diff --git a/ruby/ql/lib/codeql/ruby/ast/Expr.qll b/ruby/ql/lib/codeql/ruby/ast/Expr.qll index e932202e53fd..a49cafa82996 100644 --- a/ruby/ql/lib/codeql/ruby/ast/Expr.qll +++ b/ruby/ql/lib/codeql/ruby/ast/Expr.qll @@ -167,6 +167,8 @@ class StmtSequence extends Expr, TStmtSequence { */ class BodyStmt extends StmtSequence, TBodyStmt { final override Stmt getStmt(int n) { + synthChild(this, n, result) + or toGenerated(result) = rank[n + 1](Ruby::AstNode node, int i | node = getBodyStmtChild(this, i) and diff --git a/ruby/ql/lib/codeql/ruby/ast/Method.qll b/ruby/ql/lib/codeql/ruby/ast/Method.qll index 147782e3d08d..32c013d3ad6a 100644 --- a/ruby/ql/lib/codeql/ruby/ast/Method.qll +++ b/ruby/ql/lib/codeql/ruby/ast/Method.qll @@ -8,7 +8,7 @@ private import internal.TreeSitter private import internal.Method /** A callable. */ -class Callable extends StmtSequence, Expr, Scope, TCallable { +class Callable extends Expr, Scope, TCallable { /** Gets the number of parameters of this callable. */ final int getNumberOfParameters() { result = count(this.getAParameter()) } @@ -18,27 +18,25 @@ class Callable extends StmtSequence, Expr, Scope, TCallable { /** Gets the `n`th parameter of this callable. */ Parameter getParameter(int n) { none() } + BodyStmt getBody() { none() } + override AstNode getAChild(string pred) { result = super.getAChild(pred) or + pred = "getBody" and result = this.getBody() + or pred = "getParameter" and result = this.getParameter(_) } } /** A method. */ -class MethodBase extends Callable, BodyStmt, Scope, TMethodBase { +class MethodBase extends Callable, Scope, TMethodBase { /** Gets the name of this method. */ string getName() { none() } /** Holds if the name of this method is `name`. */ final predicate hasName(string name) { this.getName() = name } - override AstNode getAChild(string pred) { - result = Callable.super.getAChild(pred) - or - result = BodyStmt.super.getAChild(pred) - } - /** * Holds if this method is public. * Methods are public by default. @@ -218,6 +216,10 @@ class Method extends MethodBase, TMethod { toGenerated(result) = g.getParameters().getChild(n) } + final override BodyStmt getBody() { + toGenerated(result) = g.getBody() or synthChild(this, _, result) + } + final override string toString() { result = this.getName() } overlay[global] @@ -280,6 +282,10 @@ class SingletonMethod extends MethodBase, TSingletonMethod { toGenerated(result) = g.getParameters().getChild(n) } + final override BodyStmt getBody() { + toGenerated(result) = g.getBody() or synthChild(this, _, result) + } + final override string toString() { result = this.getName() } final override AstNode getAChild(string pred) { @@ -321,7 +327,7 @@ class SingletonMethod extends MethodBase, TSingletonMethod { * -> (x) { x + 1 } * ``` */ -class Lambda extends Callable, BodyStmt, TLambda { +class Lambda extends Callable, TLambda { private Ruby::Lambda g; Lambda() { this = TLambda(g) } @@ -332,17 +338,16 @@ class Lambda extends Callable, BodyStmt, TLambda { toGenerated(result) = g.getParameters().getChild(n) } - final override string toString() { result = "-> { ... }" } - - final override AstNode getAChild(string pred) { - result = Callable.super.getAChild(pred) - or - result = BodyStmt.super.getAChild(pred) + final override BodyStmt getBody() { + toGenerated(result) = g.getBody().(Ruby::DoBlock).getBody() or + toGenerated(result) = g.getBody().