
+  }
+
  /**
   * A sanitizer for unsafe deserialization vulnerabilities.
   */
--- a/ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll
@@ -11,6 +11,7 @@ private import codeql.ruby.dataflow.RemoteFlowSources
 private import codeql.ruby.dataflow.BarrierGuards
 private import codeql.ruby.dataflow.Sanitizers
 private import codeql.ruby.frameworks.ActionController
+private import codeql.ruby.frameworks.data.internal.ApiGraphModels

 /**
 * Provides default sources, sinks and sanitizers for detecting
@@ -28,6 +29,10 @@ module UrlRedirect {
   */
  abstract class Sink extends DataFlow::Node { }

+  private class DataExtensionSqlExecutionSink extends Sink {
+    DataExtensionSqlExecutionSink() { this = ModelOutput::getASinkNode("url-redirection").asSink() }
+  }
+
  /**
   * A sanitizer for "URL redirection" vulnerabilities.
   */
--- a/ruby/ql/lib/codeql/ruby/security/XSS.qll
+++ b/ruby/ql/lib/codeql/ruby/security/XSS.qll
@@ -13,6 +13,7 @@ private import codeql.ruby.frameworks.Rails
 private import codeql.ruby.dataflow.RemoteFlowSources
 private import codeql.ruby.dataflow.BarrierGuards
 private import codeql.ruby.dataflow.internal.DataFlowDispatch
+private import codeql.ruby.frameworks.data.internal.ApiGraphModels

 /**
 * Provides default sources, sinks and sanitizers for detecting
@@ -30,6 +31,10 @@ private module Shared {
   */
  abstract class Sink extends DataFlow::Node { }

+  private class DataExtensionSink extends Sink {
+    DataExtensionSink() { this = ModelOutput::getASinkNode("html-injection").asSink() }
+  }
+
  /**
   * A sanitizer for "server-side cross-site scripting" vulnerabilities.
   */
--- a/ruby/ql/src/queries/modeling/GenerateModel.ql
+++ b/ruby/ql/src/queries/modeling/GenerateModel.ql
@@ -0,0 +1,15 @@
+// TODO: metadata
+private import internal.Types
+private import internal.Sources
+private import internal.Sinks
+private import internal.Summaries
+
+query predicate typeModel = Types::typeModel/3;
+
+query predicate sourceModel = Sources::sourceModel/3;
+
+query predicate sinkModel = Sinks::sinkModel/3;
+
+query predicate summaryModel = Summaries::summaryModel/5;
+
+query predicate typeVariableModel(string name, string path) { none() }
--- a/ruby/ql/src/queries/modeling/internal/Sinks.qll
+++ b/ruby/ql/src/queries/modeling/internal/Sinks.qll
@@ -0,0 +1,138 @@
+private import ruby
+private import codeql.files.FileSystem
+private import codeql.ruby.dataflow.RemoteFlowSources
+private import codeql.ruby.security.CodeInjectionCustomizations
+private import codeql.ruby.security.CommandInjectionCustomizations
+private import codeql.ruby.security.XSS
+private import codeql.ruby.security.PathInjectionCustomizations
+private import codeql.ruby.security.ServerSideRequestForgeryCustomizations
+private import codeql.ruby.security.UnsafeDeserializationCustomizations
+private import codeql.ruby.security.UrlRedirectCustomizations
+private import codeql.ruby.security.SqlInjectionCustomizations
+private import Util as Util
+private import codeql.ruby.typetracking.TypeTracker
+
+// TODO: there is probably a more sensible central location for this module
+module Sinks {
+  private module Configs {
+    abstract class Kind extends string {
+      Kind() {
+        this =
+          [
+            "code-injection", "command-injection", "path-injection", "sql-injection",
+            "sql-injection", "request-forgery", "url-redirection", "unsafe-deserialization",
+            "html-injection"
+          ]
+      }
+
+      abstract DataFlow::Node getASink();
+
+      abstract DataFlow::Node getASanitizer();
+
+      string getKind() { result = this }
+    }
+
+    class CodeInjectionKind extends Kind {
+      CodeInjectionKind() { this = "code-injection" }
+
+      override DataFlow::Node getASink() { result instanceof CodeInjection::Sink }
+
+      override DataFlow::Node getASanitizer() { result instanceof CodeInjection::Sanitizer }
+    }
+
+    class CommandInjectionKind extends Kind {
+      CommandInjectionKind() { this = "command-injection" }
+
+      override DataFlow::Node getASink() { result instanceof CommandInjection::Sink }
+
