Ruby: Fix some Ql4Ql violations.

michaelnebel · michaelnebel · commit c5cf46bc2cd5 · 2025-09-01T15:19:25.000+02:00
diff --git a/ruby/ql/lib/codeql/ruby/ApiGraphs.qll b/ruby/ql/lib/codeql/ruby/ApiGraphs.qll
@@ -1,5 +1,5 @@
 /**
- * Provides an implementation of _API graphs_, which allow efficient modelling of how a given
+ * Provides an implementation of _API graphs_, which allow efficient modeling of how a given
  * value is used by the code base or how values produced by the code base are consumed by a library.
  *
  * See `API::Node` for more details.
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
@@ -50,7 +50,7 @@ module Kernel {
   }
 
   /**
-   * Private methods in the `Kernel` module.
+   * Holds if `method` is a name of a private method in the `Kernel` module.
    * These can be be invoked on `self`, on `Kernel`, or using a low-level primitive like `send` or `instance_eval`.
    * ```ruby
    * puts "hello world"
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Excon.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Excon.qll
@@ -25,27 +25,28 @@ private import codeql.ruby.DataFlow
  */
 class ExconHttpRequest extends Http::Client::Request::Range instanceof DataFlow::CallNode {
   API::Node requestNode;
-  API::Node connectionNode;
   DataFlow::Node connectionUse;
 
   ExconHttpRequest() {
     this = requestNode.asSource() and
-    connectionUse = connectionNode.asSource() and
-    connectionNode =
-      [
-        // one-off requests
-        API::getTopLevelMember("Excon"),
-        // connection re-use
-        API::getTopLevelMember("Excon").getInstance(),
-        API::getTopLevelMember("Excon").getMember("Connection").getInstance()
-      ] and
-    requestNode =
-      connectionNode
-          .getReturn([
-              // Excon#request exists but Excon.request doesn't.
-              // This shouldn't be a problem - in real code the latter would raise NoMethodError anyway.
-              "get", "head", "delete", "options", "post", "put", "patch", "trace", "request"
-            ])
+    exists(API::Node connectionNode |
+      connectionUse = connectionNode.asSource() and
+      connectionNode =
+        [
+          // one-off requests
+          API::getTopLevelMember("Excon"),
+          // connection re-use
+          API::getTopLevelMember("Excon").getInstance(),
+          API::getTopLevelMember("Excon").getMember("Connection").getInstance()
+        ] and
+      requestNode =
+        connectionNode
+            .getReturn([
+                // Excon#request exists but Excon.request doesn't.
+                // This shouldn't be a problem - in real code the latter would raise NoMethodError anyway.
+                "get", "head", "delete", "options", "post", "put", "patch", "trace", "request"
+              ])
+    )
   }
 
   override DataFlow::Node getResponseBody() { result = requestNode.getAMethodCall("body") }
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll
@@ -27,11 +27,10 @@ private import codeql.ruby.DataFlow
 class NetHttpRequest extends Http::Client::Request::Range instanceof DataFlow::CallNode {
   private DataFlow::CallNode request;
   API::Node requestNode;
-  API::Node connectionNode;
   private boolean returnsResponseBody;
 
   NetHttpRequest() {
-    exists(string method |
+    exists(string method, API::Node connectionNode |
       request = requestNode.asSource() and
       this = request and
       requestNode = connectionNode.getReturn(method)
diff --git a/ruby/ql/lib/codeql/ruby/regexp/internal/ParseRegExp.qll b/ruby/ql/lib/codeql/ruby/regexp/internal/ParseRegExp.qll
@@ -194,7 +194,7 @@ abstract class RegExp extends Ast::StringlikeLiteral {
   }
 
   /**
-   * Holds if the character set starting at `charset_start` contains a character range
+   * Holds if the character set starting at `charsetStart` contains a character range
    * with lower bound found between `start` and `lowerEnd`
    * and upper bound found between `upperStart` and `end`.
    */
diff --git a/ruby/ql/lib/codeql/ruby/security/ImproperMemoizationQuery.qll b/ruby/ql/lib/codeql/ruby/security/ImproperMemoizationQuery.qll
@@ -45,7 +45,7 @@ private class MemoCandidate extends Method {
 }
 
 /**
- * Holds if parameter `p` of `m` is read in the right hand side of `assign`.
+ * Holds if parameter `p` of `m` is read in the right hand side of `a`.
  */
 private predicate parameterUsedInMemoValue(Method m, Parameter p, MemoStmt a) {
   p = m.getAParameter() and
@@ -54,7 +54,7 @@ private predicate parameterUsedInMemoValue(Method m, Parameter p, MemoStmt a) {
 }
 
 /**
- * Holds if parameter `p` of `m` is read in the left hand side of `assign`.
+ * Holds if parameter `p` of `m` is read in the left hand side of `a`.
  */
 private predicate parameterUsedInMemoKey(Method m, Parameter p, HashMemoStmt a) {
   p = m.getAParameter() and

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/**`
`2`		`- * Provides an implementation of _API graphs_, which allow efficient modelling of how a given`
	`2`	`+ * Provides an implementation of _API graphs_, which allow efficient modeling of how a given`
`3`	`3`	`* value is used by the code base or how values produced by the code base are consumed by a library.`
`4`	`4`	`*`
`5`	`5`	* See `API::Node` for more details.
Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ module Kernel {`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`/**`
`53`		- * Private methods in the `Kernel` module.
	`53`	+ * Holds if `method` is a name of a private method in the `Kernel` module.
`54`	`54`	* These can be be invoked on `self`, on `Kernel`, or using a low-level primitive like `send` or `instance_eval`.
`55`	`55`	* ```ruby
`56`	`56`	`* puts "hello world"`
Original file line number	Diff line number	Diff line change
`@@ -194,7 +194,7 @@ abstract class RegExp extends Ast::StringlikeLiteral {`
`194`	`194`	`}`
`195`	`195`
`196`	`196`	`/**`
`197`		- * Holds if the character set starting at `charset_start` contains a character range
	`197`	+ * Holds if the character set starting at `charsetStart` contains a character range
`198`	`198`	* with lower bound found between `start` and `lowerEnd`
`199`	`199`	* and upper bound found between `upperStart` and `end`.
`200`	`200`	`*/`