(Ruby::Block).getBody() } + + final override string toString() { result = "-> { ... }" } } /** A block. */ -class Block extends Callable, StmtSequence, Scope, TBlock { +class Block extends Callable, Scope, TBlock { /** * Gets a local variable declared by this block. * For example `local` in `{ | param; local| puts param }`. @@ -355,17 +360,15 @@ class Block extends Callable, StmtSequence, Scope, TBlock { */ LocalVariableWriteAccess getLocalVariable(int n) { none() } - override AstNode getAChild(string pred) { + final override AstNode getAChild(string pred) { result = Callable.super.getAChild(pred) or - result = StmtSequence.super.getAChild(pred) - or pred = "getLocalVariable" and result = this.getLocalVariable(_) } } /** A block enclosed within `do` and `end`. */ -class DoBlock extends Block, BodyStmt, TDoBlock { +class DoBlock extends Block, TDoBlock { private Ruby::DoBlock g; DoBlock() { this = TDoBlock(g) } @@ -378,13 +381,9 @@ class DoBlock extends Block, BodyStmt, TDoBlock { toGenerated(result) = g.getParameters().getChild(n) } - final override string toString() { result = "do ... end" } + final override BodyStmt getBody() { toGenerated(result) = g.getBody() } - final override AstNode getAChild(string pred) { - result = Block.super.getAChild(pred) - or - result = BodyStmt.super.getAChild(pred) - } + final override string toString() { result = "do ... end" } final override string getAPrimaryQlClass() { result = "DoBlock" } } diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/AST.qll b/ruby/ql/lib/codeql/ruby/ast/internal/AST.qll index ee46fbe8b66a..bf187e226990 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/AST.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/AST.qll @@ -100,9 +100,16 @@ private module Cached { } or TBlockArgument(Ruby::BlockArgument g) or TBlockParameter(Ruby::BlockParameter g) or + TBodyStatement(Ruby::BodyStatement g) { + any(Ruby::Method m).getBody() = g or + any(Ruby::SingletonMethod m).getBody() = g or + any(Ruby::DoBlock b).getBody() = g + } or + TBodyStmtSynth(Ast::AstNode parent, int i) { mkSynthChild(BodyStmtKind(), parent, i) } or TBooleanLiteralSynth(Ast::AstNode parent, int i, boolean value) { mkSynthChild(BooleanLiteralKind(value), parent, i) } or + TBraceBlockBody(Ruby::BlockBody g) or TBraceBlockSynth(Ast::AstNode parent, int i) { mkSynthChild(BraceBlockKind(), parent, i) } or TBraceBlockReal(Ruby::Block g) { not g.getParent() instanceof Ruby::Lambda } or TBreakStmt(Ruby::Break g) or @@ -362,23 +369,24 @@ private module Cached { TAssignMulExpr or TAssignRShiftExpr or TAssignSubExpr or TBareStringLiteral or TBareSymbolLiteral or TBeginBlock or TBeginExpr or TBitwiseAndExprReal or TBitwiseOrExprReal or TBitwiseXorExprReal or TBlockArgument or TBlockParameter or - TBraceBlockReal or TBreakStmt or TCaseEqExpr or TCaseExpr or TCaseMatchReal or - TCharacterLiteral or TClassDeclaration or TClassVariableAccessReal or TComplementExpr or - TComplexLiteral or TDefinedExprReal or TDelimitedSymbolLiteral or - TDestructuredLeftAssignment or TDestructuredParameter or TDivExprReal or TDo or TDoBlock or - TElementReference or TElseReal or TElsif or TEmptyStmt or TEncoding or TEndBlock or - TEnsure or TEqExpr or TExponentExprReal or TFalseLiteral or TFile or TFindPattern or - TFloatLiteral or TForExpr or TForwardParameter or TForwardArgument or TGEExpr or TGTExpr or - TGlobalVariableAccessReal or THashKeySymbolLiteral or THashLiteral or THashPattern or - THashSplatExprReal or THashSplatNilParameter or THashSplatParameter or THereDoc or - TIdentifierMethodCall or TIfReal or TIfModifierExpr or TInClauseReal or - TInstanceVariableAccessReal or TIntegerLiteralReal or TKeywordParameter or TLEExpr or - TLShiftExprReal or TLTExpr or TLambda or TLeftAssignmentList or TLine or - TLocalVariableAccessReal or TLogicalAndExprReal or TLogicalOrExprReal or TMethod or - TMatchPattern or TModuleDeclaration or TModuloExprReal or TMulExprReal or TNEExpr or - TNextStmt or TNilLiteralReal or TNoRegExpMatchExpr or TNotExprReal or TOptionalParameter or - TPairReal or