+      override DataFlow::Node getASanitizer() { result instanceof CommandInjection::Sanitizer }
+    }
+
+    class PathInjectionKind extends Kind {
+      PathInjectionKind() { this = "path-injection" }
+
+      override DataFlow::Node getASink() { result instanceof PathInjection::Sink }
+
+      override DataFlow::Node getASanitizer() { result instanceof PathInjection::Sanitizer }
+    }
+
+    class SqlInjectionKind extends Kind {
+      SqlInjectionKind() { this = "sql-injection" }
+
+      override DataFlow::Node getASink() { result instanceof SqlInjection::Sink }
+
+      override DataFlow::Node getASanitizer() { result instanceof SqlInjection::Sanitizer }
+    }
+
+    class HtmlInjectionKind extends Kind {
+      HtmlInjectionKind() { this = "html-injection" }
+
+      override DataFlow::Node getASink() {
+        result instanceof ReflectedXss::Sink or result instanceof StoredXss::Sink
+      }
+
+      override DataFlow::Node getASanitizer() {
+        result instanceof ReflectedXss::Sanitizer or result instanceof StoredXss::Sanitizer
+      }
+    }
+
+    class RequestForgeryKind extends Kind {
+      RequestForgeryKind() { this = "request-forgery" }
+
+      override DataFlow::Node getASink() { result instanceof ServerSideRequestForgery::Sink }
+
+      override DataFlow::Node getASanitizer() {
+        result instanceof ServerSideRequestForgery::Sanitizer
+      }
+    }
+
+    class UrlRedirectionKind extends Kind {
+      UrlRedirectionKind() { this = "url-redirection" }
+
+      override DataFlow::Node getASink() { result instanceof UrlRedirect::Sink }
+
+      override DataFlow::Node getASanitizer() { result instanceof UrlRedirect::Sanitizer }
+    }
+
+    class UnsafeDeserializationKind extends Kind {
+      UnsafeDeserializationKind() { this = "unsafe-deserialization" }
+
+      override DataFlow::Node getASink() { result instanceof UnsafeDeserialization::Sink }
+
+      override DataFlow::Node getASanitizer() { result instanceof UnsafeDeserialization::Sanitizer }
+    }
+  }
+
+  private DataFlow::Node getTaintSinkOfKind(Configs::Kind kind) {
+    result.getLocation().getFile() instanceof Util::RelevantFile and
+    result = kind.getASink() and
+    // the sink is not a string literal
+    not exists(Ast::StringLiteral str |
+      str = result.asExpr().getExpr() and
+      // ensure there is no interpolation, as that is not a literal
+      not str.getComponent(_) instanceof Ast::StringInterpolationComponent
+    )
+  }
+
+  private predicate flowFromParameterToSink(
+    DataFlow::ParameterNode param, DataFlow::Node knownSink, Configs::Kind kind
+  ) {
+    knownSink = getTaintSinkOfKind(kind) and
+    param.flowsTo(knownSink) and
+    knownSink != param
+  }
+
+  predicate sinkModelFlowToKnownSink(string type, string path, string kind) {
+    exists(DataFlow::MethodNode methodNode, DataFlow::ParameterNode paramNode |
+      paramNode = methodNode.getParameter(_) and
+      flowFromParameterToSink(paramNode, _, kind)
+    |
+      type = Util::getAnAccessPathPrefix(methodNode) and
+      path = Util::getMethodParameterPath(methodNode, paramNode)
+    )
+  }
+
+  predicate sinkModel(string type, string path, string kind) {
+    sinkModelFlowToKnownSink(type, path, kind)
+  }
+}
--- a/ruby/ql/src/queries/modeling/internal/Sources.qll
+++ b/ruby/ql/src/queries/modeling/internal/Sources.qll
@@ -0,0 +1,42 @@
+private import ruby
+private import codeql.files.FileSystem
+private import codeql.ruby.dataflow.RemoteFlowSources
+private import codeql.ruby.security.CodeInjectionCustomizations
+private import codeql.ruby.security.CommandInjectionCustomizations
+private import codeql.ruby.security.XSS
+private import codeql.ruby.security.PathInjectionCustomizations
+private import codeql.ruby.security.ServerSideRequestForgeryCustomizations
+private import codeql.ruby.security.UnsafeDeserializationCustomizations
+private import codeql.ruby.security.UrlRedirectCustomizations
+private import codeql.ruby.security.SqlInjectionCustomizations
+private import Util as Util
+private import codeql.ruby.typetracking.TypeTracker
+
+// TODO: there is probably a more sensible central location for this module
