Merge pull request #15619 from joefarebrother/ruby-activerecord-connection

joefarebrother · web-flow · commit 67e8f17c4cb3 · 2024-02-22T14:02:31.000Z
Ruby: Add additional sql sinks for ActiveRecord connection methods
diff --git a/ruby/ql/lib/change-notes/2024-02-15-activerecord_connection_sql_sinks.md b/ruby/ql/lib/change-notes/2024-02-15-activerecord_connection_sql_sinks.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Calls to several methods of `ActiveRecord::Connection`, such as `ActiveRecord::Connection#exec_query`, are now recognized as SQL executions, including those via subclasses.
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll
@@ -205,7 +205,13 @@ private predicate sqlFragmentArgumentInner(DataFlow::CallNode call, DataFlow::No
   call = activeRecordQueryBuilderCall("annotate") and
   sink = call.getArgument(_)
   or
-  call = activeRecordConnectionInstance().getAMethodCall("execute") and
+  call =
+    activeRecordConnectionInstance()
+        .getAMethodCall([
+            "create", "delete", "exec_query", "exec_delete", "exec_insert", "exec_update",
+            "execute", "insert", "select_all", "select_one", "select_rows", "select_value",
+            "select_values", "update"
+          ]) and
   sink = call.getArgument(0)
   or
   call = activeRecordQueryBuilderCall("update_all") and
diff --git a/ruby/ql/test/library-tests/frameworks/active_record/ActiveRecord.expected b/ruby/ql/test/library-tests/frameworks/active_record/ActiveRecord.expected
@@ -1,7 +1,7 @@
 activeRecordModelClasses
 | ActiveRecord.rb:1:1:3:3 | UserGroup |
-| ActiveRecord.rb:5:1:19:3 | User |
-| ActiveRecord.rb:21:1:25:3 | Admin |
+| ActiveRecord.rb:5:1:32:3 | User |
+| ActiveRecord.rb:34:1:38:3 | Admin |
 | associations.rb:1:1:3:3 | Author |
 | associations.rb:5:1:9:3 | Post |
 | associations.rb:11:1:13:3 | Tag |
@@ -10,20 +10,33 @@ activeRecordInstances
 | ActiveRecord.rb:9:5:9:68 | call to find |
 | ActiveRecord.rb:13:5:13:40 | call to find_by |
 | ActiveRecord.rb:13:5:13:46 | call to users |
-| ActiveRecord.rb:16:3:18:5 | self (exec) |
-| ActiveRecord.rb:16:3:18:5 | self in exec |
+| ActiveRecord.rb:16:3:31:5 | self (exec) |
+| ActiveRecord.rb:16:3:31:5 | self in exec |
 | ActiveRecord.rb:17:5:17:14 | self |
-| ActiveRecord.rb:39:5:39:51 | call to authenticate |
-| ActiveRecord.rb:40:5:40:30 | call to find_by_name |
-| ActiveRecord.rb:59:5:61:7 | if ... |
-| ActiveRecord.rb:59:43:60:40 | then ... |
-| ActiveRecord.rb:60:7:60:40 | call to find_by |
-| ActiveRecord.rb:64:5:64:33 | call to find_by |
-| ActiveRecord.rb:66:5:66:34 | call to find |
-| ActiveRecord.rb:76:5:76:24 | call to create |
-| ActiveRecord.rb:80:5:80:66 | call to create |
-| ActiveRecord.rb:84:5:84:68 | call to create |
-| ActiveRecord.rb:88:5:88:16 | call to create |
+| ActiveRecord.rb:18:5:18:14 | self |
+| ActiveRecord.rb:19:5:19:14 | self |
+| ActiveRecord.rb:20:5:20:14 | self |
+| ActiveRecord.rb:21:5:21:14 | self |
+| ActiveRecord.rb:22:5:22:14 | self |
+| ActiveRecord.rb:23:5:23:14 | self |
+| ActiveRecord.rb:24:5:24:14 | self |
+| ActiveRecord.rb:25:5:25:14 | self |
+| ActiveRecord.rb:26:5:26:14 | self |
+| ActiveRecord.rb:27:5:27:14 | self |
+| ActiveRecord.rb:28:5:28:14 | self |
+| ActiveRecord.rb:29:5:29:14 | self |
+| ActiveRecord.rb:30:5:30:14 | self |
+| ActiveRecord.rb:52:5:52:51 | call to authenticate |
+| ActiveRecord.rb:53:5:53:30 | call to find_by_name |
+| ActiveRecord.rb:72:5:74:7 | if ... |
+| ActiveRecord.rb:72:43:73:40 | then ... |
+| ActiveRecord.rb:73:7:73:40 | call to find_by |
+| ActiveRecord.rb:77:5:77:33 | call to find_by |