TParenthesizedExpr or TParenthesizedPattern or TRShiftExprReal or - TRangeLiteralReal or TRationalLiteral or TRedoStmt or TRegExpLiteral or TRegExpMatchExpr or + TBodyStatement or TBraceBlockBody or TBraceBlockReal or TBreakStmt or TCaseEqExpr or + TCaseExpr or TCaseMatchReal or TCharacterLiteral or TClassDeclaration or + TClassVariableAccessReal or TComplementExpr or TComplexLiteral or TDefinedExprReal or + TDelimitedSymbolLiteral or TDestructuredLeftAssignment or TDestructuredParameter or + TDivExprReal or TDo or TDoBlock or TElementReference or TElseReal or TElsif or TEmptyStmt or + TEncoding or TEndBlock or TEnsure or TEqExpr or TExponentExprReal or TFalseLiteral or + TFile or TFindPattern or TFloatLiteral or TForExpr or TForwardParameter or + TForwardArgument or TGEExpr or TGTExpr or TGlobalVariableAccessReal or + THashKeySymbolLiteral or THashLiteral or THashPattern or THashSplatExprReal or + THashSplatNilParameter or THashSplatParameter or THereDoc or TIdentifierMethodCall or + TIfReal or TIfModifierExpr or TInClauseReal or TInstanceVariableAccessReal or + TIntegerLiteralReal or TKeywordParameter or TLEExpr or TLShiftExprReal or TLTExpr or + TLambda or TLeftAssignmentList or TLine or TLocalVariableAccessReal or + TLogicalAndExprReal or TLogicalOrExprReal or TMethod or TMatchPattern or + TModuleDeclaration or TModuloExprReal or TMulExprReal or TNEExpr or TNextStmt or + TNilLiteralReal or TNoRegExpMatchExpr or TNotExprReal or TOptionalParameter or TPairReal or + TParenthesizedExpr or TParenthesizedPattern or TRShiftExprReal or TRangeLiteralReal or + TRationalLiteral or TRedoStmt or TRegExpLiteral or TRegExpMatchExpr or TRegularArrayLiteral or TRegularMethodCall or TRegularStringLiteral or TRegularSuperCall or TRescueClause or TRescueModifierExpr or TRetryStmt or TReturnStmt or TScopeResolutionConstantAccess or TSelfReal or TSimpleParameterReal or @@ -393,13 +401,13 @@ private module Cached { class TAstNodeSynth = TAddExprSynth or TAssignExprSynth or TBitwiseAndExprSynth or TBitwiseOrExprSynth or - TBitwiseXorExprSynth or TBraceBlockSynth or TBooleanLiteralSynth or TCaseMatchSynth or - TClassVariableAccessSynth or TConstantReadAccessSynth or TConstantWriteAccessSynth or - TDivExprSynth or TElseSynth or TExponentExprSynth or TGlobalVariableAccessSynth or - TIfSynth or TInClauseSynth or TInstanceVariableAccessSynth or TIntegerLiteralSynth or - TLShiftExprSynth or TLocalVariableAccessSynth or TLogicalAndExprSynth or - TLogicalOrExprSynth or TMethodCallSynth or TModuloExprSynth or TMulExprSynth or - TNilLiteralSynth or TRShiftExprSynth or TRangeLiteralSynth or TSelfSynth or + TBitwiseXorExprSynth or TBraceBlockSynth or TBodyStmtSynth or TBooleanLiteralSynth or + TCaseMatchSynth or TClassVariableAccessSynth or TConstantReadAccessSynth or + TConstantWriteAccessSynth or TDivExprSynth or TElseSynth or TExponentExprSynth or + TGlobalVariableAccessSynth or TIfSynth or TInClauseSynth or TInstanceVariableAccessSynth or + TIntegerLiteralSynth or TLShiftExprSynth or TLocalVariableAccessSynth or + TLogicalAndExprSynth or TLogicalOrExprSynth or TMethodCallSynth or TModuloExprSynth or + TMulExprSynth or TNilLiteralSynth or TRShiftExprSynth or TRangeLiteralSynth or TSelfSynth or TSimpleParameterSynth or TSplatExprSynth or THashSplatExprSynth or TStmtSequenceSynth or TSubExprSynth or TPairSynth or TSimpleSymbolLiteralSynth; @@ -439,6 +447,8 @@ private module Cached { n = TBitwiseXorExprReal(result) or n = TBlockArgument(result) or n = TBlockParameter(result) or + n = TBodyStatement(result) or + n = TBraceBlockBody(result) or n = TBraceBlockReal(result) or n = TBreakStmt(result) or n = TCaseEqExpr(result) or @@ -584,6 +594,8 @@ private module Cached { or result = TBitwiseXorExprSynth(parent, i) or + result = TBodyStmtSynth(parent, i) + or result = TBooleanLiteralSynth(parent, i, _) or result = TBraceBlockSynth(parent, i) @@ -757,9 +769,9 @@ class TElse = TElseReal or TElseSynth; class TStmtSequence = TBeginBlock or TEndBlock or TThen or TElse or TDo or TEnsure or TStringInterpolationComponent or - TBlock or TBodyStmt or TParenthesizedExpr or TStmtSequenceSynth; + TBodyStmt or TParenthesizedExpr or TStmtSequenceSynth; -class TBodyStmt = TBeginExpr or TModuleBase or TMethod or TLambda or TDoBlock or TSingletonMethod; +class TBodyStmt = TBeginExpr or TModuleBase or TBraceBlockBody or TBodyStatement or TBodyStmtSynth; class TNilLiteral = TNilLiteralReal or TNilLiteralSynth; diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Expr.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Expr.qll index fdeec446a937..8f9ee669ff62 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/Expr.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/Expr.qll @@ -64,27 +64,31 @@ class Ensure extends StmtSequence, TEnsure { // Not defined by dispatch, as it should not be exposed Ruby::AstNode getBodyStmtChild(TBodyStmt b, int i) { - exists(Ruby::Method g, Ruby::AstNode body | b = TMethod(g) and body = g.getBody() | - result = body.(Ruby::BodyStatement).getChild(i) - or - i = 0 and result = body and not body instanceof Ruby::BodyStatement - ) - or - exists(Ruby::SingletonMethod g, Ruby::AstNode body | - b = TSingletonMethod(g) and body = g.getBody() - | - result = body.(Ruby::BodyStatement).getChild(i) - or - i = 0 and result = body and not body instanceof Ruby::BodyStatement - ) - or - exists(Ruby::Lambda g | b = TLambda(g) | - result = g.getBody().(Ruby::DoBlock).getBody().getChild(i) or - result = g.getBody().(Ruby::Block).getBody().getChild(i) - ) + result = any(Ruby::BlockBody g | b = TBraceBlockBody(g)).getChild(i) or - result = any(Ruby::DoBlock g | b = TDoBlock(g)).getBody().getChild(i) + result = any(Ruby::BodyStatement g | b = TBodyStatement(g)).getChild(i) or + // exists(Ruby::Method g, Ruby::AstNode body | b = TMethod(g) and body = g.getBody() | + // result = body.(Ruby::BodyStatement).getChild(i) + // or + // i = 0 and result = body and not body instanceof Ruby::BodyStatement + // ) + // or + // exists(Ruby::SingletonMethod g, Ruby::AstNode body | + // b = TSingletonMethod(g) and body = g.getBody() + // | + // result = body.(Ruby::BodyStatement).getChild(i) + // or + // i = 0 and result = body and not body instanceof Ruby::BodyStatement + // ) + // or + // exists(Ruby::Lambda g | b = TLambda(g) | + // result = g.getBody().(Ruby::DoBlock).getBody().getChild(i) or + // result = g.getBody().(Ruby::Block).getBody().getChild(i) + // ) + // or + // result = any(Ruby::DoBlock g | b = TDoBlock(g)).getBody().getChild(i) + // or result = any(Ruby::Program g | b = TToplevel(g)).getChild(i) and not result instanceof Ruby::BeginBlock or diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Method.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Method.qll index c4dd1abbee02..fc30ec0c44f3 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/Method.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/Method.qll @@ -18,7 +18,7 @@ class BraceBlockReal extends BraceBlock, TBraceBlockReal { toGenerated(result) = g.getParameters().getChild(n) } - final override Stmt getStmt(int i) { toGenerated(result) = g.getBody().getChild(i) } + final override BodyStmt getBody() { toGenerated(result) = g.getBody() } } /** @@ -28,8 +28,5 @@ class BraceBlockReal extends BraceBlock, TBraceBlockReal { class BraceBlockSynth extends BraceBlock, TBraceBlockSynth { final override Parameter getParameter(int n) { synthChild(this, n, result) } - final override Stmt