github · Apr 2, 2025
diff --git a/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/Expr.qll
+3-22 b/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/Expr.qll
+3-22
diff --git a/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/Literal.qll
+3-1 b/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/Literal.qll
+3-1
diff --git a/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/Operation.qll
-4 b/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/Operation.qll
-4
diff --git a/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/internal/AST.qll
+30-11 b/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/internal/AST.qll
+30-11
diff --git a/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/internal/Call.qll
+46-2 b/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/internal/Call.qll
+46-2
diff --git a/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/internal/Expr.qll
+37 b/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/internal/Expr.qll
+37
diff --git a/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/internal/Literal.qll
+18-2 b/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/internal/Literal.qll
+18-2
diff --git a/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/internal/Operation.qll
+15-9 b/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/internal/Operation.qll
+15-9
diff --git a/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll
+158-2 b/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll
+158-2
diff --git a/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/internal/Variable.qll
+22-19 b/Diff for: ‎ruby/ql/lib/codeql/ruby/ast/internal/Variable.qll
+22-19
diff --git a/Diff for: ‎ruby/ql/test/library-tests/ast/Ast.expected
+8 b/Diff for: ‎ruby/ql/test/library-tests/ast/Ast.expected
+8
diff --git a/Diff for: ‎ruby/ql/test/library-tests/ast/ValueText.expected
+2 b/Diff for: ‎ruby/ql/test/library-tests/ast/ValueText.expected
+2
diff --git a/Diff for: ‎ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected
+244 b/Diff for: ‎ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected
+244
diff --git a/Diff for: ‎ruby/ql/test/library-tests/dataflow/params/params-flow.expected
+62 b/Diff for: ‎ruby/ql/test/library-tests/dataflow/params/params-flow.expected
+62
diff --git a/Diff for: ‎ruby/ql/test/library-tests/dataflow/params/params_flow.rb
+5-5 b/Diff for: ‎ruby/ql/test/library-tests/dataflow/params/params_flow.rb
+5-5
@@ -248,13 +248,7 @@ class ParenthesizedExpr extends StmtSequence, TParenthesizedExpr {
  * baz(qux: 1)
  * ```
  */
-class Pair extends Expr, TPair {
-  private Ruby::Pair g;
-
-  Pair() { this = TPair(g) }
-
-  final override string getAPrimaryQlClass() { result = "Pair" }
-
+class Pair extends Expr instanceof PairImpl {
   /**
    * Gets the key expression of this pair. For example, the `SymbolLiteral`
    * representing the keyword `foo` in the following example:
@@ -266,7 +260,7 @@ class Pair extends Expr, TPair {
    * { 'foo' => 123 }
    * ```
    */
-  final Expr getKey() { toGenerated(result) = g.getKey() }
+  final Expr getKey() { result = PairImpl.super.getKey() }
 
   /**
    * Gets the value expression of this pair. For example, the `IntegerLiteral`
@@ -275,20 +269,7 @@ class Pair extends Expr, TPair {
    * { 'foo' => 123 }
    * ```
    */
-  final Expr getValue() {
-    toGenerated(result) = g.getValue() or
-    synthChild(this, 0, result)
-  }
-
-  final override string toString() { result = "Pair" }
-
-  final override AstNode getAChild(string pred) {
-    result = super.getAChild(pred)
-    or
-    pred = "getKey" and result = this.getKey()
-    or
-    pred = "getValue" and result = this.getValue()
-  }
+  final Expr getValue() { result = PairImpl.super.getValue() }
 }
 
 /**
 
@@ -305,7 +305,9 @@ class StringlikeLiteral extends Literal instanceof StringlikeLiteralImpl {
   final override AstNode getAChild(string pred) {
     result = Literal.super.getAChild(pred)
     or
-    pred = "getComponent" and result = this.getComponent(_)
+    pred = "getComponent" and
+    result = this.getComponent(_) and
+    not this instanceof SimpleSymbolLiteralSynth
   }
 }
 
 
@@ -92,10 +92,6 @@ class SplatExpr extends UnaryOperation, TSplatExpr {
  * ```
  */
 class HashSplatExpr extends UnaryOperation, THashSplatExpr {
-  private Ruby::HashSplatArgument g;
-
-  HashSplatExpr() { this = THashSplatExpr(g) }
-
   final override string getAPrimaryQlClass() { result = "HashSplatExpr" }
 }
 