+module Sources {
+  private DataFlow::Node getSourceOfKind(string kind) {
+    result.getLocation().getFile() instanceof Util::RelevantFile and
+    kind = "remote" and
+    result instanceof RemoteFlowSource
+  }
+
+  private predicate flowFromSourceToReturn(
+    DataFlow::LocalSourceNode source, DataFlow::MethodNode methodNode, string kind
+  ) {
+    source.flowsTo(methodNode.getAReturnNode()) and
+    source = getSourceOfKind(kind)
+  }
+
+  predicate sourceModelFlowFromKnownSource(string type, string path, string kind) {
+    exists(DataFlow::MethodNode methodNode, DataFlow::LocalSourceNode source |
+      flowFromSourceToReturn(source, methodNode, kind)
+    |
+      type = Util::getAnAccessPathPrefix(methodNode) and
+      path = Util::getMethodPath(methodNode) + ".ReturnValue"
+    )
+  }
+
+  predicate sourceModel(string type, string path, string kind) {
+    sourceModelFlowFromKnownSource(type, path, kind)
+  }
+}
--- a/ruby/ql/src/queries/modeling/internal/Summaries.qll
+++ b/ruby/ql/src/queries/modeling/internal/Summaries.qll
@@ -0,0 +1,60 @@
+private import ruby
+private import codeql.ruby.TaintTracking
+private import Util as Util
+
+module Summaries {
+  private module Config implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) { source instanceof DataFlow::ParameterNode }
+
+    predicate isSink(DataFlow::Node sink) { sink = any(DataFlow::MethodNode m).getAReturnNode() }
+  }
+
+  DataFlow::ParameterNode getAnyParameterNode(DataFlow::MethodNode methodNode) {
+    result =
+      [
+        methodNode.getParameter(_), methodNode.getKeywordParameter(_),
+        methodNode.getBlockParameter(), methodNode.getSelfParameter()
+      ]
+  }
+
+  private module ValueFlow {
+    import DataFlow::Global<Config>
+
+    predicate summaryModel(string type, string path, string input, string output) {
+      exists(DataFlow::MethodNode methodNode, DataFlow::ParameterNode paramNode |
+        methodNode.getLocation().getFile() instanceof Util::RelevantFile and
+        flow(paramNode, methodNode.getAReturnNode()) and
+        paramNode = getAnyParameterNode(methodNode)
+      |
+        type = Util::getAnAccessPathPrefix(methodNode) and
+        path = Util::getMethodPath(methodNode) and
+        input = Util::getArgumentPath(paramNode) and
+        output = "ReturnValue"
+      )
+    }
+  }
+
+  private module TaintFlow {
+    import TaintTracking::Global<Config>
+
+    predicate summaryModel(string type, string path, string input, string output) {
+      not ValueFlow::summaryModel(type, path, input, output) and
+      exists(DataFlow::MethodNode methodNode, DataFlow::ParameterNode paramNode |
+        methodNode.getLocation().getFile() instanceof Util::RelevantFile and
+        flow(paramNode, methodNode.getAReturnNode()) and
+        paramNode = getAnyParameterNode(methodNode)
+      |
+        type = Util::getAnAccessPathPrefix(methodNode) and
+        path = Util::getMethodPath(methodNode) and
+        input = Util::getArgumentPath(paramNode) and
+        output = "ReturnValue"
+      )
+    }
+  }
+
+  predicate summaryModel(string type, string path, string input, string output, string kind) {
+    ValueFlow::summaryModel(type, path, input, output) and kind = "value"
+    or
+    TaintFlow::summaryModel(type, path, input, output) and kind = "taint"
+  }
+}
--- a/ruby/ql/src/queries/modeling/internal/Types.qll
+++ b/ruby/ql/src/queries/modeling/internal/Types.qll
@@ -0,0 +1,160 @@
+private import ruby
+private import codeql.ruby.ApiGraphs
+private import Util as Util
+
+module Types {
+  private module Config implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) {
+      // TODO: construction of type values not using a "new" call
+      source.(DataFlow::CallNode).getMethodName() = "new"
+    }
+
+    predicate isSink(DataFlow::Node sink) { sink = any(DataFlow::MethodNode m).getAReturnNode() }
+  }
+
+  private import DataFlow::Global<Config>
+
+  private predicate methodReturnsType(DataFlow::MethodNode methodNode, DataFlow::ClassNode classNode) {
+    // ignore cases of initializing instance of self