+| ActiveRecord.rb:79:5:79:34 | call to find |
+| ActiveRecord.rb:89:5:89:24 | call to create |
+| ActiveRecord.rb:93:5:93:66 | call to create |
+| ActiveRecord.rb:97:5:97:68 | call to create |
+| ActiveRecord.rb:101:5:101:16 | call to create |
 | associations.rb:19:1:19:7 | author1 |
 | associations.rb:19:1:19:20 | ... = ... |
 | associations.rb:19:11:19:20 | call to new |
@@ -108,47 +121,60 @@ activeRecordInstances
 | associations.rb:53:1:53:34 | call to find |
 activeRecordSqlExecutionRanges
 | ActiveRecord.rb:9:33:9:67 | "name='#{...}' and pass='#{...}'" |
-| ActiveRecord.rb:17:24:17:24 | q |
-| ActiveRecord.rb:23:16:23:24 | condition |
-| ActiveRecord.rb:32:30:32:44 | ...[...] |
-| ActiveRecord.rb:33:20:33:42 | "id = '#{...}'" |
-| ActiveRecord.rb:34:21:34:45 | call to [] |
-| ActiveRecord.rb:35:16:35:21 | <<-SQL |
-| ActiveRecord.rb:38:20:38:47 | "user.id = '#{...}'" |
-| ActiveRecord.rb:50:20:50:32 | ... + ... |
-| ActiveRecord.rb:56:16:56:28 | "name #{...}" |
-| ActiveRecord.rb:60:20:60:39 | "username = #{...}" |
-| ActiveRecord.rb:72:21:72:44 | ...[...] |
-| ActiveRecord.rb:110:27:110:76 | "this is an unsafe annotation:..." |
+| ActiveRecord.rb:17:23:17:23 | q |
+| ActiveRecord.rb:18:23:18:23 | q |
+| ActiveRecord.rb:19:27:19:27 | q |
+| ActiveRecord.rb:20:28:20:28 | q |
+| ActiveRecord.rb:21:28:21:28 | q |
+| ActiveRecord.rb:22:28:22:28 | q |
+| ActiveRecord.rb:23:24:23:24 | q |
+| ActiveRecord.rb:24:23:24:23 | q |
+| ActiveRecord.rb:25:27:25:27 | q |
+| ActiveRecord.rb:26:27:26:27 | q |
+| ActiveRecord.rb:27:28:27:28 | q |
+| ActiveRecord.rb:28:29:28:29 | q |
+| ActiveRecord.rb:29:30:29:30 | q |
+| ActiveRecord.rb:30:23:30:23 | q |
+| ActiveRecord.rb:36:16:36:24 | condition |
+| ActiveRecord.rb:45:30:45:44 | ...[...] |
+| ActiveRecord.rb:46:20:46:42 | "id = '#{...}'" |
+| ActiveRecord.rb:47:21:47:45 | call to [] |
+| ActiveRecord.rb:48:16:48:21 | <<-SQL |
+| ActiveRecord.rb:51:20:51:47 | "user.id = '#{...}'" |
+| ActiveRecord.rb:63:20:63:32 | ... + ... |
+| ActiveRecord.rb:69:16:69:28 | "name #{...}" |
+| ActiveRecord.rb:73:20:73:39 | "username = #{...}" |
+| ActiveRecord.rb:85:21:85:44 | ...[...] |
+| ActiveRecord.rb:123:27:123:76 | "this is an unsafe annotation:..." |
 activeRecordModelClassMethodCalls
 | ActiveRecord.rb:2:3:2:17 | call to has_many |
 | ActiveRecord.rb:6:3:6:24 | call to belongs_to |
 | ActiveRecord.rb:9:5:9:68 | call to find |
 | ActiveRecord.rb:13:5:13:40 | call to find_by |
 | ActiveRecord.rb:13:5:13:46 | call to users |
-| ActiveRecord.rb:23:5:23:25 | call to destroy_by |
-| ActiveRecord.rb:32:5:32:45 | call to calculate |
-| ActiveRecord.rb:33:5:33:43 | call to delete_by |
-| ActiveRecord.rb:34:5:34:46 | call to destroy_by |
-| ActiveRecord.rb:35:5:35:35 | call to where |
-| ActiveRecord.rb:38:5:38:14 | call to where |
-| ActiveRecord.rb:38:5:38:48 | call to not |
-| ActiveRecord.rb:40:5:40:30 | call to find_by_name |
-| ActiveRecord.rb:41:5:41:36 | call to not_a_find_by_method |
-| ActiveRecord.rb:50:5:50:33 | call to delete_by |
-| ActiveRecord.rb:56:5:56:29 | call to order |
-| ActiveRecord.rb:60:7:60:40 | call to find_by |
-| ActiveRecord.rb:64:5:64:33 | call to find_by |
-| ActiveRecord.rb:66:5:66:34 | call to find |
-| ActiveRecord.rb:76:5:76:24 | call to create |
-| ActiveRecord.rb:80:5:80:66 | call to create |
-| ActiveRecord.rb:84:5:84:68 | call to create |
-| ActiveRecord.rb:88:5:88:16 | call to create |
-| ActiveRecord.rb:92:5:92:27 | call to update |
-| ActiveRecord.rb:96:5:96:69 | call to update |
-| ActiveRecord.rb:100:5:100:71 | call to update |