getStmt(int i) { - i >= 0 and - synthChild(this, i + this.getNumberOfParameters(), result) - } + final override BodyStmt getBody() { synthChild(this, _, result) } } diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll index f2be91a63e51..072f453826cc 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll @@ -19,6 +19,7 @@ newtype TSynthKind = BitwiseAndExprKind() or BitwiseOrExprKind() or BitwiseXorExprKind() or + BodyStmtKind() or BooleanLiteralKind(boolean value) { value = true or value = false } or BraceBlockKind() or CaseMatchKind() or @@ -73,6 +74,8 @@ class SynthKind extends TSynthKind { or this = BitwiseXorExprKind() and result = "BitwiseXorExprKind" or + this = BodyStmtKind() and result = "BodyStmtKind" + or this = BooleanLiteralKind(_) and result = "BooleanLiteralKind" or this = BraceBlockKind() and result = "BraceBlockKind" @@ -1475,17 +1478,24 @@ private module ForLoopDesugar { i = 0 and child = SynthChild(SimpleParameterKind()) or - exists(SimpleParameter param | param = TSimpleParameterSynth(block, 0) | + // block body + parent = block and + i = 1 and + child = SynthChild(BodyStmtKind()) + or + exists(SimpleParameter param, BodyStmt body | + param = TSimpleParameterSynth(block, 0) and body = TBodyStmtSynth(block, 1) + | parent = param and i = 0 and child = SynthChild(LocalVariableAccessSynthKind(TLocalVariableSynth(param, 0))) or // assignment to pattern from for loop to synth parameter - parent = block and - i = 1 and + parent = body and + i = 0 and child = SynthChild(AssignExprKind()) or - parent = TAssignExprSynth(block, 1) and + parent = TAssignExprSynth(body, 0) and ( i = 0 and child = childRef(for.getPattern()) @@ -1493,11 +1503,11 @@ private module ForLoopDesugar { i = 1 and child = SynthChild(LocalVariableAccessSynthKind(TLocalVariableSynth(param, 0))) ) + or + // rest of block body + parent = body and + child = childRef(for.getBody().(Do).getStmt(i - 1)) ) - or - // rest of block body - parent = block and - child = childRef(for.getBody().(Do).getStmt(i - 2)) ) ) ) @@ -1951,3 +1961,28 @@ private module ImplicitSuperArgsSynthesis { } } } + +private module CallableBodySynthesis { + private predicate bodySynthesis(AstNode parent, int i, Child child) { + exists(TMethodBase m, Ruby::AstNode body | + body = any(Ruby::Method g | m = TMethod(g)).getBody() + or + body = any(Ruby::SingletonMethod g | m = TSingletonMethod(g)).getBody() + | + parent = m and + not body instanceof Ruby::BodyStatement and + i = 0 and + child = SynthChild(BodyStmtKind()) + or + parent = TBodyStmtSynth(m, 0) and + i = 0 and + child = childRef(fromGenerated(body)) + ) + } + + private class CallableBodySynthesis extends Synthesis { + final override predicate child(AstNode parent, int i, Child child) { + bodySynthesis(parent, i, child) + } + } +} diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll index e4bcf2537a7a..fb5ce7b01457 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll @@ -1662,7 +1662,7 @@ private module ReturnNodes { * last thing that is evaluated in the body of the callable. */ class ExprReturnNode extends SourceReturnNode, ExprNode { - ExprReturnNode() { exists(Callable c | implicitReturn(c, this) = c.getAStmt()) } + ExprReturnNode() { exists(Callable c | implicitReturn(c, this) = c.getBody().getAStmt()) } override ReturnKind getKindSource() { exists(CfgScope scope | scope = this.(NodeImpl).getCfgScope() | diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll index 6f2bc8b4accb..d0823fba0a77 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll @@ -1392,7 +1392,7 @@ class StmtSequenceNode extends ExprNode { /** * A data flow node corresponding to a method, block, or lambda expression. */ -class CallableNode extends StmtSequenceNode { +class CallableNode extends ExprNode { private Callable callable; CallableNode() { this.asExpr().getExpr() = callable } diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Slim.qll b/ruby/ql/lib/codeql/ruby/frameworks/Slim.qll index 3c3c3987383e..7f85737bc046 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/Slim.