+    not methodNode.getMethodName() = "initialize" and
+    exists(DataFlow::CallNode initCall |
+      flow(initCall, methodNode.getAReturnNode()) and
+      classNode.getAnImmediateReference().getAMethodCall() = initCall and
+      // constructed object does not have a type declared in test code
+      /*
+       * TODO: this may be too restrictive, e.g.
+       * - if a type is declared in both production and test code
+       * - if a built-in type is extended in test code
+       */
+
+      forall(Ast::ModuleBase classDecl | classDecl = classNode.getADeclaration() |
+        classDecl.getLocation().getFile() instanceof Util::RelevantFile
+      )
+    )
+  }
+
+  // `exprNode` is an instance of `classNode`
+  private predicate exprHasType(DataFlow::ExprNode exprNode, DataFlow::ClassNode classNode) {
+    exists(DataFlow::MethodNode methodNode, DataFlow::CallNode callNode |
+      methodReturnsType(methodNode, classNode) and
+      callNode.getATarget() = methodNode
+    |
+      exprNode.getALocalSource() = callNode
+    )
+    or
+    exists(DataFlow::MethodNode containingMethod |
+      classNode.getInstanceMethod(containingMethod.getMethodName()) = containingMethod
+    |
+      exprNode.getALocalSource() = containingMethod.getSelfParameter()
+    )
+  }
+
+  // extensible predicate typeModel(string type1, string type2, string path);
+  // the method node in type2 constructs an instance of classNode
+  private predicate typeModelReturns(string type1, string type2, string path) {
+    exists(DataFlow::MethodNode methodNode, DataFlow::ClassNode classNode |
+      methodNode.getLocation().getFile() instanceof Util::RelevantFile and
+      methodReturnsType(methodNode, classNode)
+    |
+      type1 = classNode.getQualifiedName() and
+      type2 = Util::getAnAccessPathPrefix(methodNode) and
+      path = Util::getMethodPath(methodNode) + ".ReturnValue"
+    )
+  }
+
+  private predicate methodTakesParameterOfType(
+    DataFlow::MethodNode methodNode, DataFlow::ClassNode classNode,
+    DataFlow::ParameterNode parameterNode
+  ) {
+    exists(DataFlow::CallNode callToMethodNode, DataFlow::LocalSourceNode argumentNode |
+      callToMethodNode.getATarget() = methodNode and
+      // positional parameter
+      exists(int paramIndex |
+        argumentNode.flowsTo(callToMethodNode.getArgument(paramIndex)) and
+        parameterNode = methodNode.getParameter(paramIndex)
+      )
+      or
+      // keyword parameter
+      exists(string kwName |
+        argumentNode.flowsTo(callToMethodNode.getKeywordArgument(kwName)) and
+        parameterNode = methodNode.getKeywordParameter(kwName)
+      )
+      or
+      // block parameter
+      argumentNode.flowsTo(callToMethodNode.getBlock()) and
+      parameterNode = methodNode.getBlockParameter()
+    |
+      // parameter directly from new call
+      argumentNode.(DataFlow::CallNode).getMethodName() = "new" and
+      classNode.getAnImmediateReference().getAMethodCall() = argumentNode
+      or
+      // parameter from indirect new call
+      exists(DataFlow::ExprNode argExpr |
+        exprHasType(argExpr, classNode) and
+        argumentNode.(DataFlow::CallNode).getATarget() = argExpr
+      )
+    )
+  }
+
+  private predicate typeModelParameters(string type1, string type2, string path) {
+    exists(
+      DataFlow::MethodNode methodNode, DataFlow::ClassNode classNode,
+      DataFlow::ParameterNode parameterNode
+    |
+      methodNode.getLocation().getFile() instanceof Util::RelevantFile and
+      methodTakesParameterOfType(methodNode, classNode, parameterNode)
+    |
+      type1 = classNode.getQualifiedName() and
+      type2 = Util::getAnAccessPathPrefix(methodNode) and
+      path = Util::getMethodParameterPath(methodNode, parameterNode)
+    )
+  }
+
+  // TODO: non-positional params for block arg parameters
+  private predicate methodYieldsType(
+    DataFlow::CallableNode callableNode, int argIdx, DataFlow::ClassNode classNode
+  ) {
+    exprHasType(callableNode.getABlockCall().getArgument(argIdx), classNode)
+  }
+
+  /*
+   * e.g. for
+   * ```rb
+   * class Foo
+   *  def initialize
+   *    // do some stuff...
