Ruby: Rename getAUse -> getAValueReachableFromSource

asgerf · asgerf · commit 2f8086bb57d0 · 2022-06-21T12:44:16.000+02:00
diff --git a/ruby/ql/lib/codeql/ruby/ApiGraphs.qll b/ruby/ql/lib/codeql/ruby/ApiGraphs.qll
@@ -99,7 +99,7 @@ module API {
      *
      * This includes indirect uses found via data flow.
      */
-    DataFlow::Node getAUse() {
+    DataFlow::Node getAValueReachableFromSource() {
       exists(DataFlow::LocalSourceNode src | Impl::use(this, src) |
         Impl::trackUseNode(src).flowsTo(result)
       )
@@ -108,7 +108,7 @@ module API {
     /**
      * Gets an immediate use of the API component represented by this node.
      *
-     * Unlike `getAUse()`, this predicate only gets the immediate references, not the indirect uses
+     * Unlike `getAValueReachableFromSource()`, this predicate only gets the immediate references, not the indirect uses
      * found via data flow.
      */
     DataFlow::LocalSourceNode asSource() { Impl::use(this, result) }
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
@@ -33,7 +33,7 @@ class ActionControllerControllerClass extends ClassDeclaration {
         // In Rails applications `ApplicationController` typically extends `ActionController::Base`, but we
         // treat it separately in case the `ApplicationController` definition is not in the database.
         API::getTopLevelMember("ApplicationController")
-      ].getASubclass().getAUse().asExpr().getExpr()
+      ].getASubclass().getAValueReachableFromSource().asExpr().getExpr()
   }
 
   /**
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll
@@ -54,7 +54,7 @@ class ActiveRecordModelClass extends ClassDeclaration {
         // In Rails applications `ApplicationRecord` typically extends `ActiveRecord::Base`, but we
         // treat it separately in case the `ApplicationRecord` definition is not in the database.
         API::getTopLevelMember("ApplicationRecord")
-      ].getASubclass().getAUse().asExpr().getExpr()
+      ].getASubclass().getAValueReachableFromSource().asExpr().getExpr()
   }
 
   // Gets the class declaration for this class and all of its super classes
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/GraphQL.qll b/ruby/ql/lib/codeql/ruby/frameworks/GraphQL.qll
@@ -41,7 +41,12 @@ private API::Node graphQlSchema() { result = API::getTopLevelMember("GraphQL").g
 private class GraphqlRelayClassicMutationClass extends ClassDeclaration {
   GraphqlRelayClassicMutationClass() {
     this.getSuperclassExpr() =
-      graphQlSchema().getMember("RelayClassicMutation").getASubclass*().getAUse().asExpr().getExpr()
+      graphQlSchema()
+          .getMember("RelayClassicMutation")
+          .getASubclass*()
+          .getAValueReachableFromSource()
+          .asExpr()
+          .getExpr()
   }
 }
 
@@ -71,7 +76,12 @@ private class GraphqlRelayClassicMutationClass extends ClassDeclaration {
 private class GraphqlSchemaResolverClass extends ClassDeclaration {
   GraphqlSchemaResolverClass() {
     this.getSuperclassExpr() =
-      graphQlSchema().getMember("Resolver").getASubclass().getAUse().asExpr().getExpr()
+      graphQlSchema()
+          .getMember("Resolver")
+          .getASubclass()
+          .getAValueReachableFromSource()
+          .asExpr()
+          .getExpr()
   }
 }
 
@@ -92,7 +102,12 @@ private class GraphqlSchemaResolverClass extends ClassDeclaration {
 class GraphqlSchemaObjectClass extends ClassDeclaration {
   GraphqlSchemaObjectClass() {
     this.getSuperclassExpr() =
-      graphQlSchema().getMember("Object").getASubclass().getAUse().asExpr().getExpr()
+      graphQlSchema()
+          .getMember("Object")
+          .getASubclass()
+          .getAValueReachableFromSource()
+          .asExpr()
+          .getExpr()
   }
 
