Merge pull request #8971 from aibaars/safe-nagivation

Ruby: add safe navigation operator

Author: hvitved

ruby/ql/lib/change-notes/2022-05-01-safe-navigation-operator.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+Support of the safe navigation operator (`&.`) has been added; there is a new predicate `MethodCall.isSafeNavigation()`.

ruby/ql/lib/codeql/ruby/ast/Call.qll

@@ -105,6 +105,14 @@ class MethodCall extends Call instanceof MethodCallImpl {
    */
   final Block getBlock() { result = super.getBlockImpl() }
 
+  /**
+   * Holds if the safe nagivation operator (`&.`) is used in this call.
+   * ```rb
+   * foo&.empty?
+   * ```
+   */
+  final predicate isSafeNavigation() { super.isSafeNavigationImpl() }
+
   override string toString() { result = "call to " + this.getMethodName() }
 
   override AstNode getAChild(string pred) {

ruby/ql/lib/codeql/ruby/ast/Control.qll

@@ -111,10 +111,10 @@ class IfExpr extends ConditionalExpr, TIfExpr {
   }
 }
 
-private class If extends IfExpr, TIf {
+private class IfReal extends IfExpr, TIfReal {
   private Ruby::If g;
 
-  If() { this = TIf(g) }
+  IfReal() { this = TIfReal(g) }
 
   final override Expr getCondition() { toGenerated(result) = g.getCondition() }
 
@@ -125,6 +125,18 @@ private class If extends IfExpr, TIf {
   final override string toString() { result = "if ..." }
 }
 
+private class IfSynth extends IfExpr, TIfSynth {
+  IfSynth() { this = TIfSynth(_, _) }
+
+  final override Expr getCondition() { synthChild(this, 0, result) }
+
+  final override Stmt getThen() { synthChild(this, 1, result) }
+
+  final override Stmt getElse() { synthChild(this, 2, result) }
+
+  final override string toString() { result = "if ..." }
+}
+
 private class Elsif extends IfExpr, TElsif {
   private Ruby::Elsif g;
 