+   *    if block_given?
+   *      yield self
+   *    end
+   *  end
+   *
+   *  def do_something
+   *    // do something else
+   *  end
+   * end
+   *
+   * Foo.new do |foo| foo.do_something end
+   * ```
+   *
+   * the parameter foo to the block is an instance of Foo.
+   */
+
+  private predicate typeModelBlockArgumentParameters(string type1, string type2, string path) {
+    exists(DataFlow::MethodNode methodNode, DataFlow::ClassNode classNode, int argIdx |
+      methodNode.getLocation().getFile() instanceof Util::RelevantFile and
+      methodYieldsType(methodNode, argIdx, classNode)
+    |
+      type1 = classNode.getQualifiedName() and
+      type2 = Util::getAnAccessPathPrefix(methodNode) and
+      path = Util::getMethodPath(methodNode) + ".Argument[block].Parameter[" + argIdx + "]"
+    )
+  }
+
+  predicate typeModel(string type1, string type2, string path) {
+    typeModelReturns(type1, type2, path)
+    or
+    typeModelParameters(type1, type2, path)
+    or
+    typeModelBlockArgumentParameters(type1, type2, path)
+  }
+}
--- a/ruby/ql/src/queries/modeling/internal/Util.qll
+++ b/ruby/ql/src/queries/modeling/internal/Util.qll
@@ -0,0 +1,67 @@
+private import ruby
+
+// `SomeClass#initialize` methods are usually called indirectly via
+// `SomeClass.new`, so we need to account for this when generating access paths
+private string getNormalizedMethodName(DataFlow::MethodNode methodNode) {
+  exists(string actualMethodName | actualMethodName = methodNode.getMethodName() |
+    if actualMethodName = "initialize" then result = "new" else result = actualMethodName
+  )
+}
+
+private string getAccessPathSuffix(Ast::MethodBase method) {
+  if method instanceof Ast::SingletonMethod or method.getName() = "initialize"
+  then result = "!"