   /** Gets a `GraphqlFieldDefinitionMethodCall` called in this class. */
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/XmlParsing.qll b/ruby/ql/lib/codeql/ruby/frameworks/XmlParsing.qll
@@ -143,7 +143,7 @@ private DataFlow::LocalSourceNode trackFeature(Feature f, boolean enable, TypeTr
     or
     // Use of a constant f
     enable = true and
-    result = parseOptionsModule().getMember(f.getConstantName()).getAUse()
+    result = parseOptionsModule().getMember(f.getConstantName()).getAValueReachableFromSource()
     or
     // Treat `&`, `&=`, `|` and `|=` operators as if they preserve the on/off states
     // of their operands. This is an overapproximation but likely to work well in practice
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Hash.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Hash.qll
@@ -99,7 +99,8 @@ module Hash {
     HashNewSummary() { this = "Hash[]" }
 
     final override ElementReference getACall() {
-      result.getReceiver() = API::getTopLevelMember("Hash").getAUse().asExpr().getExpr() and
+      result.getReceiver() =
+        API::getTopLevelMember("Hash").getAValueReachableFromSource().asExpr().getExpr() and
       result.getNumberOfArguments() = 1
     }
 
@@ -138,7 +139,8 @@ module Hash {
     }
 
     final override ElementReference getACall() {
-      result.getReceiver() = API::getTopLevelMember("Hash").getAUse().asExpr().getExpr() and
+      result.getReceiver() =
+        API::getTopLevelMember("Hash").getAValueReachableFromSource().asExpr().getExpr() and
       key = result.getArgument(i - 1).getConstantValue() and
       exists(result.getArgument(i))
     }
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Excon.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Excon.qll
@@ -66,7 +66,8 @@ class ExconHttpRequest extends HTTP::Client::Request::Range {
   override predicate disablesCertificateValidation(DataFlow::Node disablingNode) {
     // Check for `ssl_verify_peer: false` in the options hash.
     exists(DataFlow::Node arg, int i |
-      i > 0 and arg = connectionNode.getAUse().(DataFlow::CallNode).getArgument(i)
+      i > 0 and
+      arg = connectionNode.getAValueReachableFromSource().(DataFlow::CallNode).getArgument(i)
     |
       argSetsVerifyPeer(arg, false, disablingNode)
     )
@@ -79,7 +80,8 @@ class ExconHttpRequest extends HTTP::Client::Request::Range {
       disableCall.asExpr().getASuccessor+() = requestUse.asExpr() and
       disablingNode = disableCall and
       not exists(DataFlow::Node arg, int i |
-        i > 0 and arg = connectionNode.getAUse().(DataFlow::CallNode).getArgument(i)
+        i > 0 and
+        arg = connectionNode.getAValueReachableFromSource().(DataFlow::CallNode).getArgument(i)
       |
         argSetsVerifyPeer(arg, true, _)
       )
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll
@@ -58,7 +58,8 @@ class FaradayHttpRequest extends HTTP::Client::Request::Range {
     // or
     // `{ ssl: { verify_mode: OpenSSL::SSL::VERIFY_NONE } }`
     exists(DataFlow::Node arg, int i |
-      i > 0 and arg = connectionNode.getAUse().(DataFlow::CallNode).getArgument(i)
+      i > 0 and
+      arg = connectionNode.getAValueReachableFromSource().(DataFlow::CallNode).getArgument(i)
     |
       // Either passed as an individual key:value argument, e.g.:
       // Faraday.new(..., ssl: {...})
@@ -132,7 +133,11 @@ private predicate isVerifyModeNonePair(CfgNodes::ExprNodes::PairCfgNode p) {
     key.asExpr() = p.getKey() and
     value.asExpr() = p.getValue() and
     isSymbolLiteral(key, "verify_mode") and
-    value = API::getTopLevelMember("OpenSSL").getMember("SSL").getMember("VERIFY_NONE").getAUse()
+    value =
+      API::getTopLevelMember("OpenSSL")
+          .getMember("SSL")
+          .getMember("VERIFY_NONE")
+          .getAValueReachableFromSource()
   )
 }
 