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/Slim.qll @@ -18,7 +18,7 @@ module Slim { override DataFlow::Node getTemplate() { result.asExpr().getExpr() = - this.getBlock().(DataFlow::BlockNode).asCallableAstNode().getAStmt() + this.getBlock().(DataFlow::BlockNode).asCallableAstNode().getBody().getAStmt() } } diff --git a/ruby/ql/lib/codeql/ruby/frameworks/XmlParsing.qll b/ruby/ql/lib/codeql/ruby/frameworks/XmlParsing.qll index 91dc0ce5efad..b9b96fe1909f 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/XmlParsing.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/XmlParsing.qll @@ -38,6 +38,7 @@ private class NokogiriXmlParserCall extends XmlParserCall::Range, DataFlow::Call .getExpr() .(MethodCall) .getBlock() + .getBody() .getAStmt() .getAChild*() .(MethodCall) diff --git a/ruby/ql/lib/codeql/ruby/frameworks/actiondispatch/internal/Routing.qll b/ruby/ql/lib/codeql/ruby/frameworks/actiondispatch/internal/Routing.qll index e6e453d449f0..ac545481b9c7 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/actiondispatch/internal/Routing.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/actiondispatch/internal/Routing.qll @@ -98,7 +98,7 @@ module Routing { Block getBlock() { result = block } - override Stmt getAStmt() { result = block.getAStmt() } + override Stmt getAStmt() { result = block.getBody().getAStmt() } override RouteBlock getParent() { none() } @@ -128,7 +128,7 @@ module Routing { override string getAPrimaryQlClass() { result = "ConstraintsRouteBlock" } - override Stmt getAStmt() { result = block.getAStmt() } + override Stmt getAStmt() { result = block.getBody().getAStmt() } override string getPathComponent() { result = "" } @@ -156,7 +156,7 @@ module Routing { override string getAPrimaryQlClass() { result = "ScopeRouteBlock" } - override Stmt getAStmt() { result = block.getAStmt() } + override Stmt getAStmt() { result = block.getBody().getAStmt() } override string toString() { result = methodCall.toString() } @@ -216,7 +216,7 @@ module Routing { override string getAPrimaryQlClass() { result = "ResourcesRouteBlock" } - override Stmt getAStmt() { result = block.getAStmt() } + override Stmt getAStmt() { result = block.getBody().getAStmt() } /** * Gets the `resources` call that gives rise to this route block. @@ -282,7 +282,7 @@ module Routing { NamespaceRouteBlock() { this = TNamespaceRouteBlock(parent, methodCall, block) } - override Stmt getAStmt() { result = block.getAStmt() } + override Stmt getAStmt() { result = block.getBody().getAStmt() } override string getPathComponent() { result = this.getNamespace() } diff --git a/ruby/ql/lib/codeql/ruby/security/ImproperMemoizationQuery.qll b/ruby/ql/lib/codeql/ruby/security/ImproperMemoizationQuery.qll index dab75f00b9e5..f46540cc33a6 100644 --- a/ruby/ql/lib/codeql/ruby/security/ImproperMemoizationQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/ImproperMemoizationQuery.qll @@ -70,7 +70,7 @@ private predicate memoReturnedFromMethod(Method m, MemoStmt s) { or // If we don't have flow (e.g. due to the dataflow library not supporting instance variable flow yet), // fall back to a syntactic heuristic: does the last statement in the method mention the memoization variable? - m.getLastStmt().getAChild*().(InstanceVariableReadAccess).getVariable() = + m.getBody().getLastStmt().getAChild*().(InstanceVariableReadAccess).getVariable() = s.getVariableAccess().getVariable() }