github
diff --git a/‎ruby/ql/docs/flow_summaries.md‎
Lines changed: 1 addition & 1 deletion b/‎ruby/ql/docs/flow_summaries.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll‎
Lines changed: 51 additions & 49 deletions b/‎ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll‎
Lines changed: 51 additions & 49 deletions
diff --git a/‎ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll‎
Lines changed: 3 additions & 1 deletion b/‎ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll‎
Lines changed: 2 additions & 0 deletions b/‎ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll‎
Lines changed: 5 additions & 5 deletions b/‎ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll‎
Lines changed: 19 additions & 19 deletions b/‎ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll‎
Lines changed: 19 additions & 19 deletions
@@ -19,7 +19,7 @@ to be tainted in the call to `system`.
 have no source code, so we include a flow summary for it:
 
 ```ql
-private class ChompSummary extends SimpleSummarizedCallable {
+private class ChompSummary extends SummarizedCallable::RangeSimple {
   ChompSummary() { this = "chomp" }
 
   override predicate propagatesFlow(string input, string output, boolean preservesValue) {
 
@@ -15,65 +15,64 @@ private module Summaries {
   private import codeql.ruby.frameworks.data.ModelsAsData
 }
 
-deprecated class SummaryComponent = Impl::Private::SummaryComponent;
+class Provenance = Impl::Public::Provenance;
 
-deprecated module SummaryComponent = Impl::Private::SummaryComponent;
+/** Provides the `Range` class used to define the extent of `SummarizedCallable`. */
+module SummarizedCallable {
+  /** A callable with a flow summary, identified by a unique string. */
+  abstract class Range extends LibraryCallable, Impl::Public::SummarizedCallable {
+    bindingset[this]
+    Range() { any() }
 
-deprecated class SummaryComponentStack = Impl::Private::SummaryComponentStack;
-
-deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack;
-
-/** A callable with a flow summary, identified by a unique string. */
-abstract class SummarizedCallable extends LibraryCallable, Impl::Public::SummarizedCallable {
-  bindingset[this]
-  SummarizedCallable() { any() }
-
-  /**
-   * DEPRECATED: Use `propagatesFlow` instead.
-   */
-  deprecated predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
-    this.propagatesFlow(input, output, preservesValue, _)
-  }
+    override predicate propagatesFlow(
+      string input, string output, boolean preservesValue, Provenance p, boolean isExact,
+      string model
+    ) {
+      this.propagatesFlow(input, output, preservesValue) and
+      p = "manual" and
+      isExact = true and
+      model = ""
+    }
 
-  override predicate propagatesFlow(
-    string input, string output, boolean preservesValue, string model
-  ) {
-    this.propagatesFlow(input, output, preservesValue) and model = ""
+    /**
+     * Holds if data may flow from `input` to `output` through this callable.
+     *
+     * `preservesValue` indicates whether this is a value-preserving step or a taint-step.
+     */
+    predicate propagatesFlow(string input, string output, boolean preservesValue) { none() }
+
+    /**
+     * Gets the synthesized parameter that results from an input specification
+     * that starts with `Argument[s]` for this library callable.
+     */
+    DataFlow::ParameterNode getParameter(string s) {
+      exists(ParameterPosition pos |
+        DataFlowImplCommon::parameterNode(result, TLibraryCallable(this), pos) and
+        s = Impl::Input::encodeParameterPosition(pos)
+      )
+    }
   }
 
   /**
-   * Holds if data may flow from `input` to `output` through this callable.
-   *
-   * `preservesValue` indicates whether this is a value-preserving step or a taint-step.
+   * A callable with a flow summary, identified by a unique string, where all
+   * calls to a method with the same name are considered relevant.
    */
-  predicate propagatesFlow(string input, string output, boolean preservesValue) { none() }
+  abstract class RangeSimple extends Range {
+    MethodCall mc;
 
-  /**
-   * Gets the synthesized parameter that results from an input specification
-   * that starts with `Argument[s]` for this library callable.
