Ruby: query to automatically extract type definitions from library code #13750
+351
−0
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently limited and WIP - this automatically extracts some type definitions from a library codebase in a MaD amenable format.
Predicates
5 query predicates are added:
sourceModel,sinkModel,summaryModel,typeModel, andtypeVariableModel. These correspond to the extensible predicates inApiGraphModelsExtensions.qll. Of these, currently onlytypeModelis populated.There are 3 major predicates that contribute to the
typeModeloutput:typeModelReturnsThis predicate looks at returned values from methods in the codebase and determines if they return an instance of some class that we can find. For instance, in the case of some code like:
We can determine that the return value from
get_barorget_bar_indirectlymay be aBarinstance, giving ustypeModelrows of:type1type2pathBarFooMethod[get_bar].ReturnValueBarFooMethod[get_bar_indirectly].ReturnValuetypeModelParametersThis predicate looks at cases where we call some method and pass it an expression with a known type as an argument e.g. in
we get:
type1type2pathSome::DatabaseFooMethod[execute_with_database].Parameter[0]typeModelBlockArgumentParametersThis looks at cases where a method calls
yieldorblock.callin order to invoke its block argument, and passes an argument of a known type to that block e.g.e.g. in
In this case, we can determine that the
initializemethod (which will usually be invoked viaFoo.new()will call its block argument with an instance ofFooas the first argument to that block, if a block argument is provided. This gives us:we get:
type1type2pathFooFoo!Method[new].Argument[block].Parameter[0]where the
!suffix indicates a call against the class object rather than an instance of that class.Tooling
This PR also adds a very (very) rough python script at
ruby/scripts/generate_model.py. Pointing this script at a CodeQL Ruby database will runGenerateModel.qlagainst that database with options to output to a file.This is heavily WIP at the moment - many of the limitations are TODOs in the code, but as a quick list of things that are not yet supported or need additional work:
singleton methodsnon-positional parametersparameters to block argumentsDataFlow::ExprNodes using ApiGraphs - struggled with this in practice due to various performance and implementation issuesSomeClass.new(extension work)