 
@@ -164,7 +164,8 @@ private module Cached {
     THashKeySymbolLiteral(Ruby::HashKeySymbol g) or
     THashLiteral(Ruby::Hash g) or
     THashPattern(Ruby::HashPattern g) or
-    THashSplatExpr(Ruby::HashSplatArgument g) or
+    THashSplatExprReal(Ruby::HashSplatArgument g) or
+    THashSplatExprSynth(Ast::AstNode parent, int i) { mkSynthChild(HashSplatExprKind(), parent, i) } or
     THashSplatNilParameter(Ruby::HashSplatNil g) { not g.getParent() instanceof Ruby::HashPattern } or
     THashSplatParameter(Ruby::HashSplatParameter g) {
       not g.getParent() instanceof Ruby::HashPattern
@@ -232,7 +233,8 @@ private module Cached {
     TNotExprReal(Ruby::Unary g) { g instanceof @ruby_unary_bang or g instanceof @ruby_unary_not } or
     TNotExprSynth(Ast::AstNode parent, int i) { mkSynthChild(NotExprKind(), parent, i) } or
     TOptionalParameter(Ruby::OptionalParameter g) or
-    TPair(Ruby::Pair g) or
+    TPairReal(Ruby::Pair g) or
+    TPairSynth(Ast::AstNode parent, int i) { mkSynthChild(PairExprKind(), parent, i) } or
     TParenthesizedExpr(Ruby::ParenthesizedStatements g) or
     TParenthesizedPattern(Ruby::ParenthesizedPattern g) or
     TRShiftExprReal(Ruby::Binary g) { g instanceof @ruby_binary_ranglerangle } or
@@ -274,7 +276,10 @@ private module Cached {
     TSimpleParameterSynth(Ast::AstNode parent, int i) {
       mkSynthChild(SimpleParameterKind(), parent, i)
     } or
-    TSimpleSymbolLiteral(Ruby::SimpleSymbol g) or
+    TSimpleSymbolLiteralReal(Ruby::SimpleSymbol g) or
+    TSimpleSymbolLiteralSynth(Ast::AstNode parent, int i, string value) {
+      mkSynthChild(SymbolLiteralExprKind(value), parent, i)
+    } or
     TSingletonClass(Ruby::SingletonClass g) or
     TSingletonMethod(Ruby::SingletonMethod g) or
     TSpaceshipExpr(Ruby::Binary g) { g instanceof @ruby_binary_langleequalrangle } or
@@ -362,19 +367,19 @@ private module Cached {
         TEnsure or TEqExpr or TExponentExprReal or TFalseLiteral or TFile or TFindPattern or
         TFloatLiteral or TForExpr or TForwardParameter or TForwardArgument or TGEExpr or TGTExpr or
         TGlobalVariableAccessReal or THashKeySymbolLiteral or THashLiteral or THashPattern or
-        THashSplatExpr or THashSplatNilParameter or THashSplatParameter or THereDoc or
+        THashSplatExprReal or THashSplatNilParameter or THashSplatParameter or THereDoc or
         TIdentifierMethodCall or TIfReal or TIfModifierExpr or TInClauseReal or
         TInstanceVariableAccessReal or TIntegerLiteralReal or TKeywordParameter or TLEExpr or
         TLShiftExprReal or TLTExpr or TLambda or TLeftAssignmentList or TLine or
         TLocalVariableAccessReal or TLogicalAndExprReal or TLogicalOrExprReal or TMethod or
         TMatchPattern or TModuleDeclaration or TModuloExprReal or TMulExprReal or TNEExpr or
         TNextStmt or TNilLiteralReal or TNoRegExpMatchExpr or TNotExprReal or TOptionalParameter or
-        TPair or TParenthesizedExpr or TParenthesizedPattern or TRShiftExprReal or
+        TPairReal or TParenthesizedExpr or TParenthesizedPattern or TRShiftExprReal or
         TRangeLiteralReal or TRationalLiteral or TRedoStmt or TRegExpLiteral or TRegExpMatchExpr or
         TRegularArrayLiteral or TRegularMethodCall or TRegularStringLiteral or TRegularSuperCall or
         TRescueClause or TRescueModifierExpr or TRetryStmt or TReturnStmt or
         TScopeResolutionConstantAccess or TSelfReal or TSimpleParameterReal or
-        TSimpleSymbolLiteral or TSingletonClass or TSingletonMethod or TSpaceshipExpr or
+        TSimpleSymbolLiteralReal or TSingletonClass or TSingletonMethod or TSpaceshipExpr or
         TSplatExprReal or TSplatParameter or TStringArrayLiteral or TStringConcatenation or
         TStringEscapeSequenceComponent or TStringInterpolationComponent or TStringTextComponent or
         TSubExprReal or TSubshellLiteral or TSymbolArrayLiteral or TTernaryIfExpr or TTestPattern or
@@ -392,7 +397,8 @@ private module Cached {
         TLShiftExprSynth or TLocalVariableAccessSynth or TLogicalAndExprSynth or
         TLogicalOrExprSynth or TMethodCallSynth or TModuloExprSynth or TMulExprSynth or
         TNilLiteralSynth or TRShiftExprSynth or TRangeLiteralSynth or TSelfSynth or
-        TSimpleParameterSynth or TSplatExprSynth or TStmtSequenceSynth or TSubExprSynth;
+        TSimpleParameterSynth or TSplatExprSynth or THashSplatExprSynth or TStmtSequenceSynth or
+        TSubExprSynth or TPairSynth or TSimpleSymbolLiteralSynth;
 
   /**
    * Gets the underlying TreeSitter entity for a given AST node. This does not
@@ -468,7 +474,7 @@ private module Cached {
     n = THashKeySymbolLiteral(result) or
     n = THashLiteral(result) or
     n = THashPattern(result) or
-    n = THashSplatExpr(result) or
+    n = THashSplatExprReal(result) or
     n = THashSplatNilParameter(result) or
     n = THashSplatParameter(result) or
     n = THereDoc(result) or
@@ -499,7 +505,7 @@ private module Cached {
     n = TNoRegExpMatchExpr(result) or
     n = TNotExprReal(result) or
     n = TOptionalParameter(result) or
-    n = TPair(result) or
+    n = TPairReal(result) or
     n = TParenthesizedExpr(result) or
     n = TParenthesizedPattern(result) or
     n = TRangeLiteralReal(result) or
@@ -519,7 +525,7 @@ private module Cached {
     n = TScopeResolutionConstantAccess(result, _) or
     n = TSelfReal(result) or
     n = TSimpleParameterReal(result) or
-    n = TSimpleSymbolLiteral(result) or
+    n = TSimpleSymbolLiteralReal(result) or
     n = TSingletonClass(result) or
     n = TSingletonMethod(result) or
     n = TSpaceshipExpr(result) or
@@ -633,9 +639,15 @@ private module Cached {
     or
     result = TSplatExprSynth(parent, i)
     or
+    result = THashSplatExprSynth(parent, i)
+    or
     result = TStmtSequenceSynth(parent, i)
     or
     result = TSubExprSynth(parent, i)
+    or
+    result = TPairSynth(parent, i)
+    or
+    result = TSimpleSymbolLiteralSynth(parent, i, _)
   }
 
   /**
@@ -726,6 +738,8 @@ class TSelf = TSelfReal or TSelfSynth;
 
 class TDestructuredLhsExpr = TDestructuredLeftAssignment or TLeftAssignmentList;
 
