Ruby: Update for Http concept changes

hmac · hmac · commit dea503691222 · 2022-09-27T10:03:17.000+13:00
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveStorage.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveStorage.qll
@@ -80,7 +80,7 @@ module ActiveStorage {
   /**
    * Method calls on `ActiveStorage::Blob` that send HTTP requests.
    */
-  private class BlobRequestCall extends HTTP::Client::Request::Range {
+  private class BlobRequestCall extends Http::Client::Request::Range {
     BlobRequestCall() {
       this =
         [
@@ -100,16 +100,20 @@ module ActiveStorage {
           |
             c
           )
-        ].asExpr().getExpr()
+        ]
     }
 
     override string getFramework() { result = "activestorage" }
 
-    override DataFlow::Node getResponseBody() { result.asExpr().getExpr() = this }
+    override DataFlow::Node getResponseBody() { result = this }
 
     override DataFlow::Node getAUrlPart() { none() }
 
-    override predicate disablesCertificateValidation(DataFlow::Node disablingNode) { none() }
+    override predicate disablesCertificateValidation(
+      DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
+    ) {
+      none()
+    }
   }
 
   /**
diff --git a/ruby/ql/test/library-tests/frameworks/active_storage/ActiveStorage.ql b/ruby/ql/test/library-tests/frameworks/active_storage/ActiveStorage.ql
@@ -6,7 +6,7 @@ import codeql.ruby.frameworks.ActiveStorage
 
 query predicate attachmentInstances(ActiveStorage::AttachmentInstance n) { any() }
 
-query predicate httpRequests(HTTP::Client::Request r, string framework, DataFlow::Node responseBody) {
+query predicate httpRequests(Http::Client::Request r, string framework, DataFlow::Node responseBody) {
   r.getFramework() = framework and r.getResponseBody() = responseBody
 }
 

Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ module ActiveStorage {`
`80`	`80`	`/**`
`81`	`81`	* Method calls on `ActiveStorage::Blob` that send HTTP requests.
`82`	`82`	`*/`
`83`		`- private class BlobRequestCall extends HTTP::Client::Request::Range {`
	`83`	`+ private class BlobRequestCall extends Http::Client::Request::Range {`
`84`	`84`	`BlobRequestCall() {`
`85`	`85`	`this =`
`86`	`86`	`[`
`@@ -100,16 +100,20 @@ module ActiveStorage {`
`100`	`100`	`\|`
`101`	`101`	`c`
`102`	`102`	`)`
`103`		`- ].asExpr().getExpr()`
	`103`	`+ ]`
`104`	`104`	`}`
`105`	`105`
`106`	`106`	`override string getFramework() { result = "activestorage" }`
`107`	`107`
`108`		`- override DataFlow::Node getResponseBody() { result.asExpr().getExpr() = this }`
	`108`	`+ override DataFlow::Node getResponseBody() { result = this }`
`109`	`109`
`110`	`110`	`override DataFlow::Node getAUrlPart() { none() }`
`111`	`111`
`112`		`- override predicate disablesCertificateValidation(DataFlow::Node disablingNode) { none() }`
	`112`	`+ override predicate disablesCertificateValidation(`
	`113`	`+ DataFlow::Node disablingNode, DataFlow::Node argumentOrigin`
	`114`	`+ ) {`
	`115`	`+ none()`
	`116`	`+ }`
`113`	`117`	`}`
`114`	`118`
`115`	`119`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ import codeql.ruby.frameworks.ActiveStorage`
`6`	`6`
`7`	`7`	`query predicate attachmentInstances(ActiveStorage::AttachmentInstance n) { any() }`
`8`	`8`
`9`		`-query predicate httpRequests(HTTP::Client::Request r, string framework, DataFlow::Node responseBody) {`
	`9`	`+query predicate httpRequests(Http::Client::Request r, string framework, DataFlow::Node responseBody) {`
`10`	`10`	`r.getFramework() = framework and r.getResponseBody() = responseBody`
`11`	`11`	`}`
`12`	`12`