add Zip::File.new to framework

Author: thiggy1342

ruby/ql/lib/codeql/ruby/frameworks/Archive.qll

@@ -11,6 +11,15 @@ private import codeql.ruby.ApiGraphs
  * Classes and predicates for modeling the RubyZip library
  */
 module RubyZip {
+  /**
+   * A call to `Zip::File.new`, considered as a `FileSystemAccess`
+   */
+  class RubyZipFileNew extends DataFlow::CallNode, FileSystemAccess::Range {
+    RubyZipFileNew() { this = API::getTopLevelMember("Zip").getMember("File").getAnInstantiation() }
+
+    override DataFlow::Node getAPathArgument() { result = this.getArgument(0) }
+  }
+
   /**
    * A call to `Zip::File.open`, considered as a `FileSystemAccess`.
    */

ruby/ql/test/library-tests/frameworks/archive/Archive.expected

@@ -1 +1,4 @@
+rubyZipFileOpens
 | Archive.rb:2:12:2:35 | call to open |
+rubyZipFileNew
+| Archive.rb:5:12:5:34 | call to new |

ruby/ql/test/library-tests/frameworks/archive/Archive.ql

@@ -2,3 +2,5 @@ private import ruby
 private import codeql.ruby.frameworks.Archive
 
 query predicate rubyZipFileOpens(RubyZip::RubyZipFileOpen f) { any() }
+
+query predicate rubyZipFileNew(RubyZip::RubyZipFileNew f) { any() }

ruby/ql/test/library-tests/frameworks/archive/Archive.rb

@@ -1,2 +1,5 @@
 # `foo_file` is a RubyZip `Zip::File.open` instance
 foo_file = Zip::File.open(filename)
+
+# `new_file` is a RubyZip `Zip::File.new` instance
+new_file = Zip::File.new(filename)