+class TPair = TPairReal or TPairSynth;
+
 class TExpr =
   TSelf or TArgumentList or TRescueClause or TRescueModifierExpr or TPair or TStringConcatenation or
       TCall or TBlockArgument or TConstantAccess or TControlExpr or TLiteral or TCallable or
@@ -734,6 +748,8 @@ class TExpr =
 
 class TSplatExpr = TSplatExprReal or TSplatExprSynth;
 
+class THashSplatExpr = THashSplatExprReal or THashSplatExprSynth;
+
 class TElse = TElseReal or TElseSynth;
 
 class TStmtSequence =
@@ -768,13 +784,16 @@ class TStringInterpolationComponent =
   TStringInterpolationComponentNonRegexp or TStringInterpolationComponentRegexp;
 
 class TStringComponent =
-  TStringTextComponent or TStringEscapeSequenceComponent or TStringInterpolationComponent;
+  TStringTextComponent or TStringEscapeSequenceComponent or TStringInterpolationComponent or
+      TSimpleSymbolLiteralSynth;
 
 class TStringlikeLiteral =
   TStringLiteral or TRegExpLiteral or TSymbolLiteral or TSubshellLiteral or THereDoc;
 
 class TStringLiteral = TRegularStringLiteral or TBareStringLiteral;
 
+class TSimpleSymbolLiteral = TSimpleSymbolLiteralReal or TSimpleSymbolLiteralSynth;
+
 class TSymbolLiteral = TSimpleSymbolLiteral or TComplexSymbolLiteral or THashKeySymbolLiteral;
 
 class TComplexSymbolLiteral = TDelimitedSymbolLiteral or TBareSymbolLiteral;
 
@@ -2,6 +2,7 @@ private import TreeSitter
 private import Variable
 private import codeql.ruby.AST
 private import codeql.ruby.ast.internal.AST
+private import codeql.ruby.ast.internal.Scope
 
 predicate isIdentifierMethodCall(Ruby::Identifier g) { vcall(g) and not access(g, _) }
 
@@ -133,18 +134,61 @@ private string getSuperMethodName(Ruby::Super sup) {
   )
 }
 
+private Ruby::Identifier getParameter(Ruby::Method m, int pos, Ruby::AstNode param) {
+  scopeDefinesParameterVariable(m, _, result, pos) and
+  param = m.getParameters().getChild(pos)
+}
+
 class TokenSuperCall extends SuperCallImpl, TTokenSuperCall {
   private Ruby::Super g;
 
   TokenSuperCall() { this = TTokenSuperCall(g) }
 
+  Ruby::Method getEnclosingMethod() { result = scopeOf(toGenerated(this)).getEnclosingMethod() }
+
+  int getNumberOfImplicitArguments() {
+    exists(Ruby::Method encl |
+      encl = this.getEnclosingMethod() and
+      result = count(getParameter(encl, _, _))
+    )
+  }
+
+  /**
+   * Gets the local variable defined by parameter `param` which is used as an
+   * implicit argument at position `pos`.
+   *
+   * For example, in
+   *
+   * ```ruby
+   * class Sup
+   *     def m(x)
+   *     end
+   * end
+   *
+   * class Sub < Sup
+   *    def m(x)
+   *        super
+   *    end
+   * end
+   * ```
+   *
+   * `x` is an implicit argument at position 0 of the `super` call in `Sub#m`.
+   */
+  pragma[nomagic]
+  LocalVariableReal getImplicitArgument(int pos, Ruby::AstNode param) {
+    exists(Ruby::Method encl |
+      encl = this.getEnclosingMethod() and
+      toGenerated(result.getDefiningAccessImpl()) = getParameter(encl, pos, param)
+    )
+  }
+
   final override string getMethodNameImpl() { result = getSuperMethodName(g) }
 
   final override Expr getReceiverImpl() { none() }
 
-  final override Expr getArgumentImpl(int n) { none() }
+  final override Expr getArgumentImpl(int n) { synthChild(this, n, result) }
 
-  final override int getNumberOfArgumentsImpl() { result = 0 }
+  final override int getNumberOfArgumentsImpl() { result = this.getNumberOfImplicitArguments() }
 
   final override Block getBlockImpl() { none() }
 }
 
@@ -120,3 +120,40 @@ class LeftAssignmentListImpl extends DestructuredLhsExprImpl, Ruby::LeftAssignme
       )
   }
 }
+
+abstract class PairImpl extends Expr, TPair {
+  final override string getAPrimaryQlClass() { result = "Pair" }
+
+  abstract Expr getKey();
+
+  abstract Expr getValue();
+
+  final override string toString() { result = "Pair" }
+
+  final override AstNode getAChild(string pred) {
+    result = super.getAChild(pred)
+    or
+    pred = "getKey" and result = this.getKey()
+    or
+    pred = "getValue" and result = this.getValue()
+  }
+}
+
+class PairReal extends PairImpl, TPairReal {
+  private Ruby::Pair g;
+
+  PairReal() { this = TPairReal(g) }
+
+  final override Expr getKey() { toGenerated(result) = g.getKey() }
+
+  final override Expr getValue() {
+    toGenerated(result) = g.getValue() or
+    synthChild(this, 0, result)
+  }
+}
+
+class PairSynth extends PairImpl, TPairSynth {
+  final override Expr getKey() { synthChild(this, 0, result) }
+
+  final override Expr getValue() { synthChild(this, 1, result) }
+}
@@ -608,16 +608,32 @@ class BareStringLiteral extends StringLiteralImpl, TBareStringLiteral {
 
 abstract class SymbolLiteralImpl extends StringlikeLiteralImpl, TSymbolLiteral { }
 
-class SimpleSymbolLiteral extends SymbolLiteralImpl, TSimpleSymbolLiteral {
+abstract class SimpleSymbolLiteralImpl extends SymbolLiteralImpl, TSimpleSymbolLiteral { }
+
+class SimpleSymbolLiteralReal extends SimpleSymbolLiteralImpl, TSimpleSymbolLiteral {
   private Ruby::SimpleSymbol g;
 
