add RubyZip::File.open to frameworks

thiggy1342 · web-flow · commit 098101f471d2 · 2022-06-15T01:39:47.000Z
diff --git a/ruby/ql/lib/codeql/ruby/Frameworks.qll b/ruby/ql/lib/codeql/ruby/Frameworks.qll
@@ -8,6 +8,7 @@ private import codeql.ruby.frameworks.ActiveRecord
 private import codeql.ruby.frameworks.ActiveStorage
 private import codeql.ruby.frameworks.ActionView
 private import codeql.ruby.frameworks.ActiveSupport
+private import codeql.ruby.frameworks.Archive
 private import codeql.ruby.frameworks.GraphQL
 private import codeql.ruby.frameworks.Rails
 private import codeql.ruby.frameworks.Stdlib
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Archive.qll b/ruby/ql/lib/codeql/ruby/frameworks/Archive.qll
@@ -0,0 +1,22 @@
+/**
+ * Provides classes for working with archive libraries.
+ */
+
+private import ruby
+private import codeql.ruby.Concepts
+private import codeql.ruby.DataFlow
+private import codeql.ruby.ApiGraphs
+
+/**
+ * Classes and predicates for modelling the RubyZip library
+ */
+module RubyZip {
+  /**
+   * A call to `Zip::File.open`, considered as a `FileSystemAccess`.
+   */
+  class RubyZipFileOpen extends DataFlow::CallNode, FileSystemAccess::Range {
+    RubyZipFileOpen() { this = API::getTopLevelMember("Zip").getMember("File").getAMethodCall("open") }
+
+    override DataFlow::Node getAPathArgument() { result = this.getArgument(0) }
+  }
+}
