Ruby: SimpleParameter is not an Expr

github · Dec 16, 2021 · cdbd8b2 · cdbd8b2
1 parent e9ef53c
commit cdbd8b2
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 6 deletions.
diff --git a/ruby/ql/lib/codeql/ruby/ast/Erb.qll b/ruby/ql/lib/codeql/ruby/ast/Erb.qll
@@ -159,7 +159,7 @@ class ErbDirective extends TDirectiveNode, ErbAstNode {
    */
   Stmt getAChildStmt() {
     this.containsStmtStart(result) and
-    not this.containsStmtStart(result.getParent())
+    not this.containsStmtStart(parent*(result).getParent())
   }
 
   /**
@@ -183,6 +183,11 @@ class ErbDirective extends TDirectiveNode, ErbAstNode {
   override string getAPrimaryQlClass() { result = "ErbDirective" }
 }
 
+private AstNode parent(AstNode n) {
+  result = n.getParent() and
+  not result instanceof Stmt
+}
+
 /**
  * A comment directive in an ERB template.
  * ```erb

diff --git a/ruby/ql/lib/codeql/ruby/ast/Pattern.qll b/ruby/ql/lib/codeql/ruby/ast/Pattern.qll
@@ -28,14 +28,12 @@ deprecated class Pattern extends AstNode {
   Variable getAVariable() { none() }
 }
 
-deprecated private class TVariablePattern = TVariableAccess or TSimpleParameter;
-
 /**
  * DEPRECATED
  *
  * A simple variable pattern.
  */
-deprecated class VariablePattern extends Pattern, LhsExpr, TVariablePattern {
+deprecated class VariablePattern extends Pattern, LhsExpr, TVariableAccess {
   override Variable getAVariable() { result = this.(VariableAccess).getVariable() }
 }
 

diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/AST.qll b/ruby/ql/lib/codeql/ruby/ast/internal/AST.qll
@@ -660,7 +660,7 @@ class TExpr =
   TSelf or TArgumentList or TInClause or TRescueClause or TRescueModifierExpr or TPair or
       TStringConcatenation or TCall or TBlockArgument or TConstantAccess or TControlExpr or
       TWhenExpr or TLiteral or TCallable or TVariableAccess or TStmtSequence or TOperation or
-      TSimpleParameter or TForwardArgument or TDestructuredLhsExpr;
+      TForwardArgument or TDestructuredLhsExpr;
 
 class TSplatExpr = TSplatExprReal or TSplatExprSynth;
 

diff --git a/ruby/ql/lib/codeql/ruby/security/XSS.qll b/ruby/ql/lib/codeql/ruby/security/XSS.qll
@@ -227,7 +227,7 @@ private module Shared {
       isHelperMethod(helperMethod, name, template) and
       isMethodCall(helperMethodCall.getExpr(), name, template) and
       helperMethodCall.getArgument(pragma[only_bind_into](argIdx)) = node1.asExpr() and
-      helperMethod.getParameter(pragma[only_bind_into](argIdx)) = node2.asExpr().getExpr()
+      helperMethod.getParameter(pragma[only_bind_into](argIdx)) = node2.asParameter()
     )
   }