-  SimpleSymbolLiteral() { this = TSimpleSymbolLiteral(g) }
+  SimpleSymbolLiteralReal() { this = TSimpleSymbolLiteralReal(g) }
 
   final override StringComponent getComponentImpl(int n) { n = 0 and toGenerated(result) = g }
 
   final override string toString() { result = g.getValue() }
 }
 
+class SimpleSymbolLiteralSynth extends SimpleSymbolLiteralImpl, TSimpleSymbolLiteralSynth,
+  StringComponentImpl
+{
+  private string value;
+
+  SimpleSymbolLiteralSynth() { this = TSimpleSymbolLiteralSynth(_, _, value) }
+
+  final override string getValue() { result = value }
+
+  final override StringComponent getComponentImpl(int n) { n = 0 and result = this }
+
+  final override string toString() { result = value }
+}
+
 abstract class ComplexSymbolLiteral extends SymbolLiteralImpl, TComplexSymbolLiteral { }
 
 class DelimitedSymbolLiteral extends ComplexSymbolLiteral, TDelimitedSymbolLiteral {
 
@@ -45,36 +45,42 @@ class NotExprSynth extends NotExprImpl, TNotExprSynth {
   final override Expr getOperandImpl() { synthChild(this, 0, result) }
 }
 
-class SplatExprReal extends UnaryOperationImpl, TSplatExprReal {
+abstract class SplatExprImpl extends UnaryOperationImpl, TSplatExpr {
+  final override string getOperatorImpl() { result = "*" }
+}
+
+class SplatExprReal extends SplatExprImpl, TSplatExprReal {
   private Ruby::SplatArgument g;
 
   SplatExprReal() { this = TSplatExprReal(g) }
 
-  final override string getOperatorImpl() { result = "*" }
-
   final override Expr getOperandImpl() {
     toGenerated(result) = g.getChild() or
     synthChild(this, 0, result)
   }
 }
 
-class SplatExprSynth extends UnaryOperationImpl, TSplatExprSynth {
-  final override string getOperatorImpl() { result = "*" }
-
+class SplatExprSynth extends SplatExprImpl, TSplatExprSynth {
   final override Expr getOperandImpl() { synthChild(this, 0, result) }
 }
 
-class HashSplatExprImpl extends UnaryOperationImpl, THashSplatExpr {
+abstract class HashSplatExprImpl extends UnaryOperationImpl, THashSplatExpr {
+  final override string getOperatorImpl() { result = "**" }
+}
+
+class HashSplatExprReal extends HashSplatExprImpl, THashSplatExprReal {
   private Ruby::HashSplatArgument g;
 
-  HashSplatExprImpl() { this = THashSplatExpr(g) }
+  HashSplatExprReal() { this = THashSplatExprReal(g) }
 
   final override Expr getOperandImpl() {
     toGenerated(result) = g.getChild() or
     synthChild(this, 0, result)
   }
+}
 
-  final override string getOperatorImpl() { result = "**" }
+class HashSplatExprSynth extends HashSplatExprImpl, THashSplatExprSynth {
+  final override Expr getOperandImpl() { synthChild(this, 0, result) }
 }
 
 abstract class DefinedExprImpl extends UnaryOperationImpl, TDefinedExpr { }
 
@@ -11,7 +11,7 @@ private import codeql.ruby.ast.internal.Scope
 private import codeql.ruby.AST
 
 /** A synthesized AST node kind. */
-newtype SynthKind =
+newtype TSynthKind =
   AddExprKind() or
   AssignExprKind() or
   BitwiseAndExprKind() or
@@ -42,16 +42,107 @@ newtype SynthKind =
   MulExprKind() or
   NilLiteralKind() or
   NotExprKind() or
+  PairExprKind() or
   RangeLiteralKind(boolean inclusive) { inclusive in [false, true] } or
   RShiftExprKind() or
   SimpleParameterKind() or
   SplatExprKind() or
+  HashSplatExprKind() or
+  SymbolLiteralExprKind(string value) {
+    value = any(Ruby::SimpleSymbol s).getValue()
+    or
+    value = any(Ruby::KeywordParameter p).getName().getValue()
+  } or
   StmtSequenceKind() or
   SelfKind(SelfVariable v) or
   SubExprKind() or
   ConstantReadAccessKind(string value) { any(Synthesis s).constantReadAccess(value) } or
   ConstantWriteAccessKind(string value) { any(Synthesis s).constantWriteAccess(value) }
 