-   */
-  DataFlow::ParameterNode getParameter(string s) {
-    exists(ParameterPosition pos |
-      DataFlowImplCommon::parameterNode(result, TLibraryCallable(this), pos) and
-      s = Impl::Input::encodeParameterPosition(pos)
-    )
+    bindingset[this]
+    RangeSimple() { mc.getMethodName() = this }
+
+    final override MethodCall getACallSimple() { result = mc }
   }
 }
 
-/**
- * A callable with a flow summary, identified by a unique string, where all
- * calls to a method with the same name are considered relevant.
- */
-abstract class SimpleSummarizedCallable extends SummarizedCallable {
-  MethodCall mc;
-
-  bindingset[this]
-  SimpleSummarizedCallable() { mc.getMethodName() = this }
+final private class SummarizedCallableFinal = SummarizedCallable::Range;
 
-  final override MethodCall getACallSimple() { result = mc }
-}
-
-deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack;
+/** A callable with a flow summary, identified by a unique string. */
+final class SummarizedCallable extends SummarizedCallableFinal,
+  Impl::Public::RelevantSummarizedCallable
+{ }
 
 /**
  * Provides a set of special flow summaries to ensure that callbacks passed into
@@ -103,7 +102,7 @@ private module LibraryCallbackSummaries {
     )
   }
 
-  private class LibraryLambdaMethod extends SummarizedCallable {
+  private class LibraryLambdaMethod extends SummarizedCallable::Range {
     LibraryLambdaMethod() { this = "<library method accepting a callback>" }
 
     final override MethodCall getACall() {
@@ -114,7 +113,8 @@ private module LibraryCallbackSummaries {
     }
 
     override predicate propagatesFlow(
-      string input, string output, boolean preservesValue, string model
+      string input, string output, boolean preservesValue, Provenance p, boolean isExact,
+      string model
     ) {
       (
         input = "Argument[block]" and
@@ -127,6 +127,8 @@ private module LibraryCallbackSummaries {
         )
       ) and
       preservesValue = true and
+      p = "hq-generated" and
+      isExact = true and
       model = "heuristic-callback"
     }
   }
 
@@ -240,7 +240,9 @@ class NormalCall extends DataFlowCall, TNormalCall {
 module ViewComponentRenderModeling {
   private import codeql.ruby.frameworks.ViewComponent
 
-  private class RenderMethod extends SummarizedCallable, LibraryCallableToIncludeInTypeTracking {
+  private class RenderMethod extends SummarizedCallable::Range,
+    LibraryCallableToIncludeInTypeTracking
+  {
     RenderMethod() { this = "render view component" }
 
     override MethodCall getACallSimple() { result.getMethodName() = "render" }
 
@@ -18,6 +18,8 @@ module Input implements InputSig<Location, DataFlowImplSpecific::RubyDataFlow> {
 
   class SinkBase = Void;
 
+  predicate callableFromSource(SummarizedCallableBase c) { none() }
+
   ArgumentPosition callbackSelfParameterPosition() { result.isLambdaSelf() }
 
   ReturnKind getStandardReturnValueKind() { result instanceof NormalReturnKind }
 
@@ -545,7 +545,7 @@ private module ParamsSummaries {
    * A flow summary for methods on `ActionController::Parameters` which
    * propagate taint from receiver to return value.
    */
-  private class MethodsReturningParamsInstanceSummary extends SummarizedCallable {
+  private class MethodsReturningParamsInstanceSummary extends SummarizedCallable::Range {
     MethodsReturningParamsInstanceSummary() { this = "ActionController::Parameters#<various>" }
 
     override MethodCall getACall() {
@@ -566,7 +566,7 @@ private module ParamsSummaries {
    * `#with_defaults`
    * Returns a new ActionController::Parameters with all keys from current hash merged into other_hash.
    */
-  private class MergeSummary extends SummarizedCallable {
+  private class MergeSummary extends SummarizedCallable::Range {
     MergeSummary() { this = "ActionController::Parameters#merge" }
 
     override MethodCall getACall() {
@@ -590,7 +590,7 @@ private module ParamsSummaries {
    * `#reverse_update`
    * Returns a new ActionController::Parameters with all keys from current hash merged into other_hash.
