Ruby: rack - add Rack#Utils.parse_query summary

Author: alexrford

ruby/ql/lib/codeql/ruby/frameworks/Rack.qll

@@ -9,6 +9,7 @@ module Rack {
   import rack.internal.App
   import rack.internal.Request
   import rack.internal.Response::Public as Response
+  import rack.internal.Utils
 
   /** DEPRECATED: Alias for App::AppCandidate */
   deprecated class AppCandidate = App::AppCandidate;

ruby/ql/lib/codeql/ruby/frameworks/rack/internal/Utils.qll

@@ -0,0 +1,24 @@
+/**
+ * Provides modeling for the `Utils` component of the `Rack` library.
+ */
+
+private import codeql.ruby.ApiGraphs
+private import codeql.ruby.dataflow.FlowSummary
+
+/**
+ * Provides modeling for the `Utils` component of the `Rack` library.
+ */
+module Utils {
+  /** Flow summary for `Rack::Utils.parse_query`, which parses a query string. */
+  private class ParseQuerySummary extends SummarizedCallable {
+    ParseQuerySummary() { this = "Rack::Utils.parse_query" }
+
+    override MethodCall getACall() {
+      result = API::getTopLevelMember("Rack").getMember("Utils").getAMethodCall("parse_query").asExpr().getExpr()
+    }
+
+    override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+      input = "Argument[0]" and output = "ReturnValue" and preservesValue = false
+    }
+  }
+}