ruby/ql/lib/codeql/ruby/ast/internal/AST.qll

@@ -162,7 +162,8 @@ private module Cached {
     } or
     THereDoc(Ruby::HeredocBeginning g) or
     TIdentifierMethodCall(Ruby::Identifier g) { isIdentifierMethodCall(g) } or
-    TIf(Ruby::If g) or
+    TIfReal(Ruby::If g) or
+    TIfSynth(AST::AstNode parent, int i) { mkSynthChild(IfKind(), parent, i) } or
     TIfModifierExpr(Ruby::IfModifier g) or
     TInClause(Ruby::InClause g) or
     TInstanceVariableAccessReal(Ruby::InstanceVariable g, AST::InstanceVariable v) {
@@ -214,7 +215,8 @@ private module Cached {
     TMulExprSynth(AST::AstNode parent, int i) { mkSynthChild(MulExprKind(), parent, i) } or
     TNEExpr(Ruby::Binary g) { g instanceof @ruby_binary_bangequal } or
     TNextStmt(Ruby::Next g) or
-    TNilLiteral(Ruby::Nil g) or
+    TNilLiteralReal(Ruby::Nil g) or
+    TNilLiteralSynth(AST::AstNode parent, int i) { mkSynthChild(NilLiteralKind(), parent, i) } or
     TNoRegExpMatchExpr(Ruby::Binary g) { g instanceof @ruby_binary_bangtilde } or
     TNotExpr(Ruby::Unary g) { g instanceof @ruby_unary_bang or g instanceof @ruby_unary_not } or
     TOptionalParameter(Ruby::OptionalParameter g) or
@@ -347,35 +349,36 @@ private module Cached {
         TFalseLiteral or TFile or TFindPattern or TFloatLiteral or TForExpr or TForwardParameter or
         TForwardArgument or TGEExpr or TGTExpr or TGlobalVariableAccessReal or
         THashKeySymbolLiteral or THashLiteral or THashPattern or THashSplatExpr or
-        THashSplatNilParameter or THashSplatParameter or THereDoc or TIdentifierMethodCall or TIf or
-        TIfModifierExpr or TInClause or TInstanceVariableAccessReal or TIntegerLiteralReal or
-        TKeywordParameter or TLEExpr or TLShiftExprReal or TLTExpr or TLambda or
-        TLeftAssignmentList or TLine or TLocalVariableAccessReal or TLogicalAndExprReal or
-        TLogicalOrExprReal or TMethod or TModuleDeclaration or TModuloExprReal or TMulExprReal or
-        TNEExpr or TNextStmt or TNilLiteral or TNoRegExpMatchExpr or TNotExpr or
-        TOptionalParameter or TPair or TParenthesizedExpr or TParenthesizedPattern or
-        TRShiftExprReal or TRangeLiteralReal or TRationalLiteral or TRedoStmt or TRegExpLiteral or
-        TRegExpMatchExpr or TRegularArrayLiteral or TRegularMethodCall or TRegularStringLiteral or
-        TRegularSuperCall or TRescueClause or TRescueModifierExpr or TRetryStmt or TReturnStmt or
-        TScopeResolutionConstantAccess or TSelfReal or TSimpleParameterReal or
-        TSimpleSymbolLiteral or TSingletonClass or TSingletonMethod or TSpaceshipExpr or
-        TSplatExprReal or TSplatParameter or TStringArrayLiteral or TStringConcatenation or
-        TStringEscapeSequenceComponent or TStringInterpolationComponent or TStringTextComponent or
-        TSubExprReal or TSubshellLiteral or TSymbolArrayLiteral or TTernaryIfExpr or TThen or
-        TTokenConstantAccess or TTokenMethodName or TTokenSuperCall or TToplevel or TTrueLiteral or
-        TUnaryMinusExpr or TUnaryPlusExpr or TUndefStmt or TUnlessExpr or TUnlessModifierExpr or
-        TUntilExpr or TUntilModifierExpr or TReferencePattern or TWhenClause or TWhileExpr or
+        THashSplatNilParameter or THashSplatParameter or THereDoc or TIdentifierMethodCall or
+        TIfReal or TIfModifierExpr or TInClause or TInstanceVariableAccessReal or
+        TIntegerLiteralReal or TKeywordParameter or TLEExpr or TLShiftExprReal or TLTExpr or
+        TLambda or TLeftAssignmentList or TLine or TLocalVariableAccessReal or
+        TLogicalAndExprReal or TLogicalOrExprReal or TMethod or TModuleDeclaration or
+        TModuloExprReal or TMulExprReal or TNEExpr or TNextStmt or TNilLiteralReal or
+        TNoRegExpMatchExpr or TNotExpr or TOptionalParameter or TPair or TParenthesizedExpr or
+        TParenthesizedPattern or TRShiftExprReal or TRangeLiteralReal or TRationalLiteral or
+        TRedoStmt or TRegExpLiteral or TRegExpMatchExpr or TRegularArrayLiteral or
+        TRegularMethodCall or TRegularStringLiteral or TRegularSuperCall or TRescueClause or
+        TRescueModifierExpr or TRetryStmt or TReturnStmt or TScopeResolutionConstantAccess or
+        TSelfReal or TSimpleParameterReal or TSimpleSymbolLiteral or TSingletonClass or
+        TSingletonMethod or TSpaceshipExpr or TSplatExprReal or TSplatParameter or
+        TStringArrayLiteral or TStringConcatenation or TStringEscapeSequenceComponent or
+        TStringInterpolationComponent or TStringTextComponent or TSubExprReal or TSubshellLiteral or
+        TSymbolArrayLiteral or TTernaryIfExpr or TThen or TTokenConstantAccess or
+        TTokenMethodName or TTokenSuperCall or TToplevel or TTrueLiteral or TUnaryMinusExpr or
+        TUnaryPlusExpr or TUndefStmt or TUnlessExpr or TUnlessModifierExpr or TUntilExpr or
+        TUntilModifierExpr or TReferencePattern or TWhenClause or TWhileExpr or
         TWhileModifierExpr or TYieldCall;
 