    */
-  private class MergeBangSummary extends SummarizedCallable {
+  private class MergeBangSummary extends SummarizedCallable::Range {
     MergeBangSummary() { this = "ActionController::Parameters#merge!" }
 
     override MethodCall getACall() {
@@ -609,7 +609,7 @@ private module ParamsSummaries {
   /** Flow summaries for `ActiveDispatch::Http::UploadedFile`, which can be an field of `ActionController::Parameters`. */
   module UploadedFileSummaries {
     /** Flow summary for various string attributes of `UploadedFile`, including `original_filename`, `content_type`, and `headers`. */
-    private class UploadedFileStringAttributeSummary extends SummarizedCallable {
+    private class UploadedFileStringAttributeSummary extends SummarizedCallable::Range {
       UploadedFileStringAttributeSummary() {
         this = "ActionDispatch::Http::UploadedFile#[original_filename,content_type,headers]"
       }
@@ -632,7 +632,7 @@ private module ParamsSummaries {
      * Flow summary for `ActiveDispatch::Http::UploadedFile#read`,
      * which propagates taint from the receiver to the return value or to the second (out string) argument
      */
-    private class UploadedFileReadSummary extends SummarizedCallable {
+    private class UploadedFileReadSummary extends SummarizedCallable::Range {
       UploadedFileReadSummary() { this = "ActionDispatch::Http::UploadedFile#read" }
 
       override MethodCall getACall() {
 
@@ -45,7 +45,7 @@ module ActiveSupport {
       /**
        * Flow summary for methods which transform the receiver in some way, possibly preserving taint.
        */
-      private class StringTransformSummary extends SummarizedCallable {
+      private class StringTransformSummary extends SummarizedCallable::Range {
         // We're modeling a lot of different methods, so we make up a name for this summary.
         StringTransformSummary() { this = "ActiveSupportStringTransform" }
 
@@ -72,7 +72,7 @@ module ActiveSupport {
      */
     module Object {
       /** Flow summary for methods which can return the receiver. */
-      private class IdentitySummary extends SimpleSummarizedCallable {
+      private class IdentitySummary extends SummarizedCallable::RangeSimple {
         IdentitySummary() { this = ["presence", "deep_dup"] }
 
         override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -106,7 +106,7 @@ module ActiveSupport {
       }
 
       /** Flow summary for `Object#to_json`, which serializes the receiver as a JSON string. */
-      private class ToJsonSummary extends SimpleSummarizedCallable {
+      private class ToJsonSummary extends SummarizedCallable::RangeSimple {
         ToJsonSummary() { this = "to_json" }
 
         override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -124,7 +124,7 @@ module ActiveSupport {
       /**
        * Flow summary for `reverse_merge`, and its alias `with_defaults`.
        */
-      private class ReverseMergeSummary extends SimpleSummarizedCallable {
+      private class ReverseMergeSummary extends SummarizedCallable::RangeSimple {
         ReverseMergeSummary() { this = ["reverse_merge", "with_defaults"] }
 
         override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -137,7 +137,7 @@ module ActiveSupport {
       /**
        * Flow summary for `reverse_merge!`, and its aliases `with_defaults!` and `reverse_update`.
        */
-      private class ReverseMergeBangSummary extends SimpleSummarizedCallable {
+      private class ReverseMergeBangSummary extends SummarizedCallable::RangeSimple {
         ReverseMergeBangSummary() { this = ["reverse_merge!", "with_defaults!", "reverse_update"] }
 
         override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -147,7 +147,7 @@ module ActiveSupport {
         }
       }
 
-      private class TransformSummary extends SimpleSummarizedCallable {
+      private class TransformSummary extends SummarizedCallable::RangeSimple {
         TransformSummary() {
           this =
             [
@@ -188,7 +188,7 @@ module ActiveSupport {
        * mentioned in the arguments to an element in `self`, including elements
        * at unknown keys.
