github
diff --git a/‎ruby/ql/lib/codeql/ruby/ast/Literal.qll‎
Lines changed: 85 additions & 26 deletions b/‎ruby/ql/lib/codeql/ruby/ast/Literal.qll‎
Lines changed: 85 additions & 26 deletions
diff --git a/‎ruby/ql/lib/codeql/ruby/ast/internal/AST.qll‎
Lines changed: 33 additions & 7 deletions b/‎ruby/ql/lib/codeql/ruby/ast/internal/AST.qll‎
Lines changed: 33 additions & 7 deletions
@@ -3,21 +3,14 @@ private import codeql.ruby.security.performance.RegExpTreeView as RETV
 private import internal.AST
 private import internal.Scope
 private import internal.TreeSitter
+private import codeql.ruby.controlflow.CfgNodes
 
 /**
  * A literal.
  *
  * This is the QL root class for all literals.
  */
-class Literal extends Expr, TLiteral {
-  /**
-   * Gets the source text for this literal, if this is a simple literal.
-   *
-   * For complex literals, such as arrays, hashes, and strings with
-   * interpolations, this predicate has no result.
-   */
-  override string getValueText() { none() }
-}
+class Literal extends Expr, TLiteral { }
 
 /**
  * A numeric literal, i.e. an integer, floating-point, rational, or complex
@@ -281,10 +274,10 @@ class StringComponent extends AstNode, TStringComponent {
  * "foo#{ bar() } baz"
  * ```
  */
-class StringTextComponent extends StringComponent, TStringTextComponent {
+class StringTextComponent extends StringComponent, TStringTextComponentNonRegexp {
   private Ruby::Token g;
 
-  StringTextComponent() { this = TStringTextComponent(g) }
+  StringTextComponent() { this = TStringTextComponentNonRegexp(g) }
 
   final override string toString() { result = g.getValue() }
 
@@ -296,10 +289,10 @@ class StringTextComponent extends StringComponent, TStringTextComponent {
 /**
  * An escape sequence component of a string or string-like literal.
  */
-class StringEscapeSequenceComponent extends StringComponent, TStringEscapeSequenceComponent {
+class StringEscapeSequenceComponent extends StringComponent, TStringEscapeSequenceComponentNonRegexp {
   private Ruby::EscapeSequence g;
 
-  StringEscapeSequenceComponent() { this = TStringEscapeSequenceComponent(g) }
+  StringEscapeSequenceComponent() { this = TStringEscapeSequenceComponentNonRegexp(g) }
 
   final override string toString() { result = g.getValue() }
 
@@ -312,10 +305,10 @@ class StringEscapeSequenceComponent extends StringComponent, TStringEscapeSequen
  * An interpolation expression component of a string or string-like literal.
  */
 class StringInterpolationComponent extends StringComponent, StmtSequence,
-  TStringInterpolationComponent {
+  TStringInterpolationComponentNonRegexp {
   private Ruby::Interpolation g;
 
-  StringInterpolationComponent() { this = TStringInterpolationComponent(g) }
+  StringInterpolationComponent() { this = TStringInterpolationComponentNonRegexp(g) }
 
   final override string toString() { result = "#{...}" }
 
@@ -326,6 +319,83 @@ class StringInterpolationComponent extends StringComponent, StmtSequence,
   final override string getAPrimaryQlClass() { result = "StringInterpolationComponent" }
 }
 
+private class TRegExpComponent =
+  TStringTextComponentRegexp or TStringEscapeSequenceComponentRegexp or
+      TStringInterpolationComponentRegexp;
+
+/**
+ * The base class for a component of a regular expression literal.
+ */
+class RegExpComponent extends AstNode, TRegExpComponent {
+  /** Gets the source text for this regex component, if any. */
+  string getValueText() { none() }
+}
+
+/**
+ * A component of a regex literal that is simply text.
+ *
+ * For example, the following regex literals all contain `RegExpTextComponent`
+ * components whose `getValueText()` returns `"foo"`:
+ *
+ * ```rb
+ * 'foo'
+ * "#{ bar() }foo"
+ * "foo#{ bar() } baz"
+ * ```
+ */
+class RegExpTextComponent extends RegExpComponent, TStringTextComponentRegexp {
+  private Ruby::Token g;
+
+  RegExpTextComponent() { this = TStringTextComponentRegexp(g) }
+
+  final override string toString() { result = g.getValue() }
+
+  // Exclude components that are children of a free-spacing regex.
+  // We do this because `ParseRegExp.qll` cannot handle free-spacing regexes.
+  final override string getValueText() {
+    not this.getParent().(RegExpLiteral).hasFreeSpacingFlag() and result = g.getValue()
+  }
+
+  final override string getAPrimaryQlClass() { result = "RegExpTextComponent" }
+}
+
+/**
+ * An escape sequence component of a regex literal.
+ */
+class RegExpEscapeSequenceComponent extends RegExpComponent, TStringEscapeSequenceComponentRegexp {
+  private Ruby::EscapeSequence g;
+
+  RegExpEscapeSequenceComponent() { this = TStringEscapeSequenceComponentRegexp(g) }
+
+  final override string toString() { result = g.getValue() }
+
+  // Exclude components that are children of a free-spacing regex.