+class SynthKind extends TSynthKind {
+  string toString() {
+    this = AddExprKind() and result = "AddExprKind"
+    or
+    this = AssignExprKind() and result = "AssignExprKind"
+    or
+    this = BitwiseAndExprKind() and result = "BitwiseAndExprKind"
+    or
+    this = BitwiseOrExprKind() and result = "BitwiseOrExprKind"
+    or
+    this = BitwiseXorExprKind() and result = "BitwiseXorExprKind"
+    or
+    this = BooleanLiteralKind(_) and result = "BooleanLiteralKind"
+    or
+    this = BraceBlockKind() and result = "BraceBlockKind"
+    or
+    this = CaseMatchKind() and result = "CaseMatchKind"
+    or
+    this = ClassVariableAccessKind(_) and result = "ClassVariableAccessKind"
+    or
+    this = DefinedExprKind() and result = "DefinedExprKind"
+    or
+    this = DivExprKind() and result = "DivExprKind"
+    or
+    this = ElseKind() and result = "ElseKind"
+    or
+    this = ExponentExprKind() and result = "ExponentExprKind"
+    or
+    this = GlobalVariableAccessKind(_) and result = "GlobalVariableAccessKind"
+    or
+    this = IfKind() and result = "IfKind"
+    or
+    this = InClauseKind() and result = "InClauseKind"
+    or
+    this = InstanceVariableAccessKind(_) and result = "InstanceVariableAccessKind"
+    or
+    this = IntegerLiteralKind(_) and result = "IntegerLiteralKind"
+    or
+    this = LShiftExprKind() and result = "LShiftExprKind"
+    or
+    this = LocalVariableAccessRealKind(_) and result = "LocalVariableAccessRealKind"
+    or
+    this = LocalVariableAccessSynthKind(_) and result = "LocalVariableAccessSynthKind"
+    or
+    this = LogicalAndExprKind() and result = "LogicalAndExprKind"
+    or
+    this = LogicalOrExprKind() and result = "LogicalOrExprKind"
+    or
+    this = MethodCallKind(_, _, _) and result = "MethodCallKind"
+    or
+    this = ModuloExprKind() and result = "ModuloExprKind"
+    or
+    this = MulExprKind() and result = "MulExprKind"
+    or
+    this = NilLiteralKind() and result = "NilLiteralKind"
+    or
+    this = NotExprKind() and result = "NotExprKind"
+    or
+    this = PairExprKind() and result = "PairExprKind"
+    or
+    this = RangeLiteralKind(_) and result = "RangeLiteralKind"
+    or
+    this = RShiftExprKind() and result = "RShiftExprKind"
+    or
+    this = SimpleParameterKind() and result = "SimpleParameterKind"
+    or
+    this = SplatExprKind() and result = "SplatExprKind"
+    or
+    this = HashSplatExprKind() and result = "HashSplatExprKind"
+    or
+    this = SymbolLiteralExprKind(_) and result = "SymbolLiteralExprKind"
+    or
+    this = StmtSequenceKind() and result = "StmtSequenceKind"
+    or
+    this = SubExprKind() and result = "SubExprKind"
+    or
+    this = SelfKind(_) and result = "SelfKind"
+    or
+    this = ConstantReadAccessKind(_) and result = "ConstantReadAccessKind"
+    or
+    this = ConstantWriteAccessKind(_) and result = "ConstantWriteAccessKind"
+  }
+}
+
 /**
  * An AST child.
  *
@@ -110,6 +201,11 @@ class Synthesis extends TSynthesis {
    */
   predicate methodCall(string name, boolean setter, int arity) { none() }
 
+  /**
+   * Holds if a `super` call with arity `arity` is needed.
+   */
+  predicate superCall(int arity) { none() }
+
   /**
    * Holds if a constant read access of `name` is needed.
    */
@@ -441,7 +537,7 @@ private module AssignOperationDesugar {
     pragma[nomagic]
     SynthKind getVariableAccessKind() {
       result in [
-          LocalVariableAccessRealKind(v).(SynthKind), InstanceVariableAccessKind(v),
+          LocalVariableAccessRealKind(v).(TSynthKind), InstanceVariableAccessKind(v),
           ClassVariableAccessKind(v), GlobalVariableAccessKind(v)
         ]
     }
@@ -1802,3 +1898,63 @@ private module MatchPatternDesugar {
     }
   }
 }
+
+private module ImplicitSuperArgsSynthesis {
+  pragma[nomagic]
+  private predicate superCallSynthesis(AstNode parent, int i, Child child) {
+    exists(TokenSuperCall call, SynthChild access, int pos, Ruby::AstNode param |
+      access = SynthChild(LocalVariableAccessRealKind(call.getImplicitArgument(pos, param)))
+    |
+      parent = call and
+      param instanceof Ruby::Identifier and
+      i = pos and
+      child = access
+      or
+      param instanceof Ruby::SplatParameter and
+      (
+        parent = call and
+        i = pos and
+        child = SynthChild(SplatExprKind())
+        or
+        parent = TSplatExprSynth(call, pos) and
+        i = 0 and
+        child = access
+      )
+      or
+      param instanceof Ruby::HashSplatParameter and
+      (
+        parent = call and
+        i = pos and
+        child = SynthChild(HashSplatExprKind())
+        or
+        parent = THashSplatExprSynth(call, pos) and
+        i = 0 and
+        child = access
+      )
+      or
+      exists(string name | name = param.(Ruby::KeywordParameter).getName().getValue() |
+        parent = call and
+        i = pos and
+        child = SynthChild(PairExprKind())
+        or
+        parent = TPairSynth(call, pos) and
+        i = 0 and
+        child = SynthChild(SymbolLiteralExprKind(name))
+        or
+        parent = TPairSynth(call, pos) and
+        i = 1 and
+        child = access
+      )
+    )
+  }
+
+  private class SuperCallSynthesis extends Synthesis {
+    final override predicate child(AstNode parent, int i, Child child) {
+      superCallSynthesis(parent, i, child)
+    }
+
+    final override predicate superCall(int arity) {
+      arity = any(TokenSuperCall call).getNumberOfImplicitArguments()
+    }
+  }
+}
@@ -49,11 +49,11 @@ predicate implicitAssignmentNode(Ruby::AstNode n) {
 }
 
 /** Holds if `n` is inside a parameter. */
-predicate implicitParameterAssignmentNode(Ruby::AstNode n, Callable::Range c) {
-  n = c.getParameter(_) or
-  n = c.(Ruby::Block).getParameters().getLocals(_) or
-  n = c.(Ruby::DoBlock).getParameters().getLocals(_) or
-  implicitParameterAssignmentNode(n.getParent().(Ruby::DestructuredParameter), c)
+predicate implicitParameterAssignmentNode(Ruby::AstNode n, Callable::Range c, int pos) {
+  n = c.getParameter(pos) or
+  n = c.(Ruby::Block).getParameters().getLocals(pos) or
+  n = c.(Ruby::DoBlock).getParameters().getLocals(pos) or
+  implicitParameterAssignmentNode(n.getParent().(Ruby::DestructuredParameter), c, pos)
 }
 
 private predicate instanceVariableAccess(
@@ -77,26 +77,29 @@ private ModuleBase::Range enclosingModuleOrClass(Ruby::AstNode node) {
   exists(Scope::Range s | scopeOf(node) = s and result = s.getEnclosingModule())
 }
 
-private predicate parameterAssignment(Callable::Range scope, string name, Ruby::Identifier i) {
-  implicitParameterAssignmentNode(i, scope) and
+private predicate parameterAssignment(
+  Callable::Range scope, string name, Ruby::Identifier i, int pos
+) {
+  implicitParameterAssignmentNode(i, scope, pos) and
   name = i.getValue()
 }
 
