Ruby: Expose relevant predicates from internal/Module.qll and make sure they are cached

hvitved · hvitved · commit 299339f81738 · 2022-09-30T14:56:55.000+02:00
diff --git a/ruby/ql/lib/codeql/ruby/ApiGraphs.qll b/ruby/ql/lib/codeql/ruby/ApiGraphs.qll
@@ -10,7 +10,6 @@ private import codeql.ruby.AST
 private import codeql.ruby.DataFlow
 private import codeql.ruby.typetracking.TypeTracker
 private import codeql.ruby.typetracking.TypeTrackerSpecific as TypeTrackerSpecific
-private import codeql.ruby.ast.internal.Module
 private import codeql.ruby.controlflow.CfgNodes
 private import codeql.ruby.dataflow.internal.DataFlowPrivate as DataFlowPrivate
 private import codeql.ruby.dataflow.internal.DataFlowDispatch as DataFlowDispatch
@@ -482,7 +481,7 @@ module API {
       MkDef(DataFlow::Node nd) { isDef(nd) }
 
     private string resolveTopLevel(ConstantReadAccess read) {
-      TResolved(result) = resolveConstantReadAccess(read) and
+      result = read.getModule().getQualifiedName() and
       not result.matches("%::%")
     }
 
@@ -706,7 +705,7 @@ module API {
       exists(ClassDeclaration c, DataFlow::Node a, DataFlow::Node b |
         use(pred, a) and
         use(succ, b) and
-        resolveConstant(b.asExpr().getExpr()) = resolveConstantWriteAccess(c) and
+        b.asExpr().getExpr().(ConstantReadAccess).getAQualifiedName() = c.getAQualifiedName() and
         pragma[only_bind_into](c).getSuperclassExpr() = a.asExpr().getExpr() and
         lbl = Label::subclass()
       )
diff --git a/ruby/ql/lib/codeql/ruby/ast/Constant.qll b/ruby/ql/lib/codeql/ruby/ast/Constant.qll
@@ -293,6 +293,15 @@ class ConstantReadAccess extends ConstantAccess {
    */
   Expr getValue() { result = getConstantReadAccessValue(this) }
 
+  /**
+   * Gets a fully qualified name for this constant read, based on the context in
+   * which it occurs.
+   */
+  string getAQualifiedName() { result = resolveConstant(this) }
+
+  /** Gets the module that this read access resolves to, if any. */
+  Module getModule() { result = resolveConstantReadAccess(this) }
+
   final override string getAPrimaryQlClass() { result = "ConstantReadAccess" }
 }
 
@@ -354,7 +363,7 @@ class ConstantWriteAccess extends ConstantAccess {
    * constants up the namespace chain, the fully qualified name of a nested
    * constant can be ambiguous from just statically looking at the AST.
    */
-  string getAQualifiedName() { result = resolveConstantWriteAccess(this) }
+  string getAQualifiedName() { result = resolveConstantWrite(this) }
 
   /**
    * Gets a qualified name for this constant. Deprecated in favor of
diff --git a/ruby/ql/lib/codeql/ruby/ast/Module.qll b/ruby/ql/lib/codeql/ruby/ast/Module.qll
@@ -34,6 +34,13 @@ class Module extends TModule {
     exists(Namespace n | this = TUnresolved(n) and result = "...::" + n.toString())
   }
 
+  /**
+   * Gets the qualified name of this module, if any.
+   *
+   * Only modules that can be resolved will have a qualified name.
+   */
+  final string getQualifiedName() { this = TResolved(result) }
+
   /** Gets the location of this module. */
   Location getLocation() {
     exists(Namespace n | this = TUnresolved(n) and result = n.getLocation())
diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Module.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Module.qll
@@ -135,6 +135,9 @@ private module Cached {
     )
   }
 
+  cached
+  string resolveConstantWrite(ConstantWriteAccess c) { result = resolveConstantWriteAccess(c) }
+
   cached
   Method lookupMethod(Module m, string name) { TMethod(result) = lookupMethodOrConst(m, name) }
 
@@ -472,7 +475,7 @@ private module ResolveImpl {
   }
 }
 
-import ResolveImpl
+private import ResolveImpl
 
 /**
  * A variant of AstNode::getEnclosingModule that excludes
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
@@ -7,7 +7,6 @@ private import codeql.ruby.Concepts
 private import codeql.ruby.controlflow.CfgNodes
 private import codeql.ruby.DataFlow
 private import codeql.ruby.dataflow.RemoteFlowSources
-private import codeql.ruby.ast.internal.Module
 private import codeql.ruby.ApiGraphs
 private import ActionView
 private import codeql.ruby.frameworks.ActionDispatch
@@ -101,7 +100,7 @@ private predicate isRoute(
   ActionDispatch::Routing::Route route, string name, ActionControllerControllerClass controllerClass
 ) {
   route.getController() + "_controller" =
-    ActionDispatch::Routing::underscore(namespaceDeclaration(controllerClass)) and
+    ActionDispatch::Routing::underscore(controllerClass.getAQualifiedName()) and
   name = route.getAction()
 }
 