-| ActiveRecord.rb:106:13:106:54 | call to annotate |
-| ActiveRecord.rb:110:13:110:77 | call to annotate |
+| ActiveRecord.rb:36:5:36:25 | call to destroy_by |
+| ActiveRecord.rb:45:5:45:45 | call to calculate |
+| ActiveRecord.rb:46:5:46:43 | call to delete_by |
+| ActiveRecord.rb:47:5:47:46 | call to destroy_by |
+| ActiveRecord.rb:48:5:48:35 | call to where |
+| ActiveRecord.rb:51:5:51:14 | call to where |
+| ActiveRecord.rb:51:5:51:48 | call to not |
+| ActiveRecord.rb:53:5:53:30 | call to find_by_name |
+| ActiveRecord.rb:54:5:54:36 | call to not_a_find_by_method |
+| ActiveRecord.rb:63:5:63:33 | call to delete_by |
+| ActiveRecord.rb:69:5:69:29 | call to order |
+| ActiveRecord.rb:73:7:73:40 | call to find_by |
+| ActiveRecord.rb:77:5:77:33 | call to find_by |
+| ActiveRecord.rb:79:5:79:34 | call to find |
+| ActiveRecord.rb:89:5:89:24 | call to create |
+| ActiveRecord.rb:93:5:93:66 | call to create |
+| ActiveRecord.rb:97:5:97:68 | call to create |
+| ActiveRecord.rb:101:5:101:16 | call to create |
+| ActiveRecord.rb:105:5:105:27 | call to update |
+| ActiveRecord.rb:109:5:109:69 | call to update |
+| ActiveRecord.rb:113:5:113:71 | call to update |
+| ActiveRecord.rb:119:13:119:54 | call to annotate |
+| ActiveRecord.rb:123:13:123:77 | call to annotate |
 | associations.rb:2:3:2:17 | call to has_many |
 | associations.rb:6:3:6:20 | call to belongs_to |
 | associations.rb:7:3:7:20 | call to has_many |
@@ -204,41 +230,41 @@ activeRecordModelClassMethodCalls
 activeRecordModelClassMethodCallsReplacement
 | ActiveRecord.rb:1:1:3:3 | UserGroup | ActiveRecord.rb:2:3:2:17 | call to has_many |
 | ActiveRecord.rb:1:1:3:3 | UserGroup | ActiveRecord.rb:13:5:13:40 | call to find_by |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:6:3:6:24 | call to belongs_to |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:9:5:9:68 | call to find |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:23:5:23:25 | call to destroy_by |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:32:5:32:45 | call to calculate |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:33:5:33:43 | call to delete_by |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:34:5:34:46 | call to destroy_by |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:35:5:35:35 | call to where |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:38:5:38:14 | call to where |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:39:5:39:51 | call to authenticate |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:40:5:40:30 | call to find_by_name |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:41:5:41:36 | call to not_a_find_by_method |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:50:5:50:33 | call to delete_by |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:56:5:56:29 | call to order |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:60:7:60:40 | call to find_by |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:64:5:64:33 | call to find_by |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:66:5:66:34 | call to find |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:72:5:72:45 | call to delete_by |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:76:5:76:24 | call to create |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:80:5:80:66 | call to create |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:84:5:84:68 | call to create |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:88:5:88:16 | call to create |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:92:5:92:27 | call to update |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:96:5:96:69 | call to update |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:100:5:100:71 | call to update |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:106:13:106:54 | call to annotate |