 /** Holds if `scope` defines `name` in its parameter declaration at `i`. */
-private predicate scopeDefinesParameterVariable(
-  Callable::Range scope, string name, Ruby::Identifier i
+predicate scopeDefinesParameterVariable(
+  Callable::Range scope, string name, Ruby::Identifier i, int pos
 ) {
   // In case of overlapping parameter names (e.g. `_`), only the first
   // parameter will give rise to a variable
   i =
     min(Ruby::Identifier other |
-      parameterAssignment(scope, name, other)
+      parameterAssignment(scope, name, other, _)
     |
       other order by other.getLocation().getStartLine(), other.getLocation().getStartColumn()
-    )
+    ) and
+  parameterAssignment(scope, name, _, pos)
   or
   exists(Parameter::Range p |
-    p = scope.getParameter(_) and
+    p = scope.getParameter(pos) and
     name = i.getValue()
   |
     i = p.(Ruby::BlockParameter).getName() or
@@ -153,15 +156,15 @@ private module Cached {
         )
     } or
     TLocalVariableReal(Scope::Range scope, string name, Ruby::AstNode i) {
-      scopeDefinesParameterVariable(scope, name, i)
+      scopeDefinesParameterVariable(scope, name, i, _)
       or
       i =
         min(Ruby::AstNode other |
           scopeAssigns(scope, name, other)
         |
           other order by other.getLocation().getStartLine(), other.getLocation().getStartColumn()
         ) and
-      not scopeDefinesParameterVariable(scope, name, _) and
+      not scopeDefinesParameterVariable(scope, name, _, _) and
       not inherits(scope, name, _)
     } or
     TSelfVariable(SelfBase::Range scope) or
@@ -330,8 +333,8 @@ private module Cached {
       not access.getLocation().strictlyBefore(variable.getLocationImpl()) and
       // In case of overlapping parameter names, later parameters should not
       // be considered accesses to the first parameter
-      if parameterAssignment(_, _, access)
-      then scopeDefinesParameterVariable(_, _, access)
+      if parameterAssignment(_, _, access, _)
+      then scopeDefinesParameterVariable(_, _, access, _)
       else any()
       or
       exists(Scope::Range declScope |
@@ -360,7 +363,7 @@ private module Cached {
   predicate implicitWriteAccess(Access access) {
     implicitAssignmentNode(access)
     or
-    scopeDefinesParameterVariable(_, _, access)
+    scopeDefinesParameterVariable(_, _, access, _)
   }
 
   cached
@@ -399,11 +402,11 @@ private predicate inherits(Scope::Range scope, string name, Scope::Range outer)
     scope instanceof Ruby::DoBlock or
     scope instanceof Ruby::Lambda
   ) and
-  not scopeDefinesParameterVariable(scope, name, _) and
+  not scopeDefinesParameterVariable(scope, name, _, _) and
   (
     outer = scope.getOuterScope() and
     (
-      scopeDefinesParameterVariable(outer, name, _)
+      scopeDefinesParameterVariable(outer, name, _, _)
       or
       exists(Ruby::AstNode i |
         scopeAssigns(outer, name, i) and
 
@@ -3185,6 +3185,14 @@ params/params.rb:
 #  106|       getParameter: [HashSplatParameter] **kwargs
 #  106|         getDefiningAccess: [LocalVariableAccess] kwargs
 #  107|       getStmt: [SuperCall] super call to m
+#  107|         getArgument: [HashSplatExpr] ** ...
+#  107|           getAnOperand/getOperand/getReceiver: [LocalVariableAccess] kwargs
+#  107|         getArgument: [Pair] Pair
+#  107|           getKey: [SymbolLiteral] k
+#  107|           getValue: [LocalVariableAccess] k
+#  107|         getArgument: [SplatExpr] * ...
+#  107|           getAnOperand/getOperand/getReceiver: [LocalVariableAccess] rest
+#  107|         getArgument: [LocalVariableAccess] y
 #  111|   getStmt: [MethodCall] call to m
 #  111|     getReceiver: [MethodCall] call to new
 #  111|       getReceiver: [ConstantReadAccess] Sub
 