   class TAstNodeSynth =
     TAddExprSynth or TAssignExprSynth or TBitwiseAndExprSynth or TBitwiseOrExprSynth or
         TBitwiseXorExprSynth or TBraceBlockSynth or TClassVariableAccessSynth or
         TConstantReadAccessSynth or TDivExprSynth or TExponentExprSynth or
-        TGlobalVariableAccessSynth or TInstanceVariableAccessSynth or TIntegerLiteralSynth or
-        TLShiftExprSynth or TLocalVariableAccessSynth or TLogicalAndExprSynth or
-        TLogicalOrExprSynth or TMethodCallSynth or TModuloExprSynth or TMulExprSynth or
-        TRShiftExprSynth or TRangeLiteralSynth or TSelfSynth or TSimpleParameterSynth or
-        TSplatExprSynth or TStmtSequenceSynth or TSubExprSynth;
+        TGlobalVariableAccessSynth or TIfSynth or TInstanceVariableAccessSynth or
+        TIntegerLiteralSynth or TLShiftExprSynth or TLocalVariableAccessSynth or
+        TLogicalAndExprSynth or TLogicalOrExprSynth or TMethodCallSynth or TModuloExprSynth or
+        TMulExprSynth or TNilLiteralSynth or TRShiftExprSynth or TRangeLiteralSynth or TSelfSynth or
+        TSimpleParameterSynth or TSplatExprSynth or TStmtSequenceSynth or TSubExprSynth;
 
   /**
    * Gets the underlying TreeSitter entity for a given AST node. This does not
@@ -457,7 +460,7 @@ private module Cached {
     n = THereDoc(result) or
     n = TIdentifierMethodCall(result) or
     n = TIfModifierExpr(result) or
-    n = TIf(result) or
+    n = TIfReal(result) or
     n = TInClause(result) or
     n = TInstanceVariableAccessReal(result, _) or
     n = TIntegerLiteralReal(result) or
@@ -477,7 +480,7 @@ private module Cached {
     n = TMulExprReal(result) or
     n = TNEExpr(result) or
     n = TNextStmt(result) or
-    n = TNilLiteral(result) or
+    n = TNilLiteralReal(result) or
     n = TNoRegExpMatchExpr(result) or
     n = TNotExpr(result) or
     n = TOptionalParameter(result) or
@@ -568,6 +571,8 @@ private module Cached {
     or
     result = TGlobalVariableAccessSynth(parent, i, _)
     or
+    result = TIfSynth(parent, i)
+    or
     result = TInstanceVariableAccessSynth(parent, i, _)
     or
     result = TIntegerLiteralSynth(parent, i, _)
@@ -586,6 +591,8 @@ private module Cached {
     or
     result = TMulExprSynth(parent, i)
     or
+    result = TNilLiteralSynth(parent, i)
+    or
     result = TRangeLiteralSynth(parent, i, _)
     or
     result = TRShiftExprSynth(parent, i)
@@ -672,6 +679,8 @@ class TControlExpr = TConditionalExpr or TCaseExpr or TCaseMatch or TLoop;
 class TConditionalExpr =
   TIfExpr or TUnlessExpr or TIfModifierExpr or TUnlessModifierExpr or TTernaryIfExpr;
 
+class TIf = TIfReal or TIfSynth;
+
 class TIfExpr = TIf or TElsif;
 
 class TConditionalLoop = TWhileExpr or TUntilExpr or TWhileModifierExpr or TUntilModifierExpr;
@@ -695,6 +704,8 @@ class TStmtSequence =
 
 class TBodyStmt = TBeginExpr or TModuleBase or TMethod or TLambda or TDoBlock or TSingletonMethod;
 