-| ActiveRecord.rb:5:1:19:3 | User | ActiveRecord.rb:110:13:110:77 | call to annotate |
-| ActiveRecord.rb:21:1:25:3 | Admin | ActiveRecord.rb:23:5:23:25 | call to destroy_by |
-| ActiveRecord.rb:21:1:25:3 | Admin | ActiveRecord.rb:72:5:72:45 | call to delete_by |
-| ActiveRecord.rb:21:1:25:3 | Admin | ActiveRecord.rb:76:5:76:24 | call to create |
-| ActiveRecord.rb:21:1:25:3 | Admin | ActiveRecord.rb:80:5:80:66 | call to create |
-| ActiveRecord.rb:21:1:25:3 | Admin | ActiveRecord.rb:84:5:84:68 | call to create |
-| ActiveRecord.rb:21:1:25:3 | Admin | ActiveRecord.rb:88:5:88:16 | call to create |
-| ActiveRecord.rb:21:1:25:3 | Admin | ActiveRecord.rb:92:5:92:27 | call to update |
-| ActiveRecord.rb:21:1:25:3 | Admin | ActiveRecord.rb:96:5:96:69 | call to update |
-| ActiveRecord.rb:21:1:25:3 | Admin | ActiveRecord.rb:100:5:100:71 | call to update |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:6:3:6:24 | call to belongs_to |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:9:5:9:68 | call to find |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:36:5:36:25 | call to destroy_by |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:45:5:45:45 | call to calculate |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:46:5:46:43 | call to delete_by |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:47:5:47:46 | call to destroy_by |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:48:5:48:35 | call to where |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:51:5:51:14 | call to where |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:52:5:52:51 | call to authenticate |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:53:5:53:30 | call to find_by_name |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:54:5:54:36 | call to not_a_find_by_method |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:63:5:63:33 | call to delete_by |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:69:5:69:29 | call to order |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:73:7:73:40 | call to find_by |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:77:5:77:33 | call to find_by |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:79:5:79:34 | call to find |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:85:5:85:45 | call to delete_by |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:89:5:89:24 | call to create |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:93:5:93:66 | call to create |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:97:5:97:68 | call to create |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:101:5:101:16 | call to create |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:105:5:105:27 | call to update |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:109:5:109:69 | call to update |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:113:5:113:71 | call to update |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:119:13:119:54 | call to annotate |
+| ActiveRecord.rb:5:1:32:3 | User | ActiveRecord.rb:123:13:123:77 | call to annotate |
+| ActiveRecord.rb:34:1:38:3 | Admin | ActiveRecord.rb:36:5:36:25 | call to destroy_by |
+| ActiveRecord.rb:34:1:38:3 | Admin | ActiveRecord.rb:85:5:85:45 | call to delete_by |
+| ActiveRecord.rb:34:1:38:3 | Admin | ActiveRecord.rb:89:5:89:24 | call to create |