@@ -943,6 +943,7 @@ exprValue
 | params/params.rb:70:52:70:53 | 20 | 20 | int |
 | params/params.rb:100:15:100:15 | 1 | 1 | int |
 | params/params.rb:101:15:101:15 | 1 | 1 | int |
+| params/params.rb:107:5:107:9 | k | :k | symbol |
 | params/params.rb:111:11:111:12 | 42 | 42 | int |
 | params/params.rb:111:15:111:15 | :k | :k | symbol |
 | params/params.rb:111:18:111:19 | 22 | 22 | int |
@@ -1862,6 +1863,7 @@ exprCfgNodeValue
 | params/params.rb:70:52:70:53 | 20 | 20 | int |
 | params/params.rb:100:15:100:15 | 1 | 1 | int |
 | params/params.rb:101:15:101:15 | 1 | 1 | int |
+| params/params.rb:107:5:107:9 | k | :k | symbol |
 | params/params.rb:111:11:111:12 | 42 | 42 | int |
 | params/params.rb:111:15:111:15 | :k | :k | symbol |
 | params/params.rb:111:18:111:19 | 22 | 22 | int |
@@ -174,6 +174,32 @@ edges
 | params_flow.rb:192:24:192:32 | call to taint | params_flow.rb:181:28:181:29 | p2 | provenance |  |
 | params_flow.rb:192:24:192:32 | call to taint | params_flow.rb:192:20:192:21 | [post] p1 : [collection] [element 0] | provenance |  |
 | params_flow.rb:193:6:193:7 | p1 : [collection] [element 0] | params_flow.rb:193:6:193:10 | ...[...] | provenance |  |
+| params_flow.rb:210:11:210:11 | x | params_flow.rb:211:14:211:14 | x | provenance |  |
+| params_flow.rb:210:14:210:18 | *rest : [collection] [element 0] | params_flow.rb:212:14:212:17 | rest : [collection] [element 0] | provenance |  |
+| params_flow.rb:210:14:210:18 | *rest : [collection] [element 2] | params_flow.rb:214:14:214:17 | rest : [collection] [element 2] | provenance |  |
+| params_flow.rb:210:21:210:22 | k1 | params_flow.rb:215:14:215:15 | k1 | provenance |  |
+| params_flow.rb:210:26:210:33 | **kwargs : Hash [element :k2] | params_flow.rb:216:14:216:19 | kwargs : Hash [element :k2] | provenance |  |
+| params_flow.rb:212:14:212:17 | rest : [collection] [element 0] | params_flow.rb:212:14:212:20 | ...[...] | provenance |  |
+| params_flow.rb:214:14:214:17 | rest : [collection] [element 2] | params_flow.rb:214:14:214:20 | ...[...] | provenance |  |
+| params_flow.rb:216:14:216:19 | kwargs : Hash [element :k2] | params_flow.rb:216:14:216:24 | ...[...] | provenance |  |
+| params_flow.rb:221:11:221:11 | x | params_flow.rb:222:9:222:13 | x | provenance |  |
+| params_flow.rb:221:14:221:18 | *rest : [collection] [element 0] | params_flow.rb:222:9:222:13 | rest : [collection] [element 0] | provenance |  |
+| params_flow.rb:221:14:221:18 | *rest : [collection] [element 2] | params_flow.rb:222:9:222:13 | rest : [collection] [element 2] | provenance |  |
+| params_flow.rb:221:21:221:22 | k1 | params_flow.rb:222:9:222:13 | k1 | provenance |  |
+| params_flow.rb:221:26:221:33 | **kwargs : Hash [element :k2] | params_flow.rb:222:9:222:13 | kwargs : Hash [element :k2] | provenance |  |
+| params_flow.rb:222:9:222:13 | * ... : [collection] [element 0] | params_flow.rb:210:14:210:18 | *rest : [collection] [element 0] | provenance |  |
+| params_flow.rb:222:9:222:13 | * ... : [collection] [element 2] | params_flow.rb:210:14:210:18 | *rest : [collection] [element 2] | provenance |  |
+| params_flow.rb:222:9:222:13 | ** ... : Hash [element :k2] | params_flow.rb:210:26:210:33 | **kwargs : Hash [element :k2] | provenance |  |
+| params_flow.rb:222:9:222:13 | k1 | params_flow.rb:210:21:210:22 | k1 | provenance |  |
+| params_flow.rb:222:9:222:13 | kwargs : Hash [element :k2] | params_flow.rb:222:9:222:13 | ** ... : Hash [element :k2] | provenance |  |
+| params_flow.rb:222:9:222:13 | rest : [collection] [element 0] | params_flow.rb:222:9:222:13 | * ... : [collection] [element 0] | provenance |  |
+| params_flow.rb:222:9:222:13 | rest : [collection] [element 2] | params_flow.rb:222:9:222:13 | * ... : [collection] [element 2] | provenance |  |
+| params_flow.rb:222:9:222:13 | x | params_flow.rb:210:11:210:11 | x | provenance |  |
+| params_flow.rb:226:11:226:19 | call to taint | params_flow.rb:221:11:221:11 | x | provenance |  |
+| params_flow.rb:226:22:226:30 | call to taint | params_flow.rb:221:14:221:18 | *rest : [collection] [element 0] | provenance |  |
+| params_flow.rb:226:36:226:44 | call to taint | params_flow.rb:221:14:221:18 | *rest : [collection] [element 2] | provenance |  |
+| params_flow.rb:226:51:226:59 | call to taint | params_flow.rb:221:21:221:22 | k1 | provenance |  |
+| params_flow.rb:226:66:226:74 | call to taint | params_flow.rb:221:26:221:33 | **kwargs : Hash [element :k2] | provenance |  |
 nodes
 | params_flow.rb:9:16:9:17 | p1 | semmle.label | p1 |
 | params_flow.rb:9:20:9:21 | p2 | semmle.label | p2 |
@@ -373,6 +399,37 @@ nodes
 | params_flow.rb:192:24:192:32 | call to taint | semmle.label | call to taint |
 | params_flow.rb:193:6:193:7 | p1 : [collection] [element 0] | semmle.label | p1 : [collection] [element 0] |
 | params_flow.rb:193:6:193:10 | ...[...] | semmle.label | ...[...] |
+| params_flow.rb:210:11:210:11 | x | semmle.label | x |
+| params_flow.rb:210:14:210:18 | *rest : [collection] [element 0] | semmle.label | *rest : [collection] [element 0] |
+| params_flow.rb:210:14:210:18 | *rest : [collection] [element 2] | semmle.label | *rest : [collection] [element 2] |
+| params_flow.rb:210:21:210:22 | k1 | semmle.label | k1 |
+| params_flow.rb:210:26:210:33 | **kwargs : Hash [element :k2] | semmle.label | **kwargs : Hash [element :k2] |
+| params_flow.rb:211:14:211:14 | x | semmle.label | x |
+| params_flow.rb:212:14:212:17 | rest : [collection] [element 0] | semmle.label | rest : [collection] [element 0] |
+| params_flow.rb:212:14:212:20 | ...[...] | semmle.label | ...[...] |
+| params_flow.rb:214:14:214:17 | rest : [collection] [element 2] | semmle.label | rest : [collection] [element 2] |
+| params_flow.rb:214:14:214:20 | ...[...] | semmle.label | ...[...] |
+| params_flow.rb:215:14:215:15 | k1 | semmle.label | k1 |
+| params_flow.rb:216:14:216:19 | kwargs : Hash [element :k2] | semmle.label | kwargs : Hash [element :k2] |
+| params_flow.rb:216:14:216:24 | ...[...] | semmle.label | ...[...] |
+| params_flow.rb:221:11:221:11 | x | semmle.label | x |
+| params_flow.rb:221:14:221:18 | *rest : [collection] [element 0] | semmle.label | *rest : [collection] [element 0] |
+| params_flow.rb:221:14:221:18 | *rest : [collection] [element 2] | semmle.label | *rest : [collection] [element 2] |
+| params_flow.rb:221:21:221:22 | k1 | semmle.label | k1 |
+| params_flow.rb:221:26:221:33 | **kwargs : Hash [element :k2] | semmle.label | **kwargs : Hash [element :k2] |
+| params_flow.rb:222:9:222:13 | * ... : [collection] [element 0] | semmle.label | * ... : [collection] [element 0] |
+| params_flow.rb:222:9:222:13 | * ... : [collection] [element 2] | semmle.label | * ... : [collection] [element 2] |
+| params_flow.rb:222:9:222:13 | ** ... : Hash [element :k2] | semmle.label | ** ... : Hash [element :k2] |
+| params_flow.rb:222:9:222:13 | k1 | semmle.label | k1 |
+| params_flow.rb:222:9:222:13 | kwargs : Hash [element :k2] | semmle.label | kwargs : Hash [element :k2] |
+| params_flow.rb:222:9:222:13 | rest : [collection] [element 0] | semmle.label | rest : [collection] [element 0] |
+| params_flow.rb:222:9:222:13 | rest : [collection] [element 2] | semmle.label | rest : [collection] [element 2] |
+| params_flow.rb:222:9:222:13 | x | semmle.label | x |
+| params_flow.rb:226:11:226:19 | call to taint | semmle.label | call to taint |
+| params_flow.rb:226:22:226:30 | call to taint | semmle.label | call to taint |
+| params_flow.rb:226:36:226:44 | call to taint | semmle.label | call to taint |
+| params_flow.rb:226:51:226:59 | call to taint | semmle.label | call to taint |
+| params_flow.rb:226:66:226:74 | call to taint | semmle.label | call to taint |
 subpaths
 | params_flow.rb:164:31:164:39 | call to taint | params_flow.rb:153:28:153:29 | p2 | params_flow.rb:153:23:153:24 | p1 [Return] : [collection] [element 0] | params_flow.rb:164:23:164:24 | [post] p1 : [collection] [element 0] |
 | params_flow.rb:192:24:192:32 | call to taint | params_flow.rb:181:28:181:29 | p2 | params_flow.rb:181:24:181:25 | p1 [Return] : [collection] [element 0] | params_flow.rb:192:20:192:21 | [post] p1 : [collection] [element 0] |
@@ -430,3 +487,8 @@ testFailures
 | params_flow.rb:134:10:134:16 | ...[...] | params_flow.rb:137:23:137:31 | call to taint | params_flow.rb:134:10:134:16 | ...[...] | $@ | params_flow.rb:137:23:137:31 | call to taint | call to taint |
 | params_flow.rb:165:6:165:10 | ...[...] | params_flow.rb:164:31:164:39 | call to taint | params_flow.rb:165:6:165:10 | ...[...] | $@ | params_flow.rb:164:31:164:39 | call to taint | call to taint |
 | params_flow.rb:193:6:193:10 | ...[...] | params_flow.rb:192:24:192:32 | call to taint | params_flow.rb:193:6:193:10 | ...[...] | $@ | params_flow.rb:192:24:192:32 | call to taint | call to taint |
+| params_flow.rb:211:14:211:14 | x | params_flow.rb:226:11:226:19 | call to taint | params_flow.rb:211:14:211:14 | x | $@ | params_flow.rb:226:11:226:19 | call to taint | call to taint |
+| params_flow.rb:212:14:212:20 | ...[...] | params_flow.rb:226:22:226:30 | call to taint | params_flow.rb:212:14:212:20 | ...[...] | $@ | params_flow.rb:226:22:226:30 | call to taint | call to taint |
+| params_flow.rb:214:14:214:20 | ...[...] | params_flow.rb:226:36:226:44 | call to taint | params_flow.rb:214:14:214:20 | ...[...] | $@ | params_flow.rb:226:36:226:44 | call to taint | call to taint |
+| params_flow.rb:215:14:215:15 | k1 | params_flow.rb:226:51:226:59 | call to taint | params_flow.rb:215:14:215:15 | k1 | $@ | params_flow.rb:226:51:226:59 | call to taint | call to taint |
+| params_flow.rb:216:14:216:24 | ...[...] | params_flow.rb:226:66:226:74 | call to taint | params_flow.rb:216:14:216:24 | ...[...] | $@ | params_flow.rb:226:66:226:74 | call to taint | call to taint |
@@ -208,12 +208,12 @@ def foo(x, y)
 