+  else result = ""
+}
+
+string getAnAccessPathPrefix(DataFlow::MethodNode methodNode) {
+  exists(Ast::MethodBase method | method = methodNode.asExpr().getExpr() |
+    result =
+      method.getEnclosingModule().(Ast::ConstantWriteAccess).getAQualifiedName() +
+        getAccessPathSuffix(method)
+  )
+}
+
+class RelevantFile extends File {
+  RelevantFile() { not this.getRelativePath().regexpMatch(".*/?test(case)?s?/.*") }
+}
+
+string getMethodPath(DataFlow::MethodNode methodNode) {
+  result = "Method[" + getNormalizedMethodName(methodNode) + "]"
+}
+
+private string getParameterPath(DataFlow::ParameterNode paramNode) {
+  exists(Ast::Parameter param, string paramSpec |
+    param = paramNode.asParameter() and
+    (
+      paramSpec = param.getPosition().toString()
+      or
+      paramSpec = param.(Ast::KeywordParameter).getName() + ":"
+      or
+      param instanceof Ast::BlockParameter and
+      paramSpec = "block"
+    )
+  |
+    result = "Parameter[" + paramSpec + "]"
+  )
+}
+
+string getArgumentPath(DataFlow::ParameterNode paramNode) {
+  exists(Ast::Parameter param, string paramSpec |
+    param = paramNode.asParameter() and
+    (
+      paramSpec = param.getPosition().toString()
+      or
+      paramSpec = param.(Ast::KeywordParameter).getName() + ":"
+      or
+      param instanceof Ast::BlockParameter and
+      paramSpec = "block"
+    )
+  |
+    result = "Argument[" + paramSpec + "]"
+  )
+}
+
+string getMethodParameterPath(DataFlow::MethodNode methodNode, DataFlow::ParameterNode paramNode) {
+  result = getMethodPath(methodNode) + "." + getParameterPath(paramNode)
+}
--- a/ruby/scripts/generate_model.py
+++ b/ruby/scripts/generate_model.py
@@ -0,0 +1,146 @@
+#!/usr/bin/python3
+
+# This script generates a data extensions model for a given library in codeql database form
+# Currently only typeModels are generated
+# Requires `pyyaml`
+
+import sys
+import argparse
+import subprocess
+from pathlib import Path
+import tempfile
+import json
+import yaml
+
+
+def parse_args():
+    parser = argparse.ArgumentParser(
+        description="Generates a data extensions model from a Ruby CodeQL database"
+    )
+    parser.add_argument("database_path", help="filepath to a Ruby CodeQL database")
+    parser.add_argument(
+        "-o",
+        "--output",
+        required=False,
+        metavar="output_file",
+        help="if provided, the model will be written to this file",
+    )
+    parser.add_argument(
+        "-c",
+        "--codeql",
+        required=False,
+        metavar="codeql_command",
+        default="codeql",
+        help="if provided, use this command to invoke codeql",
+    )
+    parser.add_argument(
+        "-w",
+        "--overwrite",
+        action="store_true",
+        help="if provided, use this command to invoke codeql",
+    )
+    return parser.parse_args()
+
+
+def die(msg):
+    sys.stderr.write("Error: " + msg + "\n")
+    sys.exit(1)
+
+
+def main():
+    args = parse_args()
+
+    output_path = args.output
+    check_output_path(output_path, args.overwrite)
+
+    database_path = Path(args.database_path).absolute()
+    check_database_exists(database_path)
+
+    codeql_command = args.codeql.split(" ")
+    with tempfile.NamedTemporaryFile() as query_output_json_file:
+        run_codeql_query(codeql_command, database_path, query_output_json_file)
+        generate_output(query_output_json_file, output_path)
+
+
+def check_output_path(output_path, overwrite):
+    if output_path == None:
+        return  # STDOUT
+    p = Path(output_path).absolute()
+    if p.is_file() and not overwrite:
+        die("file already exists at: " + str(p))
+    elif p.is_dir():
+        die("specified output path is a directory: " + str(p))
+
+
+def check_database_exists(database_path):
+    if not database_path.exists():
+        die("database not found at: " + str(database_path))
+    elif not database_path.is_dir():
+        die("database not found at: " + str(database_path) + " - not a directory")
+    elif not database_path.joinpath("db-ruby").exists():