        */
-      private class ExtractSummary extends SummarizedCallable {
+      private class ExtractSummary extends SummarizedCallable::Range {
         MethodCall mc;
 
         ExtractSummary() {
@@ -232,7 +232,7 @@ module ActiveSupport {
         ArrayIndex() { this = any(DataFlow::Content::KnownElementContent c).getIndex().getInt() }
       }
 
-      private class CompactBlankSummary extends SimpleSummarizedCallable {
+      private class CompactBlankSummary extends SummarizedCallable::RangeSimple {
         CompactBlankSummary() { this = "compact_blank" }
 
         override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -242,7 +242,7 @@ module ActiveSupport {
         }
       }
 
-      private class ExcludingSummary extends SimpleSummarizedCallable {
+      private class ExcludingSummary extends SummarizedCallable::RangeSimple {
         ExcludingSummary() { this = ["excluding", "without"] }
 
         override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -252,7 +252,7 @@ module ActiveSupport {
         }
       }
 
-      private class InOrderOfSummary extends SimpleSummarizedCallable {
+      private class InOrderOfSummary extends SummarizedCallable::RangeSimple {
         InOrderOfSummary() { this = "in_order_of" }
 
         override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -265,7 +265,7 @@ module ActiveSupport {
       /**
        * Like `Array#push` but doesn't update the receiver.
        */
-      private class IncludingSummary extends SimpleSummarizedCallable {
+      private class IncludingSummary extends SummarizedCallable::RangeSimple {
         IncludingSummary() { this = "including" }
 
         override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -287,7 +287,7 @@ module ActiveSupport {
         }
       }
 
-      private class IndexBySummary extends SimpleSummarizedCallable {
+      private class IndexBySummary extends SummarizedCallable::RangeSimple {
         IndexBySummary() { this = "index_by" }
 
         override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -297,7 +297,7 @@ module ActiveSupport {
         }
       }
 
-      private class IndexWithSummary extends SimpleSummarizedCallable {
+      private class IndexWithSummary extends SummarizedCallable::RangeSimple {
         IndexWithSummary() { this = "index_with" }
 
         override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -316,7 +316,7 @@ module ActiveSupport {
         result = DataFlow::Content::getKnownElementIndex(mc.getArgument(i)).serialize()
       }
 
-      private class PickSingleSummary extends SummarizedCallable {
+      private class PickSingleSummary extends SummarizedCallable::Range {
         private MethodCall mc;
         private string key;
 
@@ -336,7 +336,7 @@ module ActiveSupport {
         }
       }
 
-      private class PickMultipleSummary extends SummarizedCallable {
+      private class PickMultipleSummary extends SummarizedCallable::Range {
         private MethodCall mc;
 
         PickMultipleSummary() {
@@ -370,7 +370,7 @@ module ActiveSupport {
         }
       }
 
-      private class PluckSingleSummary extends SummarizedCallable {
+      private class PluckSingleSummary extends SummarizedCallable::Range {
         private MethodCall mc;
         private string key;
 
@@ -390,7 +390,7 @@ module ActiveSupport {
         }
       }
 
-      private class PluckMultipleSummary extends SummarizedCallable {
+      private class PluckMultipleSummary extends SummarizedCallable::Range {
         private MethodCall mc;
 
         PluckMultipleSummary() {
@@ -424,7 +424,7 @@ module ActiveSupport {
         }
       }
 
-      private class SoleSummary extends SimpleSummarizedCallable {
+      private class SoleSummary extends SummarizedCallable::RangeSimple {
         SoleSummary() { this = "sole" }
 
         override predicate propagatesFlow(string input, string output, boolean preservesValue) {
@@ -458,7 +458,7 @@ module ActiveSupport {
      * `ActiveSupport::ERB::Util`
      */
     module Util {
-      private class JsonEscapeSummary extends SimpleSummarizedCallable {
+      private class JsonEscapeSummary extends SummarizedCallable::RangeSimple {
         JsonEscapeSummary() { this = "json_escape" }
 
         override predicate propagatesFlow(string input, string output, boolean preservesValue) {