 class Sup
     def m(x, *rest, k1:, **kwargs)
-        sink(x) # $ MISSING: hasValueFlow=81
-        sink(rest[0]) # $ MISSING: hasValueFlow=82
+        sink(x) # $ hasValueFlow=81
+        sink(rest[0]) # $ hasValueFlow=82
         sink(rest[1])
-        sink(rest[2]) # $ MISSING: hasValueFlow=83
-        sink(k1) # $ MISSING: hasValueFlow=84
-        sink(kwargs[:k2]) # $ MISSING: hasValueFlow=85
+        sink(rest[2]) # $ hasValueFlow=83
+        sink(k1) # $ hasValueFlow=84
+        sink(kwargs[:k2]) # $ hasValueFlow=85
     end
 end
Original file line number	Diff line number	Diff line change
`@@ -305,7 +305,9 @@ class StringlikeLiteral extends Literal instanceof StringlikeLiteralImpl {`
`305`	`305`	`final override AstNode getAChild(string pred) {`
`306`	`306`	`result = Literal.super.getAChild(pred)`
`307`	`307`	`or`
`308`		`- pred = "getComponent" and result = this.getComponent(_)`
	`308`	`+ pred = "getComponent" and`
	`309`	`+ result = this.getComponent(_) and`
	`310`	`+ not this instanceof SimpleSymbolLiteralSynth`
`309`	`311`	`}`
`310`	`312`	`}`
`311`	`313`