+        die("directory: " + str(database_path) + " doesn't look like a Ruby database")
+
+
+def run_codeql_query(codeql_command, database_path, query_output_json_file):
+    query_path = (
+        Path(__file__)
+        .parent.parent.joinpath("ql/src/queries/modeling/GenerateModel.ql")
+        .absolute()
+    )
+    with tempfile.NamedTemporaryFile() as bqrs_file:
+        subprocess.run(
+            codeql_command
+            + ["query", "run", "-d", database_path, "-o", bqrs_file.name, query_path]
+        )
+        subprocess.run(
+            codeql_command
+            + [
+                "bqrs",
+                "decode",
+                "--format",
+                "json",
+                "--output",
+                query_output_json_file.name,
+                bqrs_file.name,
+            ]
+        )
+
+
+def generate_output(query_output_json_file, output_path):
+    output_string = serialize_output(query_output_json_file)
+    if not output_path == None:
+        Path(output_path).write_text(output_string)
+    else:
+        print(output_string)
+
+
+def model_kinds():
+    return [
+        "typeModel",
+        "sourceModel",
+        "sinkModel",
+        "summaryModel",
+        "typeVariableModel",
+    ]
+
+
+def serialize_output(query_output_json_file):
+    parsed_json = json.load(query_output_json_file)
+    serialized_tuples = []
+    for extensible_type in model_kinds():
+        if not extensible_type in parsed_json:
+            continue
+        tuples = parsed_json[extensible_type]["tuples"]
+        if tuples:
+            serialized_tuples.append(serialize_type(tuples, extensible_type))
+    return yaml.dump({"extensions": serialized_tuples}, default_style='"')
+
+
+def serialize_type(tuples, extensible_type):
+    return {
+        "addsTo": {"pack": "codeql/ruby-all", "extensible": extensible_type},
+        "data": tuples,
+    }
+
+
+main()
Author	SHA1	Message	Date
Alex Ford	1cc711eb52	update models	2023-09-25 11:37:23 +01:00
Alex Ford	0f6ecc56f8	generated models	2023-08-28 17:17:00 +01:00
Alex Ford	9e6902b88f	add data extensions sinks to queries	2023-08-28 16:27:33 +01:00
Alex Ford	a1c35c5883	sources	2023-08-25 17:26:22 +01:00
Alex Ford	14ae0fadb2	reduce sinks	2023-08-25 17:25:56 +01:00
Alex Ford	4d75d356f5	Merge branch 'rb/extract-summaries' into rb/extract-everything	2023-08-25 17:20:57 +01:00
Alex Ford	d6e54cdb87	cleanup	2023-08-18 16:36:49 +01:00
Alex Ford	493087e12d	cleanup	2023-08-18 16:35:50 +01:00
Alex Ford	9e8c2615d0	wip	2023-08-18 16:35:50 +01:00
Alex Ford	d9d4a952da	summaries, basic	2023-08-18 16:35:50 +01:00
Alex Ford	dff4ec522b	Ruby: modgen - use proper global flow	2023-08-18 16:23:07 +01:00
Alex Ford	0822855fb2	temp	2023-08-14 16:20:57 +01:00
Alex Ford	4cfbdb1e85	temp	2023-08-14 13:12:22 +01:00
Alex Ford	3374c07688	Revert "typetracking too slow" This reverts commit `c13458b667`.	2023-08-11 12:57:13 +01:00
Alex Ford	c13458b667	typetracking too slow	2023-08-09 15:21:52 +01:00
Alex Ford	498d2e0cc7	working	2023-08-08 14:23:15 +01:00
Alex Ford	3b5c6b5afc	wip	2023-08-07 12:12:23 +01:00
Alex Ford	ae131bc132	wip	2023-08-01 16:43:28 +01:00
Alex Ford	804f08de5f	wip	2023-08-01 16:43:28 +01:00
Alex Ford	9f83c10c1e	basic autosink impl	2023-08-01 16:43:28 +01:00
Alex Ford	02bda3520d	WIP Sinks	2023-08-01 16:43:28 +01:00
Alex Ford	3c22b67db6	Ruby: modgen - factor out some more utility code	2023-08-01 16:43:13 +01:00
Alex Ford	adebd3836e	Ruby: modgen - factor out some utility code	2023-08-01 16:28:42 +01:00
Alex Ford	08dea125e2	Ruby: restrict type generation output to non-test code	2023-07-31 14:53:17 +01:00
Alex Ford	30bdd03df8	Ruby: generate_model.py - group output tuples	2023-07-28 17:04:41 +01:00
Alex Ford	7479401f98	Ruby: GenerateModel - split file	2023-07-26 16:22:25 +01:00
Alex Ford	3e8e32a52b	Ruby: GenerateModel - add missing stub predicates	2023-07-26 15:48:34 +01:00
Alex Ford	2e5053cdeb	Ruby: use pyyaml to generate models	2023-07-25 16:23:13 +01:00
Alex Ford	4089bc5517	Ruby: add a query and script for autogenerating typeModel definitions	2023-07-21 17:30:12 +01:00