github
diff --git a/‎ruby/ql/lib/codeql/ruby/Frameworks.qll‎
Lines changed: 0 additions & 3 deletions b/‎ruby/ql/lib/codeql/ruby/Frameworks.qll‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎ruby/ql/lib/codeql/ruby/frameworks/LibXml.qll‎
Lines changed: 0 additions & 68 deletions b/‎ruby/ql/lib/codeql/ruby/frameworks/LibXml.qll‎
Lines changed: 0 additions & 68 deletions
diff --git a/‎ruby/ql/lib/codeql/ruby/frameworks/Nokogiri.qll‎
Lines changed: 0 additions & 54 deletions b/‎ruby/ql/lib/codeql/ruby/frameworks/Nokogiri.qll‎
Lines changed: 0 additions & 54 deletions
diff --git a/‎ruby/ql/lib/codeql/ruby/frameworks/Rexml.qll‎
Lines changed: 0 additions & 48 deletions b/‎ruby/ql/lib/codeql/ruby/frameworks/Rexml.qll‎
Lines changed: 0 additions & 48 deletions
diff --git a/‎ruby/ql/lib/codeql/ruby/frameworks/XmlParsing.qll‎
Lines changed: 45 additions & 0 deletions b/‎ruby/ql/lib/codeql/ruby/frameworks/XmlParsing.qll‎
Lines changed: 45 additions & 0 deletions
@@ -32,6 +32,3 @@ private import codeql.ruby.frameworks.Slim
 private import codeql.ruby.frameworks.Sinatra
 private import codeql.ruby.frameworks.Twirp
 private import codeql.ruby.frameworks.Sqlite3
-private import codeql.ruby.frameworks.Rexml
-private import codeql.ruby.frameworks.Nokogiri
-private import codeql.ruby.frameworks.LibXml
@@ -45,6 +45,17 @@ private class NokogiriXmlParserCall extends XmlParserCall::Range, DataFlow::Call
   }
 }
 
+/** Execution of a XPath statement. */
+private class NokogiriXPathExecution extends XPathExecution::Range, DataFlow::CallNode {
+  NokogiriXPathExecution() {
+    exists(NokogiriXmlParserCall parserCall |
+      this = parserCall.getAMethodCall(["xpath", "at_xpath", "search", "at"])
+    )
+  }
+
+  override DataFlow::Node getXPath() { result = this.getArgument(0) }
+}
+
 /**
  * Holds if `assign` enables the `default_substitute_entities` option in
  * libxml-ruby.
@@ -123,6 +134,40 @@ private predicate xmlMiniEntitySubstitutionEnabled() {
   enablesLibXmlDefaultEntitySubstitution(_)
 }
 
+/** Execution of a XPath statement. */
+private class LibXmlXPathExecution extends XPathExecution::Range, DataFlow::CallNode {
+  LibXmlXPathExecution() {
+    exists(LibXmlRubyXmlParserCall parserCall |
+      this = parserCall.getAMethodCall(["find", "find_first"])
+    )
+  }
+
+  override DataFlow::Node getXPath() { result = this.getArgument(0) }
+}
+
+/** A call to `REXML::Document.new`, considered as a XML parsing. */
+private class RexmlParserCall extends XmlParserCall::Range, DataFlow::CallNode {
+  RexmlParserCall() {
+    this = API::getTopLevelMember("REXML").getMember("Document").getAnInstantiation()
+  }
+
+  override DataFlow::Node getInput() { result = this.getArgument(0) }
+
+  /** No option for parsing */
+  override predicate externalEntitiesEnabled() { none() }
+}
+
+/** Execution of a XPath statement. */
+private class RexmlXPathExecution extends XPathExecution::Range, DataFlow::CallNode {
+  RexmlXPathExecution() {
+    this =
+      [API::getTopLevelMember("REXML").getMember("XPath"), API::getTopLevelMember("XPath")]
+          .getAMethodCall(["each", "first", "match"])
+  }
+
+  override DataFlow::Node getXPath() { result = this.getArgument(1) }
+}
+
 /**
  * A call to `ActiveSupport::XmlMini.parse` considered as an `XmlParserCall`.
  */