Ruby: add warning for wrong number of columns in CSV row

Author: asgerf

ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll

@@ -420,4 +420,26 @@ module ModelOutput {
       result = getNodeFromPath(package2, type2, path)
     )
   }
+
+  /**
+   * Gets an error message relating to an invalid CSV row in a model.
+   */
+  string getAWarning() {
+    // Check number of columns
+    exists(string row, string kind, int expectedArity, int actualArity |
+      any(SourceModelCsv csv).row(row) and kind = "source" and expectedArity = 4
+      or
+      any(SinkModelCsv csv).row(row) and kind = "sink" and expectedArity = 4
+      or
+      any(SummaryModelCsv csv).row(row) and kind = "summary" and expectedArity = 6
+      or
+      any(TypeModelCsv csv).row(row) and kind = "type" and expectedArity = 5
+    |
+      actualArity = count(row.indexOf(";")) + 1 and
+      actualArity != expectedArity and
+      result =
+        "CSV " + kind + " row should have " + expectedArity + " columns but has " + actualArity +
+          ": " + row
+    )
+  }
 }

ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected

@@ -81,3 +81,6 @@ invalidOutputSpecComponent
 | summaries.rb:37:36:37:42 | tainted | summaries.rb:1:20:1:26 | "taint" :  | summaries.rb:37:36:37:42 | tainted | $@ | summaries.rb:1:20:1:26 | "taint" :  | "taint" :  |
 | summaries.rb:41:8:41:25 | call to matchedByName | summaries.rb:40:7:40:13 | "taint" :  | summaries.rb:41:8:41:25 | call to matchedByName | $@ | summaries.rb:40:7:40:13 | "taint" :  | "taint" :  |
 | summaries.rb:42:8:42:25 | call to matchedByName | summaries.rb:40:7:40:13 | "taint" :  | summaries.rb:42:8:42:25 | call to matchedByName | $@ | summaries.rb:40:7:40:13 | "taint" :  | "taint" :  |
+warning
+| CSV type row should have 5 columns but has 2: test;TooFewColumns |
+| CSV type row should have 5 columns but has 8: test;TooManyColumns;;;Member[Foo].Instance;too;many;columns |

ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql

@@ -15,6 +15,8 @@ query predicate invalidSpecComponent(SummarizedCallable sc, string s, string c)
   Private::External::invalidSpecComponent(s, c)
 }
 
+query predicate warning = ModelOutput::getAWarning/0;
+
 query predicate invalidOutputSpecComponent(SummarizedCallable sc, AccessPath s, AccessPathToken c) {
   sc.propagatesFlowExt(_, s, _) and
   c = s.getToken(_) and
@@ -89,6 +91,16 @@ private class TypeFromModel extends ModelInput::TypeModelCsv {
   }
 }
 
+private class InvalidTypeModel extends ModelInput::TypeModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "test;TooManyColumns;;;Member[Foo].Instance;too;many;columns", //
+        "test;TooFewColumns", //
+      ]
+  }
+}
+
 private class SinkFromModel extends ModelInput::SinkModelCsv {
   override predicate row(string row) { row = "test;FooOrBar;Method[method].Argument[0];test-sink" }
 }