+class TNilLiteral = TNilLiteralReal or TNilLiteralSynth;
+
 class TLiteral =
   TEncoding or TFile or TLine or TNumericLiteral or TNilLiteral or TBooleanLiteral or
       TStringlikeLiteral or TCharacterLiteral or TArrayLiteral or THashLiteral or TRangeLiteral or

ruby/ql/lib/codeql/ruby/ast/internal/Call.qll

@@ -28,6 +28,8 @@ abstract class MethodCallImpl extends CallImpl, TMethodCall {
   abstract string getMethodNameImpl();
 
   abstract Block getBlockImpl();
+
+  predicate isSafeNavigationImpl() { none() }
 }
 
 class MethodCallSynth extends MethodCallImpl, TMethodCallSynth {
@@ -89,6 +91,10 @@ class RegularMethodCall extends MethodCallImpl, TRegularMethodCall {
   final override int getNumberOfArgumentsImpl() { result = count(g.getArguments().getChild(_)) }
 
   final override Block getBlockImpl() { toGenerated(result) = g.getBlock() }
+
+  final override predicate isSafeNavigationImpl() {
+    g.getOperator().(Ruby::Token).getValue() = "&."
+  }
 }
 
 class ElementReferenceImpl extends MethodCallImpl, TElementReference {

ruby/ql/lib/codeql/ruby/ast/internal/Literal.qll

@@ -111,12 +111,18 @@ class ComplexLiteralImpl extends Expr, TComplexLiteral {
   }
 }
 
-class NilLiteralImpl extends Expr, TNilLiteral {
+abstract class NilLiteralImpl extends Expr, TNilLiteral {
+  final override string toString() { result = "nil" }
+}
+
+class NilLiteralReal extends NilLiteralImpl, TNilLiteralReal {
   private Ruby::Nil g;
 
-  NilLiteralImpl() { this = TNilLiteral(g) }
+  NilLiteralReal() { this = TNilLiteralReal(g) }
+}
 
-  final override string toString() { result = g.getValue() }
+class NilLiteralSynth extends NilLiteralImpl, TNilLiteralSynth {
+  NilLiteralSynth() { this = TNilLiteralSynth(_, _) }
 }
 