+| ActiveRecord.rb:34:1:38:3 | Admin | ActiveRecord.rb:93:5:93:66 | call to create |
+| ActiveRecord.rb:34:1:38:3 | Admin | ActiveRecord.rb:97:5:97:68 | call to create |
+| ActiveRecord.rb:34:1:38:3 | Admin | ActiveRecord.rb:101:5:101:16 | call to create |
+| ActiveRecord.rb:34:1:38:3 | Admin | ActiveRecord.rb:105:5:105:27 | call to update |
+| ActiveRecord.rb:34:1:38:3 | Admin | ActiveRecord.rb:109:5:109:69 | call to update |
+| ActiveRecord.rb:34:1:38:3 | Admin | ActiveRecord.rb:113:5:113:71 | call to update |
 | associations.rb:1:1:3:3 | Author | associations.rb:2:3:2:17 | call to has_many |
 | associations.rb:1:1:3:3 | Author | associations.rb:19:11:19:20 | call to new |
 | associations.rb:5:1:9:3 | Post | associations.rb:6:3:6:20 | call to belongs_to |
@@ -248,29 +274,29 @@ activeRecordModelClassMethodCallsReplacement
 | associations.rb:15:1:17:3 | Comment | associations.rb:16:3:16:18 | call to belongs_to |
 potentiallyUnsafeSqlExecutingMethodCall
 | ActiveRecord.rb:9:5:9:68 | call to find |
-| ActiveRecord.rb:23:5:23:25 | call to destroy_by |
-| ActiveRecord.rb:32:5:32:45 | call to calculate |
-| ActiveRecord.rb:33:5:33:43 | call to delete_by |
-| ActiveRecord.rb:34:5:34:46 | call to destroy_by |
-| ActiveRecord.rb:35:5:35:35 | call to where |
-| ActiveRecord.rb:38:5:38:48 | call to not |
-| ActiveRecord.rb:50:5:50:33 | call to delete_by |
-| ActiveRecord.rb:56:5:56:29 | call to order |
-| ActiveRecord.rb:60:7:60:40 | call to find_by |
-| ActiveRecord.rb:110:13:110:77 | call to annotate |
+| ActiveRecord.rb:36:5:36:25 | call to destroy_by |
+| ActiveRecord.rb:45:5:45:45 | call to calculate |
+| ActiveRecord.rb:46:5:46:43 | call to delete_by |
+| ActiveRecord.rb:47:5:47:46 | call to destroy_by |
+| ActiveRecord.rb:48:5:48:35 | call to where |
+| ActiveRecord.rb:51:5:51:48 | call to not |
+| ActiveRecord.rb:63:5:63:33 | call to delete_by |
+| ActiveRecord.rb:69:5:69:29 | call to order |
+| ActiveRecord.rb:73:7:73:40 | call to find_by |
+| ActiveRecord.rb:123:13:123:77 | call to annotate |
 activeRecordModelInstantiations
-| ActiveRecord.rb:9:5:9:68 | call to find | ActiveRecord.rb:5:1:19:3 | User |
+| ActiveRecord.rb:9:5:9:68 | call to find | ActiveRecord.rb:5:1:32:3 | User |
 | ActiveRecord.rb:13:5:13:40 | call to find_by | ActiveRecord.rb:1:1:3:3 | UserGroup |
-| ActiveRecord.rb:13:5:13:46 | call to users | ActiveRecord.rb:5:1:19:3 | User |
-| ActiveRecord.rb:16:3:18:5 | self in exec | ActiveRecord.rb:5:1:19:3 | User |
-| ActiveRecord.rb:40:5:40:30 | call to find_by_name | ActiveRecord.rb:5:1:19:3 | User |
-| ActiveRecord.rb:60:7:60:40 | call to find_by | ActiveRecord.rb:5:1:19:3 | User |
-| ActiveRecord.rb:64:5:64:33 | call to find_by | ActiveRecord.rb:5:1:19:3 | User |
-| ActiveRecord.rb:66:5:66:34 | call to find | ActiveRecord.rb:5:1:19:3 | User |
-| ActiveRecord.rb:76:5:76:24 | call to create | ActiveRecord.rb:21:1:25:3 | Admin |
-| ActiveRecord.rb:80:5:80:66 | call to create | ActiveRecord.rb:21:1:25:3 | Admin |
-| ActiveRecord.rb:84:5:84:68 | call to create | ActiveRecord.rb:21:1:25:3 | Admin |
-| ActiveRecord.rb:88:5:88:16 | call to create | ActiveRecord.rb:21:1:25:3 | Admin |
+| ActiveRecord.rb:13:5:13:46 | call to users | ActiveRecord.rb:5:1:32:3 | User |
+| ActiveRecord.rb:16:3:31:5 | self in exec | ActiveRecord.rb:5:1:32:3 | User |
+| ActiveRecord.rb:53:5:53:30 | call to find_by_name | ActiveRecord.rb:5:1:32:3 | User |
+| ActiveRecord.rb:73:7:73:40 | call to find_by | ActiveRecord.rb:5:1:32:3 | User |
+| ActiveRecord.rb:77:5:77:33 | call to find_by | ActiveRecord.rb:5:1:32:3 | User |
