Ruby: use new features in ActionMailer

asgerf · asgerf · commit fbfa31937f4b · 2023-06-19T12:05:57.000+02:00
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActionMailer.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActionMailer.qll
@@ -4,12 +4,26 @@
 
 private import codeql.ruby.AST
 private import codeql.ruby.ApiGraphs
+private import codeql.ruby.DataFlow
 private import codeql.ruby.frameworks.internal.Rails
 
 /**
  * Provides modeling for the `ActionMailer` library.
  */
 module ActionMailer {
+  private DataFlow::ClassNode actionMailerClass() {
+    result =
+      [
+        DataFlow::getConstant("ActionMailer").getConstant("Base"),
+        // In Rails applications `ApplicationMailer` typically extends
+        // `ActionMailer::Base`, but we treat it separately in case the
+        // `ApplicationMailer` definition is not in the database.
+        DataFlow::getConstant("ApplicationMailer")
+      ].getADescendentModule()
+  }
+
+  private API::Node actionMailerInstance() { result = actionMailerClass().trackInstance() }
+
   /**
    * A `ClassDeclaration` for a class that extends `ActionMailer::Base`.
    * For example,
@@ -21,33 +35,11 @@ module ActionMailer {
    * ```
    */
   class MailerClass extends ClassDeclaration {
-    MailerClass() {
-      this.getSuperclassExpr() =
-        [
-          API::getTopLevelMember("ActionMailer").getMember("Base"),
-          // In Rails applications `ApplicationMailer` typically extends
-          // `ActionMailer::Base`, but we treat it separately in case the
-          // `ApplicationMailer` definition is not in the database.
-          API::getTopLevelMember("ApplicationMailer")
-        ].getASubclass().getAValueReachableFromSource().asExpr().getExpr()
-    }
-  }
-
-  /** A method call with a `self` receiver from within a mailer class */
-  private class ContextCall extends MethodCall {
-    private MailerClass mailerClass;
-
-    ContextCall() {
-      this.getReceiver() instanceof SelfVariableAccess and
-      this.getEnclosingModule() = mailerClass
-    }
-
-    /** Gets the mailer class containing this method. */
-    MailerClass getMailerClass() { result = mailerClass }
+    MailerClass() { this = actionMailerClass().getADeclaration() }
   }
 
   /** A call to `params` from within a mailer. */
-  class ParamsCall extends ContextCall, ParamsCallImpl {
-    ParamsCall() { this.getMethodName() = "params" }
+  class ParamsCall extends ParamsCallImpl {
+    ParamsCall() { this = actionMailerInstance().getAMethodCall("params").asExpr().getExpr() }
   }
 }
