Ruby: Model Mime::Type

hmac · hmac · commit f42d33312fc7 · 2022-07-29T11:41:48.000+12:00
Add type summaries to recognise instances of Mime::Type, and recognise
arguments to Mime::Type.match? and Mime::Type.=~ as regular expression
interpretations.
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActionDispatch.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActionDispatch.qll
@@ -6,12 +6,55 @@
 private import codeql.ruby.AST
 private import codeql.ruby.Concepts
 private import codeql.ruby.DataFlow
+private import codeql.ruby.Regexp as RE
+private import codeql.ruby.dataflow.FlowSummary
+private import codeql.ruby.frameworks.data.ModelsAsData
 
 /**
  * Models the `ActionDispatch` HTTP library, which is part of Rails.
  * Version: 7.1.0.
  */
 module ActionDispatch {
+  /**
+   * Type summaries for the `Mime::Type` class, i.e. method calls that produce new
+   * `Mime::Type` instances.
+   */
+  private class MimeTypeTypeSummary extends ModelInput::TypeModelCsv {
+    override predicate row(string row) {
+      // package1;type1;package2;type2;path
+      row =
+        [
+          // Mime[type] : Mime::Type (omitted)
+          // Method names with brackets like [] cannot be represented in MaD.
+          // Mime.fetch(type) : Mime::Type
+          "actiondispatch;Mime::Type;;;Member[Mime].Method[fetch].ReturnValue",
+          // Mime::Type.new(str) : Mime::Type
+          "actiondispatch;Mime::Type;;;Member[Mime].Member[Type].Instance",
+          // Mime::Type.lookup(str) : Mime::Type
+          "actiondispatch;Mime::Type;;;Member[Mime].Member[Type].Method[lookup].ReturnValue",
+          // Mime::Type.lookup_by_extension(str) : Mime::Type
+          "actiondispatch;Mime::Type;;;Member[Mime].Member[Type].Method[lookup_by_extension].ReturnValue",
+          // Mime::Type.register(str) : Mime::Type
+          "actiondispatch;Mime::Type;;;Member[Mime].Member[Type].Method[register].ReturnValue",
+          // Mime::Type.register_alias(str) : Mime::Type
+          "actiondispatch;Mime::Type;;;Member[Mime].Member[Type].Method[register_alias].ReturnValue",
+        ]
+    }
+  }
+
+  /**
+   * An argument to `Mime::Type#match?`, which is converted to a RegExp via
+   * `Regexp.new`.
+   */
+  class MimeTypeMatchRegExpInterpretation extends RE::RegExpInterpretation::Range {
+    MimeTypeMatchRegExpInterpretation() {
+      this =
+        ModelOutput::getATypeNode("actiondispatch", "Mime::Type")
+            .getAMethodCall(["match?", "=~"])
+            .getArgument(0)
+    }
+  }
+
   /**
    * Models routing configuration specified using the `ActionDispatch` library, which is part of Rails.
    */
diff --git a/ruby/ql/test/library-tests/frameworks/ActionDispatch.expected b/ruby/ql/test/library-tests/frameworks/ActionDispatch.expected
@@ -54,3 +54,15 @@ underscore
 | HTTPServerRequest | httpserver_request |
 | LotsOfCapitalLetters | lots_of_capital_letters |
 | invalid | invalid |
+mimeTypeInstances
+| action_dispatch/mime_type.rb:2:6:2:28 | Use getMember("Mime").getMethod("fetch").getReturn() |
+| action_dispatch/mime_type.rb:3:6:3:32 | Use getMember("Mime").getMember("Type").getMethod("new").getReturn() |
+| action_dispatch/mime_type.rb:4:6:4:35 | Use getMember("Mime").getMember("Type").getMethod("lookup").getReturn() |
+| action_dispatch/mime_type.rb:5:6:5:43 | Use getMember("Mime").getMember("Type").getMethod("lookup_by_extension").getReturn() |
+| action_dispatch/mime_type.rb:6:6:6:47 | Use getMember("Mime").getMember("Type").getMethod("register").getReturn() |
+| action_dispatch/mime_type.rb:7:6:7:64 | Use getMember("Mime").getMember("Type").getMethod("register_alias").getReturn() |
+mimeTypeMatchRegExpInterpretations
+| action_dispatch/mime_type.rb:11:11:11:19 | "foo/bar" |
+| action_dispatch/mime_type.rb:12:7:12:15 | "foo/bar" |
+| action_dispatch/mime_type.rb:13:11:13:11 | s |
+| action_dispatch/mime_type.rb:14:7:14:7 | s |
diff --git a/ruby/ql/test/library-tests/frameworks/ActionDispatch.ql b/ruby/ql/test/library-tests/frameworks/ActionDispatch.ql
@@ -1,6 +1,10 @@
 private import ruby
 private import codeql.ruby.frameworks.ActionDispatch
 private import codeql.ruby.frameworks.ActionController
+private import codeql.ruby.ApiGraphs
+private import codeql.ruby.frameworks.data.ModelsAsData
+private import codeql.ruby.DataFlow
+private import codeql.ruby.Regexp as RE
 
 query predicate actionDispatchRoutes(
   ActionDispatch::Routing::Route r, string method, string path, string controller, string action
@@ -24,3 +28,13 @@ query predicate underscore(string input, string output) {
       "HTTPServerRequest", "LotsOfCapitalLetters"
     ]
 }
+
+query predicate mimeTypeInstances(API::Node n) {
+  n = ModelOutput::getATypeNode("actiondispatch", "Mime::Type")
+}
+
+query predicate mimeTypeMatchRegExpInterpretations(
+  ActionDispatch::MimeTypeMatchRegExpInterpretation s
+) {
+  any()
+}
diff --git a/ruby/ql/test/library-tests/frameworks/action_dispatch/mime_type.rb b/ruby/ql/test/library-tests/frameworks/action_dispatch/mime_type.rb
@@ -0,0 +1,14 @@
+m1 = Mime["text/html"] # not recognised due to MaD limitation (can't parse method name)
+m2 = Mime.fetch("text/html")
+m3 = Mime::Type.new("text/html")
+m4 = Mime::Type.lookup("text/html")
+m5 = Mime::Type.lookup_by_extension("jpeg")
+m6 = Mime::Type.register("text/calendar", :ics)
+m7 = Mime::Type.register_alias("application/xml", :opf, %w(opf))
+
+s = "foo/bar"
+
+m2.match? "foo/bar"
+m3 =~ "foo/bar"
+m4.match? s
+m5 =~ s