+| ActiveRecord.rb:79:5:79:34 | call to find | ActiveRecord.rb:5:1:32:3 | User |
+| ActiveRecord.rb:89:5:89:24 | call to create | ActiveRecord.rb:34:1:38:3 | Admin |
+| ActiveRecord.rb:93:5:93:66 | call to create | ActiveRecord.rb:34:1:38:3 | Admin |
+| ActiveRecord.rb:97:5:97:68 | call to create | ActiveRecord.rb:34:1:38:3 | Admin |
+| ActiveRecord.rb:101:5:101:16 | call to create | ActiveRecord.rb:34:1:38:3 | Admin |
 | associations.rb:19:11:19:20 | call to new | associations.rb:1:1:3:3 | Author |
 | associations.rb:21:9:21:21 | call to posts | associations.rb:5:1:9:3 | Post |
 | associations.rb:21:9:21:28 | call to create | associations.rb:5:1:9:3 | Post |
@@ -312,13 +338,13 @@ activeRecordModelInstantiations
 | associations.rb:53:1:53:13 | call to posts | associations.rb:5:1:9:3 | Post |
 | associations.rb:53:1:53:20 | call to reload | associations.rb:5:1:9:3 | Post |
 persistentWriteAccesses
-| ActiveRecord.rb:76:5:76:24 | call to create | ActiveRecord.rb:76:18:76:23 | call to params |
-| ActiveRecord.rb:80:5:80:66 | call to create | ActiveRecord.rb:80:24:80:36 | ...[...] |
-| ActiveRecord.rb:80:5:80:66 | call to create | ActiveRecord.rb:80:49:80:65 | ...[...] |
-| ActiveRecord.rb:84:5:84:68 | call to create | ActiveRecord.rb:84:25:84:37 | ...[...] |
-| ActiveRecord.rb:84:5:84:68 | call to create | ActiveRecord.rb:84:50:84:66 | ...[...] |
-| ActiveRecord.rb:92:5:92:27 | call to update | ActiveRecord.rb:92:21:92:26 | call to params |
-| ActiveRecord.rb:96:5:96:69 | call to update | ActiveRecord.rb:96:27:96:39 | ...[...] |
-| ActiveRecord.rb:96:5:96:69 | call to update | ActiveRecord.rb:96:52:96:68 | ...[...] |
-| ActiveRecord.rb:100:5:100:71 | call to update | ActiveRecord.rb:100:21:100:70 | call to [] |
+| ActiveRecord.rb:89:5:89:24 | call to create | ActiveRecord.rb:89:18:89:23 | call to params |
+| ActiveRecord.rb:93:5:93:66 | call to create | ActiveRecord.rb:93:24:93:36 | ...[...] |
+| ActiveRecord.rb:93:5:93:66 | call to create | ActiveRecord.rb:93:49:93:65 | ...[...] |
+| ActiveRecord.rb:97:5:97:68 | call to create | ActiveRecord.rb:97:25:97:37 | ...[...] |
+| ActiveRecord.rb:97:5:97:68 | call to create | ActiveRecord.rb:97:50:97:66 | ...[...] |
+| ActiveRecord.rb:105:5:105:27 | call to update | ActiveRecord.rb:105:21:105:26 | call to params |
+| ActiveRecord.rb:109:5:109:69 | call to update | ActiveRecord.rb:109:27:109:39 | ...[...] |
+| ActiveRecord.rb:109:5:109:69 | call to update | ActiveRecord.rb:109:52:109:68 | ...[...] |
+| ActiveRecord.rb:113:5:113:71 | call to update | ActiveRecord.rb:113:21:113:70 | call to [] |
 | associations.rb:31:16:31:22 | ... = ... | associations.rb:31:16:31:22 | author2 |
diff --git a/ruby/ql/test/library-tests/frameworks/active_record/ActiveRecord.rb b/ruby/ql/test/library-tests/frameworks/active_record/ActiveRecord.rb
@@ -14,7 +14,20 @@ def self.from(user_group_id)
   end
 
   def exec(q)
+    connection.create(q)
+    connection.delete(q)
+    connection.exec_query(q)
+    connection.exec_insert(q)
+    connection.exec_delete(q)
+    connection.exec_update(q)
     connection.execute(q)
+    connection.insert(q)
+    connection.select_all(q)
+    connection.select_one(q)
+    connection.select_rows(q)
+    connection.select_value(q)
+    connection.select_values(q)
+    connection.update(q)
   end
 end
 

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Calls to several methods of `ActiveRecord::Connection`, such as `ActiveRecord::Connection#exec_query`, are now recognized as SQL executions, including those via subclasses.