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActionView.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActionView.qll
@@ -8,7 +8,6 @@ private import codeql.ruby.Concepts
 private import codeql.ruby.controlflow.CfgNodes
 private import codeql.ruby.DataFlow
 private import codeql.ruby.dataflow.RemoteFlowSources
-private import codeql.ruby.ast.internal.Module
 private import ActionController
 
 /**
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll
@@ -8,7 +8,6 @@ private import codeql.ruby.controlflow.CfgNodes
 private import codeql.ruby.DataFlow
 private import codeql.ruby.dataflow.internal.DataFlowDispatch
 private import codeql.ruby.dataflow.internal.DataFlowPrivate
-private import codeql.ruby.ast.internal.Module
 private import codeql.ruby.ApiGraphs
 private import codeql.ruby.frameworks.Stdlib
 private import codeql.ruby.frameworks.Core
@@ -95,7 +94,7 @@ class ActiveRecordModelClassMethodCall extends MethodCall {
 
   ActiveRecordModelClassMethodCall() {
     // e.g. Foo.where(...)
-    recvCls.getModule() = resolveConstantReadAccess(this.getReceiver())
+    recvCls.getModule() = this.getReceiver().(ConstantReadAccess).getModule()
     or
     // e.g. Foo.joins(:bars).where(...)
     recvCls = this.getReceiver().(ActiveRecordModelClassMethodCall).getReceiverClass()
@@ -282,7 +281,7 @@ private class ActiveRecordModelFinderCall extends ActiveRecordModelInstantiation
       recv = getUltimateReceiver(call) and
       (
         // The receiver refers to an `ActiveRecordModelClass` by name
-        resolveConstant(recv) = cls.getAQualifiedName()
+        recv.(ConstantReadAccess).getAQualifiedName() = cls.getAQualifiedName()
         or
         // The receiver is self, and the call is within a singleton method of
         // the `ActiveRecordModelClass`
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveResource.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveResource.qll
@@ -6,7 +6,6 @@
 private import codeql.ruby.AST
 private import codeql.ruby.Concepts
 private import codeql.ruby.controlflow.CfgNodes
-private import codeql.ruby.ast.internal.Module
 private import codeql.ruby.DataFlow
 private import codeql.ruby.ApiGraphs
 
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/GraphQL.qll b/ruby/ql/lib/codeql/ruby/frameworks/GraphQL.qll
@@ -7,7 +7,6 @@ private import codeql.ruby.Concepts
 private import codeql.ruby.controlflow.CfgNodes
 private import codeql.ruby.DataFlow
 private import codeql.ruby.dataflow.RemoteFlowSources
-private import codeql.ruby.ast.internal.Module
 private import codeql.ruby.ApiGraphs
 
 private API::Node graphQlSchema() { result = API::getTopLevelMember("GraphQL").getMember("Schema") }
@@ -233,7 +232,7 @@ private class GraphqlSchemaObjectClassMethodCall extends MethodCall {
 
   GraphqlSchemaObjectClassMethodCall() {
     // e.g. Foo.some_method(...)
-    recvCls.getModule() = resolveConstantReadAccess(this.getReceiver())
+    recvCls.getModule() = this.getReceiver().(ConstantReadAccess).getModule()
     or
     // e.g. self.some_method(...) within a graphql Object or Interface
     this.getReceiver() instanceof SelfVariableAccess and
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Rails.qll b/ruby/ql/lib/codeql/ruby/frameworks/Rails.qll
@@ -9,7 +9,6 @@ private import codeql.ruby.frameworks.ActionController
 private import codeql.ruby.frameworks.ActionView
 private import codeql.ruby.frameworks.ActiveRecord
 private import codeql.ruby.frameworks.ActiveStorage
-private import codeql.ruby.ast.internal.Module
 private import codeql.ruby.ApiGraphs
 private import codeql.ruby.security.OpenSSL
 
@@ -29,7 +28,7 @@ private class RailtieClass extends ClassDeclaration {
   RailtieClass() {
     this.getSuperclassExpr() instanceof RailtieClassAccess or
     exists(RailtieClass other |
-      other.getModule() = resolveConstantReadAccess(this.getSuperclassExpr())
+      other.getModule() = this.getSuperclassExpr().(ConstantReadAccess).getModule()
     )
   }
 }
@@ -41,7 +40,7 @@ private DataFlow::CallNode getAConfigureCallNode() {
   // `Rails::Application.configure`
   exists(ConstantReadAccess read, RailtieClass cls |
     read = result.getReceiver().asExpr().getExpr() and
-    resolveConstantReadAccess(read) = cls.getModule() and
+    read.getModule() = cls.getModule() and
     result.asExpr().getExpr().(MethodCall).getMethodName() = "configure"
   )
 }
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Railties.qll b/ruby/ql/lib/codeql/ruby/frameworks/Railties.qll
@@ -7,12 +7,15 @@ private import codeql.ruby.AST
 private import codeql.ruby.Concepts
 private import codeql.ruby.ApiGraphs
 private import codeql.ruby.DataFlow
-private import codeql.ruby.ast.internal.Module
 