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/HttpClient.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/HttpClient.qll
@@ -54,7 +54,10 @@ class HttpClientRequest extends HTTP::Client::Request::Range {
     // on an HTTPClient connection object `c`.
     disablingNode = connectionNode.getReturn("ssl_config").getReturn("verify_mode=").asSource() and
     disablingNode.(DataFlow::CallNode).getArgument(0) =
-      API::getTopLevelMember("OpenSSL").getMember("SSL").getMember("VERIFY_NONE").getAUse()
+      API::getTopLevelMember("OpenSSL")
+          .getMember("SSL")
+          .getMember("VERIFY_NONE")
+          .getAValueReachableFromSource()
   }
 
   override string getFramework() { result = "HTTPClient" }
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll
@@ -73,7 +73,10 @@ class NetHttpRequest extends HTTP::Client::Request::Range {
     //   foo.request(...)
     exists(DataFlow::CallNode setter |
       disablingNode =
-        API::getTopLevelMember("OpenSSL").getMember("SSL").getMember("VERIFY_NONE").getAUse() and
+        API::getTopLevelMember("OpenSSL")
+            .getMember("SSL")
+            .getMember("VERIFY_NONE")
+            .getAValueReachableFromSource() and
       setter.asExpr().getExpr().(SetterMethodCall).getMethodName() = "verify_mode=" and
       disablingNode = setter.getArgument(0) and
       localFlow(setter.getReceiver(), request.getReceiver())
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/OpenURI.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/OpenURI.qll
@@ -110,7 +110,11 @@ private predicate isSslVerifyModeNonePair(CfgNodes::ExprNodes::PairCfgNode p) {
     key.asExpr() = p.getKey() and
     value.asExpr() = p.getValue() and
     isSslVerifyModeLiteral(key) and
-    value = API::getTopLevelMember("OpenSSL").getMember("SSL").getMember("VERIFY_NONE").getAUse()
+    value =
+      API::getTopLevelMember("OpenSSL")
+          .getMember("SSL")
+          .getMember("VERIFY_NONE")
+          .getAValueReachableFromSource()
   )
 }
 
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/RestClient.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/RestClient.qll
@@ -52,7 +52,8 @@ class RestClientHttpRequest extends HTTP::Client::Request::Range {
     // `RestClient::Resource::new` takes an options hash argument, and we're
     // looking for `{ verify_ssl: OpenSSL::SSL::VERIFY_NONE }`.
     exists(DataFlow::Node arg, int i |
-      i > 0 and arg = connectionNode.getAUse().(DataFlow::CallNode).getArgument(i)
+      i > 0 and
+      arg = connectionNode.getAValueReachableFromSource().(DataFlow::CallNode).getArgument(i)
     |
       // Either passed as an individual key:value argument, e.g.:
       // RestClient::Resource.new(..., verify_ssl: OpenSSL::SSL::VERIFY_NONE)
@@ -79,7 +80,11 @@ private predicate isVerifySslNonePair(CfgNodes::ExprNodes::PairCfgNode p) {
     key.asExpr() = p.getKey() and
     value.asExpr() = p.getValue() and
     isSslVerifyModeLiteral(key) and
-    value = API::getTopLevelMember("OpenSSL").getMember("SSL").getMember("VERIFY_NONE").getAUse()
+    value =
+      API::getTopLevelMember("OpenSSL")
+          .getMember("SSL")
+          .getMember("VERIFY_NONE")
+          .getAValueReachableFromSource()
   )
 }
 
diff --git a/ruby/ql/test/library-tests/dataflow/api-graphs/use.ql b/ruby/ql/test/library-tests/dataflow/api-graphs/use.ql
@@ -26,7 +26,7 @@ class ApiUseTest extends InlineExpectationsTest {
     l = n.getLocation() and
     (
       tag = "use" and
-      n = a.getAUse()
+      n = a.getAValueReachableFromSource()
       or
       tag = "def" and
       n = a.getARhs()

Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,7 @@ module API {`
`99`	`99`	`*`
`100`	`100`	`* This includes indirect uses found via data flow.`
`101`	`101`	`*/`
`102`		`- DataFlow::Node getAUse() {`
	`102`	`+ DataFlow::Node getAValueReachableFromSource() {`
`103`	`103`	`exists(DataFlow::LocalSourceNode src \| Impl::use(this, src) \|`
`104`	`104`	`Impl::trackUseNode(src).flowsTo(result)`
`105`	`105`	`)`
`@@ -108,7 +108,7 @@ module API {`
`108`	`108`	`/**`
`109`	`109`	`* Gets an immediate use of the API component represented by this node.`
`110`	`110`	`*`
`111`		- * Unlike `getAUse()`, this predicate only gets the immediate references, not the indirect uses
	`111`	+ * Unlike `getAValueReachableFromSource()`, this predicate only gets the immediate references, not the indirect uses
`112`	`112`	`* found via data flow.`
`113`	`113`	`*/`
`114`	`114`	`DataFlow::LocalSourceNode asSource() { Impl::use(this, result) }`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ class ActionControllerControllerClass extends ClassDeclaration {`
`33`	`33`	// In Rails applications `ApplicationController` typically extends `ActionController::Base`, but we
`34`	`34`	// treat it separately in case the `ApplicationController` definition is not in the database.
`35`	`35`	`API::getTopLevelMember("ApplicationController")`
`36`		`- ].getASubclass().getAUse().asExpr().getExpr()`
	`36`	`+ ].getASubclass().getAValueReachableFromSource().asExpr().getExpr()`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ class ActiveRecordModelClass extends ClassDeclaration {`
`54`	`54`	// In Rails applications `ApplicationRecord` typically extends `ActiveRecord::Base`, but we
`55`	`55`	// treat it separately in case the `ApplicationRecord` definition is not in the database.
`56`	`56`	`API::getTopLevelMember("ApplicationRecord")`
`57`		`- ].getASubclass().getAUse().asExpr().getExpr()`
	`57`	`+ ].getASubclass().getAValueReachableFromSource().asExpr().getExpr()`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`// Gets the class declaration for this class and all of its super classes`
Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,8 @@ module Hash {`
`99`	`99`	`HashNewSummary() { this = "Hash[]" }`
`100`	`100`
`101`	`101`	`final override ElementReference getACall() {`
`102`		`- result.getReceiver() = API::getTopLevelMember("Hash").getAUse().asExpr().getExpr() and`
	`102`	`+ result.getReceiver() =`
	`103`	`+ API::getTopLevelMember("Hash").getAValueReachableFromSource().asExpr().getExpr() and`
`103`	`104`	`result.getNumberOfArguments() = 1`
`104`	`105`	`}`
`105`	`106`
`@@ -138,7 +139,8 @@ module Hash {`
`138`	`139`	`}`
`139`	`140`
`140`	`141`	`final override ElementReference getACall() {`
`141`		`- result.getReceiver() = API::getTopLevelMember("Hash").getAUse().asExpr().getExpr() and`
	`142`	`+ result.getReceiver() =`
	`143`	`+ API::getTopLevelMember("Hash").getAValueReachableFromSource().asExpr().getExpr() and`
`142`	`144`	`key = result.getArgument(i - 1).getConstantValue() and`
`143`	`145`	`exists(result.getArgument(i))`
`144`	`146`	`}`
Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,8 @@ class ExconHttpRequest extends HTTP::Client::Request::Range {`
`66`	`66`	`override predicate disablesCertificateValidation(DataFlow::Node disablingNode) {`
`67`	`67`	// Check for `ssl_verify_peer: false` in the options hash.
`68`	`68`	`exists(DataFlow::Node arg, int i \|`
`69`		`- i > 0 and arg = connectionNode.getAUse().(DataFlow::CallNode).getArgument(i)`
	`69`	`+ i > 0 and`
	`70`	`+ arg = connectionNode.getAValueReachableFromSource().(DataFlow::CallNode).getArgument(i)`
`70`	`71`	`\|`
`71`	`72`	`argSetsVerifyPeer(arg, false, disablingNode)`
`72`	`73`	`)`
`@@ -79,7 +80,8 @@ class ExconHttpRequest extends HTTP::Client::Request::Range {`
`79`	`80`	`disableCall.asExpr().getASuccessor+() = requestUse.asExpr() and`
`80`	`81`	`disablingNode = disableCall and`
`81`	`82`	`not exists(DataFlow::Node arg, int i \|`
`82`		`- i > 0 and arg = connectionNode.getAUse().(DataFlow::CallNode).getArgument(i)`
	`83`	`+ i > 0 and`
	`84`	`+ arg = connectionNode.getAValueReachableFromSource().(DataFlow::CallNode).getArgument(i)`
`83`	`85`	`\|`
`84`	`86`	`argSetsVerifyPeer(arg, true, _)`
`85`	`87`	`)`