+  // We do this because `ParseRegExp.qll` cannot handle free-spacing regexes.
+  final override string getValueText() {
+    not this.getParent().(RegExpLiteral).hasFreeSpacingFlag() and result = g.getValue()
+  }
+
+  final override string getAPrimaryQlClass() { result = "RegExpEscapeSequenceComponent" }
+}
+
+/**
+ * An interpolation expression component of a regex literal.
+ */
+class RegExpInterpolationComponent extends RegExpComponent, StmtSequence,
+  TStringInterpolationComponentRegexp {
+  private Ruby::Interpolation g;
+
+  RegExpInterpolationComponent() { this = TStringInterpolationComponentRegexp(g) }
+
+  final override string toString() { result = "#{...}" }
+
+  final override Stmt getStmt(int n) { toGenerated(result) = g.getChild(n) }
+
+  final override string getValueText() { none() }
+
+  final override string getAPrimaryQlClass() { result = "RegExpInterpolationComponent" }
+}
+
 /**
  * A string, symbol, regexp, or subshell literal.
  */
@@ -410,17 +480,6 @@ class StringlikeLiteral extends Literal, TStringlikeLiteral {
     result = ""
   }
 
-  override string getValueText() {
-    // 0 components should result in the empty string
-    // if there are any interpolations, there should be no result
-    // otherwise, concatenate all the components
-    forall(StringComponent c | c = this.getComponent(_) |
-      not c instanceof StringInterpolationComponent
-    ) and
-    result =
-      concat(StringComponent c, int i | c = this.getComponent(i) | c.getValueText() order by i)
-  }
-
   override string toString() {
     exists(string full, string summary |
       full =
 
@@ -272,10 +272,25 @@ private module Cached {
     TStmtSequenceSynth(AST::AstNode parent, int i) { mkSynthChild(StmtSequenceKind(), parent, i) } or
     TStringArrayLiteral(Ruby::StringArray g) or
     TStringConcatenation(Ruby::ChainedString g) or
-    TStringEscapeSequenceComponent(Ruby::EscapeSequence g) or
-    TStringInterpolationComponent(Ruby::Interpolation g) or
-    TStringTextComponent(Ruby::Token g) {
-      g instanceof Ruby::StringContent or g instanceof Ruby::HeredocContent
+    TStringEscapeSequenceComponentNonRegexp(Ruby::EscapeSequence g) {
+      not g.getParent() instanceof Ruby::Regex
+    } or
+    TStringEscapeSequenceComponentRegexp(Ruby::EscapeSequence g) {
+      g.getParent() instanceof Ruby::Regex
+    } or
+    TStringInterpolationComponentNonRegexp(Ruby::Interpolation g) {
+      not g.getParent() instanceof Ruby::Regex
+    } or
+    TStringInterpolationComponentRegexp(Ruby::Interpolation g) {
+      g.getParent() instanceof Ruby::Regex
+    } or
+    TStringTextComponentNonRegexp(Ruby::Token g) {
+      (g instanceof Ruby::StringContent or g instanceof Ruby::HeredocContent) and
+      not g.getParent() instanceof Ruby::Regex
+    } or
+    TStringTextComponentRegexp(Ruby::Token g) {
+      (g instanceof Ruby::StringContent or g instanceof Ruby::HeredocContent) and
+      g.getParent() instanceof Ruby::Regex
     } or
     TSubExprReal(Ruby::Binary g) { g instanceof @ruby_binary_minus } or
     TSubExprSynth(AST::AstNode parent, int i) { mkSynthChild(SubExprKind(), parent, i) } or
@@ -489,9 +504,12 @@ private module Cached {
     n = TSplatParameter(result) or
     n = TStringArrayLiteral(result) or
     n = TStringConcatenation(result) or
-    n = TStringEscapeSequenceComponent(result) or
-    n = TStringInterpolationComponent(result) or
-    n = TStringTextComponent(result) or
+    n = TStringEscapeSequenceComponentNonRegexp(result) or
+    n = TStringEscapeSequenceComponentRegexp(result) or
+    n = TStringInterpolationComponentNonRegexp(result) or
+    n = TStringInterpolationComponentRegexp(result) or
+    n = TStringTextComponentNonRegexp(result) or
+    n = TStringTextComponentRegexp(result) or
     n = TSubExprReal(result) or
     n = TSubshellLiteral(result) or
     n = TSymbolArrayLiteral(result) or
@@ -680,6 +698,14 @@ class TIntegerLiteral = TIntegerLiteralReal or TIntegerLiteralSynth;
 
 class TBooleanLiteral = TTrueLiteral or TFalseLiteral;
 
+class TStringTextComponent = TStringTextComponentNonRegexp or TStringTextComponentRegexp;
+
+class TStringEscapeSequenceComponent =
+  TStringEscapeSequenceComponentNonRegexp or TStringEscapeSequenceComponentRegexp;
+
+class TStringInterpolationComponent =
+  TStringInterpolationComponentNonRegexp or TStringInterpolationComponentRegexp;
+
 class TStringComponent =
   TStringTextComponent or TStringEscapeSequenceComponent or TStringInterpolationComponent;