 abstract class BooleanLiteralImpl extends Expr, TBooleanLiteral {

ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll

@@ -21,6 +21,7 @@ newtype SynthKind =
   DivExprKind() or
   ExponentExprKind() or
   GlobalVariableAccessKind(GlobalVariable v) or
+  IfKind() or
   InstanceVariableAccessKind(InstanceVariable v) or
   IntegerLiteralKind(int i) { i in [-1000 .. 1000] } or
   LShiftExprKind() or
@@ -33,6 +34,7 @@ newtype SynthKind =
   } or
   ModuloExprKind() or
   MulExprKind() or
+  NilLiteralKind() or
   RangeLiteralKind(boolean inclusive) { inclusive in [false, true] } or
   RShiftExprKind() or
   SimpleParameterKind() or
@@ -1083,3 +1085,123 @@ private module AnonymousBlockParameterSynth {
     }
   }
 }
+
+private module SafeNavigationCallDesugar {
+  /**
+   * ```rb
+   * receiver&.method(args) { ... }
+   * ```
+   * desugars to
+   *
+   * ```rb
+   * __synth__0 = receiver
+   * if nil == __synth__0 then nil else __synth__0.method(args) {...} end
+   * ```
+   */
+  pragma[nomagic]
+  private predicate safeNavigationCallSynthesis(AstNode parent, int i, Child child) {
+    exists(RegularMethodCall call, LocalVariableAccessSynthKind local |
+      call.isSafeNavigationImpl() and
+      local = LocalVariableAccessSynthKind(TLocalVariableSynth(call.getReceiverImpl(), 0))
+    |
+      parent = call and
+      i = -1 and
+      child = SynthChild(StmtSequenceKind())
+      or
+      exists(TStmtSequenceSynth seq | seq = TStmtSequenceSynth(call, -1) |
+        parent = seq and
+        (
+          child = SynthChild(AssignExprKind()) and i = 0
+          or
+          child = SynthChild(IfKind()) and i = 1
+        )
+        or
+        parent = TAssignExprSynth(seq, 0) and
+        (
+          child = SynthChild(local) and
+          i = 0
+          or
+          child = childRef(call.getReceiverImpl()) and i = 1
+        )
+        or
+        exists(TIfSynth ifExpr | ifExpr = TIfSynth(seq, 1) |
+          parent = ifExpr and
+          (
+            child = SynthChild(MethodCallKind("==", false, 2)) and
+            i = 0
+            or
+            child = SynthChild(NilLiteralKind()) and i = 1
+            or
+            child =
+              SynthChild(MethodCallKind(call.getMethodNameImpl(), false,
+                  call.getNumberOfArgumentsImpl())) and
+            i = 2
+          )
+          or
+          parent = TMethodCallSynth(ifExpr, 0, _, _, _) and
+          (
+            child = SynthChild(NilLiteralKind()) and i = 0
+            or
+            child = SynthChild(local) and
+            i = 1
+          )
+          or
+          parent = TMethodCallSynth(ifExpr, 2, _, _, _) and
+          (
+            i = 0 and
+            child = SynthChild(local)
+            or
+            child = childRef(call.getArgumentImpl(i - 1))
+            or
+            child = childRef(call.getBlockImpl()) and i = -2
+          )
+        )
+      )
+    )
+  }
+
+  private class SafeNavigationCallSynthesis extends Synthesis {
+    final override predicate child(AstNode parent, int i, Child child) {
+      safeNavigationCallSynthesis(parent, i, child)
+    }
+
+    final override predicate methodCall(string name, boolean setter, int arity) {
+      exists(RegularMethodCall call |
+        call.isSafeNavigationImpl() and
+        name = call.getMethodNameImpl() and
+        setter = false and
+        arity = call.getNumberOfArgumentsImpl()
+      )
+      or
+      name = "==" and setter = false and arity = 2
+    }
+
+    final override predicate localVariable(AstNode n, int i) {
+      i = 0 and n = any(RegularMethodCall c | c.isSafeNavigationImpl()).getReceiverImpl()
+    }
+
+    override predicate location(AstNode n, Location l) {
+      exists(RegularMethodCall call, StmtSequence seq |
+        call.isSafeNavigationImpl() and seq = call.getDesugared()
+      |
+        n = seq.getStmt(0) and
+        hasLocation(call.getReceiverImpl(), l)
+        or
+        n = seq.getStmt(1) and
+        l = toGenerated(call).(Ruby::Call).getOperator().getLocation()
+        or
+        n = seq.getStmt(1).(IfExpr).getCondition().(MethodCall).getArgument(0) and
+        hasLocation(call.getReceiverImpl(), l)
+        or
+        n = seq.getStmt(1).(IfExpr).getThen() and
+        hasLocation(call.getReceiverImpl(), l)
+        or
+        n = seq.getStmt(1).(IfExpr).getElse() and
+        hasLocation(call, l)
+        or
+        n = seq.getStmt(1).(IfExpr).getElse().(MethodCall).getReceiver() and
+        hasLocation(call.getReceiverImpl(), l)
+      )
+    }
+  }
+}

ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll

@@ -371,7 +371,9 @@ module Trees {
     CallTree() {
       // Logical operations are handled separately
       not this instanceof UnaryLogicalOperation and
-      not this instanceof BinaryLogicalOperation
+      not this instanceof BinaryLogicalOperation and
+      // Calls with the `&.` operator are desugared
+      not this.(MethodCall).isSafeNavigation()
     }
 
     override ControlFlowTree getChildElement(int i) { result = this.getArgument(i) }