 /**
  * Modeling for `railties`.
  */
 module Railties {
+  private class IncludeOrPrependCall extends MethodCall {
+    IncludeOrPrependCall() { this.getMethodName() = ["include", "prepend"] }
+  }
+
   /**
    * A class which `include`s `Rails::Generators::Actions`.
    */
diff --git a/ruby/ql/src/queries/analysis/Definitions.ql b/ruby/ql/src/queries/analysis/Definitions.ql
@@ -11,7 +11,6 @@
  */
 
 import codeql.ruby.AST
-import codeql.ruby.ast.internal.Module
 import codeql.ruby.dataflow.SSA
 
 from DefLoc loc, Expr src, Expr target, string kind
@@ -36,7 +35,7 @@ select src, target, kind
 newtype DefLoc =
   /** A constant, module or class. */
   ConstantDefLoc(ConstantReadAccess read, ConstantWriteAccess write) {
-    write = definitionOf(resolveConstant(read))
+    write = definitionOf(read.getAQualifiedName())
   } or
   /** A method call. */
   MethodLoc(MethodCall call, Method meth) { meth = call.getATarget() } or
@@ -75,7 +74,7 @@ newtype DefLoc =
  */
 pragma[noinline]
 ConstantWriteAccess definitionOf(string fqn) {
-  fqn = resolveConstant(_) and
+  fqn = any(ConstantReadAccess read).getAQualifiedName() and
   result =
     min(ConstantWriteAccess w, Location l |
       w.getAQualifiedName() = fqn and l = w.getLocation()
diff --git a/ruby/ql/test/library-tests/modules/modules.ql b/ruby/ql/test/library-tests/modules/modules.ql
@@ -16,7 +16,7 @@ query predicate resolveConstantReadAccess(ConstantReadAccess a, string s) {
 }
 
 query predicate resolveConstantWriteAccess(ConstantWriteAccess c, string s) {
-  s = Internal::resolveConstantWriteAccess(c)
+  s = c.getAQualifiedName()
 }
 
 query predicate enclosingModule(AstNode n, ModuleBase m) { m = n.getEnclosingModule() }

Original file line number	Diff line number	Diff line change
`@@ -135,6 +135,9 @@ private module Cached {`
`135`	`135`	`)`
`136`	`136`	`}`
`137`	`137`
	`138`	`+ cached`
	`139`	`+ string resolveConstantWrite(ConstantWriteAccess c) { result = resolveConstantWriteAccess(c) }`
	`140`	`+`
`138`	`141`	`cached`
`139`	`142`	`Method lookupMethod(Module m, string name) { TMethod(result) = lookupMethodOrConst(m, name) }`
`140`	`143`
`@@ -472,7 +475,7 @@ private module ResolveImpl {`
`472`	`475`	`}`
`473`	`476`	`}`
`474`	`477`
`475`		`-import ResolveImpl`
	`478`	`+private import ResolveImpl`
`476`	`479`
`477`	`480`	`/**`
`478`	`481`	`* A variant of AstNode::getEnclosingModule that excludes`
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,6 @@ private import codeql.ruby.frameworks.ActionController`
`9`	`9`	`private import codeql.ruby.frameworks.ActionView`
`10`	`10`	`private import codeql.ruby.frameworks.ActiveRecord`
`11`	`11`	`private import codeql.ruby.frameworks.ActiveStorage`
`12`		`-private import codeql.ruby.ast.internal.Module`
`13`	`12`	`private import codeql.ruby.ApiGraphs`
`14`	`13`	`private import codeql.ruby.security.OpenSSL`
`15`	`14`
`@@ -29,7 +28,7 @@ private class RailtieClass extends ClassDeclaration {`
`29`	`28`	`RailtieClass() {`
`30`	`29`	`this.getSuperclassExpr() instanceof RailtieClassAccess or`
`31`	`30`	`exists(RailtieClass other \|`
`32`		`- other.getModule() = resolveConstantReadAccess(this.getSuperclassExpr())`
	`31`	`+ other.getModule() = this.getSuperclassExpr().(ConstantReadAccess).getModule()`
`33`	`32`	`)`
`34`	`33`	`}`
`35`	`34`	`}`
`@@ -41,7 +40,7 @@ private DataFlow::CallNode getAConfigureCallNode() {`
`41`	`40`	// `Rails::Application.configure`
`42`	`41`	`exists(ConstantReadAccess read, RailtieClass cls \|`
`43`	`42`	`read = result.getReceiver().asExpr().getExpr() and`
`44`		`- resolveConstantReadAccess(read) = cls.getModule() and`
	`43`	`+ read.getModule() = cls.getModule() and`
`45`	`44`	`result.asExpr().getExpr().(MethodCall).getMethodName() = "configure"`
`46`	`45`	`